| Mail |
You might also like: WoW Insider, Joystiq, and more

Reader Comments (56)

Posted: May 5th 2011 5:07PM aurickle said

  • 2 hearts
  • Report
@HokieKC
I'm not offering excuses. I'm giving a picture of how it happens and NOT just with Sony. You think Sony is unique here? From my own personal experience with various companies I've worked for I would estimate that about 80% are in similar condition.

That's why I'm warning you and others in this thread to not assume that the companies you're giving your personal info to have taken the necessary steps to adequately protect that data. (Or to assume that "adequate" is equal to "completely".)

I'm glad to see a big company finally get hit like this since it's a topic that has needed to be brought into the light of day for a long time now, and sometimes only a huge disaster will wake people (companies and consumers alike) up.
Reply

Posted: May 5th 2011 5:13PM HokieKC said

  • 2 hearts
  • Report
@aurickle - If a multi-billion dollar company like Sony knew about vulnerabilities in their networks/system with the personal data of tens of millions in jeopardy and failed to remedy that major known vulnerability...does that make them unique? Yes. It does.
Reply

Posted: May 5th 2011 5:19PM aurickle said

  • 3 hearts
  • Report
@HokieKC
That's where you're wrong. Count on the fact that many, many other multi-billion dollar companies have exactly these same problems. The only thing that's unique here is that there weren't firewalls. But even that is not truly unique. I know there are others out there that don't have them either.
Reply

Posted: May 5th 2011 5:23PM HokieKC said

  • 1 heart
  • Report
@aurickle - How many other multi-billion dollar corporations knew of major security vulnerabilities which put the personal data of tens of millions at risk and failed to act on that knowledge?

I can't name one off the top of my head from the last five or even ten years.
Reply

Posted: May 5th 2011 5:39PM aurickle said

  • 3 hearts
  • Report
@HokieKC
Go to http://www.privacyrights.org/data-breach/new and change the search filter to only show Hacking or Malware

Get ready for a very long read. Heck, even Apple is in the list and from just last month. McDonald's from December. Walgreens, too. You should read the update under Federal Reserve Bank of Clevelend (Novemeber 18.)

In fact, Apple directly contradicts the case you just made since they were on the list from last month AND from June of last year. So they'd been hacked once. I think that qualifies as a pretty darned big warning, don't you? Yet almost a year later their security was still insufficient to prevent a second data theft. And last I checked, Apple is indeed a multi-billion dollar company.

I can guarantee you that in the majority of those incidents, one or more IT managers had previously been trying to get the company to make security changes that he was saying were necessary.

Again, I am not attempting to justify Sony's actions. Nor am I trying to justify the actions of these other companies. My whole point is that security is shockingly vulnerable across a broad spectrum of companies. The list in my initial post is meant simply to explain how this sort of thing can happen.

Was Sony in the wrong? Absolutely. Are they suffering for it? Most definitely. Are they alone? Not even remotely.
Reply

Posted: May 5th 2011 5:44PM HokieKC said

  • 2 hearts
  • Report
@aurickle - Did any of the companies you list above know about vulnerabilities prior to attacks, hacks, etc. and failed to fix them? From what I've read, no.

The fact Sony had vulnerabilities and got hacked isn't unique. The fact they knew they had major vulnerabilities and didn't act is. That's what makes this Sony case so unique.
Reply

Posted: May 5th 2011 6:01PM (Unverified) said

  • 2.5 hearts
  • Report
@aurickle

I would bother correcting you on several points but I think a one word response sums it up: firewall.
Reply

Posted: May 5th 2011 6:18PM aurickle said

  • 2 hearts
  • Report
@(Unverified)
Firewalls aren't bulletproof. It's inexcusable that Sony lacked one, but a firewall does not render you invulnerable to attack.
Reply

Posted: May 5th 2011 6:46PM (Unverified) said

  • 2 hearts
  • Report
@aurickle Yes but how many of the prior hacks around the web were due to no firewall? I'll give you a hint: zero.

They had a legal duty and obligation to provide at least a minimum semblance of protection for consumer data. They did not do that. While you are attempting PR damage control I can tell you right now a court will eat them alive. A judge won't fall for the smokescreen.
Reply

Posted: May 5th 2011 7:11PM aurickle said

  • 3 hearts
  • Report
@(Unverified)
Dude, where have I been defending Sony here? I haven't been. In fact, I just stated that it was inexcusable that Sony didn't have a firewall.

NONE of what I've said from my first post in this thread on has been a defense of Sony. My sole purpose has been to explain how and why these kinds of things with network security can happen in the real world so that people could understand how rampant data security problems actually are.

Our data is vulnerable everywhere. Heads at Sony need to roll because of this. (Although unlike some people, I am not in the "I hope Sony dies!" camp. I happen to enjoy EQ2 and want to keep playing it. But I do want my data to be more secure going forward.) The problem, though, is that by everyone fixating on Sony the way you folks are, you're leaving yourselves vulnerable everywhere else.

So Sony is going to get its act together. Great. But that only leaves a few thousand other companies that need to follow suit. On a richter scale of security flaws it's sounding like Sony was pretty much right at a 10. Do you really mean to see them fry and call it quits, though, while turning a blind eye to all the 8's and 9's out there? That's sure what you guys are sounding like.
Reply

Posted: May 5th 2011 8:16PM Vagrant Zero said

  • 2 hearts
  • Report
@aurickle Give it up, you're arguing with gamers; and gamers as a typical whole are morons, especially in regards to anything that doesn't have an oversized sword...or boobs. Oversized sword-boobs. Yes, that explains things adequately.

Seriously though, just don't bother.
Reply

Posted: May 6th 2011 8:56AM (Unverified) said

  • 2 hearts
  • Report
@aurickle
One question aurickle, why is it none of those other companies you mention had their networks taken down for weeks at a time? Could it be that their data breaches were relatively limited in scope?

The reason Sony is in so much hot water is because their negligence is on a scale yet unseen in a major online business. That's why PSN is not up yet. The Payment Card Industry will not allow Sony to do business on the internet until they finish their review of the incident. No company that has been PCI compliant has had a major data breach. Sony was supposed to be PCI compliant, they were not.
Your constant whining about how every other company on the net is unsecure just doesn't hold water. There are Industry standards for credit card data that have proved secure 100% if followed corerctly.
Reply

Posted: May 5th 2011 4:52PM xHotPotatox said

  • 2 hearts
  • Report
@tepster
Real mature

Posted: May 5th 2011 4:55PM xHotPotatox said

  • 2 hearts
  • Report
As much as Sony may have screwed up I can't help but feel a lot of people are willingly forgetting the fact that this all happened because a hacker or hackers went about committing a very serious crime. Guess its easier to blame Sony for everything than to actually fine the culprits.

Posted: May 5th 2011 5:14PM tepster said

  • 3 hearts
  • Report
@xHotPotatox
If I paid you to watch over my stuff and you left the door open and unlocked while you were away and then got robbed, I'd blame you.

(Not saying that's what Sony did since we don't know yet)
Reply

Posted: May 5th 2011 5:23PM warpax said

  • 2 hearts
  • Report
@xHotPotatox it not OUR job to catch or prosecute the hackers. SOE and the FBI will take care of that. it is our job as customers and consumers to call out and hold responsible the shoddy and negligent practices of those we do business with and entrust our info and money with.
Reply

Posted: May 5th 2011 5:34PM xHotPotatox said

  • 2 hearts
  • Report
@tepster
I'm not saying that Sony should get out of this with clean hands. I'm just noticing a lot of people seem to ignore the fact that someone or a group of people willingly made the choice to commit a crime here.
Reply

Posted: May 5th 2011 5:52PM xHotPotatox said

  • 2 hearts
  • Report
@warpax
Thats fine and dandy but let Sony fix up the issues before we start hauling them into DC so a few congress men and women can waste our tax dollars. It feels like there are way to many people who are letting their anger and surprise than level heads and logic.
Reply

Posted: May 5th 2011 7:45PM SFGamer69 said

  • 2.5 hearts
  • Report
@xHotPotatox

In this case, the culprits exposed Sony's own criminal negligence. So yeah, the hackers are bad people, but it took them doing that to shine a light on something Sony has supposedly been long aware of.
Reply

Posted: May 5th 2011 4:56PM RTaveira8 said

  • 2 hearts
  • Report
Gene Spafford, i would like to know what his source of the info is?

And WHY would sony make a statement here they haven't found everything out yet. If Apple had been the target the community would be bouncing around to do whatever they could to help out the underdog, give me a break.

Featured Stories

Make My MMO: October 19 - 25, 2014

Posted on Oct 25th 2014 8:00PM

Perfect Ten: My World of Warcraft launch memories

Posted on Oct 25th 2014 12:00PM

Engadget

Engadget

Joystiq

Joystiq

WoW Insider

WoW

TUAW

TUAW