| Mail |
You might also like: WoW Insider, Joystiq, and more

Reader Comments (56)

Posted: May 5th 2011 4:36PM Dunraven said

  • 3 hearts
  • Report
This is going to cost Sony for sure, But I strongly believe it's going to cost the perpetrators more in the long run after they are caught...and they will be caught.

Posted: May 5th 2011 5:29PM pcgneurotic said

  • 2 hearts
  • Report
@Dunraven

Amen. I'll be first in line with a torch and a pitchfork too.
Reply

Posted: May 5th 2011 7:00PM sortius said

  • 3 hearts
  • Report
@Dunraven

I doubt it, Sony are very close to the edge, if they aren't decisive at the moment they may kill their own gaming brands, and this can have a flow on effect to other products. Sony are not too big to fail, they will get lynched if they don't deal with this problem correctly.

The guys who stole the data, well, good luck finding them. My suspicions are Russian, Indian, or Chinese mafia. They exist due to corruption, so law enforcement will never find them.

I'm just flabbergasted at the lack of security Sony had running. No encryption or intrusion detection on a external facing server, well, that's less than I have running at home on my Linux server. I've worked for small companies with better security policies than seem to have been in place. Not noticing 100m records being pulled from your main CC database is in the league of TJX (google it, biggest data breech ever).

Again, Sony is on thin ice, they risk becoming a casualty of their own complacency if they don't deal with the situation. They've already shown a lack of foresight in the initial response, time will only tell now.
Reply

Posted: May 6th 2011 10:04AM real65rcncom said

  • 2 hearts
  • Report
@pcgneurotic
This is going to make that Canadian kid's class action lawsuit vs Sony lawyers salivate.
Reply

Posted: May 5th 2011 4:38PM Lenn said

  • 2 hearts
  • Report
Damn, what a mess.

Posted: May 5th 2011 4:38PM HokieKC said

  • 3 hearts
  • Report
Sony has a lot of explaining to do. And three Japanese men bowing doesn't count.

Posted: May 6th 2011 7:47AM Suplyndmnd said

  • 2 hearts
  • Report
@HokieKC

From what i heard, in Japan that was about the biggest apology you can give but as Sony is a global company they are going to have to do more. They completely screwed the pooch on this one and more information is coming out and painting a worse picture then we even imagined at the start. On top of this, it was reported on n4g.com that a third attack has been planned by hackers to be carried out in retaliation to the weak response by Sony.

I can't condone what these people did or are about to do as it's illegal and wrong but Sony merely put a simple lock on the door expecting people to stay out. The old adage is that locks only keep honest people honest. Someone wants in, a lock is only going to slow them down for a second until they just kick the door in. Sony's door has been kicked in and the hackers supposedly left a window unlocked on the way out and plan on revisiting.
Reply

Posted: May 5th 2011 4:41PM ultimateq said

  • 2.5 hearts
  • Report
Somehow I'm not actually very surprised.

Posted: May 5th 2011 4:44PM Equillian said

  • 2 hearts
  • Report
what a bunch of BONEHEADS.

Posted: May 5th 2011 5:02PM aurickle said

  • 3 hearts
  • Report
@Equillian
You would be appalled by how often this situation develops with e-commerce sites. I don't think I've ever worked for a company that kept all their servers and other software updated and patched to the most current versions. In fact, I would be very surprised if more than 20% even come close to doing so.

Sony is unique only in that it bit them. Count on seeing more and more of these stories in the future. Although hopefully this will serve as a wakeup call for general managers to actually start listening to their IT managers.
Reply

Posted: May 5th 2011 6:12PM Seldra said

  • 2 hearts
  • Report
@aurickle Finally someone that can put things into perspective.
Reply

Posted: May 5th 2011 8:02PM Sean D said

  • 2.5 hearts
  • Report
@aurickle

I'm bothered by your logic. Just because others are guilty of the same negligence doesn't mean Sony isn't responsible, at least in part, for what's happened to them and us. Two wrongs don't make a right.

I hope those other companies you speak of take this lesson to heart, in spite of any obstacles there may be in doing so, and secure their systems. If they are unable to do so, then maybe they should question whether or not they should be operating at all.
Reply

Posted: May 6th 2011 8:43AM Equillian said

  • 2 hearts
  • Report
@aurickle

On the contrary Aurickle, I work as a Network Infrastructure Engineer. Our environment has only about 100 servers (so no,it's not SOE, but it is a decent size). In 15 years of IT, I have never seen a company exec say "We shouldnt keep servers up to day via patching." or worse yet "You (infrastructure team) cannot patch servers!".

If the execs knew that their servers weren't being patched, they should have tarred and feathered or at least fired that section of the IT Team and replaced them with someone who would take patching seriously.

Making sure servers are at full patch level is FUNDAMENTAL to IT. Security should be on the mind of EVERYONE in a company down to the janitors. This is lazy at best, and criminal at worst.
Reply

Posted: May 5th 2011 4:46PM Starsmore said

  • 2 hearts
  • Report
Don't get me wrong, this is a bad thing that Sony's caught up in the middle of.

But don't these politicians have something better to do?
Million (or billion) dollar budgets to balance?
Trillion dollar deficit to cut?
Several wars to get us out of?
The list goes on...

...but of cousre, that stuff is hard. It's easy to hold a press conference and point fingers at Sony and look like you are doing something to earn your pay.

Posted: May 5th 2011 4:52PM HokieKC said

  • 3 hearts
  • Report
@Starsmore - There are actually committees and sub-committees in Congress that deal with these issues.
Reply

Posted: May 5th 2011 7:03PM jslim419 said

  • 3 hearts
  • Report
@Starsmore

"But don't these politicians have something better to do?
Million (or billion) dollar budgets to balance?
Trillion dollar deficit to cut?
Several wars to get us out of?
The list goes on..."

any government that can only do one thing at a time is clearly too inept to govern anything. a lot more happens in the judicial, legislative, and executive branches of government in one day than what MSNBC, or Fox news reports on what government is doing in a month.
Reply

Posted: May 5th 2011 7:04PM tmarg said

  • 3 hearts
  • Report
@Starsmore

Actually, protecting consumers from companies that put them at risk by cutting corners is one of our government's most important responsibilities.
Reply

Posted: May 5th 2011 4:49PM aurickle said

  • 3 hearts
  • Report
Having a close friend who's an IT manager I can definitely understand how this happened.

First off, all server hardware is significantly more expensive than the consumer equivalents. When you're dealing with huge data centers like what Sony runs its systems off of you can't just go down to Best Buy and get a router.

Second, updating the server software is not always a simple option. The code that runs your websites was programmed for a specific version. At some point, the updates are going to break your code which requires rewriting. Sometimes major. Even without that, you still have server down time which means business down time. And sometimes the only way to implement these changes is to install everything on a new server, copy all the data across, then bring the sites up again. There are risks when this is done.

Third, IT resources are typically limited. IT managers are expensive and the truly competent ones more so. The result is that companies rarely have as many as they actually should which means that those they have typically are stuck with more on their plates than they have hours in their lives to accomplish.

Fourth, as a company ages it reaches a point where the current staff is not the staff that built everything to begin with. They don't have intimacy with the code, which can be hideously complex. This in turn makes it harder and harder to update anything.

Finally, IT managers are not the ones who control the check books and credit cards. They have to justify their requests to people who typically wouldn't know an SSL from an ISP if it bit them. You feel like you're speaking two totally different languages and the decision maker just doesn't have the same priorities that you do. Unless you can prove a significant vulnerability -- which is tough when the guy doesn't really know what you're talking about -- it's hard to justify all the items above.

I'm not saying this to excuse Sony but rather to say that I understand how it could have happened. The truth of the matter is that this is an issue at far, far more companies than any of us would like to think. We should all be taking this as a major wakeup call that no matter how much it SHOULD be the responsibility of the companies we do business with to protect our data, the reality is that we must be the ones to do that ourselves. Do not make the mistake of thinking that your accounts are safe elsewhere and Sony was a fluke. Sony was only a fluke in that it was the one to get targeted THIS TIME.

Posted: May 5th 2011 4:57PM HokieKC said

  • 3 hearts
  • Report
@aurickle - There are no excuses for a multi-billion dollar corporation knowing about major vulnerabilities and not taking measures to remedy them (regardless of what your IT manager friend says).
Reply

Posted: May 5th 2011 5:05PM (Unverified) said

  • 2 hearts
  • Report
@aurickle

I completely agree with you here.

I can understand the outdated version due to coding restraints but not creating your system with a firewall in mind was a bad decision on their part. That's the only thing that bugs me about all this.

Having no firewall is just terrible security-wise; especially for servers. I can't help but think that Sony was in the wrong here either way due to that. (Don't mistake that as me saying the hackers weren't at fault. I was more referring to Sony's assurance in it's customers data being safe.
Reply

Featured Stories

Engadget

Engadget

Joystiq

Joystiq

WoW Insider

WoW

TUAW

TUAW