Submitted by “The hacker group LulzSec on Thursday posted information it took from Sony Entertainment and Sony BMG on its site, called the LulzBoat. The information includes about a million usernames and passwords of customers in the U.S., Netherlands and Belgium and is available for download and posted on the group’s site. A release posted on LulzSec’s page said the group has more, but can’t copy all of the information it stole. The group also said none of the information it took from Sony was encrypted.”
http://www.osnews.com/permalink?473538
lol, did anyone think differently?
except, pr move was not the worst, pissing off hackers was. one really has to be stupid to go on thin ice more than once, sony went 4 times in a row at least.
most smart companies simply bend over and take one for the team when hacked. sony >> could write a book about suicide moves when hacked;)
This is the worst case of network security hiccups I’ve seen in a while…
It’s hard to think of a more severe case of incompetence. It’s unbelievable.
You know, hiccups always come in a row.
I encrypt and firewall my own home network …… It’s unbelievable that a company the size of Sony was to lazy to do this.
Your home network doesn’t need to provide services to the internet, and even without a firewall it shouldn’t be providing anything people could attack.
Sony actually do need to provide services, so based on that these services would be permitted through by their firewall anyway. If someone finds a vulnerability in the services they offer, then thats a route in and gets you behind the firewall.
Said it before and I’ll say it YET again.
“It couldn’t of happen to a better company!”
I simply “loath” Sony and while I feel a bit of sympathy (all the while I say they should have known better) to the user base, it definitely couldn’t of happen to a better company.
KISS MY @$$ SONY
You reap what you sow!
More than that. The Sony execs need to be put in PITA federal prison over the crap they did over the decades.
This global company is ruining all the fun in games and music.
FYI Sony producing a lot of high quality games with their studios as well as other entertainment stuff.
How can it “ruin all the fun”?
Edited 2011-06-04 21:27 UTC
I know bashing Sony is a favorite pastime for many here and I don’t claim they don’t deserve it. But what that Lulzsec did is still just despicable: the information they got is mostly for elderly users, people who play absolutely no part whatsoever in anything Sony has done and who most likely do not even understand what’s going on, yet lulzsec published all of their information. Including phone numbers, passwords and all.
They could have just taught Sony a lesson by for example emptying the whole database, or just publishing usernames and nothing else. But no, they publish it all, and their excuse is “it’s not our fault, blame sony!!11oneoneleven”
Besides their immoral, arrogant, ignorant and malicious behaviour what does this even serve to prove? Sony can just play the sympathy card and gets to also blame piracy for this; after all, it’s clearly “pirates who do this kind of stuff” and there you go, you’ve just managed to only worsen the situation that’s already brewing. This gives yet more fuel for the government lobbyists calling for tighter control. Sony loses nothing, but these elderly customers can stand to lose even most of their possessions due to identity theft!
When Sony gets hacked too much, what will happen ?
A/They will do nothing/try to challenge the hacker community, and will die tragically
B/They will realize that they have good engineers&designers (yes, they totally do) but poor management, and will invest in competent managers
C/It will create a black hole and the world will end
D/Obi-Wan Kenobi
Edited 2011-06-04 07:56 UTC
E/The most probable one: they will lobby the government for more rights for themselves, using these hacks and the need to “be able to track down the hackers and pirates” so they don’t need court orders to request ISPs for customer information etc. And the government actually goes through and gives them that./
Edited 2011-06-04 08:06 UTC
That amounts to A : they can’t stop people from hacking them, no matter how much lobbying they do and how much legal protection they get, be it only because any sane hacker doing this kind of things use the compromised computers of innocent people and leave no track of their identity.
Edited 2011-06-04 08:09 UTC
Don’t kid yourself. There’s no such thing as completely covering your tracks with something like this. The second the government starts throwing words like cyberterrorism around, all sorts of normally frowned upon avenues of investigation open up.
Well, imagine that you go in a public place like a university’s computer room, and subtly steal someone’s credentials (easy, people don’t hide themselves a lot when typing logins and passwords). Then when the person has left, you log back in on the same computer, using these credentials, to perform your evil deeds, and delete every piece of software you’ve used if you’ve used some.
I can’t see which data could personally identify yourself in such a scenario.
Libraries pack several security cameras, and atleast here most of them also have separate cameras for public computer terminals. That’s more than enough to catch you.
Cameras are nice in theory, but in practice they don’t work so well. IIRC, despite massive video camera deployment in London, they’re still talking about around 0.1% extra criminals caught. That’s not very efficient, considering how much a video camera costs compared to a well-trained policeman.
Maybe the problem is how difficult it is to recognize a face ?
Edited 2011-06-04 14:09 UTC
Well, you’re comparing a library to a big city right now.
Is there conclusive evidence that cameras are effective at smaller scales ?
You’re dealing with much smaller areas at closer range, with a limited number of exits, and there are no vehicles to hide inside. So yeah, it’s pretty obvious.
It’s certainly more effective, but is it effective in an absolute fashion ? Can security services reliably determine who’s sitting in front of a computer from a camera movie ? Can common fashion accessories like caps obfuscate the camera image ?
Edited 2011-06-04 14:28 UTC
I don’t know about where you live, but a lot of libraries in American cities have a *lot* of visitors, and a *lot* of stuff going on.
Edit: Oh, I almost forgot: a lot of unsecured wireless routers hanging about in people’s houses. (Not mine, though.)
Edited 2011-06-04 15:22 UTC
They’re the easiest venue for these sorts of activities, I agree.
Security cameras around the public terminals..
More cameras on the entrances/exits.
Even more cameras on the streets outside.
Witnesses since it’s a public place.
Logging at the network level (even assuming you have root equivalent access to the terminal itself and have proven there is no local logging).
Of course the easiest way to avoid being caught, is to live in a country where the law doesn’t care.
Isn’t Google great I was just wondering if Hiccups could be fatal and I found this which looks pertinent
Although I don’t condone hacking but this is what I have to say to Sony HA HA HA – You truly deserve it.
Dear Sony,
How is XBOX Live not getting hacked? And it’s a Microsoft product.
Just sayin’.
Regards
Phloptical
I’m actually happy Sony got sony’d (in Thom’s words) because they were bullying users and consumers. And I hate the fact that because I live in EU and try to watch some clips on YT, I can’t because the music is the property of Sony Online Entertainment. Of course, I have access to a lot of US based servers and shit, so I can use VPN or socks proxy. But I refuse to use a VPN just to see a shitty video on YT which happens to have background music from SOE.
If you’re stupid, you deserve to be sony’d. I don’t have any compassion towards Sony.
It’s a multibillion company and they yet choose to employ sucky net admins and sucky web admins just because they probably have used Ubuntu at some time, hence they are uber qualified.
I bet they are paying the said admins some nice sums, at least 4-5000 $ for a junior.
I’m not pretending to be anywhere near an experienced Linux admin, but but but, I have 3 rented servers in a datacenter and I run CentOS on them. Hence I try to deal with security. Every once and then, when some new security advisory pops up on Centos, Apache, MongoDB and Mysql mailing lists, my computer beeps up and shows me the advisories. I update CentOS at least once per day, and I use a shitty chroot jail. (I know chroot jails are shitty, but I don’t have much time), I’ve enabled AppArmor in the Linux kernel (although I’ve personally hacked some servers with AppArmor enabled) and I try to always use the latest kernel. Because hackers generally target older kernels and until they target my today kernel, I’m weeks towards them.
I’m not pretending I have a good security on my servers. In fact, I would love to switch to either FreeBSD or OpenBSD. The nasty thing is not all my software is supported well on the BSD’s and there is some big performance penalty. I can live with the performance penalty, but but but, right now I’m milking the hardware of the said three servers as much as I could. If I’ll see some small increase in revenues, no doubt I’ll use either FreeBSD, either OpenBSD (preferably).
Actually, using openBSD instead of CentOS won’t improve security much. Security is not just about the OS and middleware. If the application allows SQL injection, you can put all the encryption and fined grained permissions you want, there is still a hole in the application. And if the admin gives the root password on the phone to whoever asks, you have another hole. For a company the size of Sony, the human factor is much more complex to manage than for a single person managing his server. The admin doesn’t necessarily care about security. If anything, security holes generate more money for him. There are hundreds of middlemen between him and the shareholders who do care about the security of the company. They have to hire audit teams and lawyers to make contracts that make sure the auditors get penalties in case of security problems and they have to make sure their lawyers do their job well, etc. It’s not as easy as “hiring a good admin”. They have to implement processes that involve thousands of people, where each one of them is a security risk.
Edited 2011-06-06 07:22 UTC