» Wed Aug 18, 2010 5:04 pm I was with you originally. Originally I felt the risk of data being leaked was low, because I expected Sony to comply with various industry-accepted standards. Then the information came out that Sony left the information unencrypted, and I was honestly shocked. Then Sony released their letter to the the US congress subcommittee on commerce which detailed that all the data was leaked, then reports by various security experts about Sony not running up-to-date software came out, with prior evidence included.
I honestly cannot say Sony is a victim, at least not in the innocent sense. If your bank left their vault unlocked and had fake cameras in place and was robbed with this information coming out, would you consider your bank to be an innocent victim? I certainly wouldn't because they were grossly negligent in their security, and Sony is the same here -- their gross negligence is something that should not be overlooked. Their hack was completely their own doing. Now if it was the case that it was a zero-day exploit in apache, I'd be much more forgiving, but this isn't the case: Sony was running unpatched software and as such they were just inviting hackers.
I know it's not something most people are familiar with doing, but detail logs and exception logs will tell the story of what happened quite clearly. They will list every file accessed and who accessed it. Now, given the large size Sony's logs are, it would probably take some time to fully find out all the information, but finding out if personal information was compromised is a quick query. Sony hid under running their logs through a fine-toothed comb as an excuse to why they didn't release the information about the leak earlier. Yes, that does mean they had the full picture, but honestly they undoubtedly had known about the leak of personal information quite a bit beforehand.
I honestly cannot say Sony is a victim, at least not in the innocent sense. If your bank left their vault unlocked and had fake cameras in place and was robbed with this information coming out, would you consider your bank to be an innocent victim? I certainly wouldn't because they were grossly negligent in their security, and Sony is the same here -- their gross negligence is something that should not be overlooked. Their hack was completely their own doing. Now if it was the case that it was a zero-day exploit in apache, I'd be much more forgiving, but this isn't the case: Sony was running unpatched software and as such they were just inviting hackers.
I know it's not something most people are familiar with doing, but detail logs and exception logs will tell the story of what happened quite clearly. They will list every file accessed and who accessed it. Now, given the large size Sony's logs are, it would probably take some time to fully find out all the information, but finding out if personal information was compromised is a quick query. Sony hid under running their logs through a fine-toothed comb as an excuse to why they didn't release the information about the leak earlier. Yes, that does mean they had the full picture, but honestly they undoubtedly had known about the leak of personal information quite a bit beforehand.
The whole thing is pretty salty then, and yeah I was thinking by free downloads we would get like certain PS1 games free to keep. If not then that is a pretty sat compensation.
Yet somehow I feel like when its back up all these problems will magically disappear. At the root of all the frustration is the simple statement: "We just want to play."
Edit: oops never mind someone just said it.
