Can't Sony just take their computers systems completely down for now until they fix this stuff? If I turn my computer off how can anyone hack it? If I unplug my system from the web, nobody can gain access to my computer. I do not attest to being a person all that knowledgable in the ways of networks and servers, but it seems to me that Sony is the one responsible for protecting the info on their servers. Shouldn't they have a plan to be able to take their systems off-line should this kind of thing occur?
Can anyone explain this in laymans terms on how these hackers are able to continuosly get into Sony's servers and obtain this data?
Isn't taking their systems offline EXACTLY what they've done for now? So far as I understood....SoE has shut down until they fix all this.
They've been down all week (SOE) PSN has been down a couple weeks. If I've read these news reports right.
For every minute you are angry , you lose 60 seconds of happiness."-Emerson
I can take any book off my shelf right now and edit it all I want. I can make Harry Potter a sci-fi tale if I want, as long as I don't try to sell it.
That isn't completely true. You are not allowed to distribute it either, regardless if you profit on it or not and caused damage to the company isn't negligable either.
You could say that gun manufacturers aren't responsible for fire-arms being used in criminal acts, which is true.
You cannot buy a gun and do whatever you want with though. There are numerous restrictions and rules you have to follow. You need a permission to use one and the gun needs to be registered. Any attempt in obtaining the a fire-arm without a permission or removing the registration number will cause legal consequences.
If gun manufacturers and gun usage is submitted to protection of implying thorough procedure for gun use, why avoiding a protection of intellectual property should be allowed?
Actually, not a half bad example, even though you purchase a semi-automatic weapon you do not have a right to modify it to be full automatic fire. But that is because there is a law against it, not sure if there's a law out there protecting gaming consoles.
However, if there is, then Sony is within their rights to demand it be enforced.
Edit: Apparently SOE intended to prove that laws were being broken, specifically the US Digital Millennium Copyright Act and a Computer Fraud Abuse Act. It never went to trial so we won't know this time around.
But regardless how you feel about a law, it doesn't you a right to commit a lawless act yourself, so let's hope these "hackers' re-think their tactics. (doubtful)
Unless of course its a serious issue that your willing to die for of course.....like freedom so in that case, have at it folks...but be prepared to bear the consequences if your caught.
Apples to oranges.
The illegality of modification of a semi-automatic gun into an automatic gun is not due to the act of modifying the weapon, but due to the end result of the modification. Civilians are stricly prohibited against owning automatic firearms due to public safety concerns, which is why modifying a semi-automatic weapon into an automatic weapon is illegal. The main point being, guns are a strictly controlled product because misuse of them can result in death.
Modification of consoles is illegal because big corporations kick and scream about 'piracy' ruining their profits, so their logic of breaking encryption on consoles is because it is being done to promote piracy.
Most laws exist for a reason. But there are times when laws are made to benefit the few at the expense of the masses, especially those who are otherwise innocent -- aka people who want to mod their PS3 to install linux on it, and not because they want to pirate games. So just because something is "the law", it doesn't mean it's morally correct.
Dealing with fanboyism on this scale reminds me of dealing with the anti-evolution zealots that used to plague my old grad school. Tunnel vision so severe that they'll grasp at anything to avoid turning their head two degrees to the left so they can see the truth.
It's not fanboyism. It is vented frustration because people can't play their [insert SOE game here]. But I agree, the many straw men alone make this thread ridiculous.
It's not venting, it's bemusement at people who are blaming the granny for getting mugged because she didn't take her body guard or the girl who gets raped for wearing that short skirt.
It's not about absolving Sony of responsability, it's about apportioning blame in the right place. Some guy posted earlier with his comparisons to Toyota's defective recall, the blatantly obvious difference, to those with the ability of logical thought, is that those cars didn't require a group of assheads to piss about with the machanics of those cars in order to put the user at risk.
Yes, Sony could have done more, but the simple fact remains if this bunch of pricks hadn't gone out of their way to steal that information it wouldn't have mattered. So you lot touting the glories of these morons, (who it should be pointed out, could if they so wished, have gained this information from a variety of other places and have in the past many times) need to wise up because when we're all paying insane premiums to pay for anything online it will be your heroes' doing.
----- The person who is certain, and who claims divine warrant for his certainty, belongs now to the infancy of our species.
If the hackers are truly planning a 3rd attack, possibly an attack right as Sony take their system back up, I think the community needs to go knock on their parent's basement doors. Seriously, they've made their statements. Now they're just being pests and they disrupt gaming services that millions of users once enjoyed.
Sure, blame Sony for their security problems. But there comes time when people need to grow a pair and go after the real culprit, and those are the hackers that started this problem for ALL of us. Just a thought.
If the hackers are truly planning a 3rd attack, possibly an attack right as Sony take their system back up, I think the community needs to go knock on their parent's basement doors. Seriously, they've made their statements. Now they're just being pests and they disrupt gaming services that millions of users once enjoyed.
Seriously..., assuming these hackers are just basement dwellers..
The FBI needs to do a few raids on these kids to make them realise you can't just hide from the law online. Stealing CC info is serious stuff people, it means you're going to jail.
A third attempt is highly unlikely because the FBI are there and would obviously be monitoring traffic. Only way a hacker can succeed is to bounce off a bunch of IP's before reaching destination.
Originally posted by twodayslate Tunnel vision so severe that they'll grasp at anything to avoid turning their head two degrees to the left so they can see the truth.
There is no 'tunnel vision', only your ill logic and fallacy at asking pointless questions.
No one knows where the stolen data are but that does not imply they were not stolen.
Unlike in case with Spafford, Sony is out of necessity the only one, apart from thieves, who could know what, how and if something was stolen. Spafford simply cannot posses the information he claims thus asking where it comes from is at place.
After your failure at constructing a reasonable argument and your racist toned reply, I see no point discussing anything with you further.
A third attempt is highly unlikely because the FBI are there and would obviously be monitoring traffic. Only way a hacker can succeed is to bounce off a bunch of IP's before reaching destination.
It's the only way hackers hack. Nobody's going to hack from their home PC, seriously
I hate SOE and that crappy game Everquest, would love to see and its ilk gone for good!
Vantard can go to!
ONE GAME TO RULE THEM ALL< ALL HAIL WORLD OF WARCRAFT >
Well, I guess you hate WoW then because it is nothing more than a dumbed down EQ clone, but I digress...
I'm no fan of SOE, they have totally destroyed everything their greedy corporate hands ever touched, but those that give their hard earned cash to them to be able to play games in no way deserve to have their PI not protected better than it obviously has been. I hope the hackers get caught and thrown in a jail cell with Bubba who'll be more than happy to teach them about the finer arts of tossing salads, but I truly hope Sony/SOE are made to pay their fair share for this also. If that means they go under so be it, but milking the players for every dime they can while cutting the WRONG corners, like there are correct corners, in the name of turning profits is just plain bad business. Get a clue Sony! Oh wait... I just wrote an oxymoron didn't I?
A third attempt is highly unlikely because the FBI are there and would obviously be monitoring traffic. Only way a hacker can succeed is to bounce off a bunch of IP's before reaching destination.
It's the only way hackers hack. Nobody's going to hack from their home PC, seriously
"More than 30,000 downloads of the tool were reported to have occurred between 8 and 10 December 2010. On January 27, 2011, five males aged between 15 and 26 were arrested in the UK in connection with the Operation Payback attacks."
If it was Anonymous who did the "hack", they are likely bad hackers who will get caught in no-time, or they might already be.
I hate SOE and that crappy game Everquest, would love to see and its ilk gone for good!
Vantard can go to!
ONE GAME TO RULE THEM ALL< ALL HAIL WORLD OF WARCRAFT >
Well, I guess you hate WoW then because it is nothing more than a dumbed down EQ clone, but I digress...
I'm no fan of SOE, they have totally destroyed everything their greedy corporate hands ever touched, but those that give their hard earned cash to them to be able to play games in no way deserve to have their PI not protected better than it obviously has been. I hope the hackers get caught and thrown in a jail cell with Bubba who'll be more than happy to teach them about the finer arts of tossing salads, but I truly hope Sony/SOE are made to pay their fair share for this also. If that means they go under so be it, but milking the players for every dime they can while cutting the WRONG corners, like there are correct corners, in the name of turning profits is just plain bad business. Get a clue Sony! Oh wait... I just wrote an oxymoron didn't I?
actually i think even if you give a year to a hacker it should be in a maximum security prison.after a few soap dropping incidents they can come out and tell their fellow hackers how it feels like.
Let's be clear...there are NO good guys in this situation...
The hackers are wrong...there is no ethical justification for hacking. If you're PO'd at a corporation..there are other ethical ways to express your disatisfaction...boycotts come to mind.
Sony is at fault for not taking adequite measures to protect their customers information. While it's true that any organization can be breached given hackers with enough time and resources to throw at them..... the ease and degree to which an organization can be compromised is directly related to the resources devoted to the security of it's systems. If Sony got breached it IS Sony's responsibility for not doing enough to secure thier systems. Sony isn't some mom and pop shop that can't afford a real budget for IT security. With the size and prominance of an organization like Sony...if thier getting breached it means they screwed up somewhere.
I work in IT security. If someone breaks into the systems I'm responsible for protecting....it's my fault... or that of my teams...for not having good enough controls in place....or that of our management for not giving us enough resources. The point is, if your breached.....you take your lumps, you take responsibility for not having good enough protection....and you do your best to make sure it doesn't happen again. That doesn't excuse the hackers... they are criminals and need to be prosecuted for what they do. But as a corporation doing business on the internet part of your core responsibility is protecting the data that your clients share with you from the bad guys out there.
Originally posted by GrumpyMel2Sony is at fault for not taking adequite measures to protect their customers information.
Without knowing what measures they took or not, you cannot make evaluated opinion on what is adequate. How and what do you know about their security measures?
Originally posted by GrumpyMel2 If someone breaks into the systems I'm responsible for protecting....it's my fault... or that of my teams...for not having good enough controls in place....or that of our management for not giving us enough resources. The point is, if your breached.....you take your lumps, you take responsibility for not having good enough protection....and you do your best to make sure it doesn't happen again.
That would only apply in case that every situation is foreseeable and you can prevent it. Which is highly unlikely...
Anonymous don't steal credit card infomation, they had access to the DDos previous to the attack but nothing else, and Sony have only brought this on themselves with there lame security. Hopefully this will teach them that security isn't a joke and needs to be updated and upgraded all the time to keep up with the latest threats.
How's the front door of your home? Is it lockpickable? Breakable? How about windows? Oh and one good way (I've heard) is to go through wooden walls if you have those. It takes a moment but not too long. Is there any weak spot in your house that would justify breaking into and making those that do it heroes?
I don't have over 100 million other people's property in my house. If someone breaks into my house the only person it hurts is me. This example you are using here is just plain stupid. Here's a better one... If you rented a storage locker along with one hundred other people at what was advertised as a secure storage facility and then you found out that everyone was cleaned out because they didn't have a lock on the back door or an up to date alarm system... wouldn't you be a little pissed off?
Well Bren, that argument doesn't work either, because that would be actual possessions. The loss of personal info and such is completely different. That would work if/when your information was actually used or your accounts charged.
Well Bren, that argument doesn't work either, because that would be actual possessions. The loss of personal info and such is completely different. That would work if/when your information was actually used or your accounts charged.
It's no different than the example I quoted... just a little more to the point of what has happened with Sony. I agree that personal possessions and a person's identity are two completely different things but in the modern world we live in Identity Theft can be a lot more damaging than the loss of any physical possession.
How's the front door of your home? Is it lockpickable? Breakable? How about windows? Oh and one good way (I've heard) is to go through wooden walls if you have those. It takes a moment but not too long. Is there any weak spot in your house that would justify breaking into and making those that do it heroes?
nice point.. other then the fact you don't store millions of user account data including bank data in a house.. i store them on a PCI DSS compliant network with regular security updates in place. No system will be 100% secure just unknow weeknesses, but transferring that much data un-noticed is not excusable.
To transfer that much data from the system and sony not having a red flag pop up just shows just how much they care and put into there already sub standard online services.
If someone breaks into the systems I'm responsible for protecting....it's my fault... or that of my teams...for not having good enough controls in place....or that of our management for not giving us enough resources.
Something about this makes little sense to me, not to mention countless security experts have said the complete opposite of what you're saying now.
If net security as well as PC security is 90% of the time playing a game of cat and mouse, as well as catch up. How can you or they be held 100% accountable for a breach? Maybe I'm using faulty logic here or I'm just not as hardline as some.
It just seems as well as has been stated to be (by professionals), impossible to forsee all holes within a system and plug them.
For every minute you are angry , you lose 60 seconds of happiness."-Emerson
If someone breaks into the systems I'm responsible for protecting....it's my fault... or that of my teams...for not having good enough controls in place....or that of our management for not giving us enough resources.
Something about this makes little sense to me, not to mention countless security experts have said the complete opposite of what you're saying now.
If net security as well as PC security is 90% of the time playing a game of cat and mouse, as well as catch up. How can you or they be held 100% accountable for a breach? Maybe I'm using faulty logic here or I'm just not as hardline as some.
It just seems as well as has been stated to be (by professionals), impossible to forsee all holes within a system and plug them.
unfortunately the "security experts" Sony have are just layers with fancy titles to fight there battles such as the the most recent one, but i agree.. breaking into the system via unknown hole is always a risk, they have to be discovered to be fixed. but not spotting the activity is where they slipped up as this is always possible, especialy if such a volume of information was taken.
If someone breaks into the systems I'm responsible for protecting....it's my fault... or that of my teams...for not having good enough controls in place....or that of our management for not giving us enough resources.
Something about this makes little sense to me, not to mention countless security experts have said the complete opposite of what you're saying now.
If net security as well as PC security is 90% of the time playing a game of cat and mouse, as well as catch up. How can you or they be held 100% accountable for a breach? Maybe I'm using faulty logic here or I'm just not as hardline as some.
It just seems as well as has been stated to be (by professionals), impossible to forsee all holes within a system and plug them.
A companies basic responsibility is to assess the level of risks to the assets it is protecting and devote resources and safeguards adequite to those level of risks. It IS absolutely impossible to forsee all possible holes within a system...and being human we are all fallible. That is the whole point behind a multi-tiered defense strategy (whats commonly termed "Defense in Depth").... that it doesn't take just 1 security hole or failed control to compromise you, but multiple failures on multiple levels.
Even still security breaches will happen (especialy in the face of determined attackers) just as with all the tools and safeguards in place today...cars will occasionaly be released to market with design defects in place. When that happens it IS the fault of the car manufaturer.....just as when a companies data systems are breached it is the fault of the company for not having sufficient measures in place to secure thier systems. No one said it's easy, but it's part of your core responsibility as an organization doing business.
Now if it's a mom and pop shop that some hacker organization takes aim at...well you can certainly understand them simply being overwhlemed by the resources the hackers can bring to bear. Sony, on the other hand, is a major multi-national organization. That makes them a much bigger target...but it also means they should be able to afford the budget for a top notch security program.
If you spent some time working on the inside of IT security.... you would be absolutely appaled at how lax some of the measures employed by certain major corporations are.
Something about this makes little sense to me, not to mention countless security experts have said the complete opposite of what you're saying now.
If net security as well as PC security is 90% of the time playing a game of cat and mouse, as well as catch up. How can you or they be held 100% accountable for a breach? Maybe I'm using faulty logic here or I'm just not as hardline as some.
It just seems as well as has been stated to be (by professionals), impossible to forsee all holes within a system and plug them.
A companies basic responsibility is to assess the level of risks to the assets it is protecting and devote resources and safeguards adequite to those level of risks. It IS absolutely impossible to forsee all possible holes within a system...and being human we are all fallible. That is the whole point behind a multi-tiered defense strategy (whats commonly termed "Defense in Depth").... that it doesn't take just 1 security hole or failed control to compromise you, but multiple failures on multiple levels.
Even still security breaches will happen (especialy in the face of determined attackers) just as with all the tools and safeguards in place today...cars will occasionaly be released to market with design defects in place. When that happens it IS the fault of the car manufaturer.....just as when a companies data systems are breached it is the fault of the company for not having sufficient measures in place to secure thier systems. No one said it's easy, but it's part of your core responsibility as an organization doing business.
Now if it's a mom and pop shop that some hacker organization takes aim at...well you can certainly understand them simply being overwhlemed by the resources the hackers can bring to bear. Sony, on the other hand, is a major multi-national organization. That makes them a much bigger target...but it also means they should be able to afford the budget for a top notch security program.
If you spent some time working on the inside of IT security.... you would be absolutely appaled at how lax some of the measures employed by certain major corporations are.
Now it makes a little more sense, at least in terms of where they went wrong. Thanks
For every minute you are angry , you lose 60 seconds of happiness."-Emerson
Originally posted by Malickie Now it makes a little more sense, at least in terms of where they went wrong. Thanks
Really? Odd, apart from again repeated fallacious logic regarding the responsibility for the the security breach, all his argument is 'Sony is rich, therefore they could do better' which is pretty stupid and meaningless statement...
Now it makes a little more sense, at least in terms of where they went wrong. Thanks
Really? Odd, apart from again repeated fallacious logic regarding the responsibility for the the security breach, all his argument is 'Sony is rich, therefore they could do better' which is pretty stupid and meaningless statement...
No my arguement is that Sony got breached...therefore they failed somewhere. If they didn't, they wouldn't have gotten breached.
I'm shocked people are actually arguing over sony's liability in this matter
ok so maybe not.. people argue over stupid stuff on the internet all the time but still >_>
Either way, Sony has a responsibility to keep customer's data safe and secure
That data was compromised... so sony is responsible to remedy the problem
Regardless of their degree of "fault"
Even if they had the most secure network in the known universe or let pedro the janitor run the network the night of the hack.. they are still responsible.
I don't know what the standard is throughout the world.. but I feel a few things should be common for a large company
They maintain sales / customer data securely (w/e the current encryption/firewall industry standards ar)
If the data is stolen then affected customer's / parties should be notified in a timely manner.. (2~3 days at most maybe)
And the company should assist victims of identity theft in recovering stolen money.
It would probably be smart for a large company to have insurance to protect against damage from hacks into their networks.. Seems pretty common sense to me.. hacks will happen.. nothing is 100% safe
But there are ways to limit the damage from hacks.. namely notifiying people in a timely manner
There have been many large scale databases hacked in the past few years.. not limited to sony... I think TJ maxx had 50 million credit card numbers / pins stolen in 2005 and customers ended up losing a lot (150 million iirc)
There probably should be some sort of streamlined identity theft recovery process in place... because the current system isn't designed to handle large scale theft that happens these days... and will continue to happen (because nothing is 100% safe)
If credit card companies / banks had the ability to shut off cards (enmass) it would be a good thing i think
I am concerned about giving the government more power to abuse but a law with strict guidelines on when and how a power like this could be used would be helpful.
Comments
They've been down all week (SOE) PSN has been down a couple weeks. If I've read these news reports right.
For every minute you are angry , you lose 60 seconds of happiness."-Emerson
Apples to oranges.
The illegality of modification of a semi-automatic gun into an automatic gun is not due to the act of modifying the weapon, but due to the end result of the modification. Civilians are stricly prohibited against owning automatic firearms due to public safety concerns, which is why modifying a semi-automatic weapon into an automatic weapon is illegal. The main point being, guns are a strictly controlled product because misuse of them can result in death.
Modification of consoles is illegal because big corporations kick and scream about 'piracy' ruining their profits, so their logic of breaking encryption on consoles is because it is being done to promote piracy.
Most laws exist for a reason. But there are times when laws are made to benefit the few at the expense of the masses, especially those who are otherwise innocent -- aka people who want to mod their PS3 to install linux on it, and not because they want to pirate games. So just because something is "the law", it doesn't mean it's morally correct.
It's not venting, it's bemusement at people who are blaming the granny for getting mugged because she didn't take her body guard or the girl who gets raped for wearing that short skirt.
It's not about absolving Sony of responsability, it's about apportioning blame in the right place. Some guy posted earlier with his comparisons to Toyota's defective recall, the blatantly obvious difference, to those with the ability of logical thought, is that those cars didn't require a group of assheads to piss about with the machanics of those cars in order to put the user at risk.
Yes, Sony could have done more, but the simple fact remains if this bunch of pricks hadn't gone out of their way to steal that information it wouldn't have mattered. So you lot touting the glories of these morons, (who it should be pointed out, could if they so wished, have gained this information from a variety of other places and have in the past many times) need to wise up because when we're all paying insane premiums to pay for anything online it will be your heroes' doing.
-----
The person who is certain, and who claims divine warrant for his certainty, belongs now to the infancy of our species.
If the hackers are truly planning a 3rd attack, possibly an attack right as Sony take their system back up, I think the community needs to go knock on their parent's basement doors. Seriously, they've made their statements. Now they're just being pests and they disrupt gaming services that millions of users once enjoyed.
Sure, blame Sony for their security problems. But there comes time when people need to grow a pair and go after the real culprit, and those are the hackers that started this problem for ALL of us. Just a thought.
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
Seriously..., assuming these hackers are just basement dwellers..
The FBI needs to do a few raids on these kids to make them realise you can't just hide from the law online. Stealing CC info is serious stuff people, it means you're going to jail.
A third attempt is highly unlikely because the FBI are there and would obviously be monitoring traffic. Only way a hacker can succeed is to bounce off a bunch of IP's before reaching destination.
There is no 'tunnel vision', only your ill logic and fallacy at asking pointless questions.
No one knows where the stolen data are but that does not imply they were not stolen.
Unlike in case with Spafford, Sony is out of necessity the only one, apart from thieves, who could know what, how and if something was stolen. Spafford simply cannot posses the information he claims thus asking where it comes from is at place.
After your failure at constructing a reasonable argument and your racist toned reply, I see no point discussing anything with you further.
It's the only way hackers hack. Nobody's going to hack from their home PC, seriously
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
Well, I guess you hate WoW then because it is nothing more than a dumbed down EQ clone, but I digress...
I'm no fan of SOE, they have totally destroyed everything their greedy corporate hands ever touched, but those that give their hard earned cash to them to be able to play games in no way deserve to have their PI not protected better than it obviously has been. I hope the hackers get caught and thrown in a jail cell with Bubba who'll be more than happy to teach them about the finer arts of tossing salads, but I truly hope Sony/SOE are made to pay their fair share for this also. If that means they go under so be it, but milking the players for every dime they can while cutting the WRONG corners, like there are correct corners, in the name of turning profits is just plain bad business. Get a clue Sony! Oh wait... I just wrote an oxymoron didn't I?
Anonymous is stupid enough to hack from home.
This is what they use for DDoS atttacks: http://en.wikipedia.org/wiki/LOIC instead of botnets.
They were caught:
"More than 30,000 downloads of the tool were reported to have occurred between 8 and 10 December 2010. On January 27, 2011, five males aged between 15 and 26 were arrested in the UK in connection with the Operation Payback attacks."
If it was Anonymous who did the "hack", they are likely bad hackers who will get caught in no-time, or they might already be.
FBI presence might make it risky but hacking offlined servers is a true challenge.
It will be interesting to watch how this will pan out.
actually i think even if you give a year to a hacker it should be in a maximum security prison.after a few soap dropping incidents they can come out and tell their fellow hackers how it feels like.
Let's be clear...there are NO good guys in this situation...
The hackers are wrong...there is no ethical justification for hacking. If you're PO'd at a corporation..there are other ethical ways to express your disatisfaction...boycotts come to mind.
Sony is at fault for not taking adequite measures to protect their customers information. While it's true that any organization can be breached given hackers with enough time and resources to throw at them..... the ease and degree to which an organization can be compromised is directly related to the resources devoted to the security of it's systems. If Sony got breached it IS Sony's responsibility for not doing enough to secure thier systems. Sony isn't some mom and pop shop that can't afford a real budget for IT security. With the size and prominance of an organization like Sony...if thier getting breached it means they screwed up somewhere.
I work in IT security. If someone breaks into the systems I'm responsible for protecting....it's my fault... or that of my teams...for not having good enough controls in place....or that of our management for not giving us enough resources. The point is, if your breached.....you take your lumps, you take responsibility for not having good enough protection....and you do your best to make sure it doesn't happen again. That doesn't excuse the hackers... they are criminals and need to be prosecuted for what they do. But as a corporation doing business on the internet part of your core responsibility is protecting the data that your clients share with you from the bad guys out there.
Without knowing what measures they took or not, you cannot make evaluated opinion on what is adequate. How and what do you know about their security measures?
That would only apply in case that every situation is foreseeable and you can prevent it. Which is highly unlikely...
I don't have over 100 million other people's property in my house. If someone breaks into my house the only person it hurts is me. This example you are using here is just plain stupid. Here's a better one... If you rented a storage locker along with one hundred other people at what was advertised as a secure storage facility and then you found out that everyone was cleaned out because they didn't have a lock on the back door or an up to date alarm system... wouldn't you be a little pissed off?
Bren
while(horse==dead)
{
beat();
}
Well Bren, that argument doesn't work either, because that would be actual possessions. The loss of personal info and such is completely different. That would work if/when your information was actually used or your accounts charged.
It's no different than the example I quoted... just a little more to the point of what has happened with Sony. I agree that personal possessions and a person's identity are two completely different things but in the modern world we live in Identity Theft can be a lot more damaging than the loss of any physical possession.
Bren
while(horse==dead)
{
beat();
}
nice point.. other then the fact you don't store millions of user account data including bank data in a house.. i store them on a PCI DSS compliant network with regular security updates in place. No system will be 100% secure just unknow weeknesses, but transferring that much data un-noticed is not excusable.
To transfer that much data from the system and sony not having a red flag pop up just shows just how much they care and put into there already sub standard online services.
Something about this makes little sense to me, not to mention countless security experts have said the complete opposite of what you're saying now.
If net security as well as PC security is 90% of the time playing a game of cat and mouse, as well as catch up. How can you or they be held 100% accountable for a breach? Maybe I'm using faulty logic here or I'm just not as hardline as some.
It just seems as well as has been stated to be (by professionals), impossible to forsee all holes within a system and plug them.
For every minute you are angry , you lose 60 seconds of happiness."-Emerson
unfortunately the "security experts" Sony have are just layers with fancy titles to fight there battles such as the the most recent one, but i agree.. breaking into the system via unknown hole is always a risk, they have to be discovered to be fixed. but not spotting the activity is where they slipped up as this is always possible, especialy if such a volume of information was taken.
A companies basic responsibility is to assess the level of risks to the assets it is protecting and devote resources and safeguards adequite to those level of risks. It IS absolutely impossible to forsee all possible holes within a system...and being human we are all fallible. That is the whole point behind a multi-tiered defense strategy (whats commonly termed "Defense in Depth").... that it doesn't take just 1 security hole or failed control to compromise you, but multiple failures on multiple levels.
Even still security breaches will happen (especialy in the face of determined attackers) just as with all the tools and safeguards in place today...cars will occasionaly be released to market with design defects in place. When that happens it IS the fault of the car manufaturer.....just as when a companies data systems are breached it is the fault of the company for not having sufficient measures in place to secure thier systems. No one said it's easy, but it's part of your core responsibility as an organization doing business.
Now if it's a mom and pop shop that some hacker organization takes aim at...well you can certainly understand them simply being overwhlemed by the resources the hackers can bring to bear. Sony, on the other hand, is a major multi-national organization. That makes them a much bigger target...but it also means they should be able to afford the budget for a top notch security program.
If you spent some time working on the inside of IT security.... you would be absolutely appaled at how lax some of the measures employed by certain major corporations are.
Now it makes a little more sense, at least in terms of where they went wrong. Thanks
For every minute you are angry , you lose 60 seconds of happiness."-Emerson
No my arguement is that Sony got breached...therefore they failed somewhere. If they didn't, they wouldn't have gotten breached.
I'm shocked people are actually arguing over sony's liability in this matter
ok so maybe not.. people argue over stupid stuff on the internet all the time but still >_>
Either way, Sony has a responsibility to keep customer's data safe and secure
That data was compromised... so sony is responsible to remedy the problem
Regardless of their degree of "fault"
Even if they had the most secure network in the known universe or let pedro the janitor run the network the night of the hack.. they are still responsible.
I don't know what the standard is throughout the world.. but I feel a few things should be common for a large company
They maintain sales / customer data securely (w/e the current encryption/firewall industry standards ar)
If the data is stolen then affected customer's / parties should be notified in a timely manner.. (2~3 days at most maybe)
And the company should assist victims of identity theft in recovering stolen money.
It would probably be smart for a large company to have insurance to protect against damage from hacks into their networks.. Seems pretty common sense to me.. hacks will happen.. nothing is 100% safe
But there are ways to limit the damage from hacks.. namely notifiying people in a timely manner
There have been many large scale databases hacked in the past few years.. not limited to sony... I think TJ maxx had 50 million credit card numbers / pins stolen in 2005 and customers ended up losing a lot (150 million iirc)
There probably should be some sort of streamlined identity theft recovery process in place... because the current system isn't designed to handle large scale theft that happens these days... and will continue to happen (because nothing is 100% safe)
If credit card companies / banks had the ability to shut off cards (enmass) it would be a good thing i think
I am concerned about giving the government more power to abuse but a law with strict guidelines on when and how a power like this could be used would be helpful.