Just quick quote from the article there related to non-updated servers rumor:
"Meanwhile, Sony denied assertions by computer security expert Gene Spafford during a Congressional hearing Thursday that it had been running outdated versions of Web server software and had not been using a firewall on its servers. In a statement from Patrick Seybold, Sony's senior director, Corporate Communications and Social Media, that's expected to be published on Sony's PlayStation blog, the company was using updated software and had "multiple security measures in place." "
Just quick quote from the article there related to non-updated servers rumor:
"Meanwhile, Sony denied assertions by computer security expert Gene Spafford during a Congressional hearing Thursday that it had been running outdated versions of Web server software and had not been using a firewall on its servers. In a statement from Patrick Seybold, Sony's senior director, Corporate Communications and Social Media, that's expected to be published on Sony's PlayStation blog, the company was using updated software and had "multiple security measures in place." "
Yeah ofcourse they would say that. What is needed is an independant investigation to be carried out to see how secure their systems really was and how this attack and theft was done. Was it due to a security vulnerability, human factor etc.
Originally posted by Dromedarr well SONY's been down for 3 week to update their security. Someting was not right for sure
All is known is that the intruders used known vulnerability. iirc, Sony admitted that certain people within Sony knew about it but not the management/execs.
What is the nature of the vulnerability and method of the intrusion as well as if Sony could do anything to prevent it is yet to be disclosed.
Originally posted by Yamota What is needed is an independant investigation to be carried out to see how secure their systems really was and how this attack and theft was done. Was it due to a security vulnerability, human factor etc.
2 external companies and FBI ain't enough?
In any case, for investigation you imply you would need a legal reason, which I do not think you have.
Anonymous don't steal credit card infomation, they had access to the DDos previous to the attack but nothing else, and Sony have only brought this on themselves with there lame security. Hopefully this will teach them that security isn't a joke and needs to be updated and upgraded all the time to keep up with the latest threats.
How's the front door of your home? Is it lockpickable? Breakable? How about windows? Oh and one good way (I've heard) is to go through wooden walls if you have those. It takes a moment but not too long. Is there any weak spot in your house that would justify breaking into and making those that do it heroes?
This is a terrible comparison.
Wanna know why?
Because a computer hacker does not mean thief. A house is not a multimillion dollar corporation's servers. Sony probably deserves it (all they care about is money, because they are a huuuuuuuge corporation I know ((90%)) that its true).
Stop comparing houses of people like me to the servers of a technological empire. Sony made some great pieces of technology, they should have spent money on encrypting all of their databases. But no.
And now it appears it is coming back to haunt them.
Just quick quote from the article there related to non-updated servers rumor:
"Meanwhile, Sony denied assertions by computer security expert Gene Spafford during a Congressional hearing Thursday that it had been running outdated versions of Web server software and had not been using a firewall on its servers. In a statement from Patrick Seybold, Sony's senior director, Corporate Communications and Social Media, that's expected to be published on Sony's PlayStation blog, the company was using updated software and had "multiple security measures in place." "
Yeah ofcourse they would say that. What is needed is an independant investigation to be carried out to see how secure their systems really was and how this attack and theft was done. Was it due to a security vulnerability, human factor etc.
Yes, a director of a major Corp is publicly lying to cover this. And since the FBI is involved, I'm sure the Federal Government will also go along with this lie. /Sarcasm
Gdemami - Informing people about your thoughts and impressions is not a review, it's a blog.
Anonymous don't steal credit card infomation, they had access to the DDos previous to the attack but nothing else, and Sony have only brought this on themselves with there lame security. Hopefully this will teach them that security isn't a joke and needs to be updated and upgraded all the time to keep up with the latest threats.
How's the front door of your home? Is it lockpickable? Breakable? How about windows? Oh and one good way (I've heard) is to go through wooden walls if you have those. It takes a moment but not too long. Is there any weak spot in your house that would justify breaking into and making those that do it heroes?
This is a terrible comparison.
Wanna know why?
Because a computer hacker does not mean thief. A house is not a multimillion dollar corporation's servers. Sony probably deserves it (all they care about is money, because they are a huuuuuuuge corporation I know ((90%)) that its true).
Stop comparing houses of people like me to the servers of a technological empire. Sony made some great pieces of technology, they should have spent money on encrypting all of their databases. But no.
And now it appears it is coming back to haunt them.
Identity theft is still theft, they are NOT some higher paragons of social justice they are criminals short and simple. Sony might not have the best customer service but what happened is a crime and I hope those who took part in it are caught and locked away.
Stop glorifying the badguy as though they are some holywood made Matrix steriotype these are not Neos these are criminals who stole peoples details and could well use them to enact fraud and financial theft on a massive scale.
Sony might not be the best at Customer services, you might hate them for an NGE SWG that most of you didnt even play (hardly anyone did) but they are not the criminal element here, so get a grip.
The hackers knowingly and willfully subjected a lot of people to distress and for what? and you cheer them? really, get a pair of opposable thumbs and evolve please.
What is needed is an independant investigation to be carried out to see how secure their systems really was and how this attack and theft was done. Was it due to a security vulnerability, human factor etc.
2 external companies and FBI ain't enough?
In any case, for investigation you imply you would need a legal reason, which I do not think you have.
And those two external companies and FBI has said the Sony network is all ok, security wise? No they have not.
The legal reason is the theft of personal data of millions of people. That should be enough reason to perform an independant security vulnearbility review of the Sony network. For sure nothing said by Sony can be trusted because they have an invested interest of showing that nothing was wrong at their end.
Identity theft is still theft, they are NOT some higher paragons of social justice they are criminals short and simple. Sony might not have the best customer service but what happened is a crime and I hope those who took part in it are caught and locked away.
Stop glorifying the badguy as though they are some holywood made Matrix steriotype these are not Neos these are criminals who stole peoples details and could well use them to enact fraud and financial theft on a massive scale.
Sony might not be the best at Customer services, you might hate them for an NGE SWG that most of you didnt even play (hardly anyone did) but they are not the criminal element here, so get a grip.
The hackers knowingly and willfully subjected a lot of people to distress and for what? and you cheer them? really, get a pair of opposable thumbs and evolve please.
Blind faith in big bussiness ey? Well I see the difference between stealing from big money corps and some small web site. Obviously I have sympathy for the poor guys who got their personal data lost and may be victim of identify theft but for Sony? None.
Stop glorifying the badguy as though they are some holywood made Matrix steriotype these are not Neos these are criminals who stole peoples details and could well use them to enact fraud and financial theft on a massive scale.
Sony might not be the best at Customer services, you might hate them for an NGE SWG that most of you didnt even play (hardly anyone did) but they are not the criminal element here, so get a grip.
The hackers knowingly and willfully subjected a lot of people to distress and for what? and you cheer them? really, get a pair of opposable thumbs and evolve please.
So harsh? Come on now. I'm a smart guy and I don't necessarily agree with you (please tell me I'm not smart and to evolve as a response to show how smart you are).
Originally posted by Jimmy562
Originally posted by Murdus
Originally posted by tuomiopaiva
Originally posted by Boltonsquad
Anonymous don't steal credit card infomation, they had access to the DDos previous to the attack but nothing else, and Sony have only brought this on themselves with there lame security. Hopefully this will teach them that security isn't a joke and needs to be updated and upgraded all the time to keep up with the latest threats.
How's the front door of your home? Is it lockpickable? Breakable? How about windows? Oh and one good way (I've heard) is to go through wooden walls if you have those. It takes a moment but not too long. Is there any weak spot in your house that would justify breaking into and making those that do it heroes?
This is a terrible comparison.
Wanna know why?
Because a computer hacker does not mean thief. A house is not a multimillion dollar corporation's servers. Sony probably deserves it (all they care about is money, because they are a huuuuuuuge corporation I know ((90%)) that its true).
Stop comparing houses of people like me to the servers of a technological empire. Sony made some great pieces of technology, they should have spent money on encrypting all of their databases. But no.
And now it appears it is coming back to haunt them.
His comparison was fine.
A hacker can be a thief.
Thank you for telling my why you believe it is a fine comparison
Stealing from a house vs stealing information from a multimillion dollar technological powerhouse.
Yea totally.
also:
I don't know how to encrypt all of that information but a method that I would use if I did know how is to encrypt it as it is created.
Doing it all at once? Yea that would be very time consuming, but nothing an automated program can't handle, I'd imagine.
Sony has the manpower and technology to code things. They just didn't want to spend money. Now they got screwed over. That is THE TRUTH. If money didn't exist, laziness is the only thing stopping anyone from doing anything. I am not implying they should be doing EVERYTHING in the WORLD.
They had a database full of information that was snagged because it wasn't properly protected.
The hackers are not the good guys. SOE got stolen from, along with the 70mil people.
Is SOE responsible? No. Are the hackers responsible? Yes. Would it have been probable for SOE prevent it without sacrificing much... Yes (I believe). I'm not a CEO of Sony, but with what I know about greedy moneybags... well they just don't want to spend money when they probably should.
Breaking into someones house and taking something from there that isn't yours is unauthorized breach into private property and theft.
Servers or house, both are private property and taking something away that is not yours is still a theft.
Originally posted by Murdus
Sony made some great pieces of technology, they should have spent money on encrypting all of their databases.
How do you encrypt a database that has 77M users and access is required across different user groups? How do you solve key storage and distribution?
Well if you want to collect and store personaly identifiable information on the residents of MA and NV and not violate the laws of either state, you do JUST that. The fact that it's difficult from a technical perspective is not a reasonable excuse for a company the size of Sony. Every other corporation that collects such information is under the same requirements....some of them with information stores as large or larger then Sony's. Most of them seem to find the technical means to meet such compliance.... If Sony can't..then they need to put better resources into thier IT budgets.
No doubt that Sony needs to get it's shit together.
But what bothers me is that people are ranting and raving more about Sony than about the hackers. Bad security or not, the hackers are criminals and they made choice to break the law and intrude sony's servers.
I hope they get caught and spend two decades in prison.
2 weeks for SOE so far + 1 free month for all subs (welcome back program) = $22.5 loss per active account. How many accounts do they have? 1mil? that's $22 500 000 loss and still counting. Kinda big deal for SOE
Lots of those stolen accounts are duplicities and/or inactive as well as non-paying customers.
ONE MILLION ACTIVE ACCOUNTS (and I think it's even more)
I'm not talking about 26 mil accounts in database
SOE has no where close to 1 million accounts. They used to brag about having 1 million subscribers in their financial reports back in 2004/2005, but all of their games have massively declined since then.
Maybe 250,000 subs between all their games and that is being generous.
However, the reason why Sony keep getting attacked by Anonymous is due to them getting IP addresses of people viewing youtube videos of how to hack the PS3 > http://www.bbc.co.uk/news/technology-12663410
I just hope that when Sony do bring there service back up they have learnt there lessons and added more NIDS/NIPS systems onto there network and employed a few more administrators to keep an eye on the alerts that come from using Intrusion Detection Systems/Intrusion Prevention Systems.
Sony said its video game network was hacked into at the same time it was defending itself against a major denial-of-service attack by Anonymous. A denial-of-service attack makes a server or system unavailable by overwhelming its network with Internet traffic.
The attack that stole the personal data of millions of Sony customers was launched separately, right when the company was distracted protecting itself against the denial-of-service campaign, Sony said.
Logically this sounds very thin.
If their sites were under attack from DDOS, then no one would be able to get in. It isn't like a DDOS attack is going to mentally puzzle network intrusion systems with some external distraction.
This isn't the movies where 2 prisoners start fighting in the lunch room and distract every single guard and suddenly all jail doors open up allowing the mastermind to escape while hiding in a now unchecked basket of laundry.
All this says is that Sony was aware it was under attack by hackers and didn't check to see if there were any unautherized connections to their servers. Furthermore if their customers are denied access to those servers it REALLY REALLY narrows down how many active connections to check.
Sony said its video game network was hacked into at the same time it was defending itself against a major denial-of-service attack by Anonymous. A denial-of-service attack makes a server or system unavailable by overwhelming its network with Internet traffic.
The attack that stole the personal data of millions of Sony customers was launched separately, right when the company was distracted protecting itself against the denial-of-service campaign, Sony said.
Logically this sounds very thin.
If their sites were under attack from DDOS, then no one would be able to get in. It isn't like a DDOS attack is going to mentally puzzle network intrusion systems with some external distraction.
This isn't the movies where 2 prisoners start fighting in the lunch room and distract every single guard and suddenly all jail doors open up allowing the mastermind to escape while hiding in a now unchecked basket of laundry.
All this says is that Sony was aware it was under attack by hackers and didn't check to see if there were any unautherized connections to their servers. Furthermore if their customers are denied access to those servers it REALLY REALLY narrows down how many active connections to check.
Yeah, it really should be thier upstreams that are doing most of the heavy lifting with a DDOS anyway.... the whole point is to choke those packets off BEFORE it gets onto your network pipes. Though I could see if the DDOS was particularly sophisticated and generating traffic that looked legitimate how that could bog down thier operations and security teams more. Depends on the style of attack...but usualy those things are simple flood attempts.
Originally posted by GrumpyMel2Well if you want to collect and store personaly identifiable information on the residents of MA and NV and not violate the laws of either state, you do JUST that. The fact that it's difficult from a technical perspective is not a reasonable excuse for a company the size of Sony. Every other corporation that collects such information is under the same requirements....some of them with information stores as large or larger then Sony's. Most of them seem to find the technical means to meet such compliance.... If Sony can't..then they need to put better resources into thier IT budgets.
Can you please provide links to laws you talk about? I am not familiar with US legislative but this is interesting.
There is one major issues with personal data handling - you have to define what Personally Identifiable Information is, this alone is extremely difficult.
If it was a matter of budget, how about much smaller companies? Technical limitation is technical, budget won't fix it.
Every console gets cracked eventually. If it wasn't the guy now being chased, it would be someone else. Microsoft took this better than Sony did, thats for sure. IIRC they (MS) send the hacker a Windows phone too and asked if he could find any weaknessess on it. What did Sony do? -They painted their faces and went on a warpath. Anynomous retaliated. That is all.
I think your full of crap. What these hackers did was wrong, bottom line. They stole Are informantion. Thats what Quality Control is for and im sure Sony and Microsoft have a good one. THey dont need Anynonmus to crack to systems. That sounds like a major incompentancy on microsoft part. Sony did the right thing buy going after these punks. Sony will catch these assess and there is going to be hell to pay. There playing a dangerous game . Not only are they messing with sony but theyre messing with the consumer.
If I find out that any information of mine is leaked out because of sonys failed security I will personally go after them with any and every legal resources I can, and I doubt that many people will ever trust a sony product again?
Failed Security, I wish sony did not take such as a joke, and I really feel that this is an inside JOB, they really need to check all their servers for a virus, maybe even revert all Data on their servers a few weeks piror to anything going on, and they need to check all their hardware for Servers on sticks and back doors used by these hackers like srsly before it is too late.
So what Anon DDOS their servers, but yet someone decided to get into their servers for the Lulz and hack their systems and all informatino of its customers I call FAIL to sony.
I bet that even my own security on my desktop is better than what sony had lol.
Um, why do you think any judge in any court will do anything but fine you for a frivilous law suit? Here in the United States, criminals are responsible for their actions, not victims or companies.
Comments
Appeal to authority isn't legit, no matter what.
He was only reading some discussion on 3rd party boards about it. No more than hearsay.
well SONY's been down for 3 week to update their security. Someting was not right for sure
Some real info:
http://www.scribd.com/doc/54812756/Senator-Blumenthal-Letter-from-Sony
Interesting article with some new information for consideration:
http://news.cnet.com/8301-1009_3-20060661-83.html
Just quick quote from the article there related to non-updated servers rumor:
"Meanwhile, Sony denied assertions by computer security expert Gene Spafford during a Congressional hearing Thursday that it had been running outdated versions of Web server software and had not been using a firewall on its servers. In a statement from Patrick Seybold, Sony's senior director, Corporate Communications and Social Media, that's expected to be published on Sony's PlayStation blog, the company was using updated software and had "multiple security measures in place." "
This would all stop if they just drop the charges on geohotz.
Yeah ofcourse they would say that. What is needed is an independant investigation to be carried out to see how secure their systems really was and how this attack and theft was done. Was it due to a security vulnerability, human factor etc.
My gaming blog
All is known is that the intruders used known vulnerability. iirc, Sony admitted that certain people within Sony knew about it but not the management/execs.
What is the nature of the vulnerability and method of the intrusion as well as if Sony could do anything to prevent it is yet to be disclosed.
2 external companies and FBI ain't enough?
In any case, for investigation you imply you would need a legal reason, which I do not think you have.
This is a terrible comparison.
Wanna know why?
Because a computer hacker does not mean thief. A house is not a multimillion dollar corporation's servers. Sony probably deserves it (all they care about is money, because they are a huuuuuuuge corporation I know ((90%)) that its true).
Stop comparing houses of people like me to the servers of a technological empire. Sony made some great pieces of technology, they should have spent money on encrypting all of their databases. But no.
And now it appears it is coming back to haunt them.
It's not?
Breaking into someones house and taking something from there that isn't yours is unauthorized breach into private property and theft.
Servers or house, both are private property and taking something away that is not yours is still a theft.
How do you encrypt a database that has 77M users and access is required across different user groups? How do you solve key storage and distribution?
Yes, a director of a major Corp is publicly lying to cover this. And since the FBI is involved, I'm sure the Federal Government will also go along with this lie. /Sarcasm
Gdemami -
Informing people about your thoughts and impressions is not a review, it's a blog.
His comparison was fine.
A hacker can be a thief.
This just in, hackers are criminals too.
Identity theft is still theft, they are NOT some higher paragons of social justice they are criminals short and simple. Sony might not have the best customer service but what happened is a crime and I hope those who took part in it are caught and locked away.
Stop glorifying the badguy as though they are some holywood made Matrix steriotype these are not Neos these are criminals who stole peoples details and could well use them to enact fraud and financial theft on a massive scale.
Sony might not be the best at Customer services, you might hate them for an NGE SWG that most of you didnt even play (hardly anyone did) but they are not the criminal element here, so get a grip.
The hackers knowingly and willfully subjected a lot of people to distress and for what? and you cheer them? really, get a pair of opposable thumbs and evolve please.
And those two external companies and FBI has said the Sony network is all ok, security wise? No they have not.
The legal reason is the theft of personal data of millions of people. That should be enough reason to perform an independant security vulnearbility review of the Sony network. For sure nothing said by Sony can be trusted because they have an invested interest of showing that nothing was wrong at their end.
My gaming blog
Blind faith in big bussiness ey? Well I see the difference between stealing from big money corps and some small web site. Obviously I have sympathy for the poor guys who got their personal data lost and may be victim of identify theft but for Sony? None.
My gaming blog
So harsh? Come on now. I'm a smart guy and I don't necessarily agree with you (please tell me I'm not smart and to evolve as a response to show how smart you are).
Thank you for telling my why you believe it is a fine comparison
Stealing from a house vs stealing information from a multimillion dollar technological powerhouse.
Yea totally.
also:
I don't know how to encrypt all of that information but a method that I would use if I did know how is to encrypt it as it is created.
Doing it all at once? Yea that would be very time consuming, but nothing an automated program can't handle, I'd imagine.
Sony has the manpower and technology to code things. They just didn't want to spend money. Now they got screwed over. That is THE TRUTH. If money didn't exist, laziness is the only thing stopping anyone from doing anything. I am not implying they should be doing EVERYTHING in the WORLD.
They had a database full of information that was snagged because it wasn't properly protected.
The hackers are not the good guys. SOE got stolen from, along with the 70mil people.
Is SOE responsible? No. Are the hackers responsible? Yes. Would it have been probable for SOE prevent it without sacrificing much... Yes (I believe). I'm not a CEO of Sony, but with what I know about greedy moneybags... well they just don't want to spend money when they probably should.
Well if you want to collect and store personaly identifiable information on the residents of MA and NV and not violate the laws of either state, you do JUST that. The fact that it's difficult from a technical perspective is not a reasonable excuse for a company the size of Sony. Every other corporation that collects such information is under the same requirements....some of them with information stores as large or larger then Sony's. Most of them seem to find the technical means to meet such compliance.... If Sony can't..then they need to put better resources into thier IT budgets.
No doubt that Sony needs to get it's shit together.
But what bothers me is that people are ranting and raving more about Sony than about the hackers. Bad security or not, the hackers are criminals and they made choice to break the law and intrude sony's servers.
I hope they get caught and spend two decades in prison.
SOE has no where close to 1 million accounts. They used to brag about having 1 million subscribers in their financial reports back in 2004/2005, but all of their games have massively declined since then.
Maybe 250,000 subs between all their games and that is being generous.
For the people in this thread saying that this will stop when Sony drops the case against George Holtz, then where have you been for the past month or so? That case has already been settled over a month ago > http://blog.us.playstation.com/2011/04/11/settlement-in-george-hotz-case/
Just found 'geohots' blog about the incident as well > http://geohotgotsued.blogspot.com/
However, the reason why Sony keep getting attacked by Anonymous is due to them getting IP addresses of people viewing youtube videos of how to hack the PS3 > http://www.bbc.co.uk/news/technology-12663410
Also, Sony have now said that the service won't be back up until May 31st and have got the FBI, Homeland Security among others to help them > http://uk.gamespot.com/news/6312524.html?tag=updates%3Beditor%3Ball%3Btitle%3B1
I just hope that when Sony do bring there service back up they have learnt there lessons and added more NIDS/NIPS systems onto there network and employed a few more administrators to keep an eye on the alerts that come from using Intrusion Detection Systems/Intrusion Prevention Systems.
Logically this sounds very thin.
If their sites were under attack from DDOS, then no one would be able to get in. It isn't like a DDOS attack is going to mentally puzzle network intrusion systems with some external distraction.
This isn't the movies where 2 prisoners start fighting in the lunch room and distract every single guard and suddenly all jail doors open up allowing the mastermind to escape while hiding in a now unchecked basket of laundry.
All this says is that Sony was aware it was under attack by hackers and didn't check to see if there were any unautherized connections to their servers. Furthermore if their customers are denied access to those servers it REALLY REALLY narrows down how many active connections to check.
Yeah, it really should be thier upstreams that are doing most of the heavy lifting with a DDOS anyway.... the whole point is to choke those packets off BEFORE it gets onto your network pipes. Though I could see if the DDOS was particularly sophisticated and generating traffic that looked legitimate how that could bog down thier operations and security teams more. Depends on the style of attack...but usualy those things are simple flood attempts.
Can you please provide links to laws you talk about? I am not familiar with US legislative but this is interesting.
There is one major issues with personal data handling - you have to define what Personally Identifiable Information is, this alone is extremely difficult.
If it was a matter of budget, how about much smaller companies? Technical limitation is technical, budget won't fix it.
I hope this doesn't affect everquest next progress in any way, i want to play that!
I think your full of crap. What these hackers did was wrong, bottom line. They stole Are informantion. Thats what Quality Control is for and im sure Sony and Microsoft have a good one. THey dont need Anynonmus to crack to systems. That sounds like a major incompentancy on microsoft part. Sony did the right thing buy going after these punks. Sony will catch these assess and there is going to be hell to pay. There playing a dangerous game . Not only are they messing with sony but theyre messing with the consumer.
Edgar F Greenwood
Um, why do you think any judge in any court will do anything but fine you for a frivilous law suit? Here in the United States, criminals are responsible for their actions, not victims or companies.