Sony Admits That Playstation Hacker Got Tons Of Info, Including Passwords

from the this-is-what-you-get-with-a-company-that-rootkits-people dept

Tue, Apr 26th 2011 2:36pm — Mike Masnick

We had avoided discussing what was going on with the PlayStation Network hack and subsequent downtime until more details were known, and now Sony is finally revealing what many people feared: a ton of personal info was leaked. According to Sony's blog post, among the information that hackers got was:

Name
Address
Country
Email
Birthdate
PlayStation Network/Qriocity password and login

Sony claims it's not sure yet, but that it "cannot rule out," that credit card info and password security answers may have also been included. To deal with that, they're saying people should assume that such info was compromised. So far, Sony's plan is to tell you to stay alert:

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

You hear that sound? That's the sound of a whole bunch of class action lawsuits being filed against Sony as we speak. I'd like to say it's a huge surprise that Sony would even store passwords and credit card data in a place where it could easily be extracted like that, but it's really not. This, after all, is the company that made the word "rootkit" famous, and spent the last few months wasting more resources in a quixotic legal campaign against a guy who added back a feature to the PS3 that Sony had deleted. Perhaps if it spent a little more time actually protecting its users rather than fighting silly battles, there wouldn't be issues like this.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: credit cards, passwords, playstation, playstation network, security
Companies: sony

79 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Vic, 26 Apr 2011 @ 2:49pm

And also "Playstation 3 pirates will be banned for life"! DO you hear that sound? That's all the hackers trembling...
[ link to this | view in thread ]
fogbugzd (profile), 26 Apr 2011 @ 2:49pm

They waited a week to let people know about the stolen data? That may be the worst part of the whole mess.
[ link to this | view in thread ]
Anonymous Coward, 26 Apr 2011 @ 2:49pm

Just throw the PS out the window and never buy another Sony product EVER!

Rootkits in 85 on Audio CDs
Rootkits on PC games Currently ( SECUROM )
Then they use bait and switch marketing.

Their network is toast anyway!

Goodbye and Good Riddance Sony!
[ link to this | view in thread ]
el_segfaulto (profile), 26 Apr 2011 @ 2:57pm

And it couldn't have happened to a nicer company
[ link to this | view in thread ]
freak (profile), 26 Apr 2011 @ 3:02pm

Re:
I wonder how much of that was figuring out what was actually taken?

Right now, it appears that they're saying some info from ALL of the PSN's users was compromised . . . that's a lot to check in one week, isn't it?

That being said, they could easily have started the week with: "We're afraid that some personal information could've been compromised".
[ link to this | view in thread ]
Anonymous Coward, 26 Apr 2011 @ 3:03pm

This once again shows...
...why you don't go pissing off your fan base. This is too coincidental after Geohot got sued for me to think it was just a random attack. I think someone wanted to show Sony who was boss, and made sure it would hurt them. And since there is no other way to hurt a company, they went for the pocketbook by taking the PSN down and grabbing some credit cards so they would have to pay for identify theft protection too.

Of course, it could also be for a money grab that just happened to coincide with the Geohot case.
[ link to this | view in thread ]
That Anonymous Coward, 26 Apr 2011 @ 3:09pm

And we do not need comprehensive laws requiring data breaches be reported quickly why?

@fogbugzd - why would they? They denied the rootkit, they denied the theft of other peoples IP to make it, and when they got caught the response was to tap them on the wrist.

Nothing will happen to them, they will make some more "contributions" to the pocket congress critters. Then we will get more speeches about how you can not hold a "free" system as responsible as a pay system, and it is the fault of the consumer for not being more aware.
[ link to this | view in thread ]
Anonymous Coward, 26 Apr 2011 @ 3:10pm

"PlayStation Network/Qriocity password and login"

Something that still baffles me is how can anyone "acquire" these passwords. Every novice computer security student knows that you should NEVER EVER store passwords.

You store a hash value of that password and some salt (http://en.wikipedia.org/wiki/Salt_%28cryptography%29).

Such a big company (which, incidentally, has a big target painted on it) should know this and implement this. But I guess it is just cheaper to have a code monkey slap together a server in a week and the just "sort out" the quirks of the system as they show up.
[ link to this | view in thread ]
Anonymous Coward, 26 Apr 2011 @ 3:14pm

Re:
The link, in a more useful form:

http://en.wikipedia.org/wiki/Salt_%28cryptography%29
[ link to this | view in thread ]
Richard (profile), 26 Apr 2011 @ 3:21pm

Re:
DO you hear that sound? That's all the hackers ...laughing.
[ link to this | view in thread ]
Steven (profile), 26 Apr 2011 @ 3:21pm

Meh
All I hear is the sound of urine landing on the already cold ashes of any chance Sony had of ever getting my to buy anything from them again.
[ link to this | view in thread ]
Dan (profile), 26 Apr 2011 @ 3:26pm

Sony has a game console?!
I was too busy playing Halo to notice.
[ link to this | view in thread ]
fogbugzd (profile), 26 Apr 2011 @ 3:26pm

Re: Re:
>>That being said, they could easily have started the week with: "We're afraid that some personal information could've been compromised".

Bingo. That should have been their first thought.
[ link to this | view in thread ]
Anonymous Coward, 26 Apr 2011 @ 3:28pm

This just infuriates me altogether. Sony should be required to provide us all with credit reports and identity theft insurance like the one senator is already calling for.
[ link to this | view in thread ]
Anonymous Coward, 26 Apr 2011 @ 3:42pm

It still surprises me that people ignored the rootkit incident and continue to give this criminal organization money. I guess flashy pixels have a way of overcoming anyone's pause.
[ link to this | view in thread ]
luke aka based god, 26 Apr 2011 @ 3:48pm

OMG BASED GOD PLZ FUCK MY PS3 PLEASE #SWAGG
[ link to this | view in thread ]
Anonymous Coward, 26 Apr 2011 @ 3:53pm

Suddenly Nintendo's Friend Codes don't seem so bad.
[ link to this | view in thread ]
Cojeff, 26 Apr 2011 @ 3:54pm

Re: Not me
I gave up on Sony when they did the rootkits. The only sony product I have bought is headphones. Other than that give the type of company Sony is I just don't buy their products anymore.

I can't believe (although not too surprised) that Sony got bit in the butt on this. When will companies learn to protect the data?
[ link to this | view in thread ]
Christopher Weigel (profile), 26 Apr 2011 @ 3:56pm

I wonder...
What's the typical cost to a company, in terms of class action damages, for failing to adequately protect user data in this manner?

Just thinking - if they were required to pay each victim (potentially every person who's ever purchased a PS3) $200, which I figure is a reasonable if not slightly small number to pay for this sort of irresponsibility...

Well, they've sold, as of Dec 31 last year, 47.9 million PS3s. So that's, ignoring 2nd-hand sales, 9.6 billion in damages.

...Sony made $893 net income in Q3 2010...
[ link to this | view in thread ]
The Groove Tiger (profile), 26 Apr 2011 @ 4:04pm

Re:
I'm sure they'll get banned... while logged in with your account and password.
[ link to this | view in thread ]
Anonymous Coward, 26 Apr 2011 @ 4:04pm

Re: I wonder...
Nothing will happen to Sony. Nothing happened to them with all the other evils they perpetrated on their customers. This sounds like programming stupidity on Sony's behalf. I bet this happened as a retaliation for them raiding Hotz house, seizing virtually everything including all his financial records, getting access to all his social media accounts so they can sue other people that looked at his hack, etc. As Nelson would say HA HA pointing at Sony. Nobody's going to buy your junk tablets now!
[ link to this | view in thread ]
SUNWARD (profile), 26 Apr 2011 @ 4:09pm

"U.S. residents "
"U.S. residents are entitled under U.S. law to one free credit report annually...." but everyone else is out of luck.

And then you wonder why governments make laws and regulations forcing companies to do something.
[ link to this | view in thread ]
Anonymous Coward, 26 Apr 2011 @ 4:10pm

Why didn't Sony email this to millions of PSN accounts? They haven't at all. Something this serious should be in everybody's inboxes along with the normal PSN spam Sony sends out.
[ link to this | view in thread ]
That Anonymous Coward, 26 Apr 2011 @ 4:14pm

Re:
Now is that what he is really calling for, or is he instead calling for a contribution so he can get ready for 2012?

Sadly often a congress critter will jump on a topic and then sort of wander away after getting a little press. Nothing changed for the people who wanted the change to right some wrong... but maybe a check changed hands...
[ link to this | view in thread ]
modestone, 26 Apr 2011 @ 4:20pm

ouch
well... I won't be selling off my PS3 for an Xbox, but you better believe that when the next generation of consoles roll out, I will be joining the microsoft club...
[ link to this | view in thread ]
Ron Rezendes (profile), 26 Apr 2011 @ 4:26pm

And this little piggy...
played his Wii, all the way home!

Sony, the one and lonely!

Karma, the multi-platform real life game that requires no rootkit, or even your explicit permission, you're playing whether you like it or not! Sony, you lose!
[ link to this | view in thread ]
Trails (profile), 26 Apr 2011 @ 4:28pm

Technical Common Practices With Passwords
Passwords should always be salted, hashed, hashed and then hashed (and possibly, for good measure, hashed). Even HBGary did better than this.

I'm really interested to find out what the tech details of the hack are. There's speculation about hacked ps3 console, but even if that's true, it belies bad security on the part of Sony. The three golden rules of client-server programming:
1. Don't trust the client
2. Don't trust the client
3. Don't trust the client
[ link to this | view in thread ]
Anonymous Coward, 26 Apr 2011 @ 4:30pm

I'm delighted at this news
Anyone who buys Sony products after the rootkit debacle is supporting the enemy, and DESERVES to have their identity stolen, their personal information misused, and their credit cards abused. I have no sympathy for them at all.

And as for Sony themselves, let's hope the combined effect of the class action lawsuits is to permanently cripple them. Too bad the personal assets of the corporate officers can't be targeted; they deserve to be bankrupt, homeless, and starving.

But I'm not bitter.
[ link to this | view in thread ]
PRMan, 26 Apr 2011 @ 4:33pm

Re:
What does "Rootkits in 85 on Audio CDs" mean?

Is it 1985? CDs were only invented in 1984 and I can assure you that PCs didn't even have CD drives until about 1998.

The Sony Rootkit scandal was in 2005.

http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal
[ link to this | view in thread ]
PRMan, 26 Apr 2011 @ 4:34pm

Re: Re:
Sorry, I meant 1988.
[ link to this | view in thread ]
hautedawg, 26 Apr 2011 @ 4:49pm

So....
Who wants to buy a used PS3, cheap?

It comes with games, controllers, and a hacked account.
[ link to this | view in thread ]
chris (profile), 26 Apr 2011 @ 4:57pm

Re:
They waited a week to let people know about the stolen data?

they are just coming out of stage 1 of sony Standard Operating Procedure and are getting ready for stage 2:

http://www.penny-arcade.com/comic/2005/07/20/
[ link to this | view in thread ]
ben, 26 Apr 2011 @ 5:00pm

hahaha
add this crap and the yellow light of death to my ps3! in the same week! wow sony you better be paying to fix my system for free and give me 100 bucks!
[ link to this | view in thread ]
Jay (profile), 26 Apr 2011 @ 5:13pm

Richard Blumenthal
Blumenthal demands answers from Sony

Please bear in mind, this is the same Blumenthal that was and Attorney General fighting against Backpage and Craigslist.

He can demand answers, but I most certainly do not trust him...
[ link to this | view in thread ]
harbingerofdoom (profile), 26 Apr 2011 @ 5:26pm

Re: Re:
invented in 84?
ummm soooo they went back in time for the first album release on cd which was in 82?
[ link to this | view in thread ]
NotMyRealName (profile), 26 Apr 2011 @ 5:28pm

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience.

We thank you for your patience as we complete our investigation of this incident, and we regret any personal economic disasters during which years could go by before you are financially stable enough to continue giving us your money.

FTFY
[ link to this | view in thread ]
Migzy, 26 Apr 2011 @ 5:51pm

Re: "U.S. residents "
In canada, at least my bank - CIBC - offers credit report monitoring for free and I get notified of any changes, trick is you have to turn it on in online banking.
[ link to this | view in thread ]
Keisha, 26 Apr 2011 @ 5:54pm

Playstation
I have spent alot of money buying games and virtual items on playstation home they should give people back the money since we can not play or may not want to play in the future
[ link to this | view in thread ]
Capitalist Lion Tamer (profile), 26 Apr 2011 @ 6:11pm

I've got a PS3
and other than being told that I can't connect to the PSN whenever I boot it up, I can't say I've missed it. And good luck to the hackers. The only purchase I ever made was done using a PSN gift card. Enjoy my remaining $2.81!

Still, I'm saddened that I will be missing out on future episodes of the "The Tester." It must have been quite the thing considering how often they shoved it in my direction while I browsed their store.
[ link to this | view in thread ]
paperbag (profile), 26 Apr 2011 @ 6:18pm

Re: Playstation
Sorry, but this is what happens when you buy into a closed, DRM encrusted system. The servers go down and anything you paid for goes with it.
[ link to this | view in thread ]
paperbag (profile), 26 Apr 2011 @ 6:19pm

Re: I've got a PS3
Well, they have $2.81 and any personal information you may have entered. I'm sure they can sell that for another few bucks.

Name, Location, etc.
[ link to this | view in thread ]
paperbag (profile), 26 Apr 2011 @ 6:20pm

Re: Richard Blumenthal
This guy is just an attention/media whore. Anything he can do to get his name out to appear like he cares and/or is doing something for the average person.
[ link to this | view in thread ]
paperbag (profile), 26 Apr 2011 @ 6:22pm

Re: Technical Common Practices With Passwords
4. Don't trust the server, the people who wrote the software, the people who work for you, the mail person, Mike Masnick, or the kid at the McDonald's drive through.

Really though, it's more than just the client you have to worry about.
[ link to this | view in thread ]
WarOtter (profile), 26 Apr 2011 @ 7:41pm

IT
ONLY
DOES
...
$@#%@!
[ link to this | view in thread ]
Anonymous Coward, 26 Apr 2011 @ 7:50pm

And in two months, they plan on releasing their new handheld console. I can see gamers flocking - not.
[ link to this | view in thread ]
Anonymous Coward, 26 Apr 2011 @ 7:53pm

Re: So....
According to some sites, Games shops aren't buying second hand PS3s for this reason.
[ link to this | view in thread ]
umccullough (profile), 26 Apr 2011 @ 8:45pm

Re: So....
I'll only buy a used PS3 if it's hackable/modable - maybe $20 at a garage sale in the near future, we'll see, who knows.

If I can't install OtherOS or equivalent on it, I don't want it.
[ link to this | view in thread ]
Vincent, 26 Apr 2011 @ 8:51pm

wow
I'm not saying this couldn't happen to MS but, this is why they have such strict hardware structure and their own servers that developers have to design their games to work on, if they want to be online compatible for downloads or online play. $60 a year doesn't seem like so much, when you consider the security aspect of the service. Before you leave any negative comments, I'm perfectly aware that no network is hack proof. I'm just saying, it would be a little harder and less likely to happen.
[ link to this | view in thread ]
Anonymous Coward, 26 Apr 2011 @ 8:54pm

Re:
It still surprises me that people ignored the rootkit incident and continue to give this criminal organization money...

Especially people with that says something like "That's it, I'll start boycotting Sony now".

This makes me want to ask "do you mean that the rootkit incident did not scare you?".
[ link to this | view in thread ]
FuzzyDuck, 26 Apr 2011 @ 11:56pm

Re: I wonder...
Maybe they should be slapped for illegally sharing content, much like copyright infringement and be slapped with a 75,000 dollars fine per shared credit card number.

Unlike sharing music this *does* hurt the person who'se information was shared.
[ link to this | view in thread ]
The eejit (profile), 27 Apr 2011 @ 12:08am

Re: wow
You know what? AS much as I hate the 360, it'a more secure than 'the state-of-the-art console'. How sad is that? That the Wii and 360, which were hacked sooner, are more secure than the PS3.
[ link to this | view in thread ]
Chargone (profile), 27 Apr 2011 @ 2:53am

Re:
my biggest problem is that i don't want to boycot about half the developers who actually make games i like...

and unfortunately they insist on publishing only on the PS3 (or market it all for the ps3 and then quietly slip a 360 logo on the 'released on this platform' bit a month before the game comes out so you never know if it's going to be on anything but the ps3 or not. (or randomly decide that from now on the series is going to be a Wii exclusive :S )
[ link to this | view in thread ]
Chargone (profile), 27 Apr 2011 @ 2:58am

Re: ouch
'course, you gotta be a bit careful of microsoft too.

they can be just as evil or just as stupid. (though they seem good at not being evil and stupid at the same time, usualy. unlike sony.)
[ link to this | view in thread ]
Chargone (profile), 27 Apr 2011 @ 3:14am

Re: Re: Technical Common Practices With Passwords
natch.
seems like trusting the Client is less akin to missing a possible entry point when booby trapping a house and more saving the assasin the trouble of getting in by wearing a target over your face and standing in the middle of the street.
[ link to this | view in thread ]
Chargone (profile), 27 Apr 2011 @ 3:17am

Re: Re: wow
the PS3 is actually Slower than the 360 at doing simple things like loading it's (much simpler and smaller) icons and menus.
[ link to this | view in thread ]
Hiiragi Kagami (profile), 27 Apr 2011 @ 3:24am

What a shame.
In the 80s, Sony was *the* name in electronics. Now, I wouldn't touch a Sony product if they paid me. I'd like to know what happened to this company. I want to know why they felt it necessary to spy on its customers. I want to know why its products ensure we can't do what we want with them, even if this action is illegal.

None of this is Sony's responsibility. Given how their products have always been marked up to ridiculous levels (we paid for that brand name, damn it), I certainly can't believe piracy was any issue that made their profits drop.

I'd say that honor went to LG, who not only undercut Sony's prices, but did it with products people enjoyed.

No matter. They've lost me as a customer forever and there's no mistaking how this is truly the lost sale Sony seemed to be so worried about.

Is irony to be taken with water?
[ link to this | view in thread ]
The eejit (profile), 27 Apr 2011 @ 3:46am

Re: What a shame.
Nope, it's to be taken with neurotoxin. Cetified GlaDOS-free.
[ link to this | view in thread ]
DCX2, 27 Apr 2011 @ 4:54am

Re: What a shame.
Sony went from a hardware company to a content company. The two are at odds, and at Sony the content company has won.
[ link to this | view in thread ]
abc gum, 27 Apr 2011 @ 5:03am

Re:
"You store a hash value of that password"

I'll guess that has been patented
[ link to this | view in thread ]
abc gum, 27 Apr 2011 @ 5:12am

Re: I'm delighted at this news
Anyone who (insert ignorant action) DESERVES to have (insert whatever happened).

Ignorance is no excuse. However, claiming they deserve whatever is just plain mean. That horse upon which you sit is rather high.
[ link to this | view in thread ]
GunSheep (profile), 27 Apr 2011 @ 6:00am

Re: Re: I'm delighted at this news
I think they deserved it. They went out and pissed off the most technically minded part of their customer base. Then they went after GeoHotz after that horse had left the barn and the barn had burned down...

I'm saying they deserved it and I have a Playstation 3. Luckily they didn't get my CC information.
[ link to this | view in thread ]
Hephaestus (profile), 27 Apr 2011 @ 6:51am

Re:
"And in two months, they plan on releasing their new handheld console. I can see gamers flocking - not."

Tablets and smart phones are probable going to destroy the handheld market over the next couple years. Much in the same way that cellphones with video cameras destroyed the cheap video camera market.
[ link to this | view in thread ]
Deirdre, 27 Apr 2011 @ 6:52am

I bought a Sony gizmo thing a couple of months ago-- I wasn't thinking, it was a Goldbox special on Amazon.

When I went to register it though there was a survey about Sony's reputation. So I told them about how I stopped buying Sony CDs after the rootkit, I stopped buying Sony computers after a Viao that had to have two power sources replaced because whoever did the recall work put in the SAME DAMN PART-- which borked my harddrive. Not to mention the Clie they stopped supporting immediately after I got it. I told them I was giving them one last chance with consumer electronics.

Looks like they are trying to do some market research on how people perceive them.
[ link to this | view in thread ]
Jay (profile), 27 Apr 2011 @ 7:03am

Re: Re:
Can you explain a bit more? Based on my experience with the video camera market, I may have a bias that says they remain unchanged in actual capacity.
[ link to this | view in thread ]
Anonymous Coward, 27 Apr 2011 @ 7:11am

Re: I'm delighted at this news
Amen brother. I agree completely.
[ link to this | view in thread ]
Werner Van Belle, 27 Apr 2011 @ 7:20am

Mailman does the same
I was equally surprised to find that mailman also stored passwords in plaintext. Quite surprising, because that soft has been around for a while.
[ link to this | view in thread ]
This comment has been flagged by the community. Click here to show it

tiara, 27 Apr 2011 @ 7:33am

Yallabid- Online Auction
UAE's Most Popular Online Auctions Website, Over 90% Discount on Retail Prices. Register Now and Start Winning !..products are brand New and at the guaranteed lowest prices! ... For your chance to get the latest 'got to have' items at really low prices.Register now on http://www.yallabid.com/ and start winning!
[ link to this | view in thread ]
This comment has been flagged by the community. Click here to show it

tiara, 27 Apr 2011 @ 7:34am

Yallabid- Online Auction
UAE's Most Popular Online Auctions Website, Over 90% Discount on Retail Prices. Register Now and Start Winning !..products are brand New and at the guaranteed lowest prices! ... For your chance to get the latest 'got to have' items at really low prices.Register now on http://www.yallabid.com/ and start winning!
[ link to this | view in thread ]
ChrisB (profile), 27 Apr 2011 @ 7:56am

Re: Sony has a game console?!
> I was too busy playing Halo to notice.

And paying $60/year to do it. Thanks, I'll take free online and the occasional screw-up instead.
[ link to this | view in thread ]
Anonymous Coward, 27 Apr 2011 @ 8:12am

Re: Re: Sony has a game console?!
Hahaha, I'd rather pay 100 bucks to play than have my credit cards stolen. I am pretty sure you will enjoy the ID theft.
[ link to this | view in thread ]
PaulT (profile), 27 Apr 2011 @ 11:54am

Re:
Yeah, the "hackers" are going to care about this somehow. Anyone who cracks a modern console does so with the knowledge that their console will be banned from such services if they are caught. That doesn't help the legal users of the service, and makes hacking more appealing.

The only people "trembling" are the Sony execs who will lose money over this - not just due to the loss of direct income (why buy a new game to play on line this month?) but income from other services that lose their appeal to customers as they realise how fragile cloud-based content actually is (Qriocity, Netflix and other services that require a valid PSN account, games whose DRM moronically calls home even for a single player game).
[ link to this | view in thread ]
crystal, 27 Apr 2011 @ 12:43pm

Re: "PlayStation Network/Qriocity password and login"
It's the fact that it's a big company that they didn't do what they should do.
having worked for a big company in the tech industry I can honestly say the tech department usually is under-funded and over-worked, and everything you do has to be justified. Hell, sometimes the tech department cant even get and keep valid certs for their sites depending on how incompetent their management is, and how lazy their tech department is.

so no, not surprised they were doing the less safe option.
not at all.

I've seen it take an entire section of business with millions of customers losing business for more than 2 weeks for a big company to finally make needed changes just to mirror their freaking sites. simple thing that makes sites continue to function when attacked, but it took millions of dollars lost in order to get the company to do it.

no not surprised at all...
[ link to this | view in thread ]
Trails (profile), 27 Apr 2011 @ 1:32pm

Re: Re: Technical Common Practices With Passwords
I never said it's all you have to worry about, but the security flaws I see in many client server apps amount to trusting the client.

"They'll only pull up pages/records I give them links for!"
"The only possible values to come back in this field are the ones I've enumerated in the dropdown!"
"I'll put the id of the organization the user belongs to in a cookie, nice and convenient!"
[ link to this | view in thread ]
Butternuts, 27 Apr 2011 @ 2:15pm

Too bad for Sony
Judging by all these comments an entire organization is under fire once again and most likely because a handful of their many people failed.

For their sake hopefully someone was just making a point or it was a smart moron that will get caught before any real damage happens but thats beyond wishful thinking this day and age.
[ link to this | view in thread ]
Christopher Weigel (profile), 27 Apr 2011 @ 3:18pm

Re: Too bad for Sony
"Judging by all these comments an entire organization is under fire once again and most likely because a handful of their many people failed"

Judging by all these comments an entire organization is under fire once again and most likely because their corporate policies make them as user unfriendly as possible

FTFY. Sony has a history of stupid, customer-damaging moves, this is par for the course with them. Hopefully this one actually will come back and severely bite them in the ass.
[ link to this | view in thread ]
Vincent, 27 Apr 2011 @ 9:47pm

Re: Re: wow
Any hardware can be hacked but, what you can do with it, is another story. I've never heard of a hacked 360 accessing the live network. I've heard of people reformatting the system and installing lines or some other homebrew software nit, that's as good as it gets. As for the Wii, have one in the house but I rarely touch it. It was a gift for my wife, I'm not a big fan of the system. Im not sure how secure the Wii is in comparison to the PS3 but, it seems just as open. I believe that's why MS opted not to install a browser on their systems. It just leave too much open to be hacked. I'm sure they could have installed a separate drive or something for internet access and keep the gaming software separate, to avoid any issues but, how practical would that have been sand how expensive would that have been for us, as consumers.
[ link to this | view in thread ]
Tom Landry (profile), 27 Apr 2011 @ 10:12pm

Anyone care to add up the monetary damages Sony has incurred since they started their BS with Geohot? Of course I'm including this incident since its most likely anon getting a bit of retribution for their (Sony's) litigating ways.......
[ link to this | view in thread ]
slackr (profile), 27 Apr 2011 @ 11:14pm

Sad thing is...
the money heading down the toilet from this screw up would have better been invested in preventing it in the first place. Now they have a damaged reputation (again), 77 million pissed off loyal users, class action law suits, and they still have to fix that pesky problem. I'm not a rocket scientist but I'd say they're doing things the hard way.
[ link to this | view in thread ]
italian_reaper16 (profile), 11 May 2011 @ 12:38pm

ok seriously this is really late i just found this but people really need to calm down and sony is still better thaqn xbox x100% and i just needed to get this off my chest that every one marked anonymus seem very suspicious im sorry but seriously talking about how sony is a piece of sh** and X-Box is better have alot of problems im saying this though sony is not the only target im just saying that sooner or later microsoft will go down so dont think there fire wall is stronger than sony's im not a hacker or anything im just another sony player who is p*ss*d off cause of who hacked sony but like i said dont think that sony is their only target!!!!!!!!!!
[ link to this | view in thread ]