Scattershot Spreading the word - PSN

thatbloke · 3 Jun 2011

BiG D said:
THIS JUST IN: crime is totally ok as long as the victim was vulnerable?

Who's the bigger criminal? Sony for storing people's personal information in such a vulnerable manner, or the people who have exposed these shoddy flaws? In my opinion, Sony.

Whilst I agree that no-one should be hacking the site in the first place, Sony are breaking WAY too many laws to do with data retention and security. If they are going to store people's details (MY details) I want to know that they are behind an appropriate security wall. Nothing is impenetrable, and with the right resources ANYONE could get hacked in such a manner, but to be exploited by one of the most well-known and easily executable type of exploit out there, and then to have no further security in terms of encryption and the like once that very simple exploit has been executed I consider to be a worse offence, because it shows that they do not seem to care about my personal details being compromised.

Panda with issues... · 3 Jun 2011

thatbloke said:
Who's the bigger criminal? Sony for storing people's personal information in such a vulnerable manner, or the people who have exposed these shoddy flaws? In my opinion, Sony.

Whilst I agree that no-one should be hacking the site in the first place, Sony are breaking WAY too many laws to do with data retention and security. If they are going to store people's details (MY details) I want to know that they are behind an appropriate security wall. Nothing is impenetrable, and with the right resources ANYONE could get hacked in such a manner, but to be exploited by one of the most well-known and easily executable type of exploit out there, and then to have no further security in terms of encryption and the like once that very simple exploit has been executed I consider to be a worse offence, because it shows that they do not seem to care about my personal details being compromised.

You're ranting quite a lot. Do you even own a PSN account or whatever?

Kasatka · 3 Jun 2011

Sony are as far as i know under no legal obligation to safeguard people's data - it's the user's decision to hand that data over. The hackers DID break laws by obtaining the data, and while sony could be culpable of negligence it's fairly obvious who would win in a proper court case (of course you'd never get the group of hackers into court in the first place, but you get my point!)
I'm a PSN user, but i created an original handle and password for it, and never gave them my credit card details. Am i bothered by Sony's failings to date? Not at all. Am i bothered by the hackers? Yes, because they are maliciously preventing a free public service from working, supposedly in the name of "white hat" hacking.

bacon · 3 Jun 2011

Kasatka said:
Sony are as far as i know under no legal obligation to safeguard people's data - it's the user's decision to hand that data over.

Apart from a little something called the Data Protection Act 1998

http://www.ico.gov.uk/for_organisations/data_protection/the_guide.aspx

Kasatka · 3 Jun 2011

'Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.'

Pretty hard to enforce that one until it gets broken tbh.

bacon · 3 Jun 2011

I count encryption as being appropriate.

thatbloke · 3 Jun 2011

bacon said:
I count encryption as being appropriate.

This.

In addition, I don't have a PSN account, I do, however, have an SoE account from my Planetside days. SoE accounts were also compromised. I gave my details to Sony, I did not authorise them to hand those details over to other people.

I can understand if they were hacked, and it was some complex attack that took the might of a few hundred people to achieve over a long time, and they already had all of their servers patched against all currently known vulnerabilities - were this the case, I would still be pretty pissed off, but knowing that they had taken appropriate precautions, I could get it off my chest somewhat easier.

The simple fact is that on the information I have seen, this is not the case, and it just smacks of total and utter incompetence, and a lack of appropriate concern for the security of people's personal data.

Ronin Storm · 3 Jun 2011

bacon said:
Apart from a little something called the Data Protection Act 1998

I do wonder how well that would stand up in court, Sony being Japanese an' all. Sure, they need to abide by local trading laws, but I bet that the databases, subsidiaries and so on are all off our shores. It'd be a difficult case.

BiG D · 3 Jun 2011

thatbloke said:
The simple fact is that on the information I have seen, this is not the case, and it just smacks of total and utter incompetence, and a lack of appropriate concern for the security of people's personal data.

What information HAVE you seen? This is the first attack that mentions the vector and data storage, and fankly its has nothing to do at all with any previous attacks... I would expect anything further is speculation at best.

Zhar · 5 Jun 2011

Seems related

Ronin Storm · 5 Jun 2011

Nice find. Certainly related, though clearly nothing like as severe. From the little information provided, seems like a web server was left with some development strings still hanging around.

Scattershot Spreading the word - PSN

thatbloke

Junior Administrator

Panda with issues...

Well-Known Member

Kasatka

Active Member

bacon

Well-Known Member

Kasatka

Active Member

bacon

Well-Known Member

thatbloke

Junior Administrator

Ronin Storm

Administrator

BiG D

Administrator

Zhar

New Member

Ronin Storm

Administrator