Thread: Sony Reader Lives on with Rowling!
View Single Post
Old 06-30-2011, 05:24 PM   #221
EatingPie
Blueberry!
EatingPie puts his or her pants on both legs at a time.EatingPie puts his or her pants on both legs at a time.EatingPie puts his or her pants on both legs at a time.EatingPie puts his or her pants on both legs at a time.EatingPie puts his or her pants on both legs at a time.EatingPie puts his or her pants on both legs at a time.EatingPie puts his or her pants on both legs at a time.EatingPie puts his or her pants on both legs at a time.EatingPie puts his or her pants on both legs at a time.EatingPie puts his or her pants on both legs at a time.EatingPie puts his or her pants on both legs at a time.
 
EatingPie's Avatar
 
Posts: 888
Karma: 133343
Join Date: Mar 2007
Device: Sony PRS-500 (RIP); PRS-600 (Good Riddance); PRS-505; PRS-650; PRS-350
You have fuller info on the rootkit, and kudos for that! Doesn't change the fact that (a) Sony removed the rootkit(s) after customer complaints, and (b) all Sony music on iTunes is DRM-free. No credit for that; they are still "the devil."

On Linux, this is the only stated info, direct from the class action lawsuit: "Sony publicly stated the removal of the feature was for security reasons, however, the lawsuit says the company was more concerned with potential piracy. "

It was also purely optional to update the firmware that disabled the feature. Universities running Linux could easily avoid this (since they didn't care about gaming features). Though if you update by accident, you're SOL.

Take it or leave it, I didn't want them to remove it, I thought it was a bad idea. *shrug*

There, I top-quoted, just to be trendy!

Quote:
Originally Posted by Hellmark View Post
Sony was hacked (multiple times by multiple parties), yes, however, the hack could have been prevented if standard security practices had been in place.
According to Sony, the CC#s were obfuscated/encrypted (citation below). I also think this "standard security practices" citation is invalid. It's undefined, and open-ended. What "standard security practices"? No matter what you cite, there are always other, more secure standards. Sony -- Nintendo, PBS, Arizona, etc. -- actually used "standard security practices" but not enough to stop the hackers. So this is just an internet-ism that's poorly defined, and can never be satisfied but sounds great in an argument. (One person I talked to got to the point where Sony should have used dongles on all servers!)

Quote:
They had older databases where credit card info wasn't encrypted, they also had plenty of other information on hand for each user that would enable identity theft even if the particular database it was in had credit card numbers encrypted. Things like email addresses, names, addresses, birthdates, etc were all unencrypted.
Nope. Sony stated the info was encrypted.

http://www.zdnet.co.uk/news/security...data-40092628/

Quote:
Not only that, but forensics of the Sony networks showed out of date software with known security issues, etc.
Nope.

Consolewars did forensics and showed that Apache servers were all up-to-date at the time of the hack.

Quote:
Plus improperly configured firewalls. It wasn't just PSN that was hacked, but their websites, servers for SoE, Qriocity, etc.
I made citations. You need one here. Otherwise it's hearsay (which a lot of this has been, btw).

I have not heard about "improperly" configured firewalls. It's absolutely possible, as they were hacked. But if "improperly" means simply "susceptible to the hack" then that's defining terms to meet your requirements. They could have been well configured with a single specific bug that was exploited. At this point, saying "improperly configured" is purely rhetorical.

Quote:
Sony was the victim, but at the same time, they do share some responsibility. If you leave a bunch of money and other sought after items sitting out in the open in your car, are you entirely blameless because someone broke out a window and stole it? You could have put it in the trunk, covered it up, put it out of sight, etc.
The moral argument here is a slippery slope way beyond this thread.

To put it simply, Sony did not dangle the info in front of hackers. There was no "here's the info!" They were targeted. Then the hackers had to search for the data. There's no "in the front seat vs. in the trunk" here (and in some places, trunks are more dangerous than the front seat because thieves know that is where to search!)

Sony claims the DDOS going on at the time diverted resources and kept them from seeing the PSN break-in. The blame does not lie with Sony. It lies with the hackers. Blaming the victim is bogus, especially given the information at hand.

Sony gets short-shrift on the Internet. LulzSecurity hacked Sony pictures and released the info, but when they hacked Nintendo, they literally claimed they liked the Big-N, and would not release info! Sony will always be the culprit, whether they deserve it or not -- and many times, they do not! They were called "the devil" already in this thread. Point made right there.

-Pie
EatingPie is offline   Reply With Quote