Linked by Thom Holwerda on Fri 3rd Jun 2011 22:26 UTC, submitted by twitterfire
Privacy, Security, Encryption "The hacker group LulzSec on Thursday posted information it took from Sony Entertainment and Sony BMG on its site, called the LulzBoat. The information includes about a million usernames and passwords of customers in the U.S., Netherlands and Belgium and is available for download and posted on the group's site. A release posted on LulzSec's page said the group has more, but can't copy all of the information it stole. The group also said none of the information it took from Sony was encrypted."
Order by: Score:
hate to say I told you so ...
by project_2501 on Fri 3rd Jun 2011 22:32 UTC
project_2501
Member since:
2006-03-20
RE: hate to say I told you so ...
by somebody on Fri 3rd Jun 2011 22:56 UTC in reply to "hate to say I told you so ..."
somebody Member since:
2005-07-07

lol, did anyone think differently?

except, pr move was not the worst, pissing off hackers was. one really has to be stupid to go on thin ice more than once, sony went 4 times in a row at least.

most smart companies simply bend over and take one for the team when hacked. sony >> could write a book about suicide moves when hacked;)

Reply Score: 2

Bad case of hiccups
by umccullough on Fri 3rd Jun 2011 23:00 UTC
umccullough
Member since:
2006-01-26

This is the worst case of network security hiccups I've seen in a while...

Reply Score: 5

RE: Bad case of hiccups
by flanque on Fri 3rd Jun 2011 23:11 UTC in reply to "Bad case of hiccups"
flanque Member since:
2005-12-15

It's hard to think of a more severe case of incompetence. It's unbelievable.

Reply Score: 5

RE: Bad case of hiccups
by some1 on Sat 4th Jun 2011 00:36 UTC in reply to "Bad case of hiccups"
some1 Member since:
2010-10-05

You know, hiccups always come in a row.

Reply Score: 5

wow
by re_re on Fri 3rd Jun 2011 23:50 UTC
re_re
Member since:
2005-07-06

I encrypt and firewall my own home network ...... It's unbelievable that a company the size of Sony was to lazy to do this.

Reply Score: 2

RE: wow
by bert64 on Sat 4th Jun 2011 15:33 UTC in reply to "wow"
bert64 Member since:
2007-04-23

Your home network doesn't need to provide services to the internet, and even without a firewall it shouldn't be providing anything people could attack.

Sony actually do need to provide services, so based on that these services would be permitted through by their firewall anyway. If someone finds a vulnerability in the services they offer, then thats a route in and gets you behind the firewall.

Reply Score: 4

Couldn't Happen to a Better Company
by marcus0263 on Sat 4th Jun 2011 01:55 UTC
marcus0263
Member since:
2007-06-02

Said it before and I'll say it YET again.

"It couldn't of happen to a better company!"

I simply "loath" Sony and while I feel a bit of sympathy (all the while I say they should have known better) to the user base, it definitely couldn't of happen to a better company.

KISS MY @$$ SONY

You reap what you sow!

Reply Score: 2

Shannara Member since:
2005-07-06

More than that. The Sony execs need to be put in PITA federal prison over the crap they did over the decades.

Reply Score: 2

Comment by neticspace
by neticspace on Sat 4th Jun 2011 03:01 UTC
neticspace
Member since:
2009-06-09

This global company is ruining all the fun in games and music.

Reply Score: 3

RE: Comment by neticspace
by viton on Sat 4th Jun 2011 21:27 UTC in reply to "Comment by neticspace"
viton Member since:
2005-08-09

This global company is ruining all the fun in games and music.

FYI Sony producing a lot of high quality games with their studios as well as other entertainment stuff.
How can it "ruin all the fun"?

Edited 2011-06-04 21:27 UTC

Reply Score: 1

Despicable
by WereCatf on Sat 4th Jun 2011 06:19 UTC
WereCatf
Member since:
2006-02-15

I know bashing Sony is a favorite pastime for many here and I don't claim they don't deserve it. But what that Lulzsec did is still just despicable: the information they got is mostly for elderly users, people who play absolutely no part whatsoever in anything Sony has done and who most likely do not even understand what's going on, yet lulzsec published all of their information. Including phone numbers, passwords and all.

They could have just taught Sony a lesson by for example emptying the whole database, or just publishing usernames and nothing else. But no, they publish it all, and their excuse is "it's not our fault, blame sony!!11oneoneleven"

Besides their immoral, arrogant, ignorant and malicious behaviour what does this even serve to prove? Sony can just play the sympathy card and gets to also blame piracy for this; after all, it's clearly "pirates who do this kind of stuff" and there you go, you've just managed to only worsen the situation that's already brewing. This gives yet more fuel for the government lobbyists calling for tighter control. Sony loses nothing, but these elderly customers can stand to lose even most of their possessions due to identity theft!

Reply Score: 7

Question is...
by Neolander on Sat 4th Jun 2011 07:55 UTC
Neolander
Member since:
2010-03-08

When Sony gets hacked too much, what will happen ?
A/They will do nothing/try to challenge the hacker community, and will die tragically
B/They will realize that they have good engineers&designers (yes, they totally do) but poor management, and will invest in competent managers
C/It will create a black hole and the world will end
D/Obi-Wan Kenobi

Edited 2011-06-04 07:56 UTC

Reply Score: 2

RE: Question is...
by WereCatf on Sat 4th Jun 2011 08:05 UTC in reply to "Question is..."
WereCatf Member since:
2006-02-15

When Sony gets hacked too much, what will happen ?
A/They will do nothing/try to challenge the hacker community, and will die tragically
B/They will realize that they have good engineers&designers (yes, they totally do) but poor management, and will invest in competent managers
C/It will create a black hole and the world will end
D/Obi-Wan Kenobi


E/The most probable one: they will lobby the government for more rights for themselves, using these hacks and the need to "be able to track down the hackers and pirates" so they don't need court orders to request ISPs for customer information etc. And the government actually goes through and gives them that./

Edited 2011-06-04 08:06 UTC

Reply Score: 5

RE[2]: Question is...
by Neolander on Sat 4th Jun 2011 08:09 UTC in reply to "RE: Question is..."
Neolander Member since:
2010-03-08

That amounts to A : they can't stop people from hacking them, no matter how much lobbying they do and how much legal protection they get, be it only because any sane hacker doing this kind of things use the compromised computers of innocent people and leave no track of their identity.

Edited 2011-06-04 08:09 UTC

Reply Score: 1

RE[3]: Question is...
by orestes on Sat 4th Jun 2011 13:36 UTC in reply to "RE[2]: Question is..."
orestes Member since:
2005-07-06

Don't kid yourself. There's no such thing as completely covering your tracks with something like this. The second the government starts throwing words like cyberterrorism around, all sorts of normally frowned upon avenues of investigation open up.

Reply Score: 3

RE[4]: Question is...
by Neolander on Sat 4th Jun 2011 13:49 UTC in reply to "RE[3]: Question is..."
Neolander Member since:
2010-03-08

Well, imagine that you go in a public place like a university's computer room, and subtly steal someone's credentials (easy, people don't hide themselves a lot when typing logins and passwords). Then when the person has left, you log back in on the same computer, using these credentials, to perform your evil deeds, and delete every piece of software you've used if you've used some.

I can't see which data could personally identify yourself in such a scenario.

Reply Score: 1

RE[5]: Question is...
by WereCatf on Sat 4th Jun 2011 14:01 UTC in reply to "RE[4]: Question is..."
WereCatf Member since:
2006-02-15

Well, imagine that you go in a public place like a university's computer room, and subtly steal someone's credentials (easy, people don't hide themselves a lot when typing logins and passwords). Then when the person has left, you log back in on the same computer, using these credentials, to perform your evil deeds, and delete every piece of software you've used if you've used some.

I can't see which data could personally identify yourself in such a scenario.


Libraries pack several security cameras, and atleast here most of them also have separate cameras for public computer terminals. That's more than enough to catch you.

Reply Score: 2

RE[6]: Question is...
by Neolander on Sat 4th Jun 2011 14:09 UTC in reply to "RE[5]: Question is..."
Neolander Member since:
2010-03-08

Cameras are nice in theory, but in practice they don't work so well. IIRC, despite massive video camera deployment in London, they're still talking about around 0.1% extra criminals caught. That's not very efficient, considering how much a video camera costs compared to a well-trained policeman.

Maybe the problem is how difficult it is to recognize a face ?

Edited 2011-06-04 14:09 UTC

Reply Score: 2

RE[7]: Question is...
by WereCatf on Sat 4th Jun 2011 14:11 UTC in reply to "RE[6]: Question is..."
WereCatf Member since:
2006-02-15

massive video camera deployment in London


Well, you're comparing a library to a big city right now.

Reply Score: 2

RE[5]: Question is...
by bert64 on Sat 4th Jun 2011 15:37 UTC in reply to "RE[4]: Question is..."
bert64 Member since:
2007-04-23

Security cameras around the public terminals..
More cameras on the entrances/exits.
Even more cameras on the streets outside.
Witnesses since it's a public place.
Logging at the network level (even assuming you have root equivalent access to the terminal itself and have proven there is no local logging).

Of course the easiest way to avoid being caught, is to live in a country where the law doesn't care.

Reply Score: 2

Google
by Gone fishing on Sat 4th Jun 2011 08:12 UTC
Gone fishing
Member since:
2006-02-22

Isn't Google great I was just wondering if Hiccups could be fatal and I found this which looks pertinent

If you experience any of the following hiccup episodes, it may be the result of a more serious condition, which in turn may be life threatening. A bout of hiccups is defined as having hiccups on and off for up to 48 hours. Persistent hiccups last more than 48 hours. Persistent hiccups become intractable hiccups when they last for two months or more.


http://www.ehow.com/how-does_5512947_causes-death-hiccups.html

Reply Score: 2

Serve them right
by mfaudzinr on Sat 4th Jun 2011 10:12 UTC
mfaudzinr
Member since:
2008-02-13

Although I don't condone hacking but this is what I have to say to Sony HA HA HA - You truly deserve it.

Reply Score: 1

Letters to the Ether
by Phloptical on Sat 4th Jun 2011 16:03 UTC
Phloptical
Member since:
2006-10-10

Dear Sony,
How is XBOX Live not getting hacked? And it's a Microsoft product.

Just sayin'.

Regards
Phloptical

Reply Score: 4

Let's see
by twitterfire on Sat 4th Jun 2011 19:08 UTC
twitterfire
Member since:
2008-09-11

I'm actually happy Sony got sony'd (in Thom's words) because they were bullying users and consumers. And I hate the fact that because I live in EU and try to watch some clips on YT, I can't because the music is the property of Sony Online Entertainment. Of course, I have access to a lot of US based servers and shit, so I can use VPN or socks proxy. But I refuse to use a VPN just to see a shitty video on YT which happens to have background music from SOE.

If you're stupid, you deserve to be sony'd. I don't have any compassion towards Sony.

It's a multibillion company and they yet choose to employ sucky net admins and sucky web admins just because they probably have used Ubuntu at some time, hence they are uber qualified.

I bet they are paying the said admins some nice sums, at least 4-5000 $ for a junior.

I'm not pretending to be anywhere near an experienced Linux admin, but but but, I have 3 rented servers in a datacenter and I run CentOS on them. Hence I try to deal with security. Every once and then, when some new security advisory pops up on Centos, Apache, MongoDB and Mysql mailing lists, my computer beeps up and shows me the advisories. I update CentOS at least once per day, and I use a shitty chroot jail. (I know chroot jails are shitty, but I don't have much time), I've enabled AppArmor in the Linux kernel (although I've personally hacked some servers with AppArmor enabled) and I try to always use the latest kernel. Because hackers generally target older kernels and until they target my today kernel, I'm weeks towards them.

I'm not pretending I have a good security on my servers. In fact, I would love to switch to either FreeBSD or OpenBSD. The nasty thing is not all my software is supported well on the BSD's and there is some big performance penalty. I can live with the performance penalty, but but but, right now I'm milking the hardware of the said three servers as much as I could. If I'll see some small increase in revenues, no doubt I'll use either FreeBSD, either OpenBSD (preferably).

Reply Score: 2

RE: Let's see
by spiderman on Mon 6th Jun 2011 07:19 UTC in reply to "Let's see"
spiderman Member since:
2008-10-23

Actually, using openBSD instead of CentOS won't improve security much. Security is not just about the OS and middleware. If the application allows SQL injection, you can put all the encryption and fined grained permissions you want, there is still a hole in the application. And if the admin gives the root password on the phone to whoever asks, you have another hole. For a company the size of Sony, the human factor is much more complex to manage than for a single person managing his server. The admin doesn't necessarily care about security. If anything, security holes generate more money for him. There are hundreds of middlemen between him and the shareholders who do care about the security of the company. They have to hire audit teams and lawyers to make contracts that make sure the auditors get penalties in case of security problems and they have to make sure their lawyers do their job well, etc. It's not as easy as "hiring a good admin". They have to implement processes that involve thousands of people, where each one of them is a security risk.

Edited 2011-06-06 07:22 UTC

Reply Score: 2