So one provided entertainment services and the other broke the law and Sony/SOE are just as guilty as a criminal? You work at a bank. Someone goes Oceans 11 on you and robs you in the middle of the night. Is it your fault? Yes, they could have done better security. Every company could probably use it. But if people just obeyed the laws we wouldn't need all that crap. It's networking bud, there are always holes and if a hacker wants in, they'll get in.
Sony violated the security procedures that they agreed to in order to do busines with the credit card companies. They might be the victom of a hacker, but they are guilty of security failure that should have been enforced.
Sony has shown plenty of negligence in this situation. They are a victom of an attack, but also the victom of thier own stupidity.
As for your analogy, it would be your fault if you left the banks money sitting on a table in the middle of the room instead of the vault. That is essentially what SOE did.
Not only did they store the information in an unsecure manner, they were storing information that was of no practical use. A database of personal information from a sweepstakes that ended 10 years ago? Credit and banking information from 5 years ago that they were not actively doing buiness with?
I really hope Sony offers up like 6 months of full station access to all their games. That would be kinda cool. I know on the playstation side we'd get only a free month of PS+ which I think is kind of a crappy apology.
Why would they do that? They are the victims here...
Sony is not the victim. The cardholders that trusted Sony to maintain a higher level of security are the victims. Sony's lack of ability to maintain security makes them nearly as guilty as the hackers in my book.
So one provided entertainment services and the other broke the law and Sony/SOE are just as guilty as a criminal? You work at a bank. Someone goes Oceans 11 on you and robs you in the middle of the night. Is it your fault? Yes, they could have done better security. Every company could probably use it. But if people just obeyed the laws we wouldn't need all that crap. It's networking bud, there are always holes and if a hacker wants in, they'll get in.
1st of all, not your Bud. second if you leave the door open to criminals then yes you are liable. Yeah " if people just obeyed the laws" I wouldn't feel the need to carry a handgun. But people dont obey the laws, so you have to be ever vigilant to twart criminals at every possible weakness. If you dont display that level of vigilance in your security, then you are partialy at fault.
Sony told people ther data was secure, they lied, they are liable. end of debate
Originally posted by Daffid011A database of personal information from a sweepstakes that ended 10 years ago? Credit and banking information from 5 years ago that they were not actively doing buiness with?
There is no law that would forbid them to store that information. They have all right to keep store it.
You have no idea where in the network, how secured or why this server with dated database was there. You are again/still making unfounded assumptions...
I really hope Sony offers up like 6 months of full station access to all their games. That would be kinda cool. I know on the playstation side we'd get only a free month of PS+ which I think is kind of a crappy apology.
Why would they do that? They are the victims here...
Oh yes... They have fallen "victim" to the 733t hax0rs... Given they had been operating an unpatched server with no firewall, the only wonder is that it took them this long to get hit. They are no doubt in serious violation of any number of federal/state(and EU) agency regulations(not to mention various laws). Their customers are the real victims in this instance, and no doubt many of them are going to be very sorry that they ever trusted Sony with their personal data.
Sony told people ther data was secure, they lied, they are liable. end of debate
They said that they have no evidence that SOE data were compromised(before 1st May).
You only twist the facts to suit your agenda.
I have no agenda.
I call it as I see it.
to me the date of the comprimise does not matter, the fact that it happend at all is what matters.
now stop twisting the facts to try and make yourself look superior and get your nose out of SOE's butt, there not going to give you any free gametime for you defending them.
Originally posted by Wraithone Given they had been operating an unpatched server with no firewall, the only wonder is that it took them this long to get hit. They are no doubt in serious violation of any number of federal/state(and EU) agency regulations(not to mention various laws). Their customers are the real victims in this instance, and no doubt many of them are going to be very sorry that they ever trusted Sony with their personal data.
They did not use non-atched servers(the ones that 'matters'). It was covered to the reply and provided link as PROOF as well as it was denied by Sony.
Originally posted by Gdemami Originally posted by WraithoneUsing an unpatched server, with no firewall is not a good start.
Originally posted by jeolmanI call it as I see it.
Don't state it as facts then because it's not, regardless how you feel about it.
Data theft and having access to your game down is not pleasant experience but that does not make your claims more true nor gives you right to bash everyone around you.
Don't state it as facts then because it's not, regardless how you feel about it.
Data theft and having access to your game down is not pleasant experience but that does not make your claims more true nor gives you right to bash everyone around you.
I never said anything that was not a fact,
Sony did say that personal and CC info was secure. its in the user agreement
Sony did have a lapse in security. someone was able to get in and steal data
I can never be for certain, but my credit card just this past week ended up having charges on it that neither I or my wife had put on it. It was almost $1400 worth of charges. I would love to say that it was because of sony being hacked but like I said, I can never be certain it was.
A database of personal information from a sweepstakes that ended 10 years ago? Credit and banking information from 5 years ago that they were not actively doing buiness with?
There is no law that would forbid them to store that information. They have all right to keep store it.
You have no idea where in the network, how secured or why this server with dated database was there. You are again/still making unfounded assumptions...
You have an apology for every situation don't you?
Maybe it is or is not against the law, but that wasn't my point at all.
Who really cares "where" the data was stored. They were storing data that wasn't being used, in a dangerous format in an area that could be accessed over the network. Such negligence makes SOE just as much to blame as the hackers.
If SOE had proper security, removed outdated databases from network access and some sort of encryption for banking information, then this would not be an issue would it?
I think everyone else can read the available information and make well founded determinations, feel free to keep repeating how nobody knows anything (aside from you of course) and Sony might have theoretically had the most secure network on the entire planet.
A database of personal information from a sweepstakes that ended 10 years ago? Credit and banking information from 5 years ago that they were not actively doing buiness with?
There is no law that would forbid them to store that information. They have all right to keep store it.
You have no idea where in the network, how secured or why this server with dated database was there. You are again/still making unfounded assumptions...
ACtually there is, its called the Data Protection act, and compliance is required for any business operating in the EU.
Here are the 8 principles of the Data protection act.
Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –
(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
Personal data shall be accurate and, where necessary, kept up to date.
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Personal data shall be processed in accordance with the rights of data subjects under this Act.
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Sony keeping Credit card and personal data for customers who have not used their services for up to 7 years DOES NOT comply with point 3 or point 5
Originally posted by Kothoses ACtually there is, its called the Data Protection act, and compliance is required for any business operating in the EU. Sony keeping Credit card and personal data for customers who have not used their services for up to 7 years DOES NOT comply with point 3 or point 5
I am well aware about EU legislative. The problem is, not only in EU but around the globe those laws are mess and there are severe holes in processes how to handle personal information or information related to them.
One big issue is to define what Personal Information is, that alone is extremely difficult. Any other definition and rule is very vague and allows broad way of interpretation. This is by large part due necessity. I have already said before, all you have to do is to 'do not keep it exposed to unauthorized people' and you are fine.
Those laws are a mess. Period.
In a matter of fact, Sony stored data from 2007, that isn't 7 years long.
ACtually there is, its called the Data Protection act, and compliance is required for any business operating in the EU.
Sony keeping Credit card and personal data for customers who have not used their services for up to 7 years DOES NOT comply with point 3 or point 5
I am well aware about EU legislative. The problem is, not only in EU but around the globe those laws are mess and there are severe holes in processes how to handle personal information or information related to them.
One big issue is to define what Personal Information is, that alone is extremely difficult. Any other definition and rule is very vague and allows broad way of interpretation. This is by large part due necessity. I have already said before, all you have to do is to 'do not keep it exposed to unauthorized people' and you are fine.
Those laws are a mess. Period.
In a matter of fact, Sony stored data from 2007, that isn't 7 years long.
You are being misleading here.. you said " all you have to do is to 'do not keep it exposed to unauthorized people' and you are fine" which isn't true. If you keep the data secure from unauthorized people you should be safe from most criminal negligence laws.
That in no way makes you safe from civil liability. They could have followed every single law in every country and still be held liable.
If people feel Sony wasn't doing enough to keep up with the latest security technology or have enough IT staff or being prepared to respond to a hack.. then you can bet they are going to sue in civil court.
Also, just because "the laws are a mess" doesn't mean Sony shouldn't have to follow the laws... they have a choice.. either follow the law or don't do business in that country. Quite simple really.
Anyone who cares about facts and critical thinking, that excludes trolls though...
So what you are suggesting, but once again never actually using specific examples of facts, is that depending on "where" SOE stored that information it would have made this policy of information storage more acceptable?
Are you suggesting that somewhere else might have been unhackable and all that data would be safe if it was stored there? That it is solid business practice to store banking information in clear text as long as it is stored in some approved special place? Are you suggesting that it is good practice to store your customers personal and banking information that is not in use by your company as long as it is stored somewhere else that might offer something better than you never really talk about?
Is that the type of critical thinking you were trying to reference in your 1 sentence reply that finished with an insult? Does that about sum up what you want to say, but can't, because even you realize how laughable that stance is?
Originally posted by jado818 If people feel Sony wasn't doing enough to keep up with the latest security technology or have enough IT staff or being prepared to respond to a hack.. then you can bet they are going to sue in civil court.
If people feel Sony wasn't doing enough to keep up with the latest security technology or have enough IT staff or being prepared to respond to a hack.. then you can bet they are going to sue in civil court.
And they would get laughed off..
Unless you know all the facts I'm not sure how you would know that.
Do you work for Sony's IT department or have access to information on the initial intrusion?
Do you work for Sony's IT department or have access to information on the initial intrusion?
In no legal country you can be sued despite following the laws and regulations. That is simply dumb as it would be denying the core principles of legal system.
Do you work for Sony's IT department or have access to information on the initial intrusion?
In no legal country you can be sued despite following the laws and regulations. That is simply dumb as it would be denying the core principles of legal system.
Do you understand the difference between civil court and criminal court?
You are basically saying almost every country in the world is "illegal" because of your lack of understanding about how courts work.
Originally posted by jado818Do you understand the difference between civil court and criminal court?
I do but you obviously don't.
At any court, in case of civil or criminal trial, you have to prove that the adverse party broke the law or agreement and that there is provable harm done due this breach.
When you say you sue me despite I follow all laws, there is no substance you could sue me for.
It is like contracting a company to build you a 2 floor house. Company builds everything according to contract and then you wanted to sue them because you think that your house should actually have 3 floors, stables, 2 swimming pools and golf yard.
Do you understand the difference between civil court and criminal court?
I do but you obviously don't.
At any court, in case of civil or criminal trial, you have to prove that the adverse party broke the law or agreement and that there is provable harm done due this breach.
When you say you sue me despite I follow all laws, there is no substance you could sew me for.
It is like contracting a company to build you a 2 floor house. Company builds everything according to contract and then you wanted to sue them because you think that your house should actually have 3 floors, stables, 2 swimming pools and golf yard.
Plain stupid.
Now you are just making up stuff about the law... I'll use a big name example for you.
Why don't you google or wiki a person names "O.J. Simpson"
He was acquitted of all criminal wrong doing in the murder of his wife...
but civil court still found him liable for the death of his wife.. even though he did nothing illegal in the eyes of the law.
I'm sure there are plenty other less known examples out there.. but that is the big one i can think of.
Originally posted by jado818Why don't you google or wiki a person names "O.J. Simpson"
The case only confirms what I said.
You still need to prove him the breach. They did not prove the guild in one case so they opened another but principle is alway the same - you have to breach some law or agreement. Period.
Comments
Sony violated the security procedures that they agreed to in order to do busines with the credit card companies. They might be the victom of a hacker, but they are guilty of security failure that should have been enforced.
Sony has shown plenty of negligence in this situation. They are a victom of an attack, but also the victom of thier own stupidity.
As for your analogy, it would be your fault if you left the banks money sitting on a table in the middle of the room instead of the vault. That is essentially what SOE did.
Not only did they store the information in an unsecure manner, they were storing information that was of no practical use. A database of personal information from a sweepstakes that ended 10 years ago? Credit and banking information from 5 years ago that they were not actively doing buiness with?
1st of all, not your Bud. second if you leave the door open to criminals then yes you are liable. Yeah " if people just obeyed the laws" I wouldn't feel the need to carry a handgun. But people dont obey the laws, so you have to be ever vigilant to twart criminals at every possible weakness. If you dont display that level of vigilance in your security, then you are partialy at fault.
Sony told people ther data was secure, they lied, they are liable. end of debate
There is no law that would forbid them to store that information. They have all right to keep store it.
You have no idea where in the network, how secured or why this server with dated database was there. You are again/still making unfounded assumptions...
They said that they have no evidence that SOE data were compromised(before 1st May).
You only twist the facts to suit your agenda.
Oh yes... They have fallen "victim" to the 733t hax0rs... Given they had been operating an unpatched server with no firewall, the only wonder is that it took them this long to get hit. They are no doubt in serious violation of any number of federal/state(and EU) agency regulations(not to mention various laws). Their customers are the real victims in this instance, and no doubt many of them are going to be very sorry that they ever trusted Sony with their personal data.
I have no agenda.
I call it as I see it.
to me the date of the comprimise does not matter, the fact that it happend at all is what matters.
now stop twisting the facts to try and make yourself look superior and get your nose out of SOE's butt, there not going to give you any free gametime for you defending them.
They did not use non-atched servers(the ones that 'matters'). It was covered to the reply and provided link as PROOF as well as it was denied by Sony.
Oh really?
http://webcache.googleusercontent.com/search?q=cache:h9540GDnnIoJ:auth.np.ac.playstation.net:443/+auth.np.ac.playstation.net&hl=en&strip=0
Stop making conclusions based on stupid rumors and learn to filter information you read...
It was nothing more than stupid hearsay.
Do you mind to be specific about what laws did they violate or you're just pulling things out of your nose?
Don't state it as facts then because it's not, regardless how you feel about it.
Data theft and having access to your game down is not pleasant experience but that does not make your claims more true nor gives you right to bash everyone around you.
I never said anything that was not a fact,
Sony did say that personal and CC info was secure. its in the user agreement
Sony did have a lapse in security. someone was able to get in and steal data
Sony is liable for not preventing it.
there is no debate.
It did happen and Sony will be held Liable.
I can never be for certain, but my credit card just this past week ended up having charges on it that neither I or my wife had put on it. It was almost $1400 worth of charges. I would love to say that it was because of sony being hacked but like I said, I can never be certain it was.
You have an apology for every situation don't you?
Maybe it is or is not against the law, but that wasn't my point at all.
Who really cares "where" the data was stored. They were storing data that wasn't being used, in a dangerous format in an area that could be accessed over the network. Such negligence makes SOE just as much to blame as the hackers.
If SOE had proper security, removed outdated databases from network access and some sort of encryption for banking information, then this would not be an issue would it?
I think everyone else can read the available information and make well founded determinations, feel free to keep repeating how nobody knows anything (aside from you of course) and Sony might have theoretically had the most secure network on the entire planet.
ACtually there is, its called the Data Protection act, and compliance is required for any business operating in the EU.
Here are the 8 principles of the Data protection act.
Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless –
(a) at least one of the conditions in Schedule 2 is met, and
(b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
Personal data shall be accurate and, where necessary, kept up to date.
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Personal data shall be processed in accordance with the rights of data subjects under this Act.
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Sony keeping Credit card and personal data for customers who have not used their services for up to 7 years DOES NOT comply with point 3 or point 5
I am well aware about EU legislative. The problem is, not only in EU but around the globe those laws are mess and there are severe holes in processes how to handle personal information or information related to them.
One big issue is to define what Personal Information is, that alone is extremely difficult. Any other definition and rule is very vague and allows broad way of interpretation. This is by large part due necessity. I have already said before, all you have to do is to 'do not keep it exposed to unauthorized people' and you are fine.
Those laws are a mess. Period.
In a matter of fact, Sony stored data from 2007, that isn't 7 years long.
You are being misleading here.. you said " all you have to do is to 'do not keep it exposed to unauthorized people' and you are fine" which isn't true. If you keep the data secure from unauthorized people you should be safe from most criminal negligence laws.
That in no way makes you safe from civil liability. They could have followed every single law in every country and still be held liable.
If people feel Sony wasn't doing enough to keep up with the latest security technology or have enough IT staff or being prepared to respond to a hack.. then you can bet they are going to sue in civil court.
Also, just because "the laws are a mess" doesn't mean Sony shouldn't have to follow the laws... they have a choice.. either follow the law or don't do business in that country. Quite simple really.
So what you are suggesting, but once again never actually using specific examples of facts, is that depending on "where" SOE stored that information it would have made this policy of information storage more acceptable?
Are you suggesting that somewhere else might have been unhackable and all that data would be safe if it was stored there? That it is solid business practice to store banking information in clear text as long as it is stored in some approved special place? Are you suggesting that it is good practice to store your customers personal and banking information that is not in use by your company as long as it is stored somewhere else that might offer something better than you never really talk about?
Is that the type of critical thinking you were trying to reference in your 1 sentence reply that finished with an insult? Does that about sum up what you want to say, but can't, because even you realize how laughable that stance is?
And they would get laughed off..
Unless you know all the facts I'm not sure how you would know that.
Do you work for Sony's IT department or have access to information on the initial intrusion?
In no legal country you can be sued despite following the laws and regulations. That is simply dumb as it would be denying the core principles of legal system.
Do you understand the difference between civil court and criminal court?
You are basically saying almost every country in the world is "illegal" because of your lack of understanding about how courts work.
So you don't see any value in a civil court?
I do but you obviously don't.
At any court, in case of civil or criminal trial, you have to prove that the adverse party broke the law or agreement and that there is provable harm done due this breach.
When you say you sue me despite I follow all laws, there is no substance you could sue me for.
It is like contracting a company to build you a 2 floor house. Company builds everything according to contract and then you wanted to sue them because you think that your house should actually have 3 floors, stables, 2 swimming pools and golf yard.
That's plain stupid.
Now you are just making up stuff about the law... I'll use a big name example for you.
Why don't you google or wiki a person names "O.J. Simpson"
He was acquitted of all criminal wrong doing in the murder of his wife...
but civil court still found him liable for the death of his wife.. even though he did nothing illegal in the eyes of the law.
I'm sure there are plenty other less known examples out there.. but that is the big one i can think of.
The case only confirms what I said.
You still need to prove him the breach. They did not prove the guild in one case so they opened another but principle is alway the same - you have to breach some law or agreement. Period.
Is this backwards day.. I thought you said "When you say you sue me despite I follow all laws, there is no substance you could sew me for."
I provided you an example where a person was successfully sued despite following all the laws.
and you say it confirms what you say.
I think maybe you are confusing the definition of confirms.
Here is the definition.. try to use the correct word next time.. maybe disproves or contradicts
confirms3rd person singular present of con·firm (Verb)
1. Establish the truth or correctness of (something previously believed, suspected, or feared to be the case).
2. State with assurance that a report or fact is true.
I think so too because common law was still part of the legal system last time I checked and same rules applies.
So you are unable to admit you have made incorrect claims in the last couple of pages?