23. May, 2011
The German Bundesamt für Sicherheit in der Informationstechnik (BSI) isn’t taken serious by Sony, according to heise online.
When the security specialists of the German government wanted to know more about the theft of 100 million customer records, “Sony didn’t want to answer due to ongoing technical analysis.” They are still refusing to agree to a follow-up meeting.
If the German government isn’t important enough for Sony to waste some of their precious time …
9. May, 2011
According to heise online (German, video in English), Professor Dr. Eugene Spafford estimates the costs Sony‘s EPIC FAIL to secure their PSN servers to be 21 billion dollars.
Wow. 21 … fucking … BILLION … dollars. That’s 70’000’000 PS3s. 70 million PS3s. 36 million iPhone 4s. 700’000 cars at $30’000/each. They must be doing pretty well to be able to afford such a loss.
And it’s not that they didn’t see it coming. Sony knew for months that their servers were outdated and missing crucial security patches. Well, someone decided that it wasn’t worth to fix that. So: EPIC FAIL. Again. And again. Will they ever learn?
That feels like the same arrogance which led to the lawsuit against geohot and graf_chokolo. Which probably made someone on the Internet so angry that they decided to give Sony this wedgy. Message to Sony: It’s not smart to be arrogant in the face of overwhelming odds.
You have, say, 1’000 people working to protect your assets. The world has a population of 7 billion (and you just lost 3 dollars to every and each of them) and the probability that one of them can kick you where it really hurts is about 1. At least.
Of course, the company is now using all its power to hunt down the little bastard. Sony, if you read this: Don’t be surprised if a 13-year old kid outwitted your whole security team.
Or rather the manager, who told the team not to fix those servers. But no, managers are never wrong. So the team must be punished. Fire them! All of them! Without supper! Serves them right! And don’t forget to sue the kid! Sue him to hell! Make sure he is not allowed to touch an electronic device ever again. EVER! It’s not your fault what happened! Try to create more DMCA-like laws! So you can sue more people! Get your engineering team to build a time traveling device so you can sue in advance! Force parents to divorce so they can’t breed anything threatening your revenue! Show the world who’s boss! Dictatorships never worked before but that should not stop you! It should rather encourage you! Grow by setting challenging goals!
See where the leads and why you can never win?
Making the world-wide security community hate you even more is your best bet! Trust me, I know at least as well as the guy who created this mess. And you trusted him, didn’t you?
28. April, 2011
So Sony‘s PSN user database was hacked. It seems the credit card data was in a safe place elsewhere. Encrypted.
The user data wasn’t encrypted.
Which leads me to an interesting thought: Apparently, the money was more important to Sony than the gamers.
Or maybe the credit card companies told Sony in very clear terms how to handle the precious credit card numbers, so Sony complied to those rules and when it came to passwords, age, place where you live, they were economical. As with how they handled the situation. At least, we didn’t have to tell them that they were hacked.
Unlike, say, Apple, they did tell us that something was wrong and they apologized for what happened. We’re just left with the task to clean up the digital mess they created.
How valuable is this data? Well, if you do something sensitive over the phone, say, calling your bank. And they want to make sure it’s you. What do they ask? Well, the simple stuff: Birth date. Where you live.
With data like that, you can open an eBay account and so some online fraud. Good luck proving it wasn’t you. Sure, it won’t be a problem but it will be an ugly hassle.
Make sure you check your next credit card bill; just to make sure Sony didn’t mess that up without noticing.