Linked by Thom Holwerda on Fri 3rd Jun 2011 22:26 UTC, submitted by twitterfire
Privacy, Security, Encryption "The hacker group LulzSec on Thursday posted information it took from Sony Entertainment and Sony BMG on its site, called the LulzBoat. The information includes about a million usernames and passwords of customers in the U.S., Netherlands and Belgium and is available for download and posted on the group's site. A release posted on LulzSec's page said the group has more, but can't copy all of the information it stole. The group also said none of the information it took from Sony was encrypted."
Thread beginning with comment 476022
To read all comments associated with this story, please click here.
Let's see
by twitterfire on Sat 4th Jun 2011 19:08 UTC
twitterfire
Member since:
2008-09-11

I'm actually happy Sony got sony'd (in Thom's words) because they were bullying users and consumers. And I hate the fact that because I live in EU and try to watch some clips on YT, I can't because the music is the property of Sony Online Entertainment. Of course, I have access to a lot of US based servers and shit, so I can use VPN or socks proxy. But I refuse to use a VPN just to see a shitty video on YT which happens to have background music from SOE.

If you're stupid, you deserve to be sony'd. I don't have any compassion towards Sony.

It's a multibillion company and they yet choose to employ sucky net admins and sucky web admins just because they probably have used Ubuntu at some time, hence they are uber qualified.

I bet they are paying the said admins some nice sums, at least 4-5000 $ for a junior.

I'm not pretending to be anywhere near an experienced Linux admin, but but but, I have 3 rented servers in a datacenter and I run CentOS on them. Hence I try to deal with security. Every once and then, when some new security advisory pops up on Centos, Apache, MongoDB and Mysql mailing lists, my computer beeps up and shows me the advisories. I update CentOS at least once per day, and I use a shitty chroot jail. (I know chroot jails are shitty, but I don't have much time), I've enabled AppArmor in the Linux kernel (although I've personally hacked some servers with AppArmor enabled) and I try to always use the latest kernel. Because hackers generally target older kernels and until they target my today kernel, I'm weeks towards them.

I'm not pretending I have a good security on my servers. In fact, I would love to switch to either FreeBSD or OpenBSD. The nasty thing is not all my software is supported well on the BSD's and there is some big performance penalty. I can live with the performance penalty, but but but, right now I'm milking the hardware of the said three servers as much as I could. If I'll see some small increase in revenues, no doubt I'll use either FreeBSD, either OpenBSD (preferably).

Reply Score: 2

RE: Let's see
by spiderman on Mon 6th Jun 2011 07:19 in reply to "Let's see"
spiderman Member since:
2008-10-23

Actually, using openBSD instead of CentOS won't improve security much. Security is not just about the OS and middleware. If the application allows SQL injection, you can put all the encryption and fined grained permissions you want, there is still a hole in the application. And if the admin gives the root password on the phone to whoever asks, you have another hole. For a company the size of Sony, the human factor is much more complex to manage than for a single person managing his server. The admin doesn't necessarily care about security. If anything, security holes generate more money for him. There are hundreds of middlemen between him and the shareholders who do care about the security of the company. They have to hire audit teams and lawyers to make contracts that make sure the auditors get penalties in case of security problems and they have to make sure their lawyers do their job well, etc. It's not as easy as "hiring a good admin". They have to implement processes that involve thousands of people, where each one of them is a security risk.

Edited 2011-06-06 07:22 UTC

Reply Parent Score: 2