iTunes has been hit: http://www.computerworld.com/s/article/9181503/Apple_can_t_stop_ongoing_iTunes_charge_scam but I only know about it because I had a gift card with open credit on my a/c and it was used to buy a bunch of random apps in Mandarin - no idea how that happened (and they didn't tell me), but Apple refunded me within 24 hours, and locked my account until I told them I was happy to have it opened again.
The SOE hack was different, console gamers and online players all afftected, the network put out of service - that's huge and impossible to keep quiet.
People have been rumbling for year about Blizzard being compromised but they all get looked at like they're wearing tinfoil hats. I'm not saying they're right - just that they haven't been hit (if at all) to the extent that they can't avoid going public with it.
We all should be more careful with our info online. I only use pre-paid credit cards to pay for gametime because I consider giving any online business access to cc or debit-card info a recipe for headaches. I'm not paranoid (honest!) but I'm all too aware of the possible repercussions to my accounts (and credit rating) of hacking.
LOL! Please read that article very very carefully.
I have never ever had any online account hacked! Ever!
This so called iTunes being hit, is the same thing that has been happening to MMORPG's, banks and other online services.
Almost 99% of these cases is due to people falling for phising emails and so giving out their credentials via keyloggers and fake websites!
AGAIN! You cannot compare these kind of incidents to the scandal that happened with Sony / SOE right now!
Oh really? I've never had anything hacked ever, until the iTunes thing. Use different emails and password combos everywhere. Keep my machine clean as a whistle (and know how to). Sheesh. If there is a 1% believe me oh Nordic know it all, I'm it.
Sony are not the only ones compromised, they are the first to be compromised in a way that they couldn't avoid admitting in public.
Well....SOE didn't even create EQ1, so can't give them credit there. They did take it over and they brought a lot of good things to it though.
Technically not true. Sony was there with Verant all the time, the only difference was Sony bought Verant in 99 and SOny was the sole developer and producer from then on, but SOny was always with verant from most of the making of EQ so they are as much of EQ as Verant was for starting it.
Also for reference sake look at Eq town Qeynos, before launch Sony got the town named after their relationship and pre sale of ownership to Sony of Verant, hence the city name Qeynos, backwards for Sony EQ.
I'm sorry but it doesn't just happen to any company. They were ignorantly cocky about substandard security.
I'll tell you what, I've done big-business security and I couldn't sleep at night if I was running a system that stored critical personal information in plain text.
This is just Sony, once the powerhouse, they thought for a time that they could do things and people would just migrate with them, and for some reason they still believe that. There's no reason that several of their releases have been so bad as they were.
Spec'ing properly is a gateway drug. 12 Million People have been meter spammed in heroics.
We've gone a full business week now and there is still no ETA or explanation of a plan to restore services. I understand that mistakes happen, but now it's gone on long enough to have a stated plan. Daily "still offline" today messages are now becoming salt on players wounds.
I hope they get their plan together soon and communicate it to their customers. A week is long enough to have a plan and be honest about it.
We've gone a full business week now and there is still no ETA or explanation of a plan to restore services. I understand that mistakes happen, but now it's gone on long enough to have a stated plan. Daily "still offline" today messages are now becoming salt on players wounds.
I hope they get their plan together soon and communicate it to their customers. A week is long enough to have a plan and be honest about it.
Last i heard they planned to have things back up before the end of may.
So funny you guys how often do you think wow and other mmos have been hacked and they havent told you. Ever wonder where some of the crap spam or mail comes from. At least Sony had the guts to own up to what had happened.
And before you say that wow hasnt been hacked then i can tell you way back when wow was acctually worth playing i got hacked 2 times on a comp that had nothing but wow and windows which was a clean install and a totally new email address and passwords.
The rootkit your talking about also known as spyware, one entity was all from MUSIC related industry at the time and had nothing to do with online games and other data from end user. SONY was partners with BMG and that Sony was ready to protect their partner by any means against PIRATES and illegal copying of it's music. So they came up with a small rootkit that installed on peoples PC's in 2005 starting with a few dozen Sony BMG music labels. This did not work well as it never sent the info they needed back on who was pirating. Instead it made peoples computers vulnerable to other viruses and spyware because it deactivated certain windows security areas.
So if your assuming SOE is responsible because of this your wrong. SONY BMG was a partnership back then when this happened. Sony after the lawsuits have not attempted again to employ rootkits against the end user. So after lets say mid 2005 or early 2006 was the end of that.
Get the facts right, SOE currently has no issue with this and using it to debate that is one reason they are the bad guy is ridiculous. After all they had the best interest in the customer to protect them from pirated music sold over the net as the retail deal. All this was because of the Pirates then who sold music cd's as retail but essentially were just rips of the original cd and printed cd covers.
I am not a SOE fan but I give the benefit of the doubt when needed.
Because thats what it always comes down to with SoE. All other gripes (until this) are petty (RMT that doesnt affect gameplay) or misplaced/uninformed (Vanguard). NGE is why people hate SoE.
When you make comments like this you are admitting that you are not being open minded to the topic. It is a completely dismissive and disingenuous approach to having a discussion, because no matter what information, facts or situations are presented to you, you have your arsenal of excuses ready to go. Most of which attack the person posting their ideas instead of debating the ideas they are posting.
Is someone really made about SWG if they complain about SOEs incompetance to secure the personal information, bank and credit card information for up to 25 million accounts? Are they misinformed about something there?
Soe has given its customers a long list of reason to be upset with them. Seeing how poorly the company has been doing the last five years it is pretty clear to see the results of their business practices. Shit, just look at the complete failure that is DCU and try to rationalize that one as being the fault of players misinformation or swg.
This same mentality is echoed in the original post and even the title. "A tough break for SOE" as if they are some poor company that just can't catch any good luck despite their best efforts to do things right. That snake oil doesn't sell anymore.
In a court of public opinion - there will always be two sides. Both can use the following tools. Personal stories (which by the rules of debate are used because they are difficult or if not impossible to disprove), the ever popular "everyone else does it" and of course, shift off topic.
Not one of us knows the scope of this whole affair. So I am just going to say there is plenty of blame to go around. Now, onto the actual topic.
1. Hackers hacked into Sony 2xs and stole data. Hacking into a business to steal info is illegal in nearly every civilized country. Unless, of course, it is endoresed by said country. So from this we can determine that what the hackers did was bad ie illegal. No matter who they hacked.
2. Sony ie the SCEA and SOE divisions that were hacked were vulnerable because of verified and established holes in their security. Linux servers not patched or updated. Firewalls not in place at critical locations. When your primary business models shift to subscription based and RMT, this means you are to gear up and secure your network in order to take on this responsibility. You sign a contract with your credit card processor and assure them that you not only are compliant with your software and proceedures at that moment but will continue to be.
Both divisions failed to do this. And thus they were hacked with incredible success. Not just one account or password set. Millions. And with credit card info. PCI Compliance has been in effect for well over a decade and each state has taken it a bit further (individual mileage may vary). Compliance to be able to handle subscription based credit card transactions as well as individual ones requires the credit card and sensitive personal data to be encrypted. The information that Sony has also verified indicates that the data in question was not fully in compliance.
So we have hardware and software noncompliance. The hardware allows the hacking to occur in a much easier fashion and the data is available and siftable as it is in pretty much the perfect format to do so. This would make Sony's two divisions at fault as well. Both from a betrayal of consumer trust but also in violation of any number of individual states and countries' PCI Compliance laws.
Then there is the 2007 database. And that in itself is a whole other post.
So shake it up, twist it, redirect it and flat out deny it. But the matter at hand is who broke the law in this moment in time. Hackers and Sony (which was doing something illegal but we just didn't know it until the breakins). When or if Blizzard or EA get hacked and their data and security is proven to be in a state that isn't legal - then we can point fingers.
And when the NGE is tied to the whole matter as being a virus that single handedly unencrypted the files and placed a rogue db in the open - then it will merit being brought into this conversation. Until then, it extraneous and serves no purpose unless you are trying to use it as a character witness.
Well now Sony is going to get sued up to the nostrils and going to be flat broke, I hope they sell some shit off, "cough* Vanguard to other developers !!!!
It's nice to see an article taking some sympathy on the matter, everyone seems focused on rediculing them instead, when the fact of the matter is it really could have happened to anyone.
It's just that Sony gave a reason (serveral over the course of a few years actually) to prompt an attack.
None of this really has me worried though, since I make a point to not own a credit card anymore (damn things!), and also try to fill out accounts with as little real info as possible.
I live on 123 Fake St, in the City of - City, and my postal code is A1B 2C3. You all should move here in the future, it's a pretty nice place :P
This right here is an example of something i do also. it really depends on how much information a person gives.
I live in a city called "Somewhere" , on a street called "over there" lol
several key things that can protect someone can be as follows :
1. Using other payment methods rather then using a subscription. for example in SOE's case an alternative to subbing would be to use websites like Paybycash.com ( link for time cards for soe games would fall under paybycash.com/soe ). This allows people to use something called the "ultimate game card" which is available in multiple stores across the united states and can be available to others via other websites.
2. Personal information : Given that we live in an age where many websites or social networks have our personal information as well as "security questions" and such how much "blame" gets spread around also lays within certain factors. ive seen people post almost as much info on a public facebook. ( example being when someone uses a password or security question which is something common in their life, like the name of a friend or a pet, etc.
One key to protecting ones self from ID and information Theft is to not use information that is available to the public. Some people have also used the same passwords for everything which puts them into a comprimising position. Personally i have various passes, for example my password that was floating around in soes systems is different from everything else i use.
3. if a payment method is unavailable via things like paybycash you could always try something like greendot cards which can be loaded with cash and has no link to a bank account whatsoever
I do agree that Sony has made a major blunder to put it mildly. But my focus is not on ridculing them, telling them they "suck or stink or should shut down". my concern is about what they will do as damage control and what they have in mind to make good with the public as well as their fans.
Focusing on a solution will be important. Also if you consider other companies could be vulnerable and we would not even know it may set an example for other companies out there to step up their own securities.
Ive made longstanding friends in the games i play before the services were taken down, so at the very least im going to wait and see what happens, once things are back up im definitely going to see what my friends plan to do.
As far as the title "tough break" of this topic , i think it fits not in the manner some are believing, but because its a very difficult situation for any company to deal with. I definitely wouldnt want to be a customer service rep for soe right now ( given that the general public can be overly passionate and take it out on the first person they see or hear from ). ( much like cashiers at stores get alot of flak for store policies and such ).
I probably could go on, but i for one will continue to wait and see what happens to my friends and my community before i make any choices. Given that it took me a long time to settle down into certain games, many mmos on the market just dont cut it for this long time player.
SilverTears - Shadowfire Entertainer - Member of FIDES If ever there is tomorrow when we're not together.. there is something you must always remember. you are braver than you believe, stronger than you seem, and smarter than you think. but the most important thing is, even if we're apart.. i'll always be with you.
People keep saying that this could happen to anyone, but really how many companies operate like this? How many companies leave a server so wide open to attack like this?
It is hard to have sympathy for a company that didn't even do the most basic level of security efforts.
Originally posted by Daffid011People keep saying that this could happen to anyone, but really how many companies operate like this? How many companies leave a server so wide open to attack like this? It is hard to have sympathy for a company that didn't even do the most basic level of security efforts.
When you believe everything you can find on the public forums, anything is possible.
Where do you think this guy got the information from...?
People keep saying that this could happen to anyone, but really how many companies operate like this? How many companies leave a server so wide open to attack like this?
It is hard to have sympathy for a company that didn't even do the most basic level of security efforts.
When you believe everything you can find on the public forums, anything is possible.
Sure we live in a world where Anything is possible, but that certainly doesn't mean that everything is Equally possible.
"I have no information about what protections they had in place, although some news reports indicate that Sony was running software that was badly out of date, and had been warned about that risk."
All what ACM does is browsing the internet forums. The guy has no first hand experience with anything he says, he is not related to Sony or their employees in any way, he did not verify nor provided those 'news reports', he did not confront the company with his findings, all we have got is his 'word'. No word in his written testimony about the 'no firewall' either.
I am not saying he isn't right, but as it is, his claim is meaningless. He was misquoted in the video or he is pretending his hearsay to be hard facts.
People keep saying that this could happen to anyone, but really how many companies operate like this? How many companies leave a server so wide open to attack like this?
It is hard to have sympathy for a company that didn't even do the most basic level of security efforts.
Seriously after all they done, this is the topping.
I'm really sorry for all the people working here but SOE in its actual state has to be dismantled. It's a shame for the MMO world, really.
"What this hacking issue seems to reiterate to users is that Sony is not a company consumers should trust."
Quote from OP. That is how I feel about it. What the hell were they doing with online databases that contained old information? What use was keeping that information around? In some peoples' cases it might not matter so much because they will have moved, changed cards or whatever, but in many cases they might still be in the same place they were back in 2007 and even have similar debit card numbers (which may lead back to bank account numbers).
This is what angers me the most.
I have been a customer of SoE's since 2001, but this pretty much spells the end of it for me.
With respect to the posters doing their best to derail the thread into who is to blame for the quality of Vanguard, or whatever, who cares? I mean really, what does it have to do with what happened at SoE? This hacking incident is not about getting back at SoE. It's about stealing peoples' identities and financial information. It's about cybercrime, not making a point.
"I have no information about what protections they had in place, although some
news reports indicate that Sony was running software that was badly out of date, and had
been warned about that risk."
All what ACM does is browsing the internet forums. The guy has no first hand experience with anything he says, he is not related to Sony or their employees in any way, he did not verify nor provided those 'news reports', he did not confront the company with his findings, all we have got is his 'word'. No word in his written testimony about the 'no firewall' either.
I am not saying he isn't right, but as it is, his claim is meaningless. He was misquoted in the video or he is pretending his hearsay to be hard facts.
When a recognized security expert testifies in front of congress that he has read reports that state the Sony servers were running outdated, unpatched versions of apache and did not have a proper firewall installed/configured I am going to put a little faith in his statements.
I doubt he was called before congress for his forum surfing expertise to repeat heresay.
Originally posted by Daffid011 When a recognized security expert testifies in front of congress that he has read reports that state the Sony servers were running outdated, unpatched versions of apache and did not have a proper firewall installed/configured I am going to put a little faith in his statements. I doubt he was called before congress for his forum surfing expertise to repeat heresay.
Did you read his testimony or even the quote? He's got his information from 'news reports' only, from them open forums.
Originally posted by Eqvaliser Who is next, EA or Valve.. hmm.. anyway i wish the best for all the users who where victomized by this incident. and just hope it comes out on the other side better than they entered this crysis.
No one should be next as long as they keep up with security procedures which SOE failed to do (even AFTER being warned months ago). Bank websites and many other online sites and games gets hit every minute of every day.
People keep saying that this could happen to anyone, but really how many companies operate like this? How many companies leave a server so wide open to attack like this?
It is hard to have sympathy for a company that didn't even do the most basic level of security efforts.
Seriously after all they done, this is the topping.
I'm really sorry for all the people working here but SOE in its actual state has to be dismantled. It's a shame for the MMO world, really.
Again, this is based on speculation by a security expert. He said the things he said based on the information he had available to him, however, that does not mean he is right. If you based a lawsuit on that kind of information, I bet it would be thrown out of court. You would have to be 100% sure you have your facts straight going in, otherwise you'll end up with egg on your face.
If you can read French, I recommend reading Le Monde and L'Express' websites. They have really good articles about this incident. The latter published an article about Sony's security, saying that SoE/Sony *most likely* cut corners with security because they may not have been PCI DSS certified (the protocol that credit card companies use) probably because it is very expensive. From the way the attacks happened, the experts think that they were not using certified PCI DSS. However, the authors of the article were quick to point out that even with it, it's very possible to get hacked, as has been the case of credit card companies using it. Even without it, it doesn't necessarily mean that Sony was completely sloppy, it means that Sony's security is 'artisanal' rather than being 'industry standard'.
Anyway, SoE itself might not be liable for being sued, but rather the parent corp Sony. If SoE started suffering worse financial problems, it will be swallowed up by Sony anyway. I don't think that the EQ franchise is going to be sold off to xyz.
I wouldn't be surprised if the outcome of this incident is that more MMO companies get targetted by organized criminals.
Comments
Oh really? I've never had anything hacked ever, until the iTunes thing. Use different emails and password combos everywhere. Keep my machine clean as a whistle (and know how to). Sheesh. If there is a 1% believe me oh Nordic know it all, I'm it.
Sony are not the only ones compromised, they are the first to be compromised in a way that they couldn't avoid admitting in public.
Technically not true. Sony was there with Verant all the time, the only difference was Sony bought Verant in 99 and SOny was the sole developer and producer from then on, but SOny was always with verant from most of the making of EQ so they are as much of EQ as Verant was for starting it.
Also for reference sake look at Eq town Qeynos, before launch Sony got the town named after their relationship and pre sale of ownership to Sony of Verant, hence the city name Qeynos, backwards for Sony EQ.
I'm sorry but it doesn't just happen to any company. They were ignorantly cocky about substandard security.
I'll tell you what, I've done big-business security and I couldn't sleep at night if I was running a system that stored critical personal information in plain text.
This is just Sony, once the powerhouse, they thought for a time that they could do things and people would just migrate with them, and for some reason they still believe that. There's no reason that several of their releases have been so bad as they were.
Spec'ing properly is a gateway drug.
12 Million People have been meter spammed in heroics.
We've gone a full business week now and there is still no ETA or explanation of a plan to restore services. I understand that mistakes happen, but now it's gone on long enough to have a stated plan. Daily "still offline" today messages are now becoming salt on players wounds.
I hope they get their plan together soon and communicate it to their customers. A week is long enough to have a plan and be honest about it.
Last i heard they planned to have things back up before the end of may.
So funny you guys how often do you think wow and other mmos have been hacked and they havent told you. Ever wonder where some of the crap spam or mail comes from. At least Sony had the guts to own up to what had happened.
And before you say that wow hasnt been hacked then i can tell you way back when wow was acctually worth playing i got hacked 2 times on a comp that had nothing but wow and windows which was a clean install and a totally new email address and passwords.
The rootkit your talking about also known as spyware, one entity was all from MUSIC related industry at the time and had nothing to do with online games and other data from end user. SONY was partners with BMG and that Sony was ready to protect their partner by any means against PIRATES and illegal copying of it's music. So they came up with a small rootkit that installed on peoples PC's in 2005 starting with a few dozen Sony BMG music labels. This did not work well as it never sent the info they needed back on who was pirating. Instead it made peoples computers vulnerable to other viruses and spyware because it deactivated certain windows security areas.
So if your assuming SOE is responsible because of this your wrong. SONY BMG was a partnership back then when this happened. Sony after the lawsuits have not attempted again to employ rootkits against the end user. So after lets say mid 2005 or early 2006 was the end of that.
Get the facts right, SOE currently has no issue with this and using it to debate that is one reason they are the bad guy is ridiculous. After all they had the best interest in the customer to protect them from pirated music sold over the net as the retail deal. All this was because of the Pirates then who sold music cd's as retail but essentially were just rips of the original cd and printed cd covers.
I am not a SOE fan but I give the benefit of the doubt when needed.
When you make comments like this you are admitting that you are not being open minded to the topic. It is a completely dismissive and disingenuous approach to having a discussion, because no matter what information, facts or situations are presented to you, you have your arsenal of excuses ready to go. Most of which attack the person posting their ideas instead of debating the ideas they are posting.
Is someone really made about SWG if they complain about SOEs incompetance to secure the personal information, bank and credit card information for up to 25 million accounts? Are they misinformed about something there?
Soe has given its customers a long list of reason to be upset with them. Seeing how poorly the company has been doing the last five years it is pretty clear to see the results of their business practices. Shit, just look at the complete failure that is DCU and try to rationalize that one as being the fault of players misinformation or swg.
This same mentality is echoed in the original post and even the title. "A tough break for SOE" as if they are some poor company that just can't catch any good luck despite their best efforts to do things right. That snake oil doesn't sell anymore.
In a court of public opinion - there will always be two sides. Both can use the following tools. Personal stories (which by the rules of debate are used because they are difficult or if not impossible to disprove), the ever popular "everyone else does it" and of course, shift off topic.
Not one of us knows the scope of this whole affair. So I am just going to say there is plenty of blame to go around. Now, onto the actual topic.
1. Hackers hacked into Sony 2xs and stole data. Hacking into a business to steal info is illegal in nearly every civilized country. Unless, of course, it is endoresed by said country. So from this we can determine that what the hackers did was bad ie illegal. No matter who they hacked.
2. Sony ie the SCEA and SOE divisions that were hacked were vulnerable because of verified and established holes in their security. Linux servers not patched or updated. Firewalls not in place at critical locations. When your primary business models shift to subscription based and RMT, this means you are to gear up and secure your network in order to take on this responsibility. You sign a contract with your credit card processor and assure them that you not only are compliant with your software and proceedures at that moment but will continue to be.
Both divisions failed to do this. And thus they were hacked with incredible success. Not just one account or password set. Millions. And with credit card info. PCI Compliance has been in effect for well over a decade and each state has taken it a bit further (individual mileage may vary). Compliance to be able to handle subscription based credit card transactions as well as individual ones requires the credit card and sensitive personal data to be encrypted. The information that Sony has also verified indicates that the data in question was not fully in compliance.
So we have hardware and software noncompliance. The hardware allows the hacking to occur in a much easier fashion and the data is available and siftable as it is in pretty much the perfect format to do so. This would make Sony's two divisions at fault as well. Both from a betrayal of consumer trust but also in violation of any number of individual states and countries' PCI Compliance laws.
Then there is the 2007 database. And that in itself is a whole other post.
So shake it up, twist it, redirect it and flat out deny it. But the matter at hand is who broke the law in this moment in time. Hackers and Sony (which was doing something illegal but we just didn't know it until the breakins). When or if Blizzard or EA get hacked and their data and security is proven to be in a state that isn't legal - then we can point fingers.
And when the NGE is tied to the whole matter as being a virus that single handedly unencrypted the files and placed a rogue db in the open - then it will merit being brought into this conversation. Until then, it extraneous and serves no purpose unless you are trying to use it as a character witness.
the things that kept poping into my mind with this SoE problem....
"YOU are in OUR world NOW"(biatch)
and
"The VISON(tm)"
guess their vision wasnt as good enough to think disgruntled customers would actually do something to them....
nah, we dont need no friggin security, who would be smart enough to crack our system:D
SoE EARNED their reputation and all the hate associated with that name...
make NO mistake guys.
feel bad for the CUSTOMERS that they used and abused over the years...
NOT the company that had the love it or GTFO attitude.
Well now Sony is going to get sued up to the nostrils and going to be flat broke, I hope they sell some shit off, "cough* Vanguard to other developers !!!!
This right here is an example of something i do also. it really depends on how much information a person gives.
I live in a city called "Somewhere" , on a street called "over there" lol
several key things that can protect someone can be as follows :
1. Using other payment methods rather then using a subscription. for example in SOE's case an alternative to subbing would be to use websites like Paybycash.com ( link for time cards for soe games would fall under paybycash.com/soe ). This allows people to use something called the "ultimate game card" which is available in multiple stores across the united states and can be available to others via other websites.
2. Personal information : Given that we live in an age where many websites or social networks have our personal information as well as "security questions" and such how much "blame" gets spread around also lays within certain factors. ive seen people post almost as much info on a public facebook. ( example being when someone uses a password or security question which is something common in their life, like the name of a friend or a pet, etc.
One key to protecting ones self from ID and information Theft is to not use information that is available to the public. Some people have also used the same passwords for everything which puts them into a comprimising position. Personally i have various passes, for example my password that was floating around in soes systems is different from everything else i use.
3. if a payment method is unavailable via things like paybycash you could always try something like greendot cards which can be loaded with cash and has no link to a bank account whatsoever
I do agree that Sony has made a major blunder to put it mildly. But my focus is not on ridculing them, telling them they "suck or stink or should shut down". my concern is about what they will do as damage control and what they have in mind to make good with the public as well as their fans.
Focusing on a solution will be important. Also if you consider other companies could be vulnerable and we would not even know it may set an example for other companies out there to step up their own securities.
Ive made longstanding friends in the games i play before the services were taken down, so at the very least im going to wait and see what happens, once things are back up im definitely going to see what my friends plan to do.
As far as the title "tough break" of this topic , i think it fits not in the manner some are believing, but because its a very difficult situation for any company to deal with. I definitely wouldnt want to be a customer service rep for soe right now ( given that the general public can be overly passionate and take it out on the first person they see or hear from ). ( much like cashiers at stores get alot of flak for store policies and such ).
I probably could go on, but i for one will continue to wait and see what happens to my friends and my community before i make any choices. Given that it took me a long time to settle down into certain games, many mmos on the market just dont cut it for this long time player.
SilverTears - Shadowfire Entertainer - Member of FIDES
If ever there is tomorrow when we're not together.. there is something you must always remember. you are braver than you believe, stronger than you seem, and smarter than you think. but the most important thing is, even if we're apart.. i'll always be with you.
When a company runs servers with unpatched software, no firewall and were warned about the vulnerability, they did not have "a tough break". They had an inevitable situation.
People keep saying that this could happen to anyone, but really how many companies operate like this? How many companies leave a server so wide open to attack like this?
It is hard to have sympathy for a company that didn't even do the most basic level of security efforts.
When you believe everything you can find on the public forums, anything is possible.
Where do you think this guy got the information from...?
Sure we live in a world where Anything is possible, but that certainly doesn't mean that everything is Equally possible.
That is no way near to what I have said. Just ask yourself where this guy got this information from...
This is an actual quote from his written testimony:
http://republicans.energycommerce.house.gov/Media/file/Hearings/CTCP/050411/Spafford.pdf
"I have no information about what protections they had in place, although some
news reports indicate that Sony was running software that was badly out of date, and had
been warned about that risk."
All what ACM does is browsing the internet forums. The guy has no first hand experience with anything he says, he is not related to Sony or their employees in any way, he did not verify nor provided those 'news reports', he did not confront the company with his findings, all we have got is his 'word'. No word in his written testimony about the 'no firewall' either.
I am not saying he isn't right, but as it is, his claim is meaningless. He was misquoted in the video or he is pretending his hearsay to be hard facts.
Seriously after all they done, this is the topping.
I'm really sorry for all the people working here but SOE in its actual state has to be dismantled. It's a shame for the MMO world, really.
"What this hacking issue seems to reiterate to users is that Sony is not a company consumers should trust."
Quote from OP. That is how I feel about it. What the hell were they doing with online databases that contained old information? What use was keeping that information around? In some peoples' cases it might not matter so much because they will have moved, changed cards or whatever, but in many cases they might still be in the same place they were back in 2007 and even have similar debit card numbers (which may lead back to bank account numbers).
This is what angers me the most.
I have been a customer of SoE's since 2001, but this pretty much spells the end of it for me.
With respect to the posters doing their best to derail the thread into who is to blame for the quality of Vanguard, or whatever, who cares? I mean really, what does it have to do with what happened at SoE? This hacking incident is not about getting back at SoE. It's about stealing peoples' identities and financial information. It's about cybercrime, not making a point.
Playing MUDs and MMOs since 1994.
When a recognized security expert testifies in front of congress that he has read reports that state the Sony servers were running outdated, unpatched versions of apache and did not have a proper firewall installed/configured I am going to put a little faith in his statements.
I doubt he was called before congress for his forum surfing expertise to repeat heresay.
Did you read his testimony or even the quote? He's got his information from 'news reports' only, from them open forums.
Anyway, who takes congress hearing seriously...
Can I have everyone's stuff?
Again, this is based on speculation by a security expert. He said the things he said based on the information he had available to him, however, that does not mean he is right. If you based a lawsuit on that kind of information, I bet it would be thrown out of court. You would have to be 100% sure you have your facts straight going in, otherwise you'll end up with egg on your face.
If you can read French, I recommend reading Le Monde and L'Express' websites. They have really good articles about this incident. The latter published an article about Sony's security, saying that SoE/Sony *most likely* cut corners with security because they may not have been PCI DSS certified (the protocol that credit card companies use) probably because it is very expensive. From the way the attacks happened, the experts think that they were not using certified PCI DSS. However, the authors of the article were quick to point out that even with it, it's very possible to get hacked, as has been the case of credit card companies using it. Even without it, it doesn't necessarily mean that Sony was completely sloppy, it means that Sony's security is 'artisanal' rather than being 'industry standard'.
Anyway, SoE itself might not be liable for being sued, but rather the parent corp Sony. If SoE started suffering worse financial problems, it will be swallowed up by Sony anyway. I don't think that the EQ franchise is going to be sold off to xyz.
I wouldn't be surprised if the outcome of this incident is that more MMO companies get targetted by organized criminals.
Playing MUDs and MMOs since 1994.
They made their bed, and now they have to sleep in it.
Hmm, my guess would be any of these people...