I'd have to say I'm indifferent on this issue. Both parties involved have gone outside the lines.
Sony, should of had "active" security monitoring. They can afford to pay someone to monitor there security, and there lack of understanding how the breach happened is troubling. With active monitoring the hackers may of still breached the system, but would never of gotten millions of account holders information. The vast amount of information that was compromised make me believe they were at it for days. There are many bad analogies in this thread, and I want to make an acurrate one for the public. Sony has a mansion with a security system that isn't monitored. They posted I hate robbers and think they all should go to (fill in offensive phrase here) all over there entrance. Robbers were offended and broke in stealing all there stuff. Now if they had a guard at the gate, when the robbers slipped by, the guard would of noticed people were carrying stuff out from the mansion and put a stop to it. Sony was just lazy and this happened because they wanted to pinch pennies.
Hacking group has obviously gone to far, but I won't point out a single thing they have done, because I don't condone any hacking.
That all being said, it shows how many companies are vulnerable, and hopefully this whole incidient will increase IT security jobs. I personally work as a IT Manager and its sad to see this type of thing happen, but in the end it can have a positive effect by creating jobs. Its just horrible that it has to come at the expense of so many peoples information being compromised.
Look up the congressional hearing, they might as well have handed it over.
There is nothing to look up as Sony declined the invite... You can look up the report their sent instead and be more specific.
So far Sony acted openly and very fast, great job.
Uhm...no thus far Sony has acted like it always acts: like it's customers are not worth communicating with and quick to try and shift blame from themselves and their own bad decisions. See 'the hackers and the earthquakes and tsunamis, oh my!'
It's beyond pathetic that I have to search around the internet to find out any info about this since SOE's site hasn't changed a bit since last week (and that's on a secondary page even) and all I have gotten is a 'your stuff may have been stolen' email.
Sony, SOE specifically for me, is it's usual inept self.
Played: Asheron's Call(still the best fantasy MMO!), EQ1, EQ2, Vanguard, DAoC, Horizons, City of Heroes/Villians, WoW (crap), LOTORO, D&D Online, Eve, Anarchy Online, and still playing SWG daily.
In the answer to the question, "How did the attack against PSN go down?" it clearly says, "The vulnerability the attacker was able to exploit was known, according to Sony."
That statement clearly shows Sony's shared culpability in this mess and is why they probably should be sued for it.
You want me to pay to play a game I already paid for???
There doesn't seem to be a way to embedd video on this website but here is a link to the press conference
Where Sony's Chief Information officer admits they knew about the vulnerability.
If you don't trust any written sources of information hear it directly from the heads of Sony themself... you might not trust the translator i guess because it's in japanese but you could always use the google translator to verify it isn't a giant conspiracy i suppose.
Skip to about 1:18 on the video to see him actually saying they knew about the vulnerability.
I have seen a lot of people saying that Sony is not communicating with us but they are. Go to eq2wire.com and you can link straight to twitter or facebook either one to their posts and see the update right on their site as well as everytime there is an actual update it is on their playstation site.
I am also sure that they just have oodles of time to spend yacking with us when everyone wants their games up and Sony is already having to pay overtime to get the most complex security system they can get implemented into their systems in as short of time frame as possible. As well as them having to deal with authorities on their backs for answers and everything else. Use some common sense here and give Sony the time needed to get this problem fixed in the fastest timely manner possible and to do that they may not be able to communicate constantly. IMO you guys are asking for them to go above and beyond what any other company would. When they are doing everything within their power to get this taken care of.
The light bulb nor power nor microwave ovens or anything else that was invented was invented overnight and Sony has got a HUGE job on their hands atm to raise the bar on online security. Which I am sure is exactly what Sony is doing because when Sony does something they do it right the first time adn usually better than anyone else.
And no I am not on their pay roll just a very long time costumer who has seen a lot of other companies treat people a lot worse than they do as well as not take something like this for as serious as what it is.
Rome wasn't built in a day either.
O_O and yes I am so sure they have time to e-mail 100,000,000 costumers everday. Especially when Sony can not even directly e-mail us atm at all.
This whole thing has really stunk, and no they have NOT done a very good job communicating. They have my email address, why must I go on a hunt to facebook ect... for information.
This whole thing has really stunk, and no they have NOT done a very good job communicating. They have my email address, why must I go on a hunt to facebook ect... for information.
HOWEVER, Sony also says the hacker(s) exploited a known vulnerability.
Where do you have this information from?
Here is a quote from Sony chief information officer, Shinji Hasejima:
"The vulnerability of the network was a known vulnerability, one known of in the world. But Sony was not aware of it... was not convinced of it. We are now trying to improve aspects of it."
“We thought we had taken enough management and control measures (to ensure the network was secure), but looking back, there might have been room for further enhancement,” Shiro Kambe added, “We have to admit we were not fully sufficient."
HOWEVER, Sony also says the hacker(s) exploited a known vulnerability.
Where do you have this information from?
Here is a quote from Sony chief information officer, Shinji Hasejima:
"The vulnerability of the network was a known vulnerability, one known of in the world. But Sony was not aware of it... was not convinced of it. We are now trying to improve aspects of it."
“We thought we had taken enough management and control measures (to ensure the network was secure), but looking back, there might have been room for further enhancement,” Shiro Kambe added, “We have to admit we were not fully sufficient."
So there you have it. The hackers got in through a known vulnerability. Straight from the mouth of Sonys CIO.
You asked for the information and now you have it. What you chose to do with it is up to you.
Right but Sony was not aware of it, the vulnerability was speculation among the security sectors and Sony was not convinced of it's vulnerability, so they were not aware of it till they got hacked. I know it sounds moronic but it's like having a unsinkable submarine built, your sub was built as unsinkable then you dive 2000 feet and see a small leak and avoid paying any attention to it because you know you have a unsinkable submarine but in fact 10 more feet down the sub blows up because you refused to believe you didn't have the best for the job.
I still don't blame Sony from this, cause what Shiro has said and what was confirmed by the AP and other Asian news sources on Sony. The vulnerability was so small only a handful of people known about it and Sony was not aware of it till it was to late. At least that is what I have read so far.
Sony was just as much a victim of this breach as any of Sony's online patron's. It was not caused by Sony. Sony is not the antagonist or criminal in th is case.
If someone breaks into one's home and steals the goods, is the homeowner (victim) partialy to blame because they may not have forseen such a break-in and therefore did not install a Brinks security system beforehand?
One might argue that since Sony had information intrusted to them, that Sony should have prevented this intrusion to protect that information. It is not the best argument however, since criminals work to break in and infiltrate any system currently in operation, and it still remains that Sony's online systems have been going on for many years without breach. They are not the first to be breached and sadly, may not be the last.
Should they have had better forsight into protecting the system? I dont know...I dont know the degree to which Sony had already invested in such protection. But I do know that even though Sony may have underestimated the abilites of a hacker to breach the system, the systems as they were could not have been that easy to get into...hence the FBI and such getting involved. This tells me that the hacker did something rather extraordinary, which implies the relative security of Sony's systems in the first place.
The fact is, that the information obtained, is only supposed, and many of us may not fall victim to this hacking incident. The only information that really matters is the credit card information, and that is not even suspected to have been obtained, (at least in the US). Names, addresses and phone numbers...heck, that can be gotten through a phone book. Birthdays? Since when has that been secret online these days?
What happened to Sony is not criminal on Sony's part.
Sony was just as much a victim of this breach as any of Sony's online patron's. It was not caused by Sony. Sony is not the antagonist or criminal in th is case.
If someone breaks into one's home and steals the goods, is the homeowner (victim) partialy to blame because they may not have forseen such a break-in and therefore did not install a Brinks security system beforehand?
One might argue that since Sony had information intrusted to them, that Sony should have prevented this intrusion to protect that information. It is not the best argument however, since criminals work to break in and infiltrate any system currently in operation, and it still remains that Sony's online systems have been going on for many years without breach. They are not the first to be breached and sadly, may not be the last.
Should they have had better forsight into protecting the system? I dont know...I dont know the degree to which Sony had already invested in such protection. But I do know that even though Sony may have underestimated the abilites of a hacker to breach the system, the systems as they were could not have been that easy to get into...hence the FBI and such getting involved. This tells me that the hacker did something rather extraordinary, which implies the relative security of Sony's systems in the first place.
The fact is, that the information obtained, is only supposed, and many of us may not fall victim to this hacking incident. The only information that really matters is the credit card information, and that is not even suspected to have been obtained, (at least in the US). Names, addresses and phone numbers...heck, that can be gotten through a phone book. Birthdays? Since when has that been secret online these days?
What happened to Sony is not criminal on Sony's part.
I don't think anybody is arguing Sony exec's should be thrown in prison on criminal charges
most people are just at different ends of the spectrum on how much civil liability Sony should face... if any actual damages occur or just pay for insurance enrollment as they have been.
Right but Sony was not aware of it, the vulnerability was speculation among the security sectors and Sony was not convinced of it's vulnerability, so they were not aware of it till they got hacked. I know it sounds moronic but it's like having a unsinkable submarine built, your sub was built as unsinkable then you dive 2000 feet and see a small leak and avoid paying any attention to it because you know you have a unsinkable submarine but in fact 10 more feet down the sub blows up because you refused to believe you didn't have the best for the job.
I still don't blame Sony from this, cause what Shiro has said and what was confirmed by the AP and other Asian news sources on Sony. The vulnerability was so small only a handful of people known about it and Sony was not aware of it till it was to late. At least that is what I have read so far.
I posted that, because people (Gdemami) keep saying that it was not a known vulnerability that was exploited.
That exploit wasn't some small unknown secret hole in apache servers. All reports so far point to Sony running apache servers that were exposed to the internet without proper A) patching and firewalls.
For all the talk about doing as much as possible, installing a security patch is step zero. It makes any other claims hard to believe when that isn't even done.
Here is someone talking about the vulnerabilities back in February. He talks about probing the network and discovering many unpatched servers, lack of proper insulation from outside attack (firewall/vpn), etc. LINK
Honestly if Sony was keeping their security up to date and not half-assing it, then they wouldn't need to have taken their service offline for so long and need to rebuild it from the ground up. That alone indicates that things were a complete mess.
Right but Sony was not aware of it, the vulnerability was speculation among the security sectors and Sony was not convinced of it's vulnerability, so they were not aware of it till they got hacked. I know it sounds moronic but it's like having a unsinkable submarine built, your sub was built as unsinkable then you dive 2000 feet and see a small leak and avoid paying any attention to it because you know you have a unsinkable submarine but in fact 10 more feet down the sub blows up because you refused to believe you didn't have the best for the job.
I still don't blame Sony from this, cause what Shiro has said and what was confirmed by the AP and other Asian news sources on Sony. The vulnerability was so small only a handful of people known about it and Sony was not aware of it till it was to late. At least that is what I have read so far.
I posted that, because people (Gdemami) keep saying that it was not a known vulnerability that was exploited.
That exploit wasn't some small unknown secret hole in apache servers. All reports so far point to Sony running apache servers that were exposed to the internet without proper A) patching and firewalls.
For all the talk about doing as much as possible, installing a security patch is step zero. It makes any other claims hard to believe when that isn't even done.
Here is someone talking about the vulnerabilities back in February. He talks about probing the network and discovering many unpatched servers, lack of proper insulation from outside attack (firewall/vpn), etc. LINK
Honestly if Sony was keeping their security up to date and not half-assing it, then they wouldn't need to have taken their service offline for so long and need to rebuild it from the ground up. That alone indicates that things were a complete mess.
If by Reports you mean rumours then you are half right. All this talk of unpatched servers is complete crap & media frenzy of people repeating rumours as gospel.
You can read the whole thing over on bitmob but a particularly angry PSN user checked into this and well here is a quote:
"As it turns out, it is fairly simple to use Google's webcache to show what version of Apache the PSN servers were using back in March. According to a page request archived by Google on March 23, 2011, at that time Sony was running version 2.2.17 of the software. You can see from Apache's website that 2.2.17 is the latest stable version of the webserver available even today. This is a direct repudiation of the claims being made that Sony's webservers were out of date by as much as five years."
So with that in mind lets all see if we can't stop propagating the same rumour that has been proven to be false.....
I am as angry about the outage as any PS3 owner but the ammount of "so called experts" on websites & forums accross the internet right now talking out their arses is out of control.
This whole thing has really stunk, and no they have NOT done a very good job communicating. They have my email address, why must I go on a hunt to facebook ect... for information.
Bye, Bye Everquest and Hello RIFT!!!!
Good luck with that. Oh noes my MMO comapny was hacked and sucks at giving information out, lets go to another MMo company that was hacked and sucks at giving information out.
It is the litigious nature of the people pointing fingers at Sony that I am addressing my arguments. Sony is not criminal, yet somehow Sony is still being held accountable for the damages done by the incident via possible class-action lawsuites etc. In short, some folks out there want to punish Sony, as if Sony themselves did something wrong, or unlawful.
If we knew the name of the hacker/s, who then would get the blame for any damages done...(and as of yet I am not aware of any). Would it still be Sony?...or is Sony simply the convenient source for restitution in the absence of the real instigator of the potential problems incurred by this breach?
Factbox: Sony breach latest in string of cyber attacks
Tue, Apr 26 18:34 PM EDT
BOSTON (Reuters) - An unauthorized person stole names, addresses and possibly credit card data belonging to 77 million account holders on Sony's PlayStation Network in what could be one of the largest-ever Internet security breaches.
Internet security experts believe that these systems were breached by hackers who persuaded unsuspecting system administrators to load malicious software onto their machines. Here are some other large Internet security breaches:
April 2011 -- Online marketer Epsilon, which sends billions of emails a year for clients that represent a "Who's Who" of major banks and retailers, reports a breach of its system. It says that some clients' customer names and email addresses were stolen.
2010 -- Security researchers identify a computer worm dubbed Stuxnet that they speculate was designed to breach a system used to refine uranium in Iran at that nation's Natanz enrichment plant.
2010 -- Google Inc says that it was the victim of a cyber attack on its operations in China that resulted in the theft of its intellectual property. Google said that the networks of more than 20 other companies had been infiltrated.
2009 -- Hacker Albert Gonzalez pleads guilty to stealing tens of millions of payment card numbers by breaking into corporate computer systems from businesses including payment card processor Heartland Payment Systems, TJX Company Inc, 7-Eleven Inc and Target Co
Pretty much says it all right there. If you are going to blame Sony had better blame all of these other retailers as well.
I wouldn't say I blame them.. but I do think they should have to pay for at least a portion of any real damages that might have been done.
Not damages like "i can't sleep at night because somebody has my name" or I had to cancel my credit card.. but anything that was actually stolen or gained illicitly.
Forcing companies to a standard like that would make them want to reveal information about hacks quickly.. and actually hire competent people who can monitor their systems and try to keep to up to date.
Honestly if Sony was keeping their security up to date and not half-assing it, then they wouldn't need to have taken their service offline for so long and need to rebuild it from the ground up. That alone indicates that things were a complete mess.
There are just too many rumors flying around about this, what's worse is they're being used as facts or at least seemingly so. Here's a few reports that knock almost all of them down.
Believe what you want of course, but at least take in all info before making such broad accusations.
I am as disgruntled as the next guy when it comes to SOE/Sony, but I hate false information even more.
Passwords weren't in Plain text.. They were hashed.
As far as known vulnerabilities go, maybe they're guilty of ignoring them, they basically say as much. They don't exactly say what those vulnerabilities were though, or whose software they were apart of, at least that I've seen or read. Say they were on Apache's end, is SOny responsible for that?
For every minute you are angry , you lose 60 seconds of happiness."-Emerson
Comments
I'd have to say I'm indifferent on this issue. Both parties involved have gone outside the lines.
Sony, should of had "active" security monitoring. They can afford to pay someone to monitor there security, and there lack of understanding how the breach happened is troubling. With active monitoring the hackers may of still breached the system, but would never of gotten millions of account holders information. The vast amount of information that was compromised make me believe they were at it for days. There are many bad analogies in this thread, and I want to make an acurrate one for the public. Sony has a mansion with a security system that isn't monitored. They posted I hate robbers and think they all should go to (fill in offensive phrase here) all over there entrance. Robbers were offended and broke in stealing all there stuff. Now if they had a guard at the gate, when the robbers slipped by, the guard would of noticed people were carrying stuff out from the mansion and put a stop to it. Sony was just lazy and this happened because they wanted to pinch pennies.
Hacking group has obviously gone to far, but I won't point out a single thing they have done, because I don't condone any hacking.
That all being said, it shows how many companies are vulnerable, and hopefully this whole incidient will increase IT security jobs. I personally work as a IT Manager and its sad to see this type of thing happen, but in the end it can have a positive effect by creating jobs. Its just horrible that it has to come at the expense of so many peoples information being compromised.
Uhm...no thus far Sony has acted like it always acts: like it's customers are not worth communicating with and quick to try and shift blame from themselves and their own bad decisions. See 'the hackers and the earthquakes and tsunamis, oh my!'
It's beyond pathetic that I have to search around the internet to find out any info about this since SOE's site hasn't changed a bit since last week (and that's on a secondary page even) and all I have gotten is a 'your stuff may have been stolen' email.
Sony, SOE specifically for me, is it's usual inept self.
Played: Asheron's Call(still the best fantasy MMO!), EQ1, EQ2, Vanguard, DAoC, Horizons, City of Heroes/Villians, WoW (crap), LOTORO, D&D Online, Eve, Anarchy Online, and still playing SWG daily.
It is right in the article I linked to in my original post about it. Here it is again:
http://news.cnet.com/8301-31021_3-20058950-260.html?tag=contentMain;contentBody;5n
In the answer to the question, "How did the attack against PSN go down?" it clearly says, "The vulnerability the attacker was able to exploit was known, according to Sony."
That statement clearly shows Sony's shared culpability in this mess and is why they probably should be sued for it.
You want me to pay to play a game I already paid for???
Be afraid.....The dragons are HERE!
There doesn't seem to be a way to embedd video on this website but here is a link to the press conference
Where Sony's Chief Information officer admits they knew about the vulnerability.
If you don't trust any written sources of information hear it directly from the heads of Sony themself... you might not trust the translator i guess because it's in japanese but you could always use the google translator to verify it isn't a giant conspiracy i suppose.
Skip to about 1:18 on the video to see him actually saying they knew about the vulnerability.
http://www.youtube.com/watch?v=0c4ZEww766E
Thanks for the links but I already checked it discussed few pages back. Thanks again ;-)
I have seen a lot of people saying that Sony is not communicating with us but they are. Go to eq2wire.com and you can link straight to twitter or facebook either one to their posts and see the update right on their site as well as everytime there is an actual update it is on their playstation site.
I am also sure that they just have oodles of time to spend yacking with us when everyone wants their games up and Sony is already having to pay overtime to get the most complex security system they can get implemented into their systems in as short of time frame as possible. As well as them having to deal with authorities on their backs for answers and everything else. Use some common sense here and give Sony the time needed to get this problem fixed in the fastest timely manner possible and to do that they may not be able to communicate constantly. IMO you guys are asking for them to go above and beyond what any other company would. When they are doing everything within their power to get this taken care of.
The light bulb nor power nor microwave ovens or anything else that was invented was invented overnight and Sony has got a HUGE job on their hands atm to raise the bar on online security. Which I am sure is exactly what Sony is doing because when Sony does something they do it right the first time adn usually better than anyone else.
And no I am not on their pay roll just a very long time costumer who has seen a lot of other companies treat people a lot worse than they do as well as not take something like this for as serious as what it is.
Rome wasn't built in a day either.
O_O and yes I am so sure they have time to e-mail 100,000,000 costumers everday. Especially when Sony can not even directly e-mail us atm at all.
This whole thing has really stunk, and no they have NOT done a very good job communicating. They have my email address, why must I go on a hunt to facebook ect... for information.
Bye, Bye Everquest and Hello RIFT!!!!
Life is Short, Read a Book.
Your going to be disappointed....
Here is a quote from Sony chief information officer, Shinji Hasejima:
"The vulnerability of the network was a known vulnerability, one known of in the world. But Sony was not aware of it... was not convinced of it. We are now trying to improve aspects of it."
“We thought we had taken enough management and control measures (to ensure the network was secure), but looking back, there might have been room for further enhancement,” Shiro Kambe added, “We have to admit we were not fully sufficient."
Source
So there you have it. The hackers got in through a known vulnerability. Straight from the mouth of Sonys CIO.
You asked for the information and now you have it. What you chose to do with it is up to you.
Yep.. but a lot of these people don't trust written sources either for some reason..
here is a video of the sony CIO actually saying the system had a known vulnerability that was exploited.
http://www.youtube.com/watch?v=0c4ZEww766E
Right but Sony was not aware of it, the vulnerability was speculation among the security sectors and Sony was not convinced of it's vulnerability, so they were not aware of it till they got hacked. I know it sounds moronic but it's like having a unsinkable submarine built, your sub was built as unsinkable then you dive 2000 feet and see a small leak and avoid paying any attention to it because you know you have a unsinkable submarine but in fact 10 more feet down the sub blows up because you refused to believe you didn't have the best for the job.
I still don't blame Sony from this, cause what Shiro has said and what was confirmed by the AP and other Asian news sources on Sony. The vulnerability was so small only a handful of people known about it and Sony was not aware of it till it was to late. At least that is what I have read so far.
Sony was just as much a victim of this breach as any of Sony's online patron's. It was not caused by Sony. Sony is not the antagonist or criminal in th is case.
If someone breaks into one's home and steals the goods, is the homeowner (victim) partialy to blame because they may not have forseen such a break-in and therefore did not install a Brinks security system beforehand?
One might argue that since Sony had information intrusted to them, that Sony should have prevented this intrusion to protect that information. It is not the best argument however, since criminals work to break in and infiltrate any system currently in operation, and it still remains that Sony's online systems have been going on for many years without breach. They are not the first to be breached and sadly, may not be the last.
Should they have had better forsight into protecting the system? I dont know...I dont know the degree to which Sony had already invested in such protection. But I do know that even though Sony may have underestimated the abilites of a hacker to breach the system, the systems as they were could not have been that easy to get into...hence the FBI and such getting involved. This tells me that the hacker did something rather extraordinary, which implies the relative security of Sony's systems in the first place.
The fact is, that the information obtained, is only supposed, and many of us may not fall victim to this hacking incident. The only information that really matters is the credit card information, and that is not even suspected to have been obtained, (at least in the US). Names, addresses and phone numbers...heck, that can be gotten through a phone book. Birthdays? Since when has that been secret online these days?
What happened to Sony is not criminal on Sony's part.
I don't think anybody is arguing Sony exec's should be thrown in prison on criminal charges
most people are just at different ends of the spectrum on how much civil liability Sony should face... if any actual damages occur or just pay for insurance enrollment as they have been.
Lol no. Its natural selection
I posted that, because people (Gdemami) keep saying that it was not a known vulnerability that was exploited.
That exploit wasn't some small unknown secret hole in apache servers. All reports so far point to Sony running apache servers that were exposed to the internet without proper A) patching and
firewalls.
For all the talk about doing as much as possible, installing a security patch is step zero. It makes any other claims hard to believe when that isn't even done.
Here is someone talking about the vulnerabilities back in February. He talks about probing the network and discovering many unpatched servers, lack of proper insulation from outside attack (firewall/vpn), etc. LINK
Honestly if Sony was keeping their security up to date and not half-assing it, then they wouldn't need to have taken their service offline for so long and need to rebuild it from the ground up. That alone indicates that things were a complete mess.
Poor Sony..... oh wait F#$k Sony I want to be able to Play EA Sports MMA online FFS !
If by Reports you mean rumours then you are half right. All this talk of unpatched servers is complete crap & media frenzy of people repeating rumours as gospel.
You can read the whole thing over on bitmob but a particularly angry PSN user checked into this and well here is a quote:
"As it turns out, it is fairly simple to use Google's webcache to show what version of Apache the PSN servers were using back in March. According to a page request archived by Google on March 23, 2011, at that time Sony was running version 2.2.17 of the software. You can see from Apache's website that 2.2.17 is the latest stable version of the webserver available even today. This is a direct repudiation of the claims being made that Sony's webservers were out of date by as much as five years."
So with that in mind lets all see if we can't stop propagating the same rumour that has been proven to be false.....
I am as angry about the outage as any PS3 owner but the ammount of "so called experts" on websites & forums accross the internet right now talking out their arses is out of control.
Good luck with that. Oh noes my MMO comapny was hacked and sucks at giving information out, lets go to another MMo company that was hacked and sucks at giving information out.
It is the litigious nature of the people pointing fingers at Sony that I am addressing my arguments. Sony is not criminal, yet somehow Sony is still being held accountable for the damages done by the incident via possible class-action lawsuites etc. In short, some folks out there want to punish Sony, as if Sony themselves did something wrong, or unlawful.
If we knew the name of the hacker/s, who then would get the blame for any damages done...(and as of yet I am not aware of any). Would it still be Sony?...or is Sony simply the convenient source for restitution in the absence of the real instigator of the potential problems incurred by this breach?
Oh shit was MMORPG.com Hacked?
I see major errors on the site
Philosophy of MMO Game Design
Factbox: Sony breach latest in string of cyber attacks
Tue, Apr 26 18:34 PM EDT
BOSTON (Reuters) - An unauthorized person stole names, addresses and possibly credit card data belonging to 77 million account holders on Sony's PlayStation Network in what could be one of the largest-ever Internet security breaches.
Internet security experts believe that these systems were breached by hackers who persuaded unsuspecting system administrators to load malicious software onto their machines. Here are some other large Internet security breaches:
April 2011 -- Online marketer Epsilon, which sends billions of emails a year for clients that represent a "Who's Who" of major banks and retailers, reports a breach of its system. It says that some clients' customer names and email addresses were stolen.
2010 -- Security researchers identify a computer worm dubbed Stuxnet that they speculate was designed to breach a system used to refine uranium in Iran at that nation's Natanz enrichment plant.
2010 -- Google Inc says that it was the victim of a cyber attack on its operations in China that resulted in the theft of its intellectual property. Google said that the networks of more than 20 other companies had been infiltrated.
2009 -- Hacker Albert Gonzalez pleads guilty to stealing tens of millions of payment card numbers by breaking into corporate computer systems from businesses including payment card processor Heartland Payment Systems, TJX Company Inc, 7-Eleven Inc and Target Co
Pretty much says it all right there. If you are going to blame Sony had better blame all of these other retailers as well.
I wouldn't say I blame them.. but I do think they should have to pay for at least a portion of any real damages that might have been done.
Not damages like "i can't sleep at night because somebody has my name" or I had to cancel my credit card.. but anything that was actually stolen or gained illicitly.
Forcing companies to a standard like that would make them want to reveal information about hacks quickly.. and actually hire competent people who can monitor their systems and try to keep to up to date.
There are just too many rumors flying around about this, what's worse is they're being used as facts or at least seemingly so. Here's a few reports that knock almost all of them down.
Believe what you want of course, but at least take in all info before making such broad accusations.
I am as disgruntled as the next guy when it comes to SOE/Sony, but I hate false information even more.
Passwords weren't in Plain text.. They were hashed.
http://pc.ign.com/articles/116/1165672p1.html
From Sony we had Fire-walls as well as up to date security.
http://www.gamestooge.com/2011/05/10/sony-our-servers-were-up-to-date/
An investigation into it...
http://www.joystiq.com/2011/05/09/report-sonys-psn-servers-were-up-to-date/
As far as known vulnerabilities go, maybe they're guilty of ignoring them, they basically say as much. They don't exactly say what those vulnerabilities were though, or whose software they were apart of, at least that I've seen or read. Say they were on Apache's end, is SOny responsible for that?
For every minute you are angry , you lose 60 seconds of happiness."-Emerson
I have a question. If these people could hack Sony, wouldnt it be a piece of cake to hack Blizzard?
Philosophy of MMO Game Design
Wouldn't that depend on the level of security Blizzard uses? Or the motive behind why Sony was hacked?
For every minute you are angry , you lose 60 seconds of happiness."-Emerson