well, someone is basing their information on incorrect sources :P. It has already been proven, for instance, that their servers were up to date. That was proven like a week and a half ago. Sony never said anything about them being out of date. That was based on rumor and speculation by people not even involved with Sony.
As for the rest of your reply, that, too, was all based off of rumors.
1. Sony sent everyone emails pertaining to the outage and the possible problems it could cause. If you used a fake email for sign-up, that's your problem
2. Could Sony have responded earlier? Yeah, by like a day at the most, but Sony didn't know what, exactly, could have been compromised. It even took three third party security firms about 6 days or so to find that out as well. As for security measures, they did have credit card info encrypted, and the passwords weren't in plaintext, like many speculators claimed. The only information that was in plaintext was name and address, etc, most of which you can get from various other sources more easily.
3. No one has suffered any financial loss as of yet, and it's still a possibility they won't. None of the banks or financial institutions have reported any kind of fraudulent activity due to the compromisation of data (which, by the way, does not mean the same thing as stolen). Plus, with the ID Theft protection services, Sony does, legally, have to provide for anyone who was affected anyway, but as of right now, no one has been affected in a way that their IDs and/or credit card numbers have been used in a fraudulent manner, so if nothing happens to them, then the lawsuits will eventually be dropped.
4. Despite the service not being available to us as of yet, I'm pretty sure Sony will make sure that the service will retro back to around the 17th. If not, Sony would, then, have to cover for data/ID theft, if it were to happen, in which it hasn't yet.
5. Sony didn't show up in person because of the investigation, but they did respond to Congress' inquiry in the form of like a 6 page letter, which detailed their investigation and their plans for compensation. They didn't just say "We're too busy" and blatantly ignored the request.
6. Obviously, Sony shut down the servers because of weird activity server side that suggested something fishy was going on. Granted, it probably wasn't the best security, but the fact of the matter is, they did respond. Beyond that, they had no idea what, exactly, could have happened, hence why they hired in a few security firms to help with the investigation. The fact still remains, though, that there is no evidence any information was stolen at all, but that it was only compromised.
Eddie said:I'd like to clear up some possible incorrect assumptions if you don't mind.1. Sony announced the intrusion the day after they took services down. The stolen data was announced the day after Sony got confirmation of it from the 3rd party security experts. This has been addressed in Sony's letter to Congress. In fact they STILL do not know 100% of what was taken. The senator that originally stated he was upset with Sony has changed his position and now commends them for a job well done after he got all of the facts.2. Its VERY unlikely any lawsuit will affect Sony over this. There have been two filed but they will likely be dropped since there is no proof that Sony used subpar security. It is not illegal to get hacked. They are however on the line for billions of dollars of losses just getting this corrected.Its still ok to be pissed. Just be pissed for the right reasons and not a fallacy.Thanks for the Netflix suggestion, we actually posted an article on this last week. It doesn't work for all versions though, but def works for me.
In fact Sony admitted that the version of Apache was not the latest version and in fact had not been patched bringing it up to par. Secondly most of the users of PSN have not been notified to date by Sony, they have found out by third party and ruhmor mills.
No it is not illegal to get hacked, it is illegal to fail to notify the possible effected users in a timely manner.
It is also illegal to not user proper security measures to protect and encrypt such info as to make it useless to hackers.
As for the lawsuits, it is very likely that they will not be dropped, in fact they are needed to ensure proper compensation to those that have suffered physical financial loss, that have been and will be encoured. This is needed since the info stolen is in the process of being sold, and publicly posted to those whom would use them for monitary gain, or to maliciously damage individuals identity such as credit ratings.
The only thing Sony has publicly done is appologize and to make an offer of ID Protection which to date, has yet to happen, each day bringing the danger of loss closer and closer.
As to the first public inquiry Sony failed to attend, stating they were too busy investigating.
If the proper network monitoring had been in place the breach would have been seen in action and stopped.
I am a network engineer and have been employed by the DOD and fortune 500 companies. I have first hand knowledge of detecting and stopping entrusions, it would take an idiot to not see multiple Gigabytes of data being moved off the netwok.
As Jay pointed out. The version of Apache server is not known. All we know is that Sony states they were up to date as expressed in their letter to Congress. Since the FBI and ICO is in the server, it wouldn't do Sony any good to lie about it.
Actually it is not illegal to take your time notifying customers of a "possible breach". In North America, you do not have to notify anyone until you are positive data was stolen AND you only have to notify the people who were affected. It does not have to be publically announced.
It is illegal to have unencrypted credit card data, however Sony's CC table was encrypted by SSL as any other business is. Your password data was even hashed.
As of now, no credit company's are reporting any financial loss to this entire debacle. right now there is no evidence of any malicious use of personal data.
It is however improbable to identify gigabytes of data being moved from a server when you're in the process of warding off DDOS attacks when the data was in fact stolen.
As far as the public hearing Sony didn't attend...the same people there that were being strong handed with Sony are now commending them for a job well done.
Most Users Ever Online: 349
Currently Browsing this Page:
Guest Posters: 199
Newest Members: jforjamiex