You guys amuse me other then a minor settlement nothing will happen to sony. You think the public got to sue the airline for allowing its plane to be hijacked NO!!! This is considered actually a act of terrorism on the corporate level.
Actually, if sony is found negligent they are wide open for a lawsuit.
As long as sony can show that they did their best within reason and industry standard to protect data they are fine. However, if they didnt keep their systems up to date, left known security vulnerabilities in, and in general were negligent then they are boned.
This isnt the same as the airline terrorist attacks. This would be more like Osama Bin laden sneaking in through the backdoor after there was an announcement that the back door wasnt secured and the airline had plenty of time to secure it. In that instance it isnt an accident its negligence.
I wonder if the hackers would back down if Sony stopped chasing the scalp of the guy who cracked PS3? They can't do it without losing face but they are ruined by these attacks either. Lose - lose. If Sony bends to the will of the Anynomous, I don't know if it is a good thing or bad. Good, I guess... The little guy wins, the big corporation loses.
Originally posted by Pyrostasis Systems can be breached, but this was a colossal screw up of epic proportions. Sony allowed a hacker to penetrate three layers of their security and then connect to their backend database long enough to yank out millions of user data. Thats a lot of data... and would be considerable size.The screw up is either A letting them stay connected to the database for that period of time yanking that size of data with out a red flag going up and killing it or B letting tons of computers bypass the three layers of security multiple times yanking the data. I only recently got my security+ cert... but even as a security novice there are so many stupid, negligent, and flat out incompetent mistakes made in this ordeal it just boggles my mind.
As a fresh owner of the cert and I guess without actual experience in the field and absolutely no idea about Sony network security measures...you are not provided good position to criticize, unless you want to sound like a douchebag.
Sony said in the letter to congress committee that the second intrusion into their system used system software vulnerability which may petty much screw up all your IDS profile...
Sadly no more details will be revealed for a while, if ever, because the attack is still under FBI investigation.
Systems can be breached, but this was a colossal screw up of epic proportions. Sony allowed a hacker to penetrate three layers of their security and then connect to their backend database long enough to yank out millions of user data. Thats a lot of data... and would be considerable size.
The screw up is either A letting them stay connected to the database for that period of time yanking that size of data with out a red flag going up and killing it or B letting tons of computers bypass the three layers of security multiple times yanking the data. I only recently got my security+ cert... but even as a security novice there are so many stupid, negligent, and flat out incompetent mistakes made in this ordeal it just boggles my mind.
As a fresh owner of the cert and I guess without actual experience in the field and absolutely no idea about Sony network security measures...you are not provided good position to criticize, unless you want to sound like a douchebag.
Sony said in the letter to congress committee that the second intrusion into their system used system software vulnerability which may petty much screw up all your IDS profile...
Sadly no more details will be revealed for a while, if ever, because the attack is still under FBI investigation.
Basics are basics.
Vulnerabilities that are known should be patched. From what I have heard their servers were running out dated software with gaping holes. This is basics.
A baseline or any type of monitoring should have shown that there was "Abnormal" activity going on, instead it took days for the red flag that was apparently raised to get noticed.
Either way, there were major mistakes made, and quite possibliy negligence.
I wonder if the hackers would back down if Sony stopped chasing the scalp of the guy who cracked PS3? They can't do it without losing face but they are ruined by these attacks either. Lose - lose. If Sony bends to the will of the Anynomous, I don't know if it is a good thing or bad. Good, I guess... The little guy wins, the big corporation loses.
the only winning scenario for sony is to track down the anonymous and kill them all brutally and publicly, with the fear of real retaliation the cyber bullying would end right fast.
If I find out that any information of mine is leaked out because of sonys failed security I will personally go after them with any and every legal resources I can, and I doubt that many people will ever trust a sony product again?
Failed Security, I wish sony did not take such as a joke, and I really feel that this is an inside JOB, they really need to check all their servers for a virus, maybe even revert all Data on their servers a few weeks piror to anything going on, and they need to check all their hardware for Servers on sticks and back doors used by these hackers like srsly before it is too late.
So what Anon DDOS their servers, but yet someone decided to get into their servers for the Lulz and hack their systems and all informatino of its customers I call FAIL to sony.
I bet that even my own security on my desktop is better than what sony had lol.
Ok I pretty much despise SOE, but how they are responsible for the actions of criminals exactly? That's like saying the bank teller is responsible for the hold-up. Stopping to think things through is a good thing sometimes.
If I find out that any information of mine is leaked out because of sonys failed security I will personally go after them with any and every legal resources I can, and I doubt that many people will ever trust a sony product again?
Failed Security, I wish sony did not take such as a joke, and I really feel that this is an inside JOB, they really need to check all their servers for a virus, maybe even revert all Data on their servers a few weeks piror to anything going on, and they need to check all their hardware for Servers on sticks and back doors used by these hackers like srsly before it is too late.
So what Anon DDOS their servers, but yet someone decided to get into their servers for the Lulz and hack their systems and all informatino of its customers I call FAIL to sony.
I bet that even my own security on my desktop is better than what sony had lol.
Ok I pretty much despise SOE, but how they are responsible for the actions of criminals exactly? That's like saying the bank teller is responsible for the hold-up. Stopping to think things through is a good thing sometimes.
They are responsible because the law says they are.
Being a corporation means they have more responsibilities than an individual might have.
I'm of course using the term responsible / liable in the same terms. Although liable is probably a better fit than the word responsible.
Responsible can mean they caused it to happen. I think most people are just shortening their sentences.
A better way to put it might be they are responsible for the outcome of the attack or just use the word liable instead
I hope those effin dbags get caught and get put in prison for the rest of their lives, if I could get my hands on them I would literally blow their brains out. Why? Because they are costing people money and taking their enjoyment away. I want to play my damn PS3 online and don't want to play paperweight 360 to play a game online. (I do game on PC as well but that doesn't cut it alone for me.) Costing us money because we paid for our systems and we can't even use them as intended and making online games only unplayable.
Originally posted by braingame007 I hope those effin dbags get caught and get put in prison for the rest of their lives, if I could get my hands on them I would literally blow their brains out. Why? Because they are costing people money and taking their enjoyment away. I want to play my damn PS3 online and don't want to play paperweight 360 to play a game online. (I do game on PC as well but that doesn't cut it alone for me.) Costing us money because we paid for our systems and we can't even use them as intended and making online games only unplayable.
The nature of the attack is odd.
I understand DDOS attacks because they are sort of easy to do but when you put enough effort to break into a system just to damage the customers, what is actually a target and purpose of your attack?
Was the attack done solely for the personal data stored and not Sony itself? Isn't that how terrorists operate - targeting innocent people to satisfy your demands?
So lets see, the hackers proceed to secretly sneak and and steal a bunch of private info without anyone knowing it was coming.
But this time they were talking about it in some hacker chat/bloq or whatever? Not likely. This is a spoof. Fact is, if it were true they would reschedule for sure now because their detection will be that much easier if the operators knew when it was coming. Internet rumors are all true.
I hope those effin dbags get caught and get put in prison for the rest of their lives, if I could get my hands on them I would literally blow their brains out. Why? Because they are costing people money and taking their enjoyment away. I want to play my damn PS3 online and don't want to play paperweight 360 to play a game online. (I do game on PC as well but that doesn't cut it alone for me.) Costing us money because we paid for our systems and we can't even use them as intended and making online games only unplayable.
The nature of the attack is odd.
I understand DDOS attacks because they are sort of easy to do but when you put enough effort to break into a system just to damage the customers, what is actually a target and purpose of your attack?
Was the attack done solely for the personal data stored and not Sony itself? Isn't that how terrorists operate - targeting innocent people to satisfy your demands?
Are you drunk?
This has nothing to do with terrorism or "cyber justice" ... its just some people stealing credit cards for personal gain.
They didn't hand over our personal info, they didn't sell our personal info. The information was ILLEGALLY stolen from them.
The thing is, Sony is completely responsible for the secure storage of that data, and the fact that they failed to adequately secure the aforementioned data shows gross negligence on the part of the company.
It doesn't matter how a third party aquired the data, the fact that Sony couldn't secure it is the issue.
Originally posted by jado818 This has nothing to do with terrorism or "cyber justice" ... its just some people stealing credit cards for personal gain.
I am just questioning the motives behind the attack. The credit card data theft was minimal though...
If I find out that any information of mine is leaked out because of sonys failed security I will personally go after them with any and every legal resources I can, and I doubt that many people will ever trust a sony product again?
Failed Security, I wish sony did not take such as a joke, and I really feel that this is an inside JOB, they really need to check all their servers for a virus, maybe even revert all Data on their servers a few weeks piror to anything going on, and they need to check all their hardware for Servers on sticks and back doors used by these hackers like srsly before it is too late.
So what Anon DDOS their servers, but yet someone decided to get into their servers for the Lulz and hack their systems and all informatino of its customers I call FAIL to sony.
I bet that even my own security on my desktop is better than what sony had lol.
Ok I pretty much despise SOE, but how they are responsible for the actions of criminals exactly? That's like saying the bank teller is responsible for the hold-up. Stopping to think things through is a good thing sometimes.
They are responsible because by convention, breakins of this scale don't happen. Dozens of large scale companies with equivalent amounts of personal information are attacked day-in and day-out. It isn't like a bunch of people were sitting around one day saying "You know, all these corporations have stacks of confidential PI is just sitting on these insecure servers, yet nobody ever takes advantage of that. Let's go pick a random one and break it." The reality is that every large company of note is under almost constant barrage by people looking for security holes, yet how often do you hear about massive data theft?
That infrequency sets a legal trend that basically states that with proper precautions in place, and some vigilance, this sort of thing won't happen. The intent, justifications, or degrees of success or failure of the hackers are irrelevant to the question of Sony's responsibility. It is the way the law works.
If it didn't work that way, you can be damn sure that data thefts of this magnitude would happen a lot more often. Corporations don't care about your livelihood, despite the fact that some people around here are of the completely unrealistic belief that they share some supranatural bond with Sony, simply because they made a game that the person enjoys. No, you are just another random dollar sign with feet to them.
Oh, and the whole bank thing isn't a proper analogy. Banks aren't held responsible for robberies because the FDIC instantly restores any amount of money stolen from a bank (which is becoming increasingly less, hard currency is a fading trend). Bank customers aren't harmed by bank robberies anymore, it's been that way since the 30s. *There is no equivalent insurance corporation for 70some-odd million cases of probable identity theft. Nobody can bail out a failure of that magnitude, it is left up to lawsuits to seek compensation.
Originally posted by twodayslate That infrequency sets a legal trend that basically states that with proper precautions in place, and some vigilance, this sort of thing won't happen.
If that was true, it would mean that there is 100% breach proof security system, which is highly unlikely.
As far as what I could get sony for right now, a couple of days ago in another game totally unrelated to sony I got a notice saying that sony had been hacked, I was like big deal, and then I find out in my email days later after my information had been compromised that sony themselves did not tell me the moment my information was compromised, nor did they protect my identity or anything with encrypted information.
This information was also clearly accessable by any employee by sony, and the fact is that if a hacker could pull this off unless it was an inside job is that information of anyones could be leaked really easily based on all the news reports and their failure to keep their security, and apache updated properly which is what was said in the last news report I saw.
Without being personal or offensive but it is your ignorance on the matter only.
Encryption is not an answer and people bringing this up have no idea how encryption works. It is extremely complicated nor to say impossible to encrypt a database like this.
To encrypt any data, you need to a way to encrypt it. For this purpose you use a key. The problem is though, more encryption keys you hand out, less efficient the encryption will be.
It is like having only single copy of the keys to your doors. You stand at the front doors every morning, let everyone in and then in the afternoon you let everyone out. That's fine. The problem comes when you will be handing keys to from the front doors to everyone in the building, resulting in hundreds of copies flying around.
More keys you hand out, easier for unauthorized entity is to get one.
It is simplified example and does not take into account other numerous related issues, but that should give you a picture what the issue with encryption is.
Also, I am not saying it is impossible to find a solution, I am not a security expert, but I say that it isn't as simple as you think. I do believe that this will kick off small revolution in data security and e-commerce because those issues are serious these days and new security methods will need to be developed.
Saying that your personal information was 'clearly accessable by any employee by sony' is just trolling because you do not have anything to back up your claim and the statement as such is simply ridiculous.
If there was software not patched up to date solely due Sonys negligence is speculation only and even then, there is no evidence that patching would prevent the intrusion. Yet to say, Sony explicitly does not ensure your personal information safety in their EULA.
This is exactly my thought when I read that the doctor testified in a court of law what kind ot security system that Sony was using when he NEVER saw it himself and was testifying pure hearsay off of some thread that was online....
All I have to say to the hackers out there and I hope you see this is KNOCK IT OFF!!!!! You are not only affecting Sony you are affecting 102,000,000 people and we are getting madder and madder and you had better watch out because if someone else doesn't catch you I guarantee before long there will be entire linch mobs ready to hunt you down one way or another themselves!!!!!
This is why I wonder if this attack was only meant to get back at Sony I don't think it was because supposedly now they are threatening to go live with our information????? This is not a personal attack on Sony it is an attack on Sony and all of us who's info got out as well. They did not just threaten to hack Sony again. They threatened to somehow get online and expose our information.
Again, believing what you want to believe. Look up how this country works, you might be surprised.
This isn't about believe, it is about ill logic of your arguments. It simply cannot work the way you say.
Uh yeah, I live in this country and it does work that way.
See, your problem is you keep looking for logic in law, a system that is designed by a government. An entity which, by definition, is incapable of designing anything logical. Ask any American, this government makes no sense.
If I find out that any information of mine is leaked out because of sonys failed security I will personally go after them with any and every legal resources I can, and I doubt that many people will ever trust a sony product again?
Failed Security, I wish sony did not take such as a joke, and I really feel that this is an inside JOB, they really need to check all their servers for a virus, maybe even revert all Data on their servers a few weeks piror to anything going on, and they need to check all their hardware for Servers on sticks and back doors used by these hackers like srsly before it is too late.
So what Anon DDOS their servers, but yet someone decided to get into their servers for the Lulz and hack their systems and all informatino of its customers I call FAIL to sony.
I bet that even my own security on my desktop is better than what sony had lol.
Ok I pretty much despise SOE, but how they are responsible for the actions of criminals exactly? That's like saying the bank teller is responsible for the hold-up. Stopping to think things through is a good thing sometimes.
They are responsible because by convention, breakins of this scale don't happen. Dozens of large scale companies with equivalent amounts of personal information are attacked day-in and day-out. It isn't like a bunch of people were sitting around one day saying "You know, all these corporations have stacks of confidential PI is just sitting on these insecure servers, yet nobody ever takes advantage of that. Let's go pick a random one and break it." The reality is that every large company of note is under almost constant barrage by people looking for security holes, yet how often do you hear about massive data theft?
That infrequency sets a legal trend that basically states that with proper precautions in place, and some vigilance, this sort of thing won't happen. The intent, justifications, or degrees of success or failure of the hackers are irrelevant to the question of Sony's responsibility. It is the way the law works.
If it didn't work that way, you can be damn sure that data thefts of this magnitude would happen a lot more often. Corporations don't care about your livelihood, despite the fact that some people around here are of the completely unrealistic belief that they share some supranatural bond with Sony, simply because they made a game that the person enjoys. No, you are just another random dollar sign with feet to them.
Oh, and the whole bank thing isn't a proper analogy. Banks aren't held responsible for robberies because the FDIC instantly restores any amount of money stolen from a bank (which is becoming increasingly less, hard currency is a fading trend). Bank customers aren't harmed by bank robberies anymore, it's been that way since the 30s. *There is no equivalent insurance corporation for 70some-odd million cases of probable identity theft. Nobody can bail out a failure of that magnitude, it is left up to lawsuits to seek compensation.
And where in our legal system does it say this??????? because if it does then it goes against our constitutional rights of being presumed innocent until proven guilty.
If I find out that any information of mine is leaked out because of sonys failed security I will personally go after them with any and every legal resources I can, and I doubt that many people will ever trust a sony product again?
Failed Security, I wish sony did not take such as a joke, and I really feel that this is an inside JOB, they really need to check all their servers for a virus, maybe even revert all Data on their servers a few weeks piror to anything going on, and they need to check all their hardware for Servers on sticks and back doors used by these hackers like srsly before it is too late.
So what Anon DDOS their servers, but yet someone decided to get into their servers for the Lulz and hack their systems and all informatino of its customers I call FAIL to sony.
I bet that even my own security on my desktop is better than what sony had lol.
Ok I pretty much despise SOE, but how they are responsible for the actions of criminals exactly? That's like saying the bank teller is responsible for the hold-up. Stopping to think things through is a good thing sometimes.
They are responsible because by convention, breakins of this scale don't happen. Dozens of large scale companies with equivalent amounts of personal information are attacked day-in and day-out. It isn't like a bunch of people were sitting around one day saying "You know, all these corporations have stacks of confidential PI is just sitting on these insecure servers, yet nobody ever takes advantage of that. Let's go pick a random one and break it." The reality is that every large company of note is under almost constant barrage by people looking for security holes, yet how often do you hear about massive data theft?
That infrequency sets a legal trend that basically states that with proper precautions in place, and some vigilance, this sort of thing won't happen. The intent, justifications, or degrees of success or failure of the hackers are irrelevant to the question of Sony's responsibility. It is the way the law works.
If it didn't work that way, you can be damn sure that data thefts of this magnitude would happen a lot more often. Corporations don't care about your livelihood, despite the fact that some people around here are of the completely unrealistic belief that they share some supranatural bond with Sony, simply because they made a game that the person enjoys. No, you are just another random dollar sign with feet to them.
Oh, and the whole bank thing isn't a proper analogy. Banks aren't held responsible for robberies because the FDIC instantly restores any amount of money stolen from a bank (which is becoming increasingly less, hard currency is a fading trend). Bank customers aren't harmed by bank robberies anymore, it's been that way since the 30s. *There is no equivalent insurance corporation for 70some-odd million cases of probable identity theft. Nobody can bail out a failure of that magnitude, it is left up to lawsuits to seek compensation.
And where in our legal system does it say this??????? because if it does then it goes against our constitutional rights of being presumed innocent until proven guilty.
You know as well as I do that the Constitution hasn't mattered in this country for decades now.
That is just how internet security has evolved, it follows no rhyme or reason. Go ask any CISO, they'll tell you the exact same thing that I put in that post.
Comments
Actually, if sony is found negligent they are wide open for a lawsuit.
As long as sony can show that they did their best within reason and industry standard to protect data they are fine. However, if they didnt keep their systems up to date, left known security vulnerabilities in, and in general were negligent then they are boned.
This isnt the same as the airline terrorist attacks. This would be more like Osama Bin laden sneaking in through the backdoor after there was an announcement that the back door wasnt secured and the airline had plenty of time to secure it. In that instance it isnt an accident its negligence.
that was all settled with geohot weeks ago.
As a fresh owner of the cert and I guess without actual experience in the field and absolutely no idea about Sony network security measures...you are not provided good position to criticize, unless you want to sound like a douchebag.
Sony said in the letter to congress committee that the second intrusion into their system used system software vulnerability which may petty much screw up all your IDS profile...
Sadly no more details will be revealed for a while, if ever, because the attack is still under FBI investigation.
Basics are basics.
Vulnerabilities that are known should be patched. From what I have heard their servers were running out dated software with gaping holes. This is basics.
A baseline or any type of monitoring should have shown that there was "Abnormal" activity going on, instead it took days for the red flag that was apparently raised to get noticed.
Either way, there were major mistakes made, and quite possibliy negligence.
We should send John McClane in to make the hackers work for us, and if they didn't actually steal the info as they say, make them track down who did heh. Reminds me of this clip: http://www.moviesonline.ca/TheFeed/index.php?id=diehard-warlock
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
One of the basics is not to base your opinions on 'have heard' and draw conclusions based on unverified information, or their complete absence.
Either way, you are pulling things about Sony security measures out of your nose only.
the only winning scenario for sony is to track down the anonymous and kill them all brutally and publicly, with the fear of real retaliation the cyber bullying would end right fast.
Best case scenario is sony goes bankrupt and its assets are sold off to competitors who would run its individual businesses better
Ok I pretty much despise SOE, but how they are responsible for the actions of criminals exactly? That's like saying the bank teller is responsible for the hold-up. Stopping to think things through is a good thing sometimes.
They are responsible because the law says they are.
Being a corporation means they have more responsibilities than an individual might have.
I'm of course using the term responsible / liable in the same terms. Although liable is probably a better fit than the word responsible.
Responsible can mean they caused it to happen. I think most people are just shortening their sentences.
A better way to put it might be they are responsible for the outcome of the attack or just use the word liable instead
I hope those effin dbags get caught and get put in prison for the rest of their lives, if I could get my hands on them I would literally blow their brains out. Why? Because they are costing people money and taking their enjoyment away. I want to play my damn PS3 online and don't want to play paperweight 360 to play a game online. (I do game on PC as well but that doesn't cut it alone for me.) Costing us money because we paid for our systems and we can't even use them as intended and making online games only unplayable.
The nature of the attack is odd.
I understand DDOS attacks because they are sort of easy to do but when you put enough effort to break into a system just to damage the customers, what is actually a target and purpose of your attack?
Was the attack done solely for the personal data stored and not Sony itself? Isn't that how terrorists operate - targeting innocent people to satisfy your demands?
So lets see, the hackers proceed to secretly sneak and and steal a bunch of private info without anyone knowing it was coming.
But this time they were talking about it in some hacker chat/bloq or whatever? Not likely. This is a spoof. Fact is, if it were true they would reschedule for sure now because their detection will be that much easier if the operators knew when it was coming. Internet rumors are all true.
Are you drunk?
This has nothing to do with terrorism or "cyber justice" ... its just some people stealing credit cards for personal gain.
The thing is, Sony is completely responsible for the secure storage of that data, and the fact that they failed to adequately secure the aforementioned data shows gross negligence on the part of the company.
It doesn't matter how a third party aquired the data, the fact that Sony couldn't secure it is the issue.
I am just questioning the motives behind the attack. The credit card data theft was minimal though...
They are responsible because by convention, breakins of this scale don't happen. Dozens of large scale companies with equivalent amounts of personal information are attacked day-in and day-out. It isn't like a bunch of people were sitting around one day saying "You know, all these corporations have stacks of confidential PI is just sitting on these insecure servers, yet nobody ever takes advantage of that. Let's go pick a random one and break it." The reality is that every large company of note is under almost constant barrage by people looking for security holes, yet how often do you hear about massive data theft?
That infrequency sets a legal trend that basically states that with proper precautions in place, and some vigilance, this sort of thing won't happen. The intent, justifications, or degrees of success or failure of the hackers are irrelevant to the question of Sony's responsibility. It is the way the law works.
If it didn't work that way, you can be damn sure that data thefts of this magnitude would happen a lot more often. Corporations don't care about your livelihood, despite the fact that some people around here are of the completely unrealistic belief that they share some supranatural bond with Sony, simply because they made a game that the person enjoys. No, you are just another random dollar sign with feet to them.
Oh, and the whole bank thing isn't a proper analogy. Banks aren't held responsible for robberies because the FDIC instantly restores any amount of money stolen from a bank (which is becoming increasingly less, hard currency is a fading trend). Bank customers aren't harmed by bank robberies anymore, it's been that way since the 30s. *There is no equivalent insurance corporation for 70some-odd million cases of probable identity theft. Nobody can bail out a failure of that magnitude, it is left up to lawsuits to seek compensation.
If that was true, it would mean that there is 100% breach proof security system, which is highly unlikely.
This type of argument is invalid.
Again, believing what you want to believe. Look up how this country works, you might be surprised.
That Guild Wars 2 login screen knocked up my wife. Must be the second coming!
This is exactly my thought when I read that the doctor testified in a court of law what kind ot security system that Sony was using when he NEVER saw it himself and was testifying pure hearsay off of some thread that was online....
All I have to say to the hackers out there and I hope you see this is KNOCK IT OFF!!!!! You are not only affecting Sony you are affecting 102,000,000 people and we are getting madder and madder and you had better watch out because if someone else doesn't catch you I guarantee before long there will be entire linch mobs ready to hunt you down one way or another themselves!!!!!
This is why I wonder if this attack was only meant to get back at Sony I don't think it was because supposedly now they are threatening to go live with our information????? This is not a personal attack on Sony it is an attack on Sony and all of us who's info got out as well. They did not just threaten to hack Sony again. They threatened to somehow get online and expose our information.
This isn't about believe, it is about ill logic of your arguments. It simply cannot work the way you say.
Uh yeah, I live in this country and it does work that way.
See, your problem is you keep looking for logic in law, a system that is designed by a government. An entity which, by definition, is incapable of designing anything logical. Ask any American, this government makes no sense.
And where in our legal system does it say this??????? because if it does then it goes against our constitutional rights of being presumed innocent until proven guilty.
You know as well as I do that the Constitution hasn't mattered in this country for decades now.
That is just how internet security has evolved, it follows no rhyme or reason. Go ask any CISO, they'll tell you the exact same thing that I put in that post.