You're still completely missing the point with your anologies. The problem is that Sony has been hacked before and yet their security is still abysmal.

Like my English teacher used to say: "if a toddler unwittingly puts its hand into a flame and gets burnt once, then it's unfortunate. If they do it again then that's plain stupid."

I haven't read the entire tread but this will maybe interesting for some people.
http://www.escapistmagazine.com/videos/view/extra-credits/3350-Anonymous

^

There's hacking to prove a point and then there's hacking to be a jerk. These people aren't proving a point now they are just taking a nerd, shoving him in the locker and to pour salt in the wounds spraying water through the holes of the locker to torture him. Sony is indeed at fault for having lax security however hackers aren't completely in the clear being "Angelic" citizens. Hacking is a crime under federal law and I personally hope these people get jailed with some big guy named bubbah.

It's a different group this time. They probably got the idea to probe Sony's other sites after seeing the PSN fiasco, and then took advantage of their terrible security.

If they didn't do it, then someone else would.

It amazes me how quick people are to defend corporations who don't care in the slightest about them.

Me too, these companies don't give two [censored] about you, they just care about the green paper in your pocket. It even shows when they don't even really have any security up to protect the information you trust them with.

I'm left feeling the same way. Sony's misconduct far outweighs what the hackers are doing, and whilst I don't condone the latter, I'm not in a rush to leap to Sony's defence either.

how were they suppose to improve the cyber security of this system when they just finished working on the cyber security for the PSN

They should've employed more security specialists, and they should have done so with all their networks at least since the PSN breach was known about. There's absolutely no excuse for them not bothering.

I suspect they'll continue to not learn anything and the next Sony security breach is probably only a matter of time.

I feel bad for Sony, but I do agree with the fact they should stop being cheap and hire better specialists.

@Mysterious Dr D- It amazes me how quick people are to defend hackers who don't care in the slightest about them.

Not having sympathy for Sony doesn't imply that one supports the hackers. I dislike both parties, although I admit I have greater contempt for Sony.

It doesn't matter if they don't care about us, because, at the end of the day, what they did will force Sony into using better security practices. That's better for the end user. Regardless of whatever the hackers wanted, the outcome is far more positive to the consumer than what it could have been, which is tons of personal information being released.

Its sort of like a nuclear meltdown. Sometimes it takes a localized disaster to show people just how in need of a standards upgrade something is. The other alternative is everything failing at once catastrophically. Then everyone gets hurt.

The problem with that opinion is that in PSN's case, the whole reason it happened is because a butthurt hacker didnt get his way, and other neckbeards took his side. I see no good in any of this. It's not even about defending Sony, I just don't see these people doing any good themselves. Unless you consider cause people to potentially be victims of ID theft a good thing.

The cause of potential identity theft is Sony's bad security practices.

Newsflash: we don't live in a Utopian society. Some people have no qualms about hurting others for their own personal gain. For security hardening, security vulnerabilities are listed on the Internet so you can improve your own security, the downside is of course that someone can read these security vulnerabilities to do malicious things.

This is an oversimplification of the process that led to Sony's PSN problems:

1. Months ago someone noticed that there was a vulnerability in Apache. They filed a vulnerability report that details the vulnerability and how to fix it.

2. Sony does not do anything and centrally store all their customer information on the vulnerable server (stupid²)

3. People angry at Sony nmap PSN and notice that they are running a highly vulnerable version of Apache and attacks it.

That last step can be performed by anyone and requires very little technical know-how to do, and as I said: we don't live in a utopian society. If they didn't do it, it would have only been a matter of time before someone else did.

Does this mean that all of Sony's networks will need to be hacked before Sony decides it's better in the long run to protect their systems?

and corporations who think they can make you pay 300% of product value because it has their logo or brand and in return not even try to protect your stuff. who has the real messiah complex. (and I am not even specificly talking about sony)

I am sorry but if these kind of malicous hack attacks actually forces companies to stop slashing security funds to line their pockets they are contributing to society.

Sony is not "making you" do anything. Sony is not intentionally causing you harm or anyone, they can be careless but them being careless is a risk that those that barter with Sony take on their own.

The hackers however are causing harm and are trying to force people to do things because they are not happy. I bet Sony never tried to force the hackers to pay them money for their products but the hackers try to force Sony to change their work ethic. See the difference there ? One is forcing people and one is not.

We don′t live in an utopian society solely because of people like those hackers that justify doing bad deeds with bad reasons, a business is a business and if Sony really is pricing their games too highly then they will eventually fall to other companies and the evolution of business continues. But Sony will never force you to buy their products just to stay afloat, so why do you feel so intimidated by them ? I sure as heck feel more intimidated by a hacker on a self righteous crusade fancying himself to be some sort of a ruler who decides who does what, than I am of a company that is just doing its business without bothering me or anyone else who does not wish to be bothered.

:lmao:
:rofl:

If it wasn't them it would've been a cyber criminal who'd sell the information to the highest bidder or some other criminal group.

Idealism has nothing to do with real crime. We don't live in a utopian world because some people are just scum. I'd rather have people on a "self-righteous crusade" force companies to DO THEIR DUTY than have some criminal organization steal my identity and sell the info on the black market because companies won't take the most basic of security measures.

I wasn't specifcly talking abotu sony but what is happening is solely because sony is not providing the service that they are supposed to. idk if people pay for psn or not but thats irrelevent, when you take peoples personal information they are engaging in a contract to protecting that information. they were not even trying. these hackings aren't to cause people pain, its to out sony for dangerous business ethics.

If this had been a real malicous hacking we probably would have not known, this group has been announcing that they are taking this information. they could have said nothing and it would be unlikly any would know for a real long time since sony wasn't even putting in the service that they should have. they are now, if these events had not happened. sony probably would change their ways until a serious malicuous hacking happened.

And like I said, this isn't because sony is bad, the whole ethics of teh industry is bad. its their practice to cut their expenses in all areas to pay out bonuses and maximize profit. selling a cheap product is not necessarily immoral, but not doing every thing you can to protect your consumers identity is.

So all this talk of them giving out the info basically free online is jack ? If it′s not then what makes them different form the crooks selling the information, they′re just making it easier for the buyer by giving it away.

And if Lulsec does not have any intentions of giving out the info because they are "oh so good" then how are they going about forcing Sony to up their security ? And then it has to be without any side effects to the consumer.

Answer those two and I may change my mind.

lulsec only published the email address and password. They only published a fraction of the 1 million accounts they had access to. They also had access to coupons and administrative databases as well as addresses and credit card info. They didn't bother going after those because they only needed a portion of it for "cred" They said their crappy hardware couldn't download it all in any decent time.

Had a criminal organization done it, they'd use a botnet to get all the information. All 1 million emails would be compromised instead of just 50k. My address and credit card info would have been taken. Fraudulent coupons would have been made. They'd have my demographic information which would mean is all they'd need is my SSN to steal my identity (and with all the rest of the info they took, getting my SSN would have been a trivial task)

I never once said Lulsec was "oh so good". I called them greyhat, because that is what they did. They didn't do it the whitehat way, but neither did they do the above.

It's pretty simple to see what the lesser of two evils is.

As for forcing Sony to fix it: this is highly publicized. Sony has to fix it less lose face. In the event of PSN, Sony was audited by the Payment Card Industry -- they couldn't turn PSN back online until the PCI approved it.


Note: I do not approve of Lulsec's actions. They didn't do it the whitehat way, but I DO approve of whitehats. Also, I feel that even though Lulsec didn't do it the right way, them hacking Sony pictures is a lesser evil than Sony continuing to run an insecure and highly vulnerable network and a REAL criminal organization attacking it.

Edit: In case you don't know what would be considered "whitehat" it'd be someone (or group of someones) who does the following: They discover a security flaw in a company's setup. They then contact the company. If the company does nothing about the flaw they tell the media/publish the vulnerability (which is usually already a well known vulnerability in the security world, just not that company X is affected by it)

its not about saying that those hackers are good people. but the point is that its wrong to say companies like sony are victims or that sony hadn't done any thing wrong. sony was neglagent. Sony was told that their security was extremly vunerable and they shrugged their shoulders and did nothing, because they don't care as long as it costs them as little money as possible. sony knew this was an issue and only started until some one proved that it was an issue.

my point is that corporations that handle our information should be held accountable to doing every thing they can to protect that information. take your anger out on hackers when they break in to a system when the people like sony did all they could to protect our information.

sony is responsible for this because these events WILL have happened whethor or not this one group hacked them or not. and it would have been worse, we would not know that this information was being stolen because real hackers who are trying to hurt you don't tell you what they have done they just do it. and people would never know that their identity was being taken until its already too late.

@DEFRON

the white hat way doesn't even work any more. if some one just goes to the press about a companies neglagence that company pumps cash into PR to combat that media story. if any thing I bet they wished thats all activists do any more, sense corporations can count on jaded consumers rarly watching the news. I see people whistle blowing on the news all the time, nothing gets changed. I mean, even after all that happened with the oil spill they haven't even changed their practice. (sorry if thats kinda political... but this thread has already gotten political so actually I am not sorry)

That's why you properly publish the method as well.

This is what's gonna happen with the chip & pin security hole in Europe soon. It's been proven to have a huge security hole for a long time now, but only one bank has fixed it. The vulnerability is well-documented, and everything you need to know is in the wild except a single minor blob, which is supposed to be extremely easy to figure out, but some people are saying that's going to be published soon, which'll make the entire vulnerability out in the open highly documented.*

*note, since I am american I don't keep up with the chip and pin security hole, so it is possible that the other banks have fixed it now. (http://www.youtube.com/watch?v=gv3dxjvqk7Y) -- This exemplifies the security problem: The fix for chip and pin is extremely simple (you just have to make sure the POS and bank agree on the payment method), yet the banks still don't fix it, because of the agreement customers sign when getting a chip and pin card.