Are people seriously believing the words of Anonymous? Those who find joy in causing headache for others? Those who find joy in taking services down for whatever ideological reasons they have, where they are disrupting services for millions of people who once enjoyed using?
Yeah.. I'm sure all corporations are evil to some, but being anarchists aren't much better either. Majority of the people in this world is somewhere in the middle. If Anonymous wants to redeem themselves and show they are trustworthy (lol), they would be going after the hackers that actually stole the data. You know, do something good for once and show the world they aren't just a bunch of people who like to cause problems.
At least this had some good result for Sony. For example, me and many people I know had some appreciation for those guys, being bold and such, but after all of this crap I honestly just want all of them to be arrested and to pay for what they have done with a wasted life in jail.
This was a big blow to players, not Sony, they have insurances and millions over millions to spend, or does anyone really think that Sony is gonna die out pennyless?
This was a big blow to the playerbase and the "card" that they delivered to the companies will bring much more trouble for the players than to the companies. They will surely make us accept several "bad" things in the name of security from now on
Are people seriously believing the words of Anonymous? Those who find joy in causing headache for others? Those who find joy in taking services down for whatever ideological reasons they have, where they are disrupting services for millions of people who once enjoyed using?
Yeah.. I'm sure all corporations are evil to some, but being anarchists aren't much better either. Majority of the people in this world is somewhere in the middle. If Anonymous wants to redeem themselves and show they are trustworthy (lol), they would be going after the hackers that actually stole the data. You know, do something good for once and show the world they aren't just a bunch of people who like to cause problems.
I don't trust the word of anonymouse.. but what i do trust is thinking about things that are plausible.
a denial of service attack wouldn't help somebody download a huge database because of the nature of the attack.. it denies service... not selectively but to everybody.
Now the attack might have contributed to the theft by the actual hacker (whether he is part of anonymous or not idk) so I still place some blame on anonymous.
Maybe the people who were suppose to be monitoring the networks were distracted by the attack and didn't monitor their network properly.. or maybe they were just undermanned and not able to do everything they were suppose to allowing this attack to happen.
I'm sure there is plenty of blame to go around... I just don't think its appropriate to blame one person for something that it seems would take multiple people doing the wrong thing.
"It is nice that you just joined the forums today and are confident that Sony isn't at fault, but do you have anything to support that?"
They are really NOT at fault, it the current dominant way of thinking in cyber security that is at FAULT. These facts are played out and covered on the video streams below. There are strong indications of this "digital ecosystem" having ties to a series of global organized crime groups. The estimated revenue produced from this "digital ecosystem" exceeds money made from the illicit drug trades made globally.
So should we hire these members of this "digital ecosystem" to better secure one's network?
They have a far bigger "purse of gold" than humble Sony or any other company, this "digital ecosystem" is winning everyday and companies are losing.
Anonymous, if you can call it a focus coherent organization with hierarchy, may only play a small part in this "digital ecosystem". However, maybe it's likely having a links to it for the sole intent to gather other malware/root kits developer's insights into technics of exploitation.
Players in this "digital ecosystem" really don't operate solo, they operate in groups somtime overlapping each other for the sole pupose of comparing notes.
Regarding to the Apache Server was out-of-date, this was found to be false. From the Google webcache suggest the server was in fact up-to-date.
Daffid011 wrote:
"Seeing that Sony chief information officer openly admitted to the press that the Sony servers were running known vulnerabilities and they should have been doing more to secure their servers, I have to disagree with your conclusion. It would appear Sony does as well."
I really can't say much on the "were running known vulnerabilities" it vaguely broad and not really touches on if it played into part of the successful breakin of Sony's network.
SmokerKing wrote:
"I'm 100% confident on the issue they had firm security protection measures in place comparably to other companies in similar size."
I'm saying they did have protection measures In place , but did they the most recent up-to-date innovative findings in place to prevent the attack ? It's not a matter of getting some patch and thinking your safe from cyber criminals . From the video streaming links below it goes far beyond that fact and the resolution maybe require a complete rethinking of how these network systems currently operate. IT security is a ever evolving science with players on both sides locked into a "classic darwinian struggle". It's NOT a matter of finding fault of Sony or any other organization, it a matter of changing the current dominate thinking of IT security we have today . The small taste of the current state of this "digital ecosystem" , what suggested step are needed to prevent future attacks of this nature and methods on how to identify the developer of these tools are shown in the video streaming links below.
The actions of people in this forum should NOT be bashing Sony or any other company that ARE the victims of these types of cyber attack... WE should be loudly vocally repeating what Gary McGraw and Greg Hoglund finding and suggested solutions to these types of issues !!!!
[1] They are really NOT at fault, it the current dominant way of thinking in cyber security that is at FAULT. These facts are played out and covered on the video streams below. There are strong indications of this "digital ecosystem" having ties to a series of global organized crime groups. The estimated revenue produced from this "digital ecosystem" exceeds money made from the illicit drug trades made globally.
So should we hire these members of this "digital ecosystem" to better secure one's network?
They have a far bigger "purse of gold" than humble Sony or any other company, this "digital ecosystem" is winning everyday and companies are losing.
Anonymous, if you can call it a focus coherent organization with hierarchy, may only play a small part in this "digital ecosystem". However, maybe it's likely having a links to it for the sole intent to gather other malware/root kits developer's insights into technics of exploitation.
Players in this "digital ecosystem" really don't operate solo, they operate in groups somtime overlapping each other for the sole pupose of comparing notes.
[2] Regarding to the Apache Server was out-of-date, this was found to be false. From the Google webcache suggest the server was in fact up-to-date.
Daffid011 wrote:
"Seeing that Sony chief information officer openly admitted to the press that the Sony servers were running known vulnerabilities and they should have been doing more to secure their servers, I have to disagree with your conclusion. It would appear Sony does as well."
I really can't say much on the "were running known vulnerabilities" it vaguely broad and not really touches on if it played into part of the successful breakin of Sony's network.
SmokerKing wrote:
"I'm 100% confident on the issue they had firm security protection measures in place comparably to other companies in similar size."
I'm saying they did have protection measures In place , but did they the most recent up-to-date innovative findings in place to prevent the attack ? It's not a matter of getting some patch and thinking your safe from cyber criminals . From the video streaming links below it goes far beyond that fact and the resolution maybe require a complete rethinking of how these network systems currently operate. IT security is a ever evolving science with players on both sides locked into a "classic darwinian struggle". It's NOT a matter of finding fault of Sony or any other organization, it a matter of changing the current dominate thinking of IT security we have today . The small taste of the current state of this "digital ecosystem" , what suggested step are needed to prevent future attacks of this nature and methods on how to identify the developer of these tools are shown in the video streaming links below.
The actions of people in this forum should NOT be bashing Sony or any other company that ARE the victims of these types of cyber attack... WE should be loudly vocally repeating what Gary McGraw and Greg Hoglund finding and suggested solutions to these types of issues !!!!
[1] Threats exist and yes Sony is the victom of a threat. However that does no excuse negligence or subpar work. A bank would not be forgiven if they left money laying around outside the vault and unguarded just because there are bank robbers in the world.
Sony kept credit and banking information stored in an unsecure manner and data that should not have even been stored. There is a reason credit card companies require companies to be PCI compliant and Sony wasn't operating in a compliant manner. Those standards exist to prevent situations like this from happening. As a result, they get to share in the blame for this fiasco.
[2]
That google search only shows that Sonys WEB SERVERS were up to date. The web servers were not the subject of what servers were not current on security patches and inproperly insulated from the world.
Read the fun IRC log from Feb 16th for an example of what people were discovering about the network.
Sony spies on basically everything PS-related (hardware plugged in, games played, etc.) and uploads it. There are "independent checks" and history wipers, etc. don't work. This may only happen when the device is networked. They can detect backups, piracy, etc.
It sends CC data, etc. via SSL, but leaves unencrypted logs on the HD that contain that data in the URLs visited. It may not have used SSL at all at launch.
You can modify a few things when you download something from the PSN store to tell it that you should be getting the game for free.
Sony monitors all messages sent over PSN, may be searching that for keywords.
Has a big list of censor words that lives on your HD. Checks this list on receipt of a message, not sending. Easy to bypass now.
Various worries about people creating spam apps with this data.
Comments indicating that Sony is running old Apache servers with known vulnerabilities internally.
These "people" you are speaking about are the alleged member of anonymous. so most of this stuff is suspect and cannot really be verified as facts. There is a strong need for independent conformation.
I'm so sick and tired of this crap, If there is an actual attack this weekend, I pray to God that everyone one of the people involved in it are caught and treated like terrorists.
Agree completely with you. They are terrorists and should be threated like terrorist.
These "people" you are speaking about are the alleged member of anonymous. so most of this stuff is suspect and cannot really be verified as facts. There is a strong need for independent conformation.
<<snip>>
The Vast majority server we're using most current stable version of Apache with a small subset using older version.
How suspect can the information be?
Feb 2011: Various hackers are openly talking about how PSN servers are not properly patched and lack proper firewalls.
April 2011: PSN and SOE are massively hacked
May 2011: Sony chief informaion officer admits that servers had known vulnerabilities and Sony could have "done more" to secure the network. Also in the latest press release, Sony is adding more firewalls in their network.
Perhaps all this information just randomly fits a pattern and creates a pretty clear picture of Sonys servers being ripe for this type of action. It really takes a lot of effort to find some reason to overlook all this information. Keep in mind the information is coming from many various parties, including Sony.
Also, now the story from the goolge searches is that "most" of the servers were up to date? Doesn't that mean some servers were not properly patched, despite you saying all their servers were current?
Does the google search record if servers are missing firewalls or those firewalls are not properly configured.
Ah finally someone teaches them a lesson after what SoE pulled with the NGE
So when does Lucas Arts get their lesson? look out SWTOR players
Agreed, Lucas Arts should get their lesson as well
p.s. Don't blame me if some Lucas Arts server gets hacked tomorrow =p
If you are interested in subscription or PCU numbers for MMORPG's, check out my site : http://mmodata.blogspot.be/ Favorite MMORPG's : DAoC pre ToA-NF, SWG Pre CU-NGE, EVE Online
Comments
Sony was asking for it... they shouldn't have dressed their servers up so sexy o_O
Are people seriously believing the words of Anonymous? Those who find joy in causing headache for others? Those who find joy in taking services down for whatever ideological reasons they have, where they are disrupting services for millions of people who once enjoyed using?
Yeah.. I'm sure all corporations are evil to some, but being anarchists aren't much better either. Majority of the people in this world is somewhere in the middle. If Anonymous wants to redeem themselves and show they are trustworthy (lol), they would be going after the hackers that actually stole the data. You know, do something good for once and show the world they aren't just a bunch of people who like to cause problems.
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
At least this had some good result for Sony. For example, me and many people I know had some appreciation for those guys, being bold and such, but after all of this crap I honestly just want all of them to be arrested and to pay for what they have done with a wasted life in jail.
This was a big blow to players, not Sony, they have insurances and millions over millions to spend, or does anyone really think that Sony is gonna die out pennyless?
This was a big blow to the playerbase and the "card" that they delivered to the companies will bring much more trouble for the players than to the companies. They will surely make us accept several "bad" things in the name of security from now on
I don't trust the word of anonymouse.. but what i do trust is thinking about things that are plausible.
a denial of service attack wouldn't help somebody download a huge database because of the nature of the attack.. it denies service... not selectively but to everybody.
Now the attack might have contributed to the theft by the actual hacker (whether he is part of anonymous or not idk) so I still place some blame on anonymous.
Maybe the people who were suppose to be monitoring the networks were distracted by the attack and didn't monitor their network properly.. or maybe they were just undermanned and not able to do everything they were suppose to allowing this attack to happen.
I'm sure there is plenty of blame to go around... I just don't think its appropriate to blame one person for something that it seems would take multiple people doing the wrong thing.
Yay! Lets all jump on the sue sony bandwagon =D!!!
Most people go through life pretending to be a boss. I go through life pretending I'm not.
Damn straight.. Sony killed JFK too
Daffid011 wrote:
"It is nice that you just joined the forums today and are confident that Sony isn't at fault, but do you have anything to support that?"
They are really NOT at fault, it the current dominant way of thinking in cyber security that is at FAULT. These facts are played out and covered on the video streams below. There are strong indications of this "digital ecosystem" having ties to a series of global organized crime groups. The estimated revenue produced from this "digital ecosystem" exceeds money made from the illicit drug trades made globally.
So should we hire these members of this "digital ecosystem" to better secure one's network?
They have a far bigger "purse of gold" than humble Sony or any other company, this "digital ecosystem" is winning everyday and companies are losing.
Anonymous, if you can call it a focus coherent organization with hierarchy, may only play a small part in this "digital ecosystem". However, maybe it's likely having a links to it for the sole intent to gather other malware/root kits developer's insights into technics of exploitation.
Players in this "digital ecosystem" really don't operate solo, they operate in groups somtime overlapping each other for the sole pupose of comparing notes.
Members of Beyond3D Show PSN Servers Were Patched Up to Date Prior to being Hacked
Regarding to the Apache Server was out-of-date, this was found to be false. From the Google webcache suggest the server was in fact up-to-date.
Daffid011 wrote:
"Seeing that Sony chief information officer openly admitted to the press that the Sony servers were running known vulnerabilities and they should have been doing more to secure their servers, I have to disagree with your conclusion. It would appear Sony does as well."
Sony: We knew about PSN security flaws
I really can't say much on the "were running known vulnerabilities" it vaguely broad and not really touches on if it played into part of the successful breakin of Sony's network.
SmokerKing wrote:
"I'm 100% confident on the issue they had firm security protection measures in place comparably to other companies in similar size."
I'm saying they did have protection measures In place , but did they the most recent up-to-date innovative findings in place to prevent the attack ? It's not a matter of getting some patch and thinking your safe from cyber criminals . From the video streaming links below it goes far beyond that fact and the resolution maybe require a complete rethinking of how these network systems currently operate. IT security is a ever evolving science with players on both sides locked into a "classic darwinian struggle". It's NOT a matter of finding fault of Sony or any other organization, it a matter of changing the current dominate thinking of IT security we have today . The small taste of the current state of this "digital ecosystem" , what suggested step are needed to prevent future attacks of this nature and methods on how to identify the developer of these tools are shown in the video streaming links below.
The Screen Savers: Exploiting Software: How to Break Code (8m53sec)
Blackhat 2010 Malware Attribution tracking cyber spies Greg Hoglund (1hour 26sec)
CERIAS Security Seminar Video - The Building Security In Maturity Model (About 1 hr)
Cigital's Gary McGraw Talks Malware, Typical Targets and Cyber Security Innovation (9m 41sec)
The actions of people in this forum should NOT be bashing Sony or any other company that ARE the victims of these types of cyber attack... WE should be loudly vocally repeating what Gary McGraw and Greg Hoglund finding and suggested solutions to these types of issues !!!!
[1] Threats exist and yes Sony is the victom of a threat. However that does no excuse negligence or subpar work. A bank would not be forgiven if they left money laying around outside the vault and unguarded just because there are bank robbers in the world.
Sony kept credit and banking information stored in an unsecure manner and data that should not have even been stored. There is a reason credit card companies require companies to be PCI compliant and Sony wasn't operating in a compliant manner. Those standards exist to prevent situations like this from happening. As a result, they get to share in the blame for this fiasco.
[2]
That google search only shows that Sonys WEB SERVERS were up to date. The web servers were not the subject of what servers were not current on security patches and inproperly insulated from the world.
Read the fun IRC log from Feb 16th for an example of what people were discovering about the network.
Daffid011 wrote:
"That Google search only shows that Sonys WEB SERVERS were up to date. "
Detective work reveals PSN servers up to date
If you follow the thread linked above Brad Grenz show the nmap logs of posted by someone named Teiman.
nmap logs
The Vast majority server we're using most current stable version of Apache with a small subset using older version.
Daffid011 wrote:
"The web servers were not the subject of what servers were not current on security patches and improperly insulated from the world."
This is tentatively TRUE but what we're the responsibility of those servers that we're NOT the most current stable version ?
Daffid011 wrote:
"Read the fun IRC log from Feb 16th for an example of what people were discovering about the network"
There is allot of claims in that Irc Log about vulnerabilities and exactly what data is being monitored by Sony.
Here is a snippet of a post from Natsu on "Hacker News".
Source
They have decrypted all PSN functions.
Sony spies on basically everything PS-related (hardware plugged in, games played, etc.) and uploads it. There are "independent checks" and history wipers, etc. don't work. This may only happen when the device is networked. They can detect backups, piracy, etc.
It sends CC data, etc. via SSL, but leaves unencrypted logs on the HD that contain that data in the URLs visited. It may not have used SSL at all at launch.
You can modify a few things when you download something from the PSN store to tell it that you should be getting the game for free.
Sony monitors all messages sent over PSN, may be searching that for keywords.
Has a big list of censor words that lives on your HD. Checks this list on receipt of a message, not sending. Easy to bypass now.
Various worries about people creating spam apps with this data.
Comments indicating that Sony is running old Apache servers with known vulnerabilities internally.
These "people" you are speaking about are the alleged member of anonymous. so most of this stuff is suspect and cannot really be verified as facts. There is a strong need for independent conformation.
Agree completely with you. They are terrorists and should be threated like terrorist.
How suspect can the information be?
Feb 2011: Various hackers are openly talking about how PSN servers are not properly patched and lack proper firewalls.
April 2011: PSN and SOE are massively hacked
May 2011: Sony chief informaion officer admits that servers had known vulnerabilities and Sony could have "done more" to secure the network. Also in the latest press release, Sony is adding more firewalls in their network.
Perhaps all this information just randomly fits a pattern and creates a pretty clear picture of Sonys servers being ripe for this type of action. It really takes a lot of effort to find some reason to overlook all this information. Keep in mind the information is coming from many various parties, including Sony.
Also, now the story from the goolge searches is that "most" of the servers were up to date? Doesn't that mean some servers were not properly patched, despite you saying all their servers were current?
Does the google search record if servers are missing firewalls or those firewalls are not properly configured.
This kind of reminds me of another situation...
Happened like 10 years ago.
Browser RPG | www.titansoftime.com
Sounds like Sony still has a lot of stuff to sort out
at least according to this network security guy...
http://www.reuters.com/article/2011/05/13/us-sony-idUSTRE74C70420110513
Agreed, Lucas Arts should get their lesson as well
p.s. Don't blame me if some Lucas Arts server gets hacked tomorrow =p
If you are interested in subscription or PCU numbers for MMORPG's, check out my site :
http://mmodata.blogspot.be/
Favorite MMORPG's : DAoC pre ToA-NF, SWG Pre CU-NGE, EVE Online