Sony's Plan To Tighten Security and Fight Hacktivism

mask.of.sanity writes "Sony Entertainment Network is rebuilding its information security posture to defend against hacktivism. It includes a security operations center that serves as a nerve center collating information on everything from staff phone calls, to CCTV, to PlayStation gamers. If it is successful, the counter intelligence-based system will be deployed across the entire company. 'At Sony, we are modifying our programs to deal less with state-sponsored [attacks] and more with socially-motivated hackers. It will be different,' said Chief Security Officer Brett Wahlin."

*clap* *clap*

[FrozenFood]

good for them

pity I wont buy another sony product ever again.

Re:*clap* *clap*

[Ihmhi]

You have to read between the lines here man.

They're not saying "We were attacked for being a socially irresponsible company, so we're going to do less evil shit." They're saying "We were attacked for doing evil shit, so we're going to keep doing evil shit and make it harder to successfully attack us."

Re:*clap* *clap*

[hairyfeet]

I don't know about him but I personally don't buy Sony because they have a serious "Hey, how can we REALLY buttfuck our customers HARD?" attitude. See ATRAC, Minidisc, memory stick, UMD, if given a chance they will completely ignore formats every else uses and is cheap for some proprietary throwback that is worse in every way for the consumer, no thanks.

Re:*clap* *clap*

[Nursie]

I can't even fully use the products I already have.

The new SEN, replacement for the PSN, has in its user agreementy a clause that says they can and will do anything they like with your user data, including giving it to any third party they feel like. If you have a problem with this you can't use the service.

That's me locked out of network features on the ps3 then.

Re:*clap* *clap*

[Nursie]

Name, address, gaming habits (every game you play, the times you play, how long for), any movies you may have downloaded from them, integrated tv services you've used...

These are just the things I know the box was sending to Sony from my protocol snooping a year or so back.

I'm not sure if the machine sends web history to Sony, or what you've been watching/listening to on the ps3 via UPnP/DLNA, but it wouldn't be beyond their capabilities.

Re:*clap* *clap*

Just because of how Sony handled this? Please, after this fiasco they'll be the safest company to trust your info to. Sony didn't handle the breach well, nor did it inform customers as it should have, but guess what? NO OTHER COMPANY would have done ANYTHING different. I'll bet there are many that would've tried to deny the whole thing.

I'm socially motivated to never buy anything from Sony again as well, but it has nothing to do with whatever their latest stupid shananigans are. Sony earned a permaban with their rootkit. Remember that?

Re:*clap* *clap*

[Nursie]

And the Vita uses?

Oh that's right, proprietary "vita cards" for games, proprietary "vita memory cards" for storage, and even a non-standard data cable.

Good work!

Re:*clap* *clap*

[Sneeka2]

And guess who designed Blu-ray and shoveled tons of money into the project to push it into the market to destroy to rival HD DVD format: Sony. Learn your history.

Also, comparing two very specific systems which are by definition very closed (gaming consoles) and a music player (which I guess you're going for with that Apple jibe) is hardly an objective comparison in the big picture. If that's all you know about these respective companies, fine, but please stay in your mom's basement.

Re:*clap* *clap*

Of all technologies, you choose to use DRM infested blu-ray as an example of user-friendly products?

Where to all these sock-puppets come from? Can we block them at the door? I guess some simple questions around OS and consumer gadgets should be enough to deter the worst.

Re:*clap* *clap*

I would use the term "corporate entitlement" for it. They think the world owes them money because they produce luxury products. Bioware are doing exactly the same thing when their latest title has a bunch of shortcuts and removed (unless you pay extra) content. But in their head space they are entitled to do whatever they want and you are just a source of income who is allowed no opinion or input.

Corporations have figured out the public doesn't listen to the news any more. Their own greed is too high and self control too low, so Sony can pretty much piss in your face and demand you pay for it and the public will only see a shower and pay the price.

Re:*clap* *clap*

And today on our fun game show My Favorite Random Multi-National Conglomerate Sucks Less Than Your Random Multi-National Conglomerate, we introduce our first contestant: peppepz!

Re:*clap* *clap*

[ArsenneLupin]

Corporations have figured out the public doesn't listen to the news any more. Their own greed is too high and self control too low, so Sony can pretty much piss in your face and demand you pay for it and the public will only see a shower and pay the price.

Sure, gold prices are sky hight currently, so what did you expect?

Re:*clap* *clap*

[Aerorae]

Isn't that kinda how these big businesses work in general these days? Microsoft, Apple, Sony, Samsung, Motorola, Oracle, Intel, Dell, etc? I guess I'm just saying if someone has an issue with Sony they probably have an issue with the whole industry & it's practices, not /just/ Sony...

Re:*clap* *clap*

[Ihmhi]

I think once a business reaches a certain critical mass, evil is inevitable.

Are there any companies in the Fortune 500 (or even Fortune 1000) that aren't complete monsters?

Re:*clap* *clap*

[Nerdfest]

I think the only music players that are currently closed are those made by Apple ... the rest are pretty open, or at least use standard connectors and software.

Re:*clap* *clap*

[peppepz]

Who decides what standards are "proprietary" and what standards aren't? Can I implement HD-DVD without paying royalties to Toshiba? How come Blu-Ray "became a standard" after the PS3 was released?

Re:*clap* *clap*

[peppepz]

That sucks. I'll only buy game consoles that distribute games on non-proprietary storage. Which one can I buy?

Re:*clap* *clap*

[SuricouRaven]

I think you have it backwards: If the company management isn't willing to do evil, the company will never reach that mass. Sooner or later the time will come when the management must choose between their principles and their duty to maximise profits - they can't have both.

Re:*clap* *clap*

[aaaaaaargh!]

God, you really have to wonder what's going on in the brains of Sony managers. If they had embraced the hacking/modding community like e.g. Lego did or at least tolerated it silently, they'd have obtained tons of free content, fan pages, free customer service, new customers and new uses for their hardware. Instead, they are constantly yelling "fuck you" at their regular customers and, quite frankly, I doubt that there are any "power" users left who would buy a Sony product.

Re:*clap* *clap*

[peppepz]

Where to all these sock-puppets come from? Can we block them at the door?

Dear Sony, after all the service I've done for you here on Slashdot, if when I get home I find a gift box full of PS vitas or tablets or cell phones or whatever you might consider appropriate to thank me, I wouldn't get offended.

Re:*clap* *clap*

[aaaaaaargh!]

But with every power user they also lose 5-10 ordinary customers. Or do you think my girlfriend or any of my friends will buy a Sony product after having asked me for advice?

Re:*clap* *clap*

[Sneeka2]

Both HD-DVD and Blu-Ray were proprietary, patent- and DRM-laden standards. ... For once, the technically best format (Blu-Ray) won.

I'll just let these two sentences stand next to each other. They're too good. :)

It's not that Sony beat HD DVD which undermines your argument, it's that Blu-ray is a horrible technology, mostly exactly because it's DRM-laden. The blue laser is nice, the DRM and all the crap that goes onto a typical Blu-ray disc is not. What won is simply one of the two evils. Therefore, choosing Blu-ray as an "open" technology to show how good Sony is in using open technologies is just... let's call it a bad example.

Both are very closed, but one is a lot more open than the other (the PS3)

So one sucks less than the other, that doesn't make it a great example for "open".

whereas the post I was responding to was claiming that Sony uses proprietary formats.

Because the PS3 is the only device Sony is selling?

Re:*clap* *clap*

[flyneye]

Dunno about "safest".
When you make enemies as fast an furiously as Sony, I don't think you can buy enough monkeys to guard the bananas. I picture their security as being based on Wile. E. Coyotes Acme boulder diverting , little pink umbrella working in conjunction with a small sign that says " Oh, No!". If history and weather reporting are any indicator then Sony servers stand about the same chance as whoever hosts RIAA websites.

            It sounds like Anonymous isn't the only enemy they have in town either.There's any number of people pissed off at their playstation services, competitors, the curious, the furious, the politically misaligned and even a coupla governments having a keg party outside their firewall stickin their peckers into one port after another.

          I suppose Pink Floyd could illustrate my point;

If you should go skating on the thin ice of modern life,
Dragging behind you the silent reproach of a million tear stained eyes,
Don't be surprised, when a crack in the ice, appears uner your feet,
You slip out of your depth and out of your mind,
with your fear flowing out behind you,
As you claw,
the thin ice...

I predict Sony will be a manufacturer of electronic components in the future, nothing else.
Investors start getting disturbed when you beat the dead horse to pink mush.

Re:*clap* *clap*

[amiga3D]

What they're saying is that their enemy is actually their customers. Well, in Sony's mind that would be consumers, not customers.

Re:*clap* *clap*

[macs4all]

Isn't that kinda how these big businesses work in general these days? Microsoft, Apple, Sony, Samsung, Motorola, Oracle, Intel, Dell, etc? I guess I'm just saying if someone has an issue with Sony they probably have an issue with the whole industry & it's practices, not /just/ Sony...

Apple removed DRM from iTunes music. Sony installed Rootkits.

Apple has no DRM on its OS. Sony has aggressively fought against Playstation hacking.

Apple has a Cloud service which mirrors your music to all your devices, regardless of where it came from. Sony?

Apple had a marketing slogan "Rip. Mix. Burn.". Sony created Blu-Ray as an unsuccessful defense against DeCSS.

Apple builds AirPlay into OS X and iOS. Sony creates SACD's DSD format as an (unsuccessful) attempt to stop CD copying (betcha didn't know that one!).

Apple actively and significantly contributes to the F/OSS Community. Sony, OTOH has been caught USING F/OSS code without attribution and in violation of those project's licensing (libarc) in its game, ICO, and parts of LAME (id3lib and more) in an OCX control.

Yep. no way whatsoever to tell those two companies apart by their respective actions.

Re:*clap* *clap*

[betterunixthanunix]

Apple has no DRM on its OS

https://en.wikipedia.org/wiki/IOS#Digital_rights_management

Otherwise I agree, Apple is less evil than Sony. Not that that is saying much.

Re:*clap* *clap*

[betterunixthanunix]

Funny how these guys keep growing without being evil:

http://www.redhat.com/

Re:*clap* *clap*

[homsar]

Let's put it this way. If you put your own stuff in a drm-free format inside a blu-ray disc authored by yourself, the PS3 will play it. There goes the openness.

But to distribute content (movies, TV, videos, etc.) on Blu-Ray you HAVE to copy-protect it. As in, you have to pay to license the Blu-Ray format, and then the terms and conditions state that you have to separately pay for the license to AACS, and use it to copy-protect the disc. Thus releasing open content on Blu-Ray is pretty impossible.

Re:*clap* *clap*

[macs4all]

I think the only music players that are currently closed are those made by Apple ... the rest are pretty open, or at least use standard connectors and software.

Just because Apple has a multifunction connector on the iPod and iPad (which is absolutely a necessity, considering the number of signals it carries), and just because they make it easy to use iTunes to sync those devices, doesn't mean there aren't alternatives. There are several third-party iPod syncing apps, and countless cables and devices that mate with Apple's "dock" connector. So many, that the dock connector is effectively a "standard" connector itself.

Re:*clap* *clap*

[Ihmhi]

Funny how these guys keep growing without being evil:

http://www.redhat.com/

But what they don't tell you is the hat is red because... it's dipped in the blood of emacs users! BOOOOOoooooOOOooOoOOOO!

Re:*clap* *clap*

I think once a business reaches a certain critical mass, evil is inevitable.

Are there any companies in the Fortune 500 (or even Fortune 1000) that aren't complete monsters?

Actually, it's more narrow than than. Once a company is _public_ then the shareholders can demand profits which can only be returned though unethical or evil actions.

Google does good things right now. But I have no doubt that when the current board and management of Google retires, they'll be 1000 more evil than a 3-way merger between Monsanto, News Corporation and North Korea.

Re:*clap* *clap*

[betterunixthanunix]

No, iOS has DRM that is designed to prevent its user from running software that Apple does not approve of. You can read more than the first sentence, you know...

Re:*clap* *clap*

[AngryDeuce]

A PC?

Re:*clap* *clap*

[betterunixthanunix]

What you have failed to realize is that the "App Store Lock-In", and even the "iOS Development Licensing" are actually there to benefit USERS (by keeping Malware OUT, OUT, OUT).

As well as keeping pornography and political cartoons, software that might compete with Apple, software that might allow people to develop more software in a sandboxed environment, software that might allow people to play old SNES games, etc. OUT OUT OUT. The "this benefits users" argument is nothing more than a cover story; Apple could benefit users without forbidding jailbreaking, without bricking phones that were jailbroken, and without having a policy that forbids lampooning politicians.

Sony's Rootkit and Playstation DRM battles are there to benefit SONY.

So how is that not-locked-down gaming platform working for you? Oh yeah, malware:

https://encrypted.google.com/search?q=windows+malware&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a

Apple's iOS DRM serves exactly the same purpose as PS3's DRM: to thwart competition, prevent customers from controlling their computers (which includes phones and gaming systems) and to tap developers' revenue streams.

Re:*clap* *clap*

[mcgrew]

NO OTHER COMPANY would have done ANYTHING different.

What other company has knowingly and purposely installed malware on paying customers' computers? What other company has shipped a product and then removed some of its functionality after it's already been bought and paid for?

I was a victim of XCP. Don't expect ME to buy anything else from Sony, ever again. If I did to Sony's computers what Sony did to mine when my daughter innocently installed their damned trojan, I'd be in prison.

Sony doesn't deserve to live. I wish averyone who owned Sony stock would sell it, and I wish people would stop buying Sony products. Sony is evil and doesn't deserve your business.

Re:*clap* *clap*

[TheSkepticalOptimist]

LMFAO

Apple created a walled garden which locks you into using their hardware AND their distribution mechanism.

With the release of iMatch, Apple has effectively implemented an new type of DRM, one where their proprietary content can be streamed over to their proprietary devices. Apple didn't remove DRM from music, they just changed the way music and media is distributed to iUsers.

But DRM on music hasn't worked for 20 years, that is why Apple claimed to remove it. How about why can't I play iTunes Movies on my non-Apple device? Why hasn't Apple removed DRM from movies and TV shows? Apple had nothing to do with removing DRM, the industry decided music was a lost cause to protect. The movie industry has not realized this yet which is why the force Apple to enable DRM for their movie content.

Apple had a marketing slogan "Rip. Mix. Burn.", yes, music only. Blu-Ray is a MOVIE format, Apple does not allow support to burn their movie and TV show content.

"Apple has a Cloud service which mirrors your music to all your devices", yes, Apple devices only,
If Apple were heroes, they would open iTunes to support any device, so you could stream media to non-Apple products. The would also support ANY media type on their platform. No chance this is ever going to happen.

Apple also DICTATES what software can run on iOS. Any competitive service is prevented from being distributed on iDevices. If you are going to start whipping out Apple examples, don't ignore the "bad" stuff.

So, don't claim Apple is a hero and Sony is a villain. Apple has become one of the most evil companies that is quickly tightening their stranglehold to create a monopoly where they control hardware, software AND content, but the iMasses are so orgasmic over Apple they are not seeing this clearly.

It is absolutely retarded that people see Sony as evil and Apple as heroes when BOTH companies are trying to do the EXACT same thing, create a walled garden locking users into their platform. The difference is that Apple was a lot slicker (re slimey) and more successful to accomplish this vs Sony.

Sony has a right to protect their online services. This is not about them trying to create more DRM, this is about them preventing fucktards of hacking into their online services and ruining them for people that just want to play a game or rent a movie. Yeah, Sony is evil for that. Whether Sony has learned from past mistakes, it is yet to be seen, but they are learning that they cannot have a viable content system if their users loose faith in their ability to protect those online systems.

While I don't want to support walled gardens, I support any other company trying to compete with Apple, but Apple has a "lets crush them!" mentality and I am very afraid that 10 years from now you can only buy content through iTunes (controlled and set by Apple pricing schemes) and run them on iDevices (controlled and set by Apple pricing schemes).

If that is not the sign of an evil, selfish and greedy corporation, then you have your head stuck in the sand.

wrong medication

This is treating the symptom not the problem.

Re:wrong medication

Here's a start:

1. Bring back OtherOS
2. Stop supporting CSS, AACS, HDCP and other forms of DRM
3. Apologise for installing rookits on people's computers without their knowledge
4. Apologise for taking legal action against people who circumvented their digital restrictions

Re:wrong medication

[Sneeka2]

2. Stop supporting CSS, AACS, HDCP and other forms of DRM

That is, stop playing DVD, Blu-Rays, and drop the ability to connect to HDMI and DVI displays?

That's the point, come up with a frickin' format that does not use DRM and distribute movies in said format (Sony is a mayor distributor and user of DRM'd formats).

If you don't like the above mentioned technologies, you can play unprotected media and connect the PS3 via SCART, VGA or component cables anyway.

We know you love your PS3, but why do the rest of us have to put up with crippled discs we want to play elsewhere?

It's not that Sony, like Google, is plotting to insert DRM into the open standard that governs the Web.

No, because they've already inserted their DRM everywhere that matters to them.

3. Apologise for installing rookits on people's computers without their knowledge

Done. Seven years ago. And by the way, did Apple and other phone manufacturers issue any apology for installing CarrierIQ...

Interesting that you'd pick the one company by name that was the least weasel-worded about what it did and didn't use CarrieIQ for.

Re:wrong medication

[Opportunist]

I have a strange, maybe backwards, idea, but it just might work: Produce what your customer wants, but, you know, with the actual intent to give him what he wants, not just the bait-and-switch strategy of showing him what he wants, waiting 'til he buys and then yanking it from his grasp to leave him with what YOU want.

It just might make people actually, you know, WANT to buy your products. I have a hunch it might work a lot better than trying to force people to buy your crap.

Re:wrong medication

[betterunixthanunix]

But media playback is a traditionally DRM- and patent- infested territory

No it is not. They used to have DRM-free satellite broadcasts, and people used to just tune in with giant C-band antennas. Then some bright folks at HBO hired some bright folks at a company now owned by Motorola to develop a DRM system for satellite TV. Video cassettes used to be DRM free also, until some bright folks at Macrovision started attacking AGC circuits in VCRs.

The tradition is for media of all kinds to start out DRM-free, then for DRM to creep in. The removal of DRM from iTunes music was a rare event. In general, corporations (including Sony) have little respect for their customers.

Cheaper strategy

[mcbridematt]

Don't be dicks.

Re:Cheaper strategy

[DigiShaman]

Cuts both ways. While Sony has pissed me off lately, the hackers equally so. As a casual gamer, I'm so sick and tired of all these angsty hackers posing an "up your ass with a stance" attitude. Why the hell should I have to take flak from both sides just enjoy a little gaming? I tell ya, it's simply not worth my time or my security being compromised.

Screw this, I'm gaming elsewhere.

Re:Cheaper strategy

[sjames]

He who lies down with dogs gets up with fleas.

You might want to check the species of your bedfellow.

It's not like Sony's sins are minor. They include bait and switch and mass hacking on a scale Anon. can't even aspire to. Because they have money, they have gone un-punished.

So, yeah, gaming elsewhere is probably a good idea.

Re:Cheaper strategy

[Moleculo]

If that actually was cheaper, they'd probably be doing it already. Why do you think they became dicks in the first place, for the fun of it?

Re:Cheaper strategy

[artor3]

Evidence also suggests that the internet never, ever, ever forgives. Sony is evil in the minds of internet-people, and no amount of "being neutral" will change that any time soon. Are they just supposed to suffer all the beatdowns they get over the next ten years until people start to say, "Hey, that rootkit thing was a long time ago..."?

Re:Cheaper strategy

[MagusSlurpy]

Sony is evil in the minds of internet-people, and no amount of "being neutral" will change that any time soon.

No, but a large amount of "being good" would change that. Bringing back OtherOS, donating $25 million to the Mozilla Foundation, or opening a no-kill shelter for kittens would probably take a lot of heat off of them. Even though Google seems to have gotten away with it, "Don't be evil" is a pretty good rule to live by to keep armies of nerds off your ass.

Wrong use of word?

Hacktivism is to protest political ends. I belive the term is misused here...

Re:Wrong use of word?

[Black+Parrot]

Hacktivism is to protest political ends. I belive the term is misused here...

Right. Unless all those credit card numbers were stolen to support the Club A Baby Seal for Supply-Side Jesus movement, it was just theft, not hactivism.

Wrong way of thinking

[gzipped_tar]

As part of the society, you should think about how not to become a target of hacking activism. Especially when it's impossible to crush every one of the "hackers".

Better yet, convert them into your loyal customers, and even better, direct their anger to your competitors.

Re:Wrong way of thinking

[Sir_Sri]

That seems utterly impractical. The barrier to entry for attempting to hack is sufficiently low that any big company will offend people eventually, no matter what it does. Made a game I don't like, use boxes that are too large for shipping? Price a product some jackass feels entitled to at a point more than they can afford. Etc. etc. etc.

Sure, sony has earned a lot of their current hate. But every company has to realize that they will offend someone eventually, if nothing else than the thrill of trying to hack a big company.

From http://money.cnn.com/magazines/fortune/fortune500/2011/index.html
The largets US Companies in 2011
Wal-Mart Stores
Exxon Mobil
Chevron
ConocoPhillips
Fannie Mae
General Electric
Berkshire Hathaway
General Motors
Bank of America
Ford Motor

I challenge you to find anyone on that list that hasn't pissed off a lot of people, intentionally or otherwise, and legitimately or otherwise, but there are still a lot of angry people at them. And you can keep going down the list.

Sony isn't any different, and even if they change their ways, people will still believe them evil a decade from now. But I don't think you do 100 billion dollars a year in business and not make enough people angry to cause all sorts of hacking problems. Even Warren Buffet has made enemies because he thinks he makes too much money and should be taxed more.

Re:Wrong way of thinking

I'll grant you that just based on statistics and human nature, any company with a sufficiently-large customer base will invariably really piss off some minority sub-group of their customers. However, there's a difference between pissing off minor subgroups on some matter of debate (e.g. "Wal-mart sells eyeliner that was tested on rabbits! Let's protest these animal-haters!"), and taking flatly evil, anti-consumer actions that affect the entire customer-base in a negative way (e.g. several notable Sony debacles from the past).

It's like the difference between BofA hiking a subset of their customers' credit card interest rates to pad their profits (with due notice, according to the rules), and BofA deciding "Hey, traditional bank fees aren't really working out for us, so we've decided to just start stealing a flat 1.5% of everyone's checking balance every month". They're categorically different, and so is the response from the customer base.

Companies who avoid the really huge, categorically evil, moves tend not to get swamped in hacktivist attacks all the time. I work directly on internet-facing services (including in a security capacity) at a Fortune 1K company that's heavily involved in the tech/consumer world, and we've never had a hacktivist attack to date. We might someday, and we have some plans for that sort of event because it's irresponsible not to. But really our primary defense against this is that when *I* go into a meeting with a product development group, and I hear them suggest something really stupid that would likely cause a public Internet-based backlash, I flat-out tell them it's a stupid and irresponsible thing to do, and they back down.

Sony is getting exactly what they deserve, and it's deplorable that rather than try to turn their *actions* around, they've accepted that they're always going to act evil and modified their security policies to suit a constant condition of "We have a giant target painted on our backs".

Re:Wrong way of thinking

[Opportunist]

I guess you underestimate the areas GE has spread into. There's GE Healthcare, GE Transportation, GE Aviation, GE Money Bank, GE Energy, GE Water, GE Real Estate, GE Insurance Solutions... I'd actually be surprised if they really produce anything anymore...

If any corporation has the potential to piss off a lot of people, it's probably GE. There aren't too many cookie jars they don't have a finger in.

Hacktivism? Really?

[VinylRecords]

So shutting off PSN access for millions of gamers is now considered hacktivism? Going after Sony's game division, which has almost nothing to do with Sony's corporate division, is now hacktivism?

I know that the Slashdot crowd is extremely anti-Sony but I fail to see how denying paying consumers the ability to play games is hacktivism. Or preventing dozens of new games from getting released on the PSN store, and allowing those companies and artists to sell their titles, is hacktivism.

Everybody needs an Anti-Cyber-Threat-Center!

[PolygamousRanchKid+]

NATO just dropped a few billion for one! Now SONY will have one! Where's yours!?!?!

I smell Y2k sized contract money now!

I am now a Anti-Cyber-Threat-Security-Response-Operations-Analysis-Coordination-Center Specialist!

In the train:
Passenger: "What line of work are you in?"
Me: "Cyber Security!"
Passenger: "Do I need that?"
Me: "Does your wife know about the email to your girlfriend on your laptop that I am reading right now?"
Passenger: "Ok, I'll buy some."
Passenger: "But do I need to wear that tinfoil hat . . . ?"

Re:Everybody needs an Anti-Cyber-Threat-Center!

[Opportunist]

Oh yea, it's dot-com all over again! And I'm in the right line of business again, just in time, cyber security technology expert... no, wait, sounds too cheesy. Information security ... too formal. Snakeoil peddler... no, too honest...

I'll just go by the simple, humble title of IT security consultant. It should be good enough for a 300/hour rate, and that's good enough, I don't want to be greedy...

Sony rootkit

http://en.wikipedia.org/wiki/Sony_rootkit

Never forget, never forgive.

Re:Sony rootkit

[gtall]

Why is this insightful? It is the same mentality that makes the MidEast a battleground for 6000 years.

Who decides what methods are legitimate?

[Geof]

Political activists use legitimate methods to increase their influence.

And who, pray tell, decides what is legitimate?

Answering that question is what politics is all about. The point of engaging in politics is to determine legitimacy. Look at any political movement and you will see this struggle to define legitimacy. Legitimacy is not the starting point: it is the outcome. You are begging the question.

Which is, of course, because you are trying to propagate your definition of what is legitimate. You are not describing politics: you are engaged in it. You are not a disinterested obsever: you are a participant.

Sony's CSO has invented time travel!

[dstone]

TFA claims that Sony's new CSO, Brett Wahlin, "served as a counter-intelligence officer in the US Military for eight years during the Cold War." The final year of the cold war is generally agreed to be 1991, when the Soviet Union dissolved. This suggests he started working as a C-I officer no later than 1984. Yet the photo in his recent bio suggests he's in his early 40s now. So either 1) he's a prodigy and worked for the US military during high school, or 2) he can travel in time. Either way, the hacktivists might have met their match! Well played, Sony.

Uh

[AdamJS]

Why not orient your company and your policies so as not to actively piss off people who like tinkering with their own electronics and people who don't like DRM and spyware-riddled merchandise?

Cheapskates!

[Gravis+Zero]

There are cushier jobs than leading Sony Entertainment Network’s burgeoning security shop, but Brett Wahlin was never one to shy from a challenge. So when the entertainment giant looked to revamp its security in the wake of the devastating hacking attacks against its PlayStation Network last year, the former McAfee Chief Security Officer answered the call.

McAfee, seriously? What, they couldnt shell out a few more bucks to get a guy from Norton? :)

Re:Hacktivists

[leromarinvit]

Political activists use legitimate methods to increase their influence.

So Rosa Parks wasn't an activist when she sat on the whites-only seat on the bus? Her entire point was that what should have been legitimate wasn't. Activism isn't about increasing your influence (that's more NGO territory - lobbying for a good cause), it's about bringing public attention to your cause. Very often the most effective way of doing that is publicly defying the rules to make a point.

For all haters

[Forty+Two+Tenfold]

There's sonmething new from Sony you absolutely MUST have.

Karma'a a bitch

[Tangential]

Poor Sony. After all they've done to..er..for their customers. Karma is definitely a bitch

Anti-Social

[Doc+Ruby]

Evidently Sony learned nothing from the cause/effect relationship of their brutal approach to both security and their users. Sony set the stage by deploying rootkits and other security attacks on their own customers. Then they retroactively deleted the Linux (OtherOS) option from PS3s, many of which they'd sold to hackers for the very purpose of "hacking Sony". Though OtherOS had been crippled from the beginning, there was little effort by PS3 hackers to crack the lockout from the hardware, until Sony tried shutting all OtherOS users down. Then hacking the PS3 became necessary for every PS3 Linux user.

It was a case of "when guns (OtherOSes) are outlawed, only outlaws will have guns (OtherOSes)". Why stop at just keeping what you paid for, when you had actually paid for more than you'd originally gotten? Sony had destroyed any ethical relationship, and the community was organized.

Now, I'm not pinning all or even most of the attacks on Sony beyond keeping Linux on the small PS3 Linux community - maybe not even any of them. But that episode showed the world Sony was a legitimate target. Then after some success in keeping what they paid for resulted in arresting the hacker, Sony was now a legit target for both legitimate hacking and just plain "bash the bad guy". Combine that with Sony's copyright overreaches, its region-encoding scams, its DVD backup denials (also broken and showing Sony both greedy and vulnerable) - Sony fanned the flames of backlash.

Now Sony is just escalating the conflict. It would be a lot cheaper to give hackers back Linux, this time with some support, to give them more of a common interest with Sony. Instead Sony is further defining itself as an enemy instead of a partner. Sony's awareness of social networks seems to be purely as either enemy or marketing victim. This will not end well. In fact it will not end, and many will suffer.

Firewall

[digitalsolo]

I hear the CEO recently heard about this thing called a "firewall" and is very interested in looking into one. He also heard a rumor about "passwords" and their possibilities for increasing security. Things are a changing at Sony it seems.

Re:Uhhh Sony just one thing...

[tqk]

... didn't you make security staff cuts weeks before PSN got hacked?

Interesting that, isn't it?

i) They got seriously hacked. So, what were the security staff actually doing when they were employed?
ii) I wonder if some disgruntled ex-security staff member showed up on 4chan and spilled the beans?

The security staff (by all accounts) deserved to be sacked. Since Sony hasn't been able to tie it back to first causes (ie., disgruntled ex-security staff), instead they simply admit their security sucked and they're now falling for blowing wads of cash on security snakeoil salesmen.

I'd be looking at Sony's board of directors wondering what they're doing to earn their pay.