backtop


Print 95 comment(s) - last by AntDX316.. on May 27 at 8:42 AM


Sony Ericsson Canada was among the latest Sony online properties to be hacked and lose customer records. Sites in Indonesia and Thailand were also compromised and take down.  (Source: Wayfaring)
Should Sony quit the internet?

It's almost unprecedented.  We haven't seen something quite like this, since -- well, the days of the great Sony Corp. (6758battery recall.  It seems like every day there's a new Sony web property that's been compromised.

In recent weeks the company's two largest databases -- the PlayStation Network (PSN) database and the Sony Online Entertainment (SOE) database -- were fully compromised, multiple music sites/databases [1] [2] were compromised via SQL injection, $1,225 USD in points were stolen from a Sony ISP subsidiary, and Sony's servers were found to be hosting a malicious phishing page.

Now yet another attack has struck the befuddled company.

This time around hackers have struck Sony Ericsson’s Eshop online store for mobile phones in Canada, making off with 2,000 customer records.  The records include names, email addresses and encrypted passwords, Sony wrote in a statement it released late yesterday.

Idahca, a Lebanese hacking group, has claimed responsibility in a Pastebin dump of user records for the attack.  The hackers said that they could have gathered more sensitive details like credit cards, but declined to.

Sony sites in Thailand and Indonesia were also compromised, bringing the total of major breaches to 10 or possibly 11, based on our accounting.  It appears that all of these sites were infiltrated using the same SQL injection attack route (affectionately nicknamed a "Little Bobby Tables" attack), which took down the Sony BMG Greece and Japan sites earlier this week.  Sony appears to have done nothing effective to prevent its other sites, even after the earlier compromises.

Credit card information is stored on an e-commerce website, a standalone platform.  This platform is separate from the servers on which the user database is found.  Idahca's comments indicate that the group claims to have had access to the e-commerce servers as well.  Sony has shut down both the user server and the e-commerce servers, while it tries to investigate the breach.

Phil Lieberman, CEO of online security consulting firm Lieberman Software, said Sony made a fatal mistake in the flagrantly hostile approach it took towards the hacking community, with regards to Linux on the Sony PlayStation 3 -- a use it initially promoted.  He states, "Telling them to bring it on is not the best strategy. I think Sony is beginning to understand it horribly underinvested in security."

He said Sony's decision to sue beloved hardware hacker George "GeoHot" Hotz provoked "nuclear responses" from hackers.  Sony's suit against GeoHot was particularly controversial as the company sought -- and was granted access by federal courts -- to GeoHot's personal Twitter, Facebook, Gmail, and other accounts -- seemingly a gross invasion of privacy.

Sony is confident it will pay only $2 USD per lost record from its various web properties.  That's less than 1 percent of the average payout of $318 USD per lost record that was the average in 2010.  And in recent years the cost of data lost has tended to increase by a factor of 1.5 each year.  Clearly Sony is hoping for some sort of miracle to save it financially.

Sony also needs some sort of miracle to prevent more attacks.  Even with plenty of forewarning, Sony still looks as inept as ever; utterly clueless at securing its online properties.  The company clearly is lost as to what to do.  Of course -- worst case scenario -- Sony could always quit the internet.

The company is currently facing returns of its products internationally and class action lawsuits from disgruntled former customers.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Angry little men
By Paj on 5/25/2011 12:51:00 PM , Rating: 4
Completely agree.

One upshot to take out of it though is that it will probably encourage future tech related products to be more supportive of the homebrew/enthusiast community, and realise its a losing battle trying to fight them. Microsoft making the Kinect hack-able, and even encouraging users to do so, is a great example of this, and how it can generate positive PR for the company.


RE: Angry little men
By M4gery on 5/25/2011 4:03:20 PM , Rating: 3
quote:
One upshot to take out of it though is that it will probably encourage future tech related products to be more supportive of the homebrew/enthusiast community, and realise its a losing battle trying to fight them. Microsoft making the Kinect hack-able, and even encouraging users to do so, is a great example of this, and how it can generate positive PR for the company.


Yup, and if Sony had pursued this route with the PSP and really supported the homebrew community, they might have monkey-stomped the GBA and DS, or at least be a very strong competitor.


RE: Angry little men
By Daemyion on 5/26/2011 6:38:47 AM , Rating: 2
Out of all the consoles out there, past and present, this has happened to the one that was arguably the most open. Regardless of what really happened, Sony got the impression that OtherOS was used to make in-roads against it's drm model, yanked the support, and ended up where they are today.

Chances are that because of this any console in the future will be locked down as tight as possible. Why take the chance with such a fickle community? Especially when the feature appeals to less than 5% of the install base?


RE: Angry little men
By Paj on 5/26/2011 7:49:13 AM , Rating: 2
Someone posted a link to an article of how some US defense agency bought several hundred PS3s and hooked them all up to create a supercomputer at a fraction of the cost it would have been if made using off the shelf components. This was done when it was more open however.

Pretty cool!


RE: Angry little men
By Daemyion on 5/26/2011 9:40:34 AM , Rating: 2
Indeed, but there are two things to consider here:
The DOD doesn't play games on the PS3 and as such probably doesn't connect them to the internet or patch them. So it is highly likely that the removal of OtherOS didn't affect them at all.
The DOD would have been better off buying CELL chips from IBM direct, rather than having something primarily designed as a gaming machine be converted to doing work. There's a good reason why a different level of support for mission critical items exists.

Finally, this still wouldn't coerce future console and handheld manufacturers to create more open systems. In fact, this kind of behaviour* reinforces the notion, both for manufactures and prospective alternate-needs clients, that there should be a strong divide between consumer oriented gaming systems and general purpose/mission critical hardware. Any project built around the DOD test case would do well to stop considering gaming hardware as a viable low cost alternative.

* the hacking, not the DOD project obviously


RE: Angry little men
By Aloonatic on 5/26/2011 8:24:13 AM , Rating: 2
Can't say that I agree with you.

They'll never give people access to their hardware again, and as someone points out, Sony made the mistake of actually being a class leader on this front, but then changed their minds and became just like Nintendo and MS. Queue angry "enthusiasts".

What they are going to do is try to make the homebrew/enthusiast community work for them, which is what they are doing now. They'll create community portals where enthusiasts can do what they want and create games etc within the parameters set by Sony, MS, etc and make games that channel create energies more profitably, like LBP, but even more involved.

You know, I know, everyone knows that the reason behind the otherOS being pulled was to stop (well, delay) the console being hacked/chipped or at least to make it more inconvenient for people to play pirated games and software.

No large company is going to make their hardware even more open. They just give too much earning potential away when they do that. Sure, more people might buy their consoles if they did, but then they might not make money back in the long run, so they wil have to make initial unit proces highter, and then the closed console that still plays the lastest CoD game is a lot cheaper to start with, so that's what peopel will buy.

It's a nice idea, but outside of the enthusiast/homebrew community where people may genuinely just want to harmlessly tinker and experiment with hardware, you need to realise that for 99.999999999% of people, making console "open" is purely about piracy, and that group makes up 99.999999999% (well, the vast majority by far) of the global market.


"We don't know how to make a $500 computer that's not a piece of junk." -- Apple CEO Steve Jobs














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki