Sony Studio Exec’s Salaries

Hackers Pirate Sony Films and Leak Studio Salaries - NYTimes.com

SonyPictures/Exploits

http://pastebin.com/Ez5JGT7G

From the New York Times:

But Sony was newly rattled by the leak of internal documents, some of which were published late Monday on Fusion, an upstart cable network and news site, after first appearing on Pastebin, the anonymous Internet posting site. The documents contained the pre-bonus annual salaries of senior executives, 17 of whom are shown earning more than $1 million a year.

via Hackers Pirate Sony Films and Leak Studio Salaries – NYTimes.com.

### BEGIN REPOST ###

  1. Exploitation & Vulnerability Test ‘ by Anon-Ninja-Cat <3 For full Report see Anon Ninja Cat’ who will contact Infosec Cat ‘who will get Clearance from Cone Cat to Access the Cyber Hive index.
  2. We Are Anonymous
  3. We Are Legion
  4. We Are Ghosts of the CyberHive.
  5. Anon Familia <3
  6. ——————————————————
  7. http://www.sonypictures.com/ (Hollywood, FL, US)
  8. IP Address      72.52.12.83 <<< unknown.prolexic.com < Prolexic: DoS and DDoS Protection )
  9. Server Type     Apache
  10. report for http://www.sonypictures.com (72.52.12.83) <<< unknown.prolexic.com < Prolexic: DoS and DDoS Protection )
  11. Host is up (0.012s latency).
  12. rDNS record for 72.52.12.83: unknown.prolexic.com
  13. PORT     STATE    SERVICE
  14. 80/tcp   open     http
  15.  Target IP:          72.52.12.83 <<< prolexic.com < Prolexic: DoS and DDoS Protection )
  16. + Target Hostname:    www.sonypictures.com
  17. + Target Port:        80
  18. + Start Time:         2014-12-02 08:00:59 (GMT-5)
  19. —————————————————————————
  20. + Server: Apache
  21. + robots.txt contains 2 entries which should be manually viewed.
  22. + ETag header found on server, fields: 0x4fad 0x5092bb9bcf9a9
  23. + Allowed HTTP Methods: GET, HEAD, POST, OPTIONS
  24. + /WEB-INF/web.xml: JRUN default file found.
  25. + OSVDB-9392: /userinfo.php?uid=1;: Xoops portal gives detailed error messages including SQL syntax and may allow an exploit.
  26. + OSVDB-3092: /beta/: This might be interesting…
  27. + OSVDB-3092: /test.txt: This might be interesting…
  28. + OSVDB-3233: /netbasic/websinfo.bas: Novell Netware 5.1 contains Novonyx default files which reveal system information. All default files should be removed.
  29. + OSVDB-3092: /tv/: This might be interesting… potential country code (Tuvalu)
  30. /maintenance/: Admin login page/section found.
  31. 11 site(s) hosted on ip 72.52.12.83
  32. Location:   Hollywood,United States
  33. sonypictures.com
  34. d-9.com
  35. thisistheend.com
  36. thesocialnetwork-movie.com
  37. dragontattoo.com
  38. sonypictures.net
  39. sonypicturesanimation.com
  40. entertheunderworld.com
  41. skyfall-movie.com
  42. smurfhappens.com
  43. omnicorp.com
  44. ======================================================================================================
  45. Server:Apache
  46. IP Address:198.212.50.74
  47. Port:443
  48. Hostname:www.sonypictures.com
  49. sonypictures.com        A       5 minutes               198.212.50.74
  50. report for 198.212.50.74
  51. Host is up (0.024s latency).
  52. PORT     STATE    SERVICE
  53. 80/tcp   open     http
  54. 443/tcp  open     https
  55. mail.sonypictures.com   A       5 minutes               209.0.235.15 (US)
  56. test.sonypictures.com   A       5 minutes               64.37.182.123 (San Diego, CA, US)
  57. http://www.sonypictures.com    A       5 minutes               72.52.12.83 (Hollywood, FL, US)
  58. DOMAINS:
  59. http://www.sonypictures.com, sonypictures.com, ultraviolet.sonypictures.com, uv.sonypictures.com,
  60. ultraviolet.sonypictures.co.nz, ultraviolet.sonypictures.com.au
  61. Serial Number:18DAD19E267DE8BB4A2158CDCC6B3B4A
  62. Fingerprint (SHA-1):4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
  63. Serial Number:5B88DA6C7ADA7A593E729363BCB75843
  64. Fingerprint (SHA-1):8AE1D106CACCD3A2B7CBBF0FD8447EF02CB6E869
  65. # robots.txt for SonyPictures.com
  66. User-agent: *
  67. Disallow: /global
  68. Disallow: /homevideo/bluray/ajax
  69. The target site has no DNS wildcard, and the contents of http://sonypictures.com/search differ from the contents of http://www.sonypictures.com
  70. The contents of http://72.52.12.83 differ from the contents of http://www.sonypictures.com
  71. A robots.txt file was found at: “http://www.sonypictures.com/robots.txt&#8221;.
  72. The URL: “http://www.sonypictures.com/&#8221; sent the cookie: “NSC_tpozqjd-83+63+23+94-91=ffffffffc5dc2c5345525d5f4f58455e445a4a423660;path=/;httponly”.
  73. The URL: “http://www.sonypictures.com/&#8221; sent the cookie: “sto-id-20480=KABOAAAKFAAA; Expires=Fri, 29-Nov-2024 14:28:16 GMT; Path=/”.
  74. The URL: “http://www.sonypictures.com/&#8221; returned a response that may contain a “SHA1″ hash. The hash is: “bf433b366f10c888002d617a38d2309abe303d79″
  75. ==================================================================================================================
  76. Cookie: NSC_tpozqjd-83+63+23+94-91=ffffffffc5dc2c5345525d5f4f58455e445a4a423660; sto-id-20480=KFBOAAAKFAAA
  77. crossdomain.xml” file allows access from: “www.sonypictures.com
  78. crossdomain.xml” file allows access from: “flash.sonypictures.com
  79. crossdomain.xml” file allows access from: “secure.sonypictures.com
  80. crossdomain.xml” file allows access from: “www.sonypictures.net
  81. crossdomain.xml” file allows access from: “www.sonypictures.co.uk
  82. crossdomain.xml” file allows access from: “www.sonypictures.com.au
  83. crossdomain.xml” file allows access from: “www.sonypictures.jp
  84. crossdomain.xml” file allows access from: “www.sonywonder.com
  85. crossdomain.xml” file allows access from: “www.wheeloffortune.com
  86. crossdomain.xml” file allows access from: “www.vannastyle.com
  87. crossdomain.xml” file allows access from: “www.jeopardy.com
  88. crossdomain.xml” file allows access from: “www.007.com
  89. crossdomain.xml” file allows access from: “www.battlela.com
  90. crossdomain.xml” file allows access from: “www.district9movie.com
  91. crossdomain.xml” file allows access from: “www.multinationalunited.com
  92. crossdomain.xml” file allows access from: “www.residentevil-movie.com
  93. The mail account: “jarancio@sonypictures.com
  94. The mail account: “alouie@sonypictures.com
  95. The mail account: “bjames@sonypictures.com
  96. The mail account: “amcelroy@sonypictures.com
  97. The mail account: “klee@sonypictures.com
  98. The mail account: “KKim@sonypictures.com
  99. The mail account: “ctewksbury@sonypictures.com
  100. The mail account: “stanimoto@sonypictures.com
  101. The mail account: “nbaleva@sonypictures.com
  102. The mail account: “cpoon@sonypictures.com
  103. The mail account: “bspaulding@sonypictures.com
  104. The mail account: “sbrooks@sonypictures.com
  105. The mail account: “croze@sonypictures.com
  106. The mail account: “richs@sonypictures.com
  107. The mail account: “kwilliams@sonypictures.com
  108. The mail account: “djordan@sonypictures.com
  109. ======================================================================================================================
  110. EXPLOITS:
  111. Server does not use secure renegotiation settings
  112. Site is more vulnerable to Denial of Service (DOS) attacks
  113. Server does not have session resumption enabled
  114. Users may experience slower performance
  115. Server has not enabled HTTP Strict-Transport-Security
  116. Users may be exposed to man-in-the-middle attacks
  117. Server doesn’t prefer ciphers that enable forward secrecy.
  118. Encrypted communications captured today are at risk of being decrypted by an attacker in the future.
  119. Server uses RC4 cipher with modern browsers
  120. More secure ciphers are available for TLS 1.1 and newer
  121. Server is using RC4-based ciphersuites which have known vulnerabilities
  122. Evaluate your client compatibility requirements to determine if you can disable RC4-based ciphersuites
  123. Server configuration does not meet FIPS guidelines
  124. Federal standards for data handling are not being met
  125. Server does not have OCSP stapling configured
  126. Users may receive slower performance and privacy may be reduced
  127. SSL 2.0 Disabled:Pass
  128. SSL 3.0 Disabled:Pass
  129. TLS 1.0 Enabled:Pass
  130. TLS 1.1 Enabled:Pass
  131. TLS 1.2 Enabled:Pass
  132. Weak ciphersuites disabled:Pass
  133. Certificates configured correctly:Pass
  134. Secure renegotiation configured:Fail  <<<<<
  135. Session resumption configured:Fail  <<<<<<
  136. BEAST Vulnerability:Pass
  137. OCSP Stapling:Fail <<<<<<
  138. PCI Compliant:Pass
  139. FIPS Compliant:Fail  <<<<
  140. Forward Secrecy Supported:Fail <<<<<
  141. Heartbleed Vulnerability:Pass
  142. Certificate validation URIs resolve to IPv6 addresses:Fail
  143. Strict Transport Security:Fail  <<<<<
  144. Mixed Content (HTTP and HTTPS):Timed Out <<<<<<
  145. Domain name resolves to IPv4 address:Pass
  146. Domain name resolves to IPv6 address:Fail <<<<<
  147. To Sony ‘ it is dissapointing to see a multi billion dollar Company ‘ have a GRADE F/ website System ?Yes i have Graded you ? i could strip & found more Exploits & Error’s ‘all day long.this Exploitation & Vulnerability Test is 43% ‘ Pull YouR sOcKS uP ‘ oh and “FURY” was a good Movie , you could make a Movie about how Sony got Hacked ‘ i assure you it would be a Box Office HIT .  p.s. you gonna have to take a pay cut & Fire someone in your Computer WEB/Security/ Department ???? ASAP

 

Five Guys Under a Mushroom Cloud

The Douglas AIR-2 “Genie”  was a dumb time-fused, nuclear-tipped, air-launched, solid motor rocket that was to be fired at hordes of incoming Soviet bombers as the descended on American cities.

The Air Force was so pleased with this weapon that they placed an $11.6 million order with Douglas Aircraft in June, 1961. That same year, Douglas also sold a DC-8 to Japan Air Lines.
19 July 1957 – Five at Ground Zero: CTBTO Preparatory Commission.

 

This is it!

Follow

Get every new post delivered to your Inbox.

Join 122 other followers