Originally posted by Yamota Head of US Public Policy Council of the Association for Computing Machinery is not a random guy.
Originally posted by Yamota A fat guy? A proffessor in Computer Security and head of an organisation related to computer security. Sounds to me that you are not really looking for any real sources but are just here to discredit any information on the matter which puts Sony in a bad light.
Ever heard of fallacy of defective induction named appeal to authority?
I do not care how big his head is nor how many degrees he's got. Valueless information is valueless regardless of provider.
Absolutely no context, no details, not even trace of resemblance or role in the attack. Just a fat guy enjoying his glory moment being a warrior of teh internetz.
Context? A House Energy and Commerce Committee hearing, where said 'fat guy' is testifying. His credibility comes from the fact that he's a leading expert in the field of Information Assurance and Security, i.e.: the exact field pertaining to this case. His claim is that Sony was alerted of their horrible security flaws some 2-3 months prior to the attack through an open forum moderated by Sony employees, which only makes Sony's negligence all the more inexcusable.
"[I]ndividuals who work in security and participate in the Sony network had discovered several months ago while they were examining the protocols on the Sony network to examine how the games work, [that] the network game servers were hosted on Apache web servers—that's a form of software.
But they were running on very old versions of Apache software that were unpatched and had no firewall installed, and so these were potentially vulnerable.
And they had reported these in an open forum that was monitored by Sony employees, but had seen no response and no change or update to the software. That was two to three months prior to the incident where the break-ins occurred."
It seems more like you are grasping any information that suits your case, no matter how unverified, biased, backed up or even false it might be. Yeah, sin¨t this type of posting called trolling?
"I have no information about what protections they had in place, although some news reports indicate that Sony was running software that was badly out of date, and had been warned about that risk."
So the fact is, that he only read some forums where someone posted something and he did not verify the information, he did not do any investigation on his own, he did not speak to Sony, he did not provide any details on the nature of supposed security flaw, he simply parroting what he read on the internetz.
The fact is, he only says what he heard someone was saying.
Despite all this and his own acknowledgment that he has no awareness about Sony network protection and no first hand experience or observation of Sony web server(which one?!), yet his speech at the congress states those unverified information as facts and the information about the firewall is completely pulled out of his ass.
Only support his speech has got is his big head(and fat body) only...
Well....SOE didn't even create EQ1, so can't give them credit there. They did take it over and they brought a lot of good things to it though.
This boggles me to this day. I'm not sure why people think this is true and then post it endlessly as if it will become true. I assume its because people go read the first few sentences of the everquest wiki and have no clue of what the history was. (the wording of that one page is very misleading but wiki isn't overly accurate quite often).
SOE as an entity did not exist when EQ launched. Yes most of SOE at the time was made up of verrant, 989 and SISA members, but there was a massively different mindset between the the before and after creation of SOE.
It wasn't until after EQ was a runaway success that SOE was created and at that time the creative forces behind EQ started to get forced out.
Techincally they are the same company, but in execution it was a very drastic difference that is worth pointing out.
You say this as if the game SOE runs have all regained their populations and chasing away customers has had not effect on their respective populations.
Looking at serveral rounds of layoffs, server mergers and even studio closures afflicting SOE the last server years I don't think people are coming back in the manner you think they are. SOE has been slowly dying the last several years.
They will lose players over this. Some will forgive, some will forget and some will leave. There does come a point when enough is enough and people walk away. It isn't very likely that this event will draw more players in than SOE had when this all started. Best case scenario is they don't lose to many.
You say this as if SOE is some sort of innocent victim or something, like they don't have any control over what's happening to them. They have every ounce of ability and resource to run their company correctly, they just choose not to. SOE cuts every corner they can to make more and more profit that ends up in the pockets of the CEOs while they lay off their employees and abuse their consumers.
SOE's problems are nobody's but their own. They have brought their fate upon themselves, the hackers just exposed MORE of their corruption.
I didn't mean to give that impression at all. What you said is 100% accurate about SOE making their own bed. They will continue to operate at the same level of incompetence until the leadership changes. Even then it might be to late.
Looking at serveral rounds of layoffs, server mergers and even studio closures afflicting SOE the last server years I don't think people are coming back in the manner you think they are. SOE has been slowly dying the last several years.
They will lose players over this. Some will forgive, some will forget and some will leave. There does come a point when enough is enough and people walk away. It isn't very likely that this event will draw more players in than SOE had when this all started. Best case scenario is they don't lose to many.
I was talking about the people who were already subscribed and playing SOE games prior to the hacking incident. I'm by no means talking about SOE's long history and their ups and downs. So I think you got the jest wrong.
I'm simply saying for those that were subscribed to SOE games, they'll most likely come back for the free subscription time. Now it sounded like SOE is going to give free month to all accounts, including the non-subbed ones. If that's the case, I would bet more people come back than say the number of subscribers prior to the hacking incident. Gamers love free things, and you'll be joking yourselves if you think people won't take advantage of free subscription time. Because gamers are fickle, there's no reason to suggest they won't subscribe past the free time provided that they enjoy their stay in whatever games they came back for.
My guess is as good as yours, but my guess is they'll get a net gain in subscribers after the free time is up. Because by that time, people would've forgot what ever happened. But...I'll say but foreign customers, they may not come back to SOE because what they lost was more harmful than what the U.S. customers lost. Credit card and bank account info? That's just bad.
It isn't like this free 30 days is some unique and never been done before offer for SOE games. Every single one of them has had multiple win back promotions that give out free time. Hell, EQ2 can be played for free right now.
Has that netted SOE more players? I don't think so. They just closed down 3 game developement studios, fired 1/3 of their workforce and canceled a 5 year old project that already had 10's of millions of dollars invested into it.
I don't think free time is what has been keeping people away from the games and offering free time coming on the heals of a massive downsizing and massive security breach isn't exactly a huge selling point to gamers.
Maybe I am wrong, but the alternative doesn't make much sense.
You are far too kind Bill. Absolutely no excuse for not encrypting their databases. Why be kind to an entity that has been resting on past laurels for years. The problem with SOE is that the good technical people today do not want anything to do with them, so they are left with 2nd rate people, hence the massive farce when their servers get hacked. They just do not want to work for Smedley with all the underhanded nonsense that goes on in that shop.
Until Smedley and his henchmen leave SOE will continue to go downhill. I just don't understand how the execs at Sony don't see this and fix the problem. With a good team at the top SOE could climb back into favor.
Hey Oz, just out of curiousity, how do you know anything about what goes on inside that shop? Are you really stupid enough to assume that the people working inside SoE are second rate? With the unemployment rate in this country, I'd imagine there are hundreds, if not thousands of well qualified people that would love an opportunity to work with SoE.
You know, after looking furthur into things, it looks like SoE is getting a lot of false blame for a lot of more recent things. Including this debacle.
In March of 2008 SCEI gained direct control of SoE. SCEI is basically Sony's playstation wing (which of course runs PSN). Now SoE has always been proftable. SCEI is not.
All throughout 2007 and early 2008 SoE was hard at work improving the mess Vanguard was. they were adding max level content, and developing the newbie isle looking towards an official relaunch of sorts. Which never happened.
All of a sudden SoE was shifting resources around, letting people go, and slowing development on even EQ and EQ2. It seems to me not only possible, but fairly likely, that SCEI has been trying to bleed SoE out of their profits and forcing them to scale back their costs.
And of course, a company cutting costs with its main money making entity seems to be the type to ignore security holes.
I could be completely wrong, but I think at least the killing of Vanguard seems to be 100% SCEI and Id be shocked if it werent.
Early in the thread you blame the NGE on Lucas Arts and not SOE.
Now the failure of Vanguard is the fault of SCEI and not SOE.
On top the massive downsizing of SOE is the result of SCEI.
Prior to the move to SCEI, SOE was under the direct control of Sony Motion Pictures. Lets blame them for things too.
Poor SOE getting so much "false blame". Obviously they are never responsible for anything that goes wrong in their company, because it is always the fault of someone else.
The problems at SOE have nothing to do with the rapidly decline subscriber base for all their games, their management or customer relations, but because SCEI is bleeding their profits.
I'm just curious why the PS3 console gaming division would suddenly take interest in a failed PC mmo like you suggest.
Absolutely no excuse for not encrypting their databases.
Do you understand how encryption works?
Well, I work for a bank, we have been encrypting everything for years and have never had one issue. So yes, I very much understand how it works and why SOE should be lambasted for not doing so.
The hackers ae anon or a sub division of them they have pretty much admitted it at this point and their intntion was not steal information they have said so themselves, The real reason i wanted to post was to say if u get anon's attention you are going down i don't care if it was blizzard bioware ea or anyoher big company if anon wants to bring u down u are going down no matter what security measures u take everything is hackable if it is on a netowrk the only way a company could protect your info to go back to paper lets not forget that blizzard was hack aswell and nobody seemed as mad at them doesn't make sense to me.
In all honesty, I would not play an SOE game unless it got at least a 9.5 out of 10 from conventional review sites. That, or the game had some actual incentivized PvP objectives like territory control that lasts for more than five minutes.
SOE is a miserable company. They prematurely release games all the time, which is inexcusable for a company with the kind of funds that Sony has available. I can forgive a game like Xsyon or Mortal Online being released early, but that's because I had more money in my piggy bank as a kid than those developers have at their disposal. Releasing Vanguard early was horrific. Releasing NGE was horrific and unethical when you consider how many hours of play people invested that were essentially thrown out the door. Since then, the company has had nearly no relevance. PotBS really didn't do that well either and has its fair share of problems. The Agency never saw the light of day. SOE just can't compete with Blizzard, Bioware, Arenanet, En Masse (of TERA), or any other more modern MMO developer.
I can tell you right now Everquest Next will be a flop. Guild Wars 2 will be superior and lacks sub costs, Bioware will steal away all potential EQ Next customers. Blizzard's new FPS MMO will dominate the market in 2014, and all will go on from there. I really think Planetside is the only hope for SOE and it better come out quick to make it to market before Blizzard's Titan.
As for the consoles, PS3 is simply not as user friendly. I own both consoles and enjoy my Xbox much more because the interface is just clearly superior. Granted, PS3 runs certain games better, and the hardware on PS3 is better. Still, when it comes to the next-gen consoles I'm gonna buy Microsoft. Funny when you consider how much more I liked my PS2 than my Xbox original.
You really don't know what you are talking about, do you?
The only game SoE released early was SWG, and that was a different time, when no game was released cleanly.
EQ2? That game had a very smooth release (smoother than wow's actually, wow was unplayable at times due to issues like loot lag). People took issues with the game itself, not the state of the game.
Vanguard? Not SoEs doing, Sigil was out of money and had to release.. Given how awful Sigil's programmers were I dont blame soe for not funding the game more. SoE didnt own VG until several months AFTER release.
Again the NGE blame on SoE in a post that later alludes to SWTOR. The same people that had a mjor hand in NGE will have a major hand in SWTOR.
If Sony doesnt shut down SoE and sell of its assets because of all the lawsuits that will come, and EQ Next is released, by then the guild wars 2 and SWTOR players may or may not be looking for somethingnew. They arent direct competition, they will be older ganmes by then.
And then you talk about how Titan will 'dominate the market'...No one knows the size of the MMO FPS market but its a different market than the MMORPG market. Some overlap, sure, but its a different genre.
Oh and putting TERA in there was a joke, right?
Sorry dude, but you are wrong. SOE did put out Vanguard. There is even a quote from Smedley saying they had to release it and start getting some income on it. Also EQ2 was buggy at the beginning as well
Absolutely no excuse for not encrypting their databases.
Do you understand how encryption works?
Well, I work for a bank, we have been encrypting everything for years and have never had one issue. So yes, I very much understand how it works and why SOE should be lambasted for not doing so.
From a security point of view, once un-authorised data is outside the secure facility, that data is considered 'plain text'.
Whether it was encrypted or hashed or w/e, it is considered 'plain text'.
No matter what you do to that data, eventually it'll be cracked.
As an extreme example, an 20 year old ZIP file with 8 password chars can be broken in nano-seconds now.
Gdemami - Informing people about your thoughts and impressions is not a review, it's a blog.
Hey Oz, just out of curiousity, how do you know anything about what goes on inside that shop? Are you really stupid enough to assume that the people working inside SoE are second rate? With the unemployment rate in this country, I'd imagine there are hundreds, if not thousands of well qualified people that would love an opportunity to work with SoE.
SOE has been losing senior level developers and producers for years to other companies. Trion worlds, 38 studios, cryptic, gazillion, startups, bioware and the list goes on.. I think every one of their games has had a new lead developer/producer in the last 2 years. Most promoted from junior postitions.
Other developers are skimming the best right off the top, because it is an employers market so to speak. They can get the best talent available, because people simply want jobs and it isn't exactly like SOE has been hiring.
I can probably name a dozen big names that have left SOE in the last few years. Can you name any big names that have joined SOE in that time period?
Consider this. DCU was the alpha team for SOE. It was their highest priority project, 5+ years of development time, well over $50 million dollars to produce and a massive marketing campaign. SOE put everything they could on that project and they delivered a dud.
All speculation about their hiring practices aside, the quality of their work speaks for itself.
It seems more like you are grasping any information that suits your case, no matter how unverified, biased, backed up or even false it might be. Yeah, sin¨t this type of posting called trolling?
"I have no information about what protections they had in place, although some
news reports indicate that Sony was running software that was badly out of date, and had
been warned about that risk."
So the fact is, that he only read some forums where someone posted something and he did not verify the information, he did not do any investigation on his own, he did not speak to Sony, he did not provide any details on the nature of supposed security flaw, he simply parroting what he read on the internetz.
The fact is, he only says what he heard someone was saying.
Despite all this and his own acknowledgment that he has no awareness about Sony network protection and no first hand experience or observation of Sony web server(which one?!), yet his speech at the congress states those unverified information as facts and the information about the firewall is completely pulled out of his ass.
Only support his speech has got is his big head(and fat body) only...
In a House Energy and Commerce Committee hearing yesterday, Gene Spafford, a professor at Purdue University and executive director of the school's Center for Education and Research in Information Assurance and Security—the largest of its kind in the country—said the following about the recent breach of Sony's PlayStation Network:
"[I]ndividuals who work in security and participate in the Sony network had discovered several months ago while they were examining the protocols on the Sony network to examine how the games work, [that] the network game servers were hosted on Apache web servers—that's a form of software.
But they were running on very old versions of Apache software that were unpatched and had no firewall installed, and so these were potentially vulnerable.
And they had reported these in an open forum that was monitored by Sony employees, but had seen no response and no change or update to the software. That was two to three months prior to the incident where the break-ins occurred."
Originally posted by Ozmodan Well, I work for a bank, we have been encrypting everything for years and have never had one issue. So yes, I very much understand how it works and why SOE should be lambasted for not doing so.
That does not mean you understand it...
There are databases and data that make sense to encrypt and then there are those that make less or do not at all, both for technical reasons.
Encryption is like keys, if you have limited amount of people and keys, it's fine. Problem with wide access database is that you get suddenly many people and many keys, which makes the encryption less secure as the chance to obtain a key rises with people and keys floating around.
Well, I work for a bank, we have been encrypting everything for years and have never had one issue. So yes, I very much understand how it works and why SOE should be lambasted for not doing so.
That does not mean you understand it...
There are databases and data that make sense to encrypt and then there are those that make less or do not at all, both for technical reasons.
Encryption is like keys, if you have limited amount of people and keys, it's fine. Problem with wide access database is that you get suddenly many people and many keys, which makes the encryption less secure as the chance to obtain a key rises with people and keys floating around.
It isn't as simple as you think.
In any case, passwords and credit card numbers should at minimum be encrypted and the former one hashed, which is far harder to reverse hash if they use a decent hashing algorithm.
Well, I work for a bank, we have been encrypting everything for years and have never had one issue. So yes, I very much understand how it works and why SOE should be lambasted for not doing so.
That does not mean you understand it...
There are databases and data that make sense to encrypt and then there are those that make less or do not at all, both for technical reasons.
Encryption is like keys, if you have limited amount of people and keys, it's fine. Problem with wide access database is that you get suddenly many people and many keys, which makes the encryption less secure as the chance to obtain a key rises with people and keys floating around.
It isn't as simple as you think.
I would think it makes sense to encrypt credit card data and personal information. Are you trying to say otherwise?
Originally posted by Yamota In any case, passwords and credit card numbers should at minimum be encrypted and the former one hashed, which is far harder to reverse hash if they use a decent hashing algorithm.
Passwords were hashed, credit card numbers are encrypted. If I understand and recall the info well, the only stolen credit card numbers were from that odd dated database.
Originally posted by skeaser I would think it makes sense to encrypt credit card data and personal information. Are you trying to say otherwise?
Credit card numbers, yes. Personal data not really, for reasons stated above.
In any case, passwords and credit card numbers should at minimum be encrypted and the former one hashed, which is far harder to reverse hash if they use a decent hashing algorithm.
Passwords were hashed, credit card numbers are encrypted. If I understand and recall the info well, the only stolen credit card numbers were from that odd dated database.
Originally posted by skeaser
I would think it makes sense to encrypt credit card data and personal information. Are you trying to say otherwise?
Credit card numbers, yes. Personal data not really, for reasons stated above.
Early in the thread you blame the NGE on Lucas Arts and not SOE.
Now the failure of Vanguard is the fault of SCEI and not SOE.
On top the massive downsizing of SOE is the result of SCEI.
Prior to the move to SCEI, SOE was under the direct control of Sony Motion Pictures. Lets blame them for things too.
Poor SOE getting so much "false blame". Obviously they are never responsible for anything that goes wrong in their company, because it is always the fault of someone else.
The problems at SOE have nothing to do with the rapidly decline subscriber base for all their games, their management or customer relations, but because SCEI is bleeding their profits.
I'm just curious why the PS3 console gaming division would suddenly take interest in a failed PC mmo like you suggest.
I blamed Lucas Arts AND SoE, which is the proper blame. Nobody knows how much each side was involved, but notice it was Lucas Arts that did most of the press after the NGE saying how awesome it was, and it was Lucas Arts that didnt like the game because it wasnt 'star warsy' enough. Only a fool would think they didnt at least have a role in it.
And again, SCEI was losing money when SoE was given to them. SoE was making money. All the downsizing and reduced development seemed to start not too long after SCEI took over. You mean to tell me you dont think there is a correlation?
But yes, people are so blind in their anti-SoE rage that they will blame them for everything.
Security flaw affects both SoE and a seperate division of SCEI but this is 100% SoEs fault? You really think that makes sense? If this was SoE's security exclusively than PSN would not have been hacked. I just want facts before i lay the blame. Facts we never got with NGE, but we may end up getting them here when its all said and done. Well see who the lawsuits end up going to.
Comments
Ever heard of fallacy of defective induction named appeal to authority?
I do not care how big his head is nor how many degrees he's got. Valueless information is valueless regardless of provider.
SOE got what they deserved, too bad the hackers probably got my info aswell -.-
Context? A House Energy and Commerce Committee hearing, where said 'fat guy' is testifying. His credibility comes from the fact that he's a leading expert in the field of Information Assurance and Security, i.e.: the exact field pertaining to this case. His claim is that Sony was alerted of their horrible security flaws some 2-3 months prior to the attack through an open forum moderated by Sony employees, which only makes Sony's negligence all the more inexcusable.
See also: http://techland.time.com/2011/05/05/security-expert-sonys-network-unpatched-and-had-no-firewall-installed
Also, for someone incorrectly referring to logical fallacies you certainly like to use straw man and ad hominem arguments yourself.
"[I]ndividuals who work in security and participate in the Sony network had discovered several months ago while they were examining the protocols on the Sony network to examine how the games work, [that] the network game servers were hosted on Apache web servers—that's a form of software.
But they were running on very old versions of Apache software that were unpatched and had no firewall installed, and so these were potentially vulnerable.
And they had reported these in an open forum that was monitored by Sony employees, but had seen no response and no change or update to the software. That was two to three months prior to the incident where the break-ins occurred."
Read more: http://techland.time.com/2011/05/05/security-expert-sonys-network-unpatched-and-had-no-firewall-installed/#ixzz1LZVpszP3
It seems more like you are grasping any information that suits your case, no matter how unverified, biased, backed up or even false it might be. Yeah, sin¨t this type of posting called trolling?
From the little search:
Here is a paper issued by said person:
http://republicans.energycommerce.house.gov/Media/file/Hearings/CTCP/050411/Spafford.pdf
and related quote:
"I have no information about what protections they had in place, although some
news reports indicate that Sony was running software that was badly out of date, and had
been warned about that risk."
So the fact is, that he only read some forums where someone posted something and he did not verify the information, he did not do any investigation on his own, he did not speak to Sony, he did not provide any details on the nature of supposed security flaw, he simply parroting what he read on the internetz.
The fact is, he only says what he heard someone was saying.
Despite all this and his own acknowledgment that he has no awareness about Sony network protection and no first hand experience or observation of Sony web server(which one?!), yet his speech at the congress states those unverified information as facts and the information about the firewall is completely pulled out of his ass.
Only support his speech has got is his big head(and fat body) only...
SOE as an entity did not exist when EQ launched. Yes most of SOE at the time was made up of verrant, 989 and SISA members, but there was a massively different mindset between the the before and after creation of SOE.
It wasn't until after EQ was a runaway success that SOE was created and at that time the creative forces behind EQ started to get forced out.
Techincally they are the same company, but in execution it was a very drastic difference that is worth pointing out.
I didn't mean to give that impression at all. What you said is 100% accurate about SOE making their own bed. They will continue to operate at the same level of incompetence until the leadership changes. Even then it might be to late.
It isn't like this free 30 days is some unique and never been done before offer for SOE games. Every single one of them has had multiple win back promotions that give out free time. Hell, EQ2 can be played for free right now.
Has that netted SOE more players? I don't think so. They just closed down 3 game developement studios, fired 1/3 of their workforce and canceled a 5 year old project that already had 10's of millions of dollars invested into it.
I don't think free time is what has been keeping people away from the games and offering free time coming on the heals of a massive downsizing and massive security breach isn't exactly a huge selling point to gamers.
Maybe I am wrong, but the alternative doesn't make much sense.
You are far too kind Bill. Absolutely no excuse for not encrypting their databases. Why be kind to an entity that has been resting on past laurels for years. The problem with SOE is that the good technical people today do not want anything to do with them, so they are left with 2nd rate people, hence the massive farce when their servers get hacked. They just do not want to work for Smedley with all the underhanded nonsense that goes on in that shop.
Until Smedley and his henchmen leave SOE will continue to go downhill. I just don't understand how the execs at Sony don't see this and fix the problem. With a good team at the top SOE could climb back into favor.
Do you understand how encryption works?
Hey Oz, just out of curiousity, how do you know anything about what goes on inside that shop? Are you really stupid enough to assume that the people working inside SoE are second rate? With the unemployment rate in this country, I'd imagine there are hundreds, if not thousands of well qualified people that would love an opportunity to work with SoE.
Early in the thread you blame the NGE on Lucas Arts and not SOE.
Now the failure of Vanguard is the fault of SCEI and not SOE.
On top the massive downsizing of SOE is the result of SCEI.
Prior to the move to SCEI, SOE was under the direct control of Sony Motion Pictures. Lets blame them for things too.
Poor SOE getting so much "false blame". Obviously they are never responsible for anything that goes wrong in their company, because it is always the fault of someone else.
The problems at SOE have nothing to do with the rapidly decline subscriber base for all their games, their management or customer relations, but because SCEI is bleeding their profits.
I'm just curious why the PS3 console gaming division would suddenly take interest in a failed PC mmo like you suggest.
Well, I work for a bank, we have been encrypting everything for years and have never had one issue. So yes, I very much understand how it works and why SOE should be lambasted for not doing so.
Exactly my thought.
The hackers ae anon or a sub division of them they have pretty much admitted it at this point and their intntion was not steal information they have said so themselves, The real reason i wanted to post was to say if u get anon's attention you are going down i don't care if it was blizzard bioware ea or anyoher big company if anon wants to bring u down u are going down no matter what security measures u take everything is hackable if it is on a netowrk the only way a company could protect your info to go back to paper lets not forget that blizzard was hack aswell and nobody seemed as mad at them doesn't make sense to me.
Sorry dude, but you are wrong. SOE did put out Vanguard. There is even a quote from Smedley saying they had to release it and start getting some income on it. Also EQ2 was buggy at the beginning as well
From a security point of view, once un-authorised data is outside the secure facility, that data is considered 'plain text'.
Whether it was encrypted or hashed or w/e, it is considered 'plain text'.
No matter what you do to that data, eventually it'll be cracked.
As an extreme example, an 20 year old ZIP file with 8 password chars can be broken in nano-seconds now.
Gdemami -
Informing people about your thoughts and impressions is not a review, it's a blog.
SOE has been losing senior level developers and producers for years to other companies. Trion worlds, 38 studios, cryptic, gazillion, startups, bioware and the list goes on.. I think every one of their games has had a new lead developer/producer in the last 2 years. Most promoted from junior postitions.
Other developers are skimming the best right off the top, because it is an employers market so to speak. They can get the best talent available, because people simply want jobs and it isn't exactly like SOE has been hiring.
I can probably name a dozen big names that have left SOE in the last few years. Can you name any big names that have joined SOE in that time period?
Consider this. DCU was the alpha team for SOE. It was their highest priority project, 5+ years of development time, well over $50 million dollars to produce and a massive marketing campaign. SOE put everything they could on that project and they delivered a dud.
All speculation about their hiring practices aside, the quality of their work speaks for itself.
In a House Energy and Commerce Committee hearing yesterday, Gene Spafford, a professor at Purdue University and executive director of the school's Center for Education and Research in Information Assurance and Security—the largest of its kind in the country—said the following about the recent breach of Sony's PlayStation Network:
"[I]ndividuals who work in security and participate in the Sony network had discovered several months ago while they were examining the protocols on the Sony network to examine how the games work, [that] the network game servers were hosted on Apache web servers—that's a form of software.
But they were running on very old versions of Apache software that were unpatched and had no firewall installed, and so these were potentially vulnerable.
And they had reported these in an open forum that was monitored by Sony employees, but had seen no response and no change or update to the software. That was two to three months prior to the incident where the break-ins occurred."
Read more: http://techland.time.com/2011/05/05/security-expert-sonys-network-unpatched-and-had-no-firewall-installed/#ixzz1LZkX6Jbt
Just showing that it's a bit contradictory.
That does not mean you understand it...
There are databases and data that make sense to encrypt and then there are those that make less or do not at all, both for technical reasons.
Encryption is like keys, if you have limited amount of people and keys, it's fine. Problem with wide access database is that you get suddenly many people and many keys, which makes the encryption less secure as the chance to obtain a key rises with people and keys floating around.
It isn't as simple as you think.
In any case, passwords and credit card numbers should at minimum be encrypted and the former one hashed, which is far harder to reverse hash if they use a decent hashing algorithm.
My gaming blog
I would think it makes sense to encrypt credit card data and personal information. Are you trying to say otherwise?
Passwords were hashed, credit card numbers are encrypted. If I understand and recall the info well, the only stolen credit card numbers were from that odd dated database.
Credit card numbers, yes. Personal data not really, for reasons stated above.
nvm
I blamed Lucas Arts AND SoE, which is the proper blame. Nobody knows how much each side was involved, but notice it was Lucas Arts that did most of the press after the NGE saying how awesome it was, and it was Lucas Arts that didnt like the game because it wasnt 'star warsy' enough. Only a fool would think they didnt at least have a role in it.
And again, SCEI was losing money when SoE was given to them. SoE was making money. All the downsizing and reduced development seemed to start not too long after SCEI took over. You mean to tell me you dont think there is a correlation?
But yes, people are so blind in their anti-SoE rage that they will blame them for everything.
Security flaw affects both SoE and a seperate division of SCEI but this is 100% SoEs fault? You really think that makes sense? If this was SoE's security exclusively than PSN would not have been hacked. I just want facts before i lay the blame. Facts we never got with NGE, but we may end up getting them here when its all said and done. Well see who the lawsuits end up going to.