Slashdot Mirror
Sony Compromised, Again
Konsalik writes "The hacker group LulzSec on Thursday posted information it took from Sony Entertainment and Sony BMG on its site, called the LulzBoat. Lulz Security said it broke into servers that run SonyPictures.com. The information includes about a million usernames and passwords of customers in the US, the Netherlands and Belgium and is available for download and posted on the group's site."
...if sony came out and apologized for being asshats and promising to never do it again.
Groan...
Certainly Sony has some major responsibility here...
But when will people stop trusting the Intertubes security implicitly and just blindly dumping all their personal info into various "secure" web sites and Internet connected systems?
People are just blind...
If you want news from today, you have to come back tomorrow.
<Nelson>
Ha-Ha!
</Nelson>
Sony time to rebuild the severs from the ground up all of them. It seems like the same bugs / holes are on all of your severs. And whiles you are rebuilding trun other os back on.
If it's the same bugs/holes, why would you start from scratch when you only have to fix a single flaw?
What they need to do is severely audit heir entire web code, as well as either pay for people who know how to do the above and pay for people to maintain their systems (since one of the break ins was because of an old apache)
If you ask me they have been having their code written, and their hardware managed by the lowest bidder, and as they saying goes, you get what you pay for
Normal people worry me!
That the hacking community has 0 sense of morality at this point? That is more and more the impression I'm getting. This isn't going to help. If anything it is going to be more fuel to the camp that wants our governments to have insane legal powers to combat this stupidity.
Way to give the site free advertisement you dim-wits
Personally I'm pretty tired of hearing this shit.. at this point is it really even worth the effort? SQL injections? Script-kiddies leeching off of unsecured websites.. this shit happens every day. Any else suspicious about the line "said that the group has more, but can’t copy all of the information it stole." Why can't they copy all the data? Probably because the "hack" wasn't as big as they want everyone to believe.
It would seem to me that Sony has had plenty of time to rebuild the servers. It would seem the problem is not with the hardware or the configuration of the servers (though I'm sure that plays a very important role!), but with the software they built. If that software is THAT buggy, the right solution should be to rebuild that software with modern security practices in mind (as opposed to NO security implementations at all).
This up then immediately cracked fiasco they are dealing with shows that they continue to use the same passwords and the same failed security routines. Maybe if they put their hand in the fire just one more time they won't get burned anymore. Seems to be a flaw in the thinking, but I just can't put my finger on it.
"When asked why the data was hashed instead of encrypted, he said it was standard industry practice."
Life is not for the lazy.
So some script kiddies are claiming they hack some random Sony server and obtained a million users data but they can't prove it other than posting some BS torrent on the PirateBay...
Right...
In most cases people don't really have much choice.
You go to register to do something, and marketing department demands that registration form has a mandatory City, Address, Zip, blah blah, whatever their data appetite demands (and probably with data validation too, so doing New York, Blah Street, won't work).
Sure, some people will stop right there. But if "free" thing you gain access to by filling out registration form seems compelling enough, people will fill in the address.
And only a few of them will be clever enough to give some other (easily remembered, in case of site's trickery) address.
That data will live in archive forever, because marketing will never ever allow deleting anything.
Until it gets stolen (heck, probably afterwards too, but there will be a marketing blurb about being very secure, tested daily for hacker intrusions and stuff like that, wash, rinse, repeat)
Hyperom.com
Sony company culture of indifference won't change over a few hacks. It may have made them look stupid (and that's got to hurt their ego) but ultimately the data being lost doesn't contain those of their officers, and frankly I don't think Sony gives a flying f_ck what happens to their customers (as demonstrated by rootkit) or their rights (demonstrated by repeatedly removing features from products and lied about it despite being caught lying.)
ELOI, ELOI, LAMA SABACHTHANI!?
At this point Sony is a beached whale. Maybe there is some merit to security through obscurity, but now everyone knows Sony is wounded and has lack luster defenses. Heck, I'm wouldn't be surprised at this point if the vending machines at Sony buildings didn't give out free food/drinks when prompted.
At what point now does Sony get forcibly shut down? They are nearing the point they might as well hand out a random customer's identification, credit card number, address and phone number with every purchase from them. The information would still be leaking out slower if they TRIED to be intentionally malicious at this point.
by Anonymous Coward: I, for one, welcome the shift from car analogies to pizza analogies. um.. overlords?
People are just gullible. Just because there's a perceived responsibility does not equate to acting responsible.
ELOI, ELOI, LAMA SABACHTHANI!?
These hackers should be dragged out into the middle of the street and beaten. Not because they hacked Sony, but because they use the idiotic and infantile "lulz."
All that loot spent on DRM, and they could've spent it on security.
Lets be real here: These hacks might make it to /., but mainstream media doesn't bother with them.
Sony might pay some guy with a CISSP to look at stuff, and they might tighten a router ACL. However, to a lot of companies, security is a cost center, and to be minimized.
Realistically, these hacks only hurt Sony's customers. People will have completely forgotten about this stuff come September, unless the victims are nailed with ID theft.
They have nothing to prove. They just want Sony to hurt. It is out of revenge.
Those who post usernames and passwords aren't the noble protectors of the public. They are adolescent script kiddies who got pissed off and are striking back.
Because if all servers have the same bug, then all servers may have already been compromised and the only way to reliably clean the servers is to start fresh.
Are you serious? The PSN hack has been covered by pretty much every media outlet on the planet. This new hack is already being covered by The Wall Street Journal, The Financial Times and CNN, and the news only broke an hour ago. It'll be all over the news tonight and in every paper tomorrow.
You know, either way I'm okay with the results. I haven't been a Sony customer for years. I won't buy anything with a Sony label on it. If it takes some "hard lessons" for everyone else to stop being a Sony customer, then that's what will have to happen. I had to learn it hard too -- expensively. Laptops, Clie' and more. I'm just done with them and their amazingly well-timed breaking after the warranty expires.
Sony isn't going to voluntarily rehabilitate itself. They will have to lose customers before they take any notice. I think one unfortunate reality is that none of this may be enough. The number of people who will buy from Sony will probably always out-number those who won't by 100 to 1. We live in a world filled with consumer zombies.
SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities.
Sony stored over 1,000,000 passwords of its customers in plaintext.
Yeah, this'll hurt them like Kazaa hurts the MPAA - it won't. In fact, it'll more likely lead to the govt giving more public companies "emergency" legal powers to smack down anyone they suspect of being against them. Especially since today CNN had a "are your passwords safe online? Are YOU safe online?" special earlier today.
I don't know. . . repeatedly losing this much customer data or really any customer data is a serious public relations blunder. Sony Computer Entertainment already lost this console generation. I don't know if it can handle too much more egg on its face. At some point this is going to start making a serious dent in the bottom line.
All I really care about is getting official Linux support back from Sony. It seems like having Linux support didn't have any real impact on security anyway since Sony and the PS3 is getting hacked left and right anyway. So how about giving us back the feature? At least you would make your honest customers happy.
Anyway, this is just another case of douchebags hurting douchbags. Nothing to see here, move along.
I wanted to go to the site to see if my name was on the list, but then I realized they're the types that would probably have the latest version of MacDefender just waiting for me.
Taking guns away from the 99% gives the 1% 100% of the power.
Big List of Sony's Crimes
===================
- Totally sucking balls
- Being an oppressive, money sucking super-organism
- Crash Bandicoot
- Installing rootkits and spyware on your computers, as a sadistic form of DRM
- Violating the GPL
- Violating your mom
- http://en.wikipedia.org/wiki/List_of_Sony_Music_Entertainment_artists (With the exception of R.Kelly, clearly awesome dude)
- Disc Read Error
- Having a superior console
- Including OtherOS in the first place
- Etc...
The hackers don't give a flying fuck about the customers either by releasing all their personal information on the Internet.
If they really cared about the customers, they would have released the information to a trusted 3rd party to verify instead of to the public. They decided not to do that because they knew releasing it to the public would cause a much greater financial loss to Sony at the expense of its customers. The Hackers have no moral high ground here.
...Sony used unix-based servers instead?
Keep it up Anon, knock them bastards down so hard they would make more money running a lemonade stand outside of a preschool.
Don't forget the arrests/raids.
Grammar nazis are to this community what excrements are to gold.
I'm feeling back to the 90's
Same Sony. Different Day.
...if sony came out and apologized for being asshats and promising to never do it again.
I wonder if the Slashdot poster will ever learn how deeply the masses have come to hate and fear the hacker - that they don't care about his motives or his causes - that they aren't making any fine distinctions between white hat and black hat.
They are on the same side as Sony in this.
It is the masses who make the Revolution. If the geek wants to know who will be first for the chop, he only has to look in the mirror.
Much like Lulzsec's PBS hack, this will hurt their cause more than it helps...
My concern is that the actions of these hackers will incite a response from governments around the world that will limit internet freedom for the rest of us...
With the breach in Lockheed, Google, and (maybe) a senator also happening this week. And with accusations this last week that the Chinese are out to get American secrets, high-profile hacks on major international companies, and the Pentagon declaring hacking an 'act of war', these series of events compressed into a short period of time will only create impetus for governments to crack down and create new laws that will restrict the internet.
I actually agree but the the devils advocate in me says, if they did release this data in escrow, so to speak, the media wouldn't pay the attention it has done so far.
But yeah, it sucks badly that these so-called-hackers have publicly released innocent peoples docs.
When we remember we are all mad, the mysteries disappear and life stands explained.
Can we stop attacking Sony? I wanna play my games... Geeze!
How many of the Sony accounts with @gmail.com addresses in this release use the same password everywhere they go? A lot of people are going to get their Gmail accounts compromised here.
If I was sure that I wouldn't get stomped on for being an evil hacker, I'd write a script to notify the future victims. Oh well.
Are you high? The PSN hacks have mentioned everywhere from Penny Arcade to the Wall Street Journal.
Google - wsj sony and you'll see a long history of main street financial coverage of this situation.
No one, anywhere can make sony secure enough to stop these hacks at this point. This has become a game for hackers now and it will continue. Sony is now a target to get picked on. And no security can protect them because security is created by man and if one man can build it there will be 2 dozen waiting in line to break it. There is no such thing as secure.
It has been said that criminals try to rationalize their crimes often times by thinking that they are just playing by the rules of life, even if its not the rules of society. An example would be a car thief who finds a car unlocked in downtown New York. They might steal the vehicle and rationalize it as a sort of "finders keepers", where if they didn't steal it, someone else would come along and steal it instead. "If I don't, someone else will, so I might as well benefit". You might say that is a ridiculous assertion to make, but if you found a $50 laying in the parking lot, you would probably pick it up and keep it thinking that someone else would take it if you didn't, and any hope of the original owner finding their missing $50 is a lost cause.
So when someone does virtual breaking and entering because the virtual back door was virtually unlocked, you have to ask what line of thought is crossing their minds. When my neighbor's door is unlocked, should I enter it and steal their TV because I think someone else is bound to do it instead?
...in thinking that it's way past time for Sony's leadership to commit ritual seppuku?(*) Failing that, a simple dissolution of the company's assets and returning them to shareholders could work. I mean, sheesh. (*) I seem to recall such a thing slightly helping Toshiba's once badly soiled image in the wake of a certain 3-axis milling machine/espionage incident. Not that I've forgiven Toshiba yet...
Listen to what I say, not what I mean...
In many ways, the MPAA has lost. We have to keep in mind what they were really trying to hold on to, the same old way of doing things. They have lost that battle, have been forced to change and are slowly doing so. It isn't that Kazaa or Napster or any one thing caused it, nor that it was some kind of unified (or righteous) movement. It was a bunch of factors mixed together. Their rigidity and shortsightedness being the largest culprit.
Basically, the MPAA has been forced into a change they should have been making anyway.
I see the same thing going on here, actually. There are multiple things going on, on different levels, simultaneously. The main thing going on here is this: "lulz", Removing a promised functionality from a device. Telling Sony to stop doing business the way it has. People are fed up.
Remember the timeline of what has transpired here.
1.) Sony removes OtherOS option from PS3. A gaff. A small number of people bought the PS3 for this feature alone. They were forced into either a) upgrading firmware and losing said ability in order to keep using the console for games, etc. or b) buying ANOTHER ps3. Basically, they fucked over some people (not new for Sony).
2.) Communities of customers begin seeking a way to return this functionality (one that was a selling point for many and one that shouldn't have been removed in the first place.) No big deal, no one really cared.
3.) GeoHot gives people back the ability to do this. Again, not many people cared. Except Sony.
4.) Sony opts for the unpopular and morally wrong thing to do - sue (bully) GeoHot. A major gaff. This outrages people even further AND does nothing to fix the problem of this workaround. People who didn't previously care, now care a lot.
5.) Now that their customers have been pissed on multiple times, some of them decide to piss off Sony.
6.) They decide to perform a DDoS and to bit of a nuisance to Sony. ("lulz" ensue)
7.) Once they do this, someone decided to perform a SQL injection. (fuck it!)
8.) From this, according to them, they got access to EVERYTHING. Also, according to them, they are shocked and appalled. According to them, they decide to expose this negligence on the part of Sony in order to warn its customers. ("lolholyshitwtfbbq - guize, look!")
This also
A) embarrasses Sony ("lulz")
B) gains the attention of mass media ("lulz")
C) gets various figures up in arms about some (non-existent) "dangerous hacktivist group" ("lulz")
As for the customers whose data has been compromised or released, it is an unfortunate side-effect; collateral damage, if you will.
In the process, a couple of valuable and enlightening things have been learned by many parties:
1) Sony has shitty security. - This is news to many people who had assumed that Sony would be pretty safe to deal with, being such a large company. Surprising, a bit unsettling, but somewhat forgivable being that corporations often look to cut costs. For those with some knowledge it is disturbing in and of itself since they aren't PCI compliant. This may be illegal (criminal) in some states. (AFAIK there is no federal law regarding PCI compliance).
2) Sony keeps customer data in the clear. - (I am glad I'm not a customer. - They REALLY must not care about their customers). Not only is this not PCI compliant it is JUST STUPID. It also has me convinced (along with everything else, including their history of rootkits, etc..) to NEVER be a customer of Sony.
3) Sony is a bully who either hates its customers, or doesn't want them anymore.
As for the release of the customer I see it as a positive, not a negative. Those who have had their data compromised can now know this for certain, see it in black and white even, and take appropriate action to protect themselves from possible wrongdoing. Besides, who knows whether or not this data had already been compromised? Apparently, it was trivial to do so and thus it would not surprise me if it had already been compromised before all of this. No one would have known this had
I'm from the NL and I know how to work torrent.
I'm sceptical. "We don't have the funding..." and yet they know that with torrent you can share the hosting (they put up torrents). So why can't you put it all online?
Plain text doesn't take too much bandwith when compressed and we all download entire dvd's these days. What's the problem ?
SO I downloaded a very meager database and the passwords I saw looked like something straight from a common "what not to use" database.
Quite frankly I don't think this is for real; looks like some guys lifting on the attention of others.
They just waiting for you to go to their site and start downloading.
Unfortunately, these people's information is the casualty in "hackers v. Sony". Though, I guess its not the information itself, but its privacy which is the real casualty. Its a shame, but I hope it'll lead to better security practices eventually, either by Sony, or at least by other companies trying to avoid the embarrassment that Sony is being continually put through.
if it took you that much $$$ to figure out Sony. And now to feel better, you want Stringer's head on a platter! How about a public harakiri of the top three Sony executives I bet you are also an Apple fan.
Though this entry and the article contain no links to it, their homepage appears to have been bogged down by too many people googling "lulzboat".
Sigh, script kiddies give real hackers bad names.
Hackers do it for the challenge, then write papers on the vulnerabilities of the system they entered. These people are thieves, plain and simple. Granted it's Sony's IT administration's fault for having such a vulnerable system to begin with, but this is getting out of hand. Millions of people, innocent people, are effected every time they "think" they're doing some 1337 hack, when in fact, they're just dumb.
Hackers today, real hackers, are the ones the CIA/DHS/Secret Service/IBM/Cisco, etc contract out to to find holes in systems, takes one to know one. Kids who plaster crap on websites need to get out of their parents basement and go get laid. There's nothing cool about stealing usernames and passwords unless you intend to sell them on the open (black) market for a hefty sum, and even then you don't announce it to the world that "you did it". That's just a giant "kick me" sign.
Cyber attacks are still attacks, and have been successfully prosecuted in the US as an actual assault as if it were a human being. There's also Cyber Terrorism laws on the books as well, meaning that if you "terrorize" a computer, you're a terrorist yourself, and thus the terrorism laws apply to you. (as you can see, in the US, that really doesn't mean much anymore)
frankly I don't think Sony gives a flying f_ck
I would love it if Sony gave me a flying f_ck: http://www.thinkgeek.com/geektoys/rc/b527/
I agree with you this solves nothing. But then again Sony has only created problems recently. As a honest law abiding customer I ask that they give me back what I paid for. Thats all. If they decide not to I will simply not purchase another Sony product again. No need to hack anything just stop buying their products.
In any case if my information was among the hacked accounts I would be furious right now.
You've proved your point, that you have SONY at your mercy and can bend them over a barrel, their exposed ass cheeks ready to accept your thrusting manhood whenever you want to. At this point it's starting to feel like in school when everyone discovered that the shit-talking bully would cry like a little girl if you so much as popped him one and everyone started making him their bitch. After a while it's just pathetic. Sure he was loud and obnoxious and talked a lot of shit, and was probably also slightly retarded, but after a couple of weeks of sending him crying home you just started to feel kind of bad for him. It's time to let it go. Everyone realizes that guy's just a big pussy. That's the message I guess I have here. Sony. You kind of feel bad for them because they're just a big pussy. Yeah.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Posting people's emails and passwords?
It's not comedic. These people are stealing user info and posting it and you say Sony looks like arrogant nincompoops?
Uh-huh.
http://lkml.org/lkml/2005/8/20/95
This is the price we pay each and every time we sign up for a product or service that literally takes your rights away. When was the last you actually read a contract, EULA, TOS, or any other potentially legally binding agreement?
I do not feel sorry for the consumer, neither do I feel sorry for Sony. This is the natural course of things when governments facilitate the oppression of people via corporate interests. Let's outline a couple of examples. When you sign up for a bank account you are agreeing to give the government complete access to your accounts, detailed information on your money habits, and if decided that you did not want that you don't get a bank account! How about a ticket to board a plane? You just willfully gave up your 4th amendment rights. Did you want to keep them? Stop buying tickets, so long as you continue to fund those that seek to abuse you then you deserve the abuse that which you have so ignorantly purchased!
If you want the right to protect your privacy then you are just going to have to work in ways that actually protect your privacy. Use a pseudonym everywhere you can. Only use your real name if you must and actually have no choice in the matter. When your information is stolen, consider joining up with fellow victims and getting some legal action going.
As long as you keep giving Sony your money and your information do you think they will give a single shit about you? Hell no, they will only learn if they see their bottom line hit, it is the ONLY mechanism you can influence a corporation with and gain the most positive results. Writing your congresswhore to create a law will actually do more harm than good.
So, looking back on things, was it really worth removing Other OS? Look at all the trouble it has caused you. Oh, and not to mention, your console was still hacked to pieces anyways. Yup, that was really worth it.
You deserve every last bit of this and in the end, I hope it puts you out of business. You won't be missed.
At least as far as I know.
Back in the day, I used to think "Sony" you can't go wrong! That was when they had good TV sets and such. I think I had an early digital camera and a 8mm camcorder from them, and my folks had nice TV's, etc.
Then there were weird memory sticks, then music CD's with root kits, etc. I have not purchased Sony products in years. Probably never will again, there are so many alternatives.
Once bitten, twice shy.
This issue is a bit more complicated than you think.
The hackers cannot elude the authorities forever, and the first among those caught will be undoubtedly punished in the most extreme manner possible, quite possibly with life in prison for committing felonies. I will also not be surprised if new US federal laws will be instated to crack down on this activity with the end result being that the rest of America will end up being monitored even more. Thanks a lot, jerks.
Don't care about A customer, because you have plenty others is one thing. To not care about ANY customer and you end up without any. And the difference between A and ANY is a NY minute, which is how long it will take to collapse a once powerful company.
If I was on the board of directors for Sony, I'd start sacking people from the top. Fuck their golden parachutes you're FIRED. Try to collect your "bonus" for running the company into the ground, I dare ya.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
i like the idea as a whole. columbine was bad but it stopped extreme bullying in schools, this is bad for sonys customers, but hey sony has done some pretty bad stuff and horrible security while suing everyone who wants to torrent an overpriced movie.. or sony punishing you because you downloaded that song you bought on vinyl 50 years ago. "oh you didnt pay us again, so were gonna rape you in court"
"you have children? too bad, they are going to foster care because little sally downloaded metallica"
screw sony, ima send lulz some bitcoin in hopes they do more attacks.
Now this is getting boring..I have even lost the score. Seems like honeypots are more difficult than Sony network
I had a PS3 account but now that its already compromised I say give it all you got. These asshats (SONY) have flat out shown they feel they can do whatever they want (root kits) and have not the slightest respect for their customers by calling them all thieves to begin with (movies with the dam FBI pages you have to sit through , DRM, etc...on and on). I hope they break these tards and show them they can only push so far before you get pushed back. Good job !
"Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"
How many "emergency" legal powers is the general public willing to tolerate. How insignificant (to them) an act demands the ability to do anything the lawmakers want? I couldn't give a fuck about SONY's inability to protect themselves, as far as I'm concerned they have demonstrated the government's unwillingness to support its citizens, and this is a non-violent response to the lack of representation people are perceiving. In a nutshell, now that rebellion has started, it'll take more than stern words and a few new laws to quell it. I suspect the greater concern, for the government, is that this public action is regarded as successful, encouraging more people to take matters into their own hands. I mean, fuck, it's not like we're protecting democracy any more.
No matter who you're calling the asshats here, it's a major breach. Sony may have been bad. They may or may not deserve the wrath of a group of "hackers" for whatever reason. The "hackers" may act irresponsibly. The fact is and remains that for some reason the security of multiple large Sony websites is not up to standard. If anything, Sony should be treated as an "insecure area" of the Internet until they have proven they have had a redesign and implementation of their entire Internet presence. As long as they are treating these hacks as incidents, they will get hacked again and again.
I was promised a flying car. Where is my flying car?
Well, I got the username! Now what? :) Despite the name, I don't agree with the release of such a big swathe of personal information, that doesn't help anyone. Then again, considering how Sony treats their community and their obvious lack of basic security, I don't feel sorry for them. I do feel sorry for the users caught up in this saga, though.
Sure, LulzSec have full responsibility for their actions, but at least they're releasing the info to everybody - I'd much rather have my info in the public than have it stolen and used behind my back. I'm sure Sony are offering the ID theft protection to these users, too, but there's really little need for it as it would be fairly easy to show that your data was well-known in the public domain, therefore surely it'd be easier to prove your case if something did happen.
At this point, the only thing that will save their reputation is a name change.
Instead of "SONY Corporation", they should name themselves...
"SORRY Corporation"
This criminal organization LulzSec hurt the end user. Isn't that what the Slashdot crowd claims to be for? LulzSec exhibited utter lawlessness that, if perpetrated by Sony or Apple or Google or the Department of Homeland Security, it would have all the supposed Slashdot "Libertarians" howling. Read my sig for more details.
I can't believe how many people here are defending the action of LulzSec (not the hack, the posting of info, utterly and completely indefensible).
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
really hate the Slashdot community, if this is the criminal shit you all stand for.
Slashdot "libertarians": Small government for me, big government for those I disagree with. -1, I disagree with you
repeatedly losing this much customer data or really any customer data is a serious public relations blunder
No it's not. To you or me maybe, but we are irrelevant. The vast majority doesn't care and doesn't understand possible consequences. Not to mention they are easily distracted by something shiny, e.g. free games and all is forgiven and forgotten. Hell, I wouldn't be surprised if Sony came out ahead PR-wise as far as your Average Joe (tm) is concerned.
Sony hacked again is getting so old it's becoming non-news. Perhaps Slashdot should only report when Sony isn't hacked.
I suspect that the Sony's execs will focus on finding the hackers and having them punished in an extreme and exemplary fashion instead of fixing their flawed security. After all the hackers made them look like a bunch of incompetent and overpaid half-wits they are, and who cares if their consumers have to pay for their blatant disregard for security?
Well, they would care if some AG finally got his ass up and sued them for gross negligence, because that is what their handling is security is at the very least.
A credit card company with balls would also consider terminating their contracts with them.
Both would make Sony care. And both have a lot of influence on how to consider these hacks. If it was some obscure holes that took a lot of effort to exploit and even more to get at customer data it would be one thing, and publishing customer data would be completely unacceptably unethical.
However if security is at the level of "any script kiddie can access all their customer data" I start being less sure and thinking "well, publishing it may actually be an overall win to the customers, at least it is more likely Sony has to act and it's not unlikely a lot of criminals already had the data anyway".
The Empire of Japan has capital punishment in law and it is being applied in practice. Serious criminals are hanged. Let's post a few hackers on gallows and that's it. Governments should not be sissy, as it is impossible to maintain public order without public executions. Hackers are anarchists and there is a worthy tradition of governments executing anarchists.A hacker who wrecks data is not any different from an anarchist who throws bombs at kings or attacks queens with a file. An anarchist is always the enemy of mankind even if he calles himself a hacker.
This is currently getting coverage on the front page of the BBC News website - both the domestic and international front pages - ( http://www.bbc.co.uk/news/ and http://www.bbc.co.uk/news/world/ respectively). Coverage doesn't get much more mainstream than this.
So *that* is the problem: Sony just regards the Law (like the rule to keeping the customers data safe) as something that is extorted from them (its not in their benefit to agree to it), and therefore just ignores it.
Now it all makes sense!
Sony is becoming the bitch of the Internet. Every hole is getting someone through. Soon enough it will be too abused to be appealing to anyone. I already see mascara dripping from Stringer's face.
42.
Given that their bottom line can't support another investment like for the PS3 I'd say they're hurting already.
What a depressingly stupid machine.
... we need to allow the President powers to shut down sites dangerous to national security. Sony is dangerous to national security. /sarcasm
I8-D
LOL @ the idiot
Second headline on the BBC's international news website (which I believe is the most-read news website in the world): http://www.bbc.co.uk/news/business-13636704
Cretin
... and post a breaking news each day, if any, that Sony haven't been compromised.
If you're on the board of directors then "sacking people from the top" would include you, wouldn't it? Isn't that precisely why this doesn't happen?
I was hoping Sony would have increased the security of their system. With everyone being forced to enter a new password they could at least encrypt it this time around.
It serves them right to still be this unconcerned with security to get hacked again.
Unfortunately the story is just "Sony attacked by hackers", and then a bunch of experts commenting on why we need tougher laws against hackers. There's no commentary on what drove the hackers to act in the first place or how the hacks were even possible, no experts commenting that if we had better protection for consumers and more regulation of companies who hold onto critical user data that this might all be moot. Media is biased, sure this will be reported, but it will be reported in an entirely one-sided manner.
Specifically, I was browsing /v/ and a new thread popped up: "GUISE SONY HACKED AGAIN FREE COUPONS AND USER INFORMATION! xD xD xD. HERE'S A LINK TO THE USER INFO!!!1!" I'm pretty certain it got spammed on multiple boards.
The thread continued with people using the information they got from the link to log into peoples' Facebooks and G-mails posting private photos and e-mails of sensitive nature. Now I'm not surprised Anonymous (the collective of 4chan users) immediately picked up this ball and took off at a sprint, but I am surprised that Lulz Sec had the gall to put that user information out there like that. I don't have any Sony accounts and I haven't had any kind of personal threat from any of this, but i am disgusted that millions of users are now getting face-fucked by the bottom crust of the internet. If you're going to attack Sony, then attack Sony: they could've downloaded and posted the 3.5 million music coupon codes or something. But these Sony users are largely innocent bystanders; it's not necessary to throw them under the bus like this.
Can you say "false flag op"? Lot of network security firms have been lobbying Congress over the last 3 years with former Special Advisor to the President on Cybersecurity Richard Clark leading charge on ramping up the hysteria on "Cyberwarfare" These network security firms (like HB Gary Federal) are already getting lucrative contracts from the DoD and looking to get more. And here's the thing, security firms like HB Gary Federal are playing both sides of the fence here. They not only partner with computer security firms like McAffee to sell defensive software like intrusion detection, heuristic antiviral scanning, etc., but they also are guns for hire when it comes to selling offensive software like rootkits, social media identity forgery, etc., to law enforcement, intelligence services, and other corporations. It's the devil theory of war for the cyberage coming to fruition.
The Sont attacks seems to a organized effeort to tear down credibility. It's not about money or honour. If so, who's behind it?
What kind of agreements does Sony have with game developers that publish games exclusively on PSN-Store? These guys are screwed BIG-TIME because of Sony's incompetence. Imagine e.g. developers of Might & Magic Clash of Heroes. The game was rated as "amazing" by IGN.uk but they were unfortunate enough to release it just before the first PSN hack. Not only I was unable to purchase the game, but especially after the new incident I doubt if I will every buy anything from the PSN store.
First of all forget the word 'criminal'. Everyone, criminal or not, tries to rationalise what they do. You are no different.
The word criminal is heavy with prejudice. Anything can be classed as criminal just by passing a law which can put someone in jail for breaking it.
The real question about whether or not to enter your neighbour's house is whether you like them, envy them, want to set an example for others to follow, want to correct an imbalance in the share out of the communal booty or maybe you like them and want to ensure their house is safe or perhaps you know them so well that you can just pop in for tea and a chat.
If you obey a rule simply because the rule exists then one day in the not too distant future you and people like you will be at the centre of another holocaust. We were only obeying orders.
Think about what you do and do it because you feel it is right, not because there is a rule which says you must do it.
As long as everyone realizes: the OtherOS functionality was removed by a firmware update. If you didn't update your firmware, it didn't change much for you. Yes, you no longer get to play your PS3 games online, but think of it as Sony suddenly implementing a $3 million dollar/day fee for their online gaming network.
You can't afford it, it's probably a crappy business decision, but they're allowed to do what they want even if it bankrupts the company.
Likely the OtherOS removal was because it _would_ have cost them a lot of money to make sure security through random homebrew software existed - something that's basically impossible.
This is the arrogant slashdot mindset, valuing technical skills over the ability to work within a society that has evolved over thousands of years. You can sit in your basement, but until you build your open source ps3 with free games, respect the money and time Sony put into this product. If you think they "deserve" to be punished, hope the next hacker that is intelligent enough to do so also has the social wherewithal to go online, demonstrate the exploit and go about changing things the right way. Whether it's a third-party verification, independent movie or the court system, get the word out and realize the US has no problem smacking down a corporation if the person who thinks the company's wrong can demonstrate it in an intelligent way.
Most of you are dumb. Would you rather have your information on a in-secure website? What these "criminals are doing" is forcing Sony to get with the program in regards to security. These hackers should not be able to do what they're doing. It is important for them to keep testing Sony's security. They post the content so Sony doesn't go and hide the fact that they've been breached. Ignorant people are SOOOOOOOOOOOOOOOOOOOO frustrating...
I am sure that the SEC is already doing this, but check to see who shorted Sony stock.
Maybe it would be quicker to just post a list of people who have *not* hacked into Sony.
Great for Anonymous...awesome for Sony, maybe now they will listen a little more when we say, "Hey , stop being such dushbags!"
Are you kidding? The MPAA has lost. The RIAA has lost. They're gonna kick a little more on the way down, but that ship has sailed.
Hey, I finally got my first freak! Took you long enough!
"Troll" does not mean "something with which I disagree".
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
To my understanding, handling personal data, and loosing it, seems like a large penalty. Much larger than making their point, the hackers are causing that insurance companies (if Sony requires such thing) will charge them more. Banks and credit cards can milk them and they will have a hard time getting approved next time they want to ask or hold PNPI.
Releasing the info to a 3rd party may cause an extra reputation point. But the public release in an attempt to hurt their customers, means that their customers may be reluctant in providing that information to Sony (or any other company) in the future. But particularly them for loosing it so frequently.
You can use my tool to check if your email address was compromised. It checks other LulzSec releases as well.