Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
SOE (MMO division) is finished...
This discussion has been closed.
It looks like you're new here. If you want to get involved, click one of these buttons!
Comments
The funny is that you would indeed need to prove security negligence and for that you would need to catch the intruders first because they are the only ones that know how the breach was made.
Irony, isn't it?
Let's hope the hackers got ahold of the unfinished VG patch and crank up a private server with the AA!
(I know, I know, never gunna happen, but hey, a guy can dream.)
The Moving Finger writes, and, having writ,
Moves on: nor all thy Piety nor Wit
Shall lure it back to cancel half a Line,
Nor all thy Tears wash out a Word of it.
~Omar Khayyam
It's more like you put your money in a bank who doesn't have an alarm or a vault and they get robbed after the first door gets kicked down.
You missed the point, you would need to prove that there was no alarm nor vault and that will be difficult without the thieves.
In a House Energy and Commerce Committee hearing yesterday, Gene Spafford, a professor at Purdue University and executive director of the school's Center for Education and Research in Information Assurance and Security—the largest of its kind in the country—said the following about the recent breach of Sony's PlayStation Network:
"[I]ndividuals who work in security and participate in the Sony network had discovered several months ago while they were examining the protocols on the Sony network to examine how the games work, [that] the network game servers were hosted on Apache web servers—that's a form of software.
But they were running on very old versions of Apache software that were unpatched and had no firewall installed, and so these were potentially vulnerable.
And they had reported these in an open forum that was monitored by Sony employees, but had seen no response and no change or update to the software. That was two to three months prior to the incident where the break-ins occurred."
Read more: http://techland.time.com/2011/05/05/security-expert-sonys-network-unpatched-and-had-no-firewall-installed/#ixzz1LZkX6Jbt
If your analogy is accurate then yes that would probably constitute negligence on Sony's part. But it's not going to be anywhere near that cut and dried. There's a lot of gray area in terms of what constitutes "enough security" . No one on these forums (myself included) knows what Sony really had in place for security. If you have information online there will ALWAYS be a way to hack it. No company or government can ever say "if we spend X dollars, or have X code, or have X people our data will be 100% safe." All they can do is look at the value of their data, the proficiency level of the bad guys likely to come after it, and the measures others in equivelent situations are taking. All they are aiming for is to be in the middle or slightly ahead of the herd. Lag behind and you stand out as a target, get too far ahead and you are a) adding costs that your competitors don't have and b) still standing out as a target because there are those will want the challange and the rep for beating the best.
The Moving Finger writes, and, having writ,
Moves on: nor all thy Piety nor Wit
Shall lure it back to cancel half a Line,
Nor all thy Tears wash out a Word of it.
~Omar Khayyam
See my post above. Sony was warned months ago that their security was outdated and had major holes and didn't fix it.
[quote]Originally posted by skeaser
In a House Energy and Commerce Committee hearing yesterday, Gene Spafford, a professor at Purdue University and executive director of the school's Center for Education and Research in Information Assurance and Securitythe largest of its kind in the countrysaid the following about the recent breach of Sony's PlayStation Network:[b]
"[I]ndividuals who work in security and participate in the Sony network had discovered several months ago while they were examining the protocols on the Sony network to examine how the games work, [that] the network game servers were hosted on Apache web serversthat's a form of software.
But they were running on very old versions of Apache software that were unpatched and had no firewall installed, and so these were potentially vulnerable.
And they had reported these in an open forum that was monitored by Sony employees, but had seen no response and no change or update to the software. That was two to three months prior to the incident where the break-ins occurred."
Read more: http://techland.time.com/2011/05/05/security-expert-sonys-network-unpatched-and-had-no-firewall-installed/#ixzz1LZkX6Jbt
[/b][/quote]
I dunno why are you reposting this bollocks all over the place...it will not make it more true if you post it x times.
As far as I know, Feds stepped in to investigate the hackers, not the hackees?
They are trying to find who actually hacked sony's server, if it is 'anonymous' or not.
But they could be doing both.
I think people are too obsessed with trying to blame Sony with all the fault, yes it is partially there fault, but so is the hackers, its like me putting a knife right if front of me, and you just took it and stab me, you can argue it is partially my fault for putting the knife there, but you still used the oppontunity to stab me. Same as Sony, they might have let down their guard, but it isn't only their fault, just because there is no name placed on the hackers right now, everyone is just focusing on how screwed up SOE is.
and now before you think I'm a Sony lover, yes I do have a Ps3, but I still want SOE to kinda die right now, since they make Australian players to play DCUO for $20 a month :P and now luckily, barely Aus players got affected from SOE getting hacked xD......but PSN is still a trouble
How much WoW could a WoWhater hate, if a WoWhater could hate WoW?
As much WoW as a WoWhater would, if a WoWhater could hate WoW.
People have to show a loss to "win" in a law suit. Having the information stolen but then never used to cause harm will not yield a major legal defeat for Sony-no loss. Sure theyll have to pay for credit monitoring, might even see some fines from the credit card companies regarding security violations-but if you legal eagles out here think that the mere act of having your information "stolen" and then nothing else happens = some sort of major law suit then you are wildly naive and watching way to many episodes of The People's Court.
A billion dollar lawsuit in Canada is no major issue for a company like Sony-look up Sony's revenues, earnings and "cash on hand" and youll see just how powerful this company really is.
As for SOE facing the legal peril-I imagine it will be against the parent company. A company like Sony can handle the legal side of this with great ease-the real peril here is the public relations disaster NOT the legal peril.
As for whether SOE will "survive" i think it is in serious trouble anyway. They announced huge layoffs a few weeks before this scandal. They completely misfired with DCUO (Sorry William Murphy). They havent had a "hit" in a long long time. Their "future" game has been cancelled. Their two successes are aging in a big way. Rift and the coming releases of ToR, Tera, Guildwars will further "age" Eq1/eq2. A valid question about SOE existed before this scandal. The PR fallout of the scandal will further damage it. The week long + outage is certainly going to force a solid section of their playerbase to "Try" other games and never return.
All in all i think its unfortunate. I think we all owe a debt of gratitude to SOE for eq1 and i think eq2 has set the goldstandard for "aging" a game. With its outstanding content, awesome AA system and fantastic guild/player housing. Id give my right arm to see Rift/Tera/ToR have anything close to eq2's "end game".
I am one of the affected by the servers being down. In that time i've tried Rift and Aion. They are garbage in my opinion. Players can go out and try every game out there, but unless they find quality or are just completely blown away by another game, they will come right back to the comfort of SoE, and the games they know.
I don't know what the final outcome of this might be, but almost anything is a posibility at this point.
If there is a lawsuit it doesn't really matter what the outcome is, because it might never reach that point. Sony will evaluate the cost to defend, likely payouts and whatever other magic costs they want. Mix that all up in a big formula and compare it to the performance of SOE.
Now consider that despite releasing almost half a dozen new games in the last couple years, SOE has been declining and downsizing for more years than that. The worst of which just hit a few months back.
It is a possibility that Sony decides to do something dractic with SOE. It isn't like SOE is a division filled with longterm value for Sony or that they are going to produce a hit that will turn around their decline.
I would say that most people will agree that it is not bollocks. From what I see you see to be the only one who thinks that a security export board saying that and I quote:
[I]ndividuals who work in security and participate in the Sony network
That their web servers were out of date and unpatched which makes them potentially vulnernable.
My gaming blog
Have those comments by Spafford been debunked by a legitimate, informed and non biased source already?
Oh and just a thought, but someone posting the same arguments in multiple threads on the same subject (namely you) should perhaps be wary of commenting on another user "reposting this bollocks all over the place".
"Come and have a look at what you could have won."
But the problem for SOE is their games already were declining-so certainly many players will return but what if 10, 15, 20% do not return. That is a pretty serious blow to suffer in a few weeks/month. Not suggesting that 50% or 90% of their players wont return but if 2 out of 10 decide that Rift/WoW/Aion etc are better options after testing them during these weeks of outage-it will be a major hit for SOE. Few businesses can easily shrug off the loss of a significant portion of its player base in one fail swoop. Not saying it will kill soe but it will compound its current and well documented financial problems.
And again I think the lawsuits such as they may be will be against SONY and not SOE. If you suffer a malfunction in your Chevy and you get injured-you most likely file against GM and not Chevy. Or at the very least GM AND CHEVY with GM ultimately paying the bill.
As for proving that SOE/Sony was negligient? Rofl good luck with that. An oil well blew up in the Gulf of Mexico-BOOM! a dozen people died, oil poured into the gulf for a month. The government/lawsuits still havent legally proven fault.
Do you understand that this quote comes from the same person who also said that he has no idea about Sony network security mechanism?
Yet he miraculously knows whether there is a firewall at some place in Sony infrastructure...
In case you missed my previous post:
Is there a need to debunk illegitimate, uninformed and biased sources?
Spafford actually did that job alone well...
you people are high if you think this is going to kill sony. It's a big deal, don't get me wrong, but they will move on and continue their businesses including the MMO business.
Remember Old School Ultima Online
He has no firsthand knowledge from looking at the network, but he did see security experts had warned Sony to fix their security months before this happened and that Sony didn't reply. Just because he wasn't the guy in the guts of it doesn't make it any less true. I doubt he would bring it up to a congressional testimony if he didn't have at least a little faith in the truthfulness of the statement.
Keep in mind that Sony, not just SOE but Sony is a very big company. They probably have more lawyers on retainer than they have programmers working on all their MMOs combined. They will settle the law suit out of court. They will make some strategic donations to election campaigns in the US and the EU. They will harden their systems and probably become a model for how to do security online. They will spend big on PR for the next couple of years. They will also use the opportunity to cut some dead weight. I wouldn't be surprised if VG got shut down completely possibly also SWG and others. PSN is not going away, EQ2 is not going away and there will still be an EQNext though they may reevaluate how much they will put toward its development. They will definitly trim the fat and look hard at ROI but expecting Sony to cave in the coming weeks is silly.
All die, so die well.
Those 'experts' = forum posters, had no firsthand knowledge either.
Being 'the guy in the guts' is crucial here as that is the thing you need to get enough credit to make statements he makes.
Only what he does is parroting what someone said on some boards, he did not bother to verify his information in least bit. It is a rumor at best.
He can have as much faith as he wants, it does not make him right though...
It is clear that in his paper he is careful with his formulation but as soon as he is in the light of the cameras he just goes overconfident with his unverified info. Big mouth, nothing more.
Well, I see we'll never agree.
You keep thinking that the hackers had mad skills and got through some serious security and I'll keep thinking Sony sucks at security.
QFT
There is an abundance of SOE threads in the Pub and even in the News forum. Please post in there instead of creating new ones. Locking.
To give feedback on moderation, contact mikeb@mmorpg.com