Oh my Gee Wiz, Sony!

[BBM128]

I feel really really bad for Sony.

No system is fool proof and I can tell you as a fact that the entire IT Security industry is looking at what happened with Sony very carefully. Government agencies, private business, even competitors.

The amount of malware out there is increasing exponentially every year. 34% of all malware ever created, was created in 2010! The outlook for 2011 is looking even grimmer.

Now we are seeing the rise of Advanced Persistant Threats (APTs). These insidious threats are custom made, and do not get picked up by malware scanning applications. They infiltrate a network without detection and spend months gathering intel on how the infrastructure is setup. When they have sufficient information, then they launch the attack.

Google was attacked through an APT from China. One of the first encounters with an APT. Google found out during the investigation that they had been breached at least 3 months prior to the attack.

This isn't a failure on Sony's part. Cyber criminals are extremely intelligent, well organized and often better funded. They operate 24/7, they are not subject to laws, policies, guidelines or ethics.

That's actually pretty scary.... But sadly, these things are gonna be more of an issue, not less, as we become more digitally dependent for content.

[DaveS1138]

You've got to be fucking kidding me.

http://kotaku.com/5803050/sony-plays...ly-compromised

Apparently we need a new word for those days when D'OH! just doesn't say it all.

[Snadinator]

Maybe, but public perception will be that it is. The public doesn't usually care if its right or not.

The public can think whatever they want. They are NOT security professionals.

[Snadinator]

That's actually pretty scary.... But sadly, these things are gonna be more of an issue, not less, as we become more digitally dependent for content.

Very true. Our next nightmare is handheld wireless devices. Some, like Blackberry support s/mime sha1 1024 bit encrypted e-mails, but still, it's a security nightmare and cyber criminals are very much aware of the upcomming trends.

Other evils are social media like twitter and facebook where people freely display personal information

[TheAnalogKid]

So is this just a drive-by Snadinator'ing or you gonna stick around for a little while?

[Arthur Hucksake]

I don't feel sorry for Sony. I feel sorry for people who do fall victim after having their information stolen.

Can't tell me nobody has attempted to hack Microsoft or other big companies all year round, which tells me Sony's security in place wasn't good enough to begin with.

[twonunpackmule]

I think around the neighborhood of 40-something percent of all hacks done to companies do not get reported to those consumers potentially affected.

I think this number is made up.

[TheAnalogKid]

I don't feel sorry for Sony. I feel sorry for people who do fall victim after having their information stolen.

Can't tell me nobody has attempted to hack Microsoft or other big companies all year round, which tells me Sony's security in place wasn't good enough to begin with.

I think around the neighborhood of 40-something percent of all hacks done to companies do not get reported to those consumers potentially affected.

[HuskerGuy]

I think this number is made up.

65% of all statistics are made up. 82.4% of people believe these statistics.

[AllSport11]

Let's see, I am a PSN+ member and own a PSP and what they are offering for "inconveniencing" me are games that I have absolutely no interest in. Since we get to choose two of them for each why not take the cost for those four games and offer that amount to the customers to choose what games "they" want. Doesn't seem to hard to do to me.

[twonunpackmule]

65% of all statistics are made up. 82.4% of people believe these statistics.

I 100% agree with this.

[Snadinator]

I don't feel sorry for Sony. I feel sorry for people who do fall victim after having their information stolen.

Can't tell me nobody has attempted to hack Microsoft or other big companies all year round, which tells me Sony's security in place wasn't good enough to begin with.

This is simply wrong.

73% of all online businesses have been breached in the last 2 years. 20% simply do not know. That means it is very likely more than 73%. It is very probable that Microsoft Xbox Live is compromised AS WE SPEAK through an APT and will not find out until an attack is launched.


You bet your ass that Microsoft is seriously concerned about these events.

p.s. the statistics I am presenting aren't made up. I work in IT Security.

[Snadinator]

Do not use the same password for all your ventures. Your e-mail password should be different than your paypal, hotmail, gmail, PSN, XBL passwords.

Passwords should be at least 12 characters in length, contain at least one upper case, at least one lower case character, at least one numerical and at least one special character. Do not simply append the number at the end and do not repeat your password (ex: barbar1).

A password like that is very hard to breach. It often takes a supercomputer and a lot of time. Change your passwords every once in awhile.

[Snadinator]

So is this just a drive-by Snadinator'ing or you gonna stick around for a little while?

Heh... unfortunately my job is a lot more demanding now and so I don't get as much time as I used to.

[Arthur Hucksake]

If Microsoft had a security breach anywhere near this level, guaranteed the press would get wind of it. The PSN got hit because it was easy pickings. Likely they will get away with it too.

And it gets worse....

http://www.eurogamer.net/articles/20...rd-page-hacked

Eurogamer has seen video evidence that verifies reports that Sony's PlayStation Network password reset system suffers from an exploit that allows attackers to change your password using only your PSN account email and your date of birth – information compromised in the PSN hack of 20th April.