backtop


Print 95 comment(s) - last by AntDX316.. on May 27 at 8:42 AM


Sony Ericsson Canada was among the latest Sony online properties to be hacked and lose customer records. Sites in Indonesia and Thailand were also compromised and take down.  (Source: Wayfaring)
Should Sony quit the internet?

It's almost unprecedented.  We haven't seen something quite like this, since -- well, the days of the great Sony Corp. (6758battery recall.  It seems like every day there's a new Sony web property that's been compromised.

In recent weeks the company's two largest databases -- the PlayStation Network (PSN) database and the Sony Online Entertainment (SOE) database -- were fully compromised, multiple music sites/databases [1] [2] were compromised via SQL injection, $1,225 USD in points were stolen from a Sony ISP subsidiary, and Sony's servers were found to be hosting a malicious phishing page.

Now yet another attack has struck the befuddled company.

This time around hackers have struck Sony Ericsson’s Eshop online store for mobile phones in Canada, making off with 2,000 customer records.  The records include names, email addresses and encrypted passwords, Sony wrote in a statement it released late yesterday.

Idahca, a Lebanese hacking group, has claimed responsibility in a Pastebin dump of user records for the attack.  The hackers said that they could have gathered more sensitive details like credit cards, but declined to.

Sony sites in Thailand and Indonesia were also compromised, bringing the total of major breaches to 10 or possibly 11, based on our accounting.  It appears that all of these sites were infiltrated using the same SQL injection attack route (affectionately nicknamed a "Little Bobby Tables" attack), which took down the Sony BMG Greece and Japan sites earlier this week.  Sony appears to have done nothing effective to prevent its other sites, even after the earlier compromises.

Credit card information is stored on an e-commerce website, a standalone platform.  This platform is separate from the servers on which the user database is found.  Idahca's comments indicate that the group claims to have had access to the e-commerce servers as well.  Sony has shut down both the user server and the e-commerce servers, while it tries to investigate the breach.

Phil Lieberman, CEO of online security consulting firm Lieberman Software, said Sony made a fatal mistake in the flagrantly hostile approach it took towards the hacking community, with regards to Linux on the Sony PlayStation 3 -- a use it initially promoted.  He states, "Telling them to bring it on is not the best strategy. I think Sony is beginning to understand it horribly underinvested in security."

He said Sony's decision to sue beloved hardware hacker George "GeoHot" Hotz provoked "nuclear responses" from hackers.  Sony's suit against GeoHot was particularly controversial as the company sought -- and was granted access by federal courts -- to GeoHot's personal Twitter, Facebook, Gmail, and other accounts -- seemingly a gross invasion of privacy.

Sony is confident it will pay only $2 USD per lost record from its various web properties.  That's less than 1 percent of the average payout of $318 USD per lost record that was the average in 2010.  And in recent years the cost of data lost has tended to increase by a factor of 1.5 each year.  Clearly Sony is hoping for some sort of miracle to save it financially.

Sony also needs some sort of miracle to prevent more attacks.  Even with plenty of forewarning, Sony still looks as inept as ever; utterly clueless at securing its online properties.  The company clearly is lost as to what to do.  Of course -- worst case scenario -- Sony could always quit the internet.

The company is currently facing returns of its products internationally and class action lawsuits from disgruntled former customers.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Angry little men
By Reclaimer77 on 5/25/2011 11:37:23 PM , Rating: 1
quote:
That's like saying a car company can come by your house and rip out all the airbags from your car.


Straw man. That's not "like saying". That would be violating your personal property and trespassing. Sony REMOTELY de-activated a feature through firmware. Not the same, not even close.

quote:
And here i thought i actually bought it. Apparently I'm just renting...


You act like something new has happened here. Do you live in a cave? It's called a EULA, ever heard of it? EVERYONE uses one. YES it's your device, and you can use it however you want as long as it complies with Sony's EULA that you AGREED upon.

quote:
Morally, they absolutely have an obligation. If you think otherwise, You. Are. Wrong.


Sony has a moral obligation to support Linux? Ok good luck pushing that position.

I think we're done here.


RE: Angry little men
By Reclaimer77 on 5/25/2011 11:39:36 PM , Rating: 1
quote:
That's like saying a car company can come by your house and rip out all the airbags from your car


Oh and if Sony came by peoples houses and ripped up the consoles with Linux on them then this analogy would actually work, and I would agree with you.


RE: Angry little men
By smitty3268 on 5/25/2011 11:44:41 PM , Rating: 2
quote:
Straw man. That's not "like saying". That would be violating your personal property and trespassing. Sony REMOTELY de-activated a feature through firmware. Not the same, not even close.

I bought a feature. The feature was taken away. End of story. Ok, how about this - you bought a cell phone. Verizon suddenly turns off all it's cell towers, and the phone is now completely useless. Or closer still - you buy a 3G phone and are using it, until suddenly AT&T tells you they are turning off all their 3G towers because people are pirating stuff over the bandwidth it provides and now you have to live with slower service. Even though they originally touted that 3G service and how fast their phones were. Hey, most people don't use 3G anyway, right?

quote:
You act like something new has happened here. Do you live in a cave? It's called a EULA, ever heard of it? EVERYONE uses one. YES it's your device, and you can use it however you want as long as it complies with Sony's EULA that you AGREED upon.

Did you see that recent episode of South Park about Apple? The human cent-IPAD? Yeah - I've probably agreed to EULA's that say I owe someone a kidney. That doesn't necessarily mean anything legally - especially if you can only view and agree to that EULA AFTER you've already paid. If you click NO, will you get a refund?

quote:
Sony has a moral obligation to support Linux? Ok good luck pushing that position.

Of course not. They have a moral obligation to make sure they don't remove any features that were heavily advertised in order to make sales. Just like any other company or person taking money in exchange for a product or service.


RE: Angry little men
By Reclaimer77 on 5/26/2011 12:27:36 AM , Rating: 2
Again your extreme straw man analogies are ridiculous.

quote:
Verizon suddenly turns off all it's cell towers, and the phone is now completely useless.


Ridiculous analogy. Sony did not turn off the PS3, it's fully functional. Just stop. If anyone turned something off, it was the hackers.

quote:
Or closer still - you buy a 3G phone and are using it, until suddenly AT&T tells you they are turning off all their 3G towers because people are pirating stuff over the bandwidth it provides and now you have to live with slower service.


Again, not even close. That would break key functionality. STOP!

quote:
Yeah - I've probably agreed to EULA's that say I owe someone a kidney.


Absurd, no you haven't.

quote:
That doesn't necessarily mean anything legally


Wrong, EULA's are exactly legal.

Tell me something, has a federal judge looked into Sony for this supposed illegal removal of the "heavily advertised" Linux feature? NO. That might clue you in. A company as heavily over sighted as Sony couldn't pull this off if it wasn't completely above board.


RE: Angry little men
By smitty3268 on 5/26/2011 1:58:26 AM , Rating: 3
quote:
Sony did not turn off the PS3, it's fully functional.

No, it's not. Where did you get that ridiculous idea from?

quote:
If anyone turned something off, it was the hackers.

Do you even know what's going on? First, Sony turned off a key feature in the PS3. Then hackers broke into their website - they did not turn off anything. Then Sony decided to turn off the website until they could create a new one that would be safer.

quote:
That would break key functionality. STOP!

Exactly, just like Sony did.

quote:
Wrong, EULA's are exactly legal.

Plenty of EULA's have been struck down in court. Others have been upheld. It's taken on a case by case basis.

quote:
Tell me something, has a federal judge looked into Sony for this supposed illegal removal of the "heavily advertised" Linux feature? NO. That might clue you in. A company as heavily over sighted as Sony couldn't pull this off if it wasn't completely above board.

They have in Europe. Like i said, legally speaking it depends on where you live and what laws you are covered by. Morally speaking it's a completely different matter.

This whole thing seems to break down to you arbitrarily deciding that OtherOS support wasn't an important feature. I'm sure that's what you believe, but it's not reality. Sony marketing sure didn't think so, anyway. If Sony decided to remotely disable one of the games you are trying to play on the PS3 and defended it by saying you had agreed to the EULA you'd be screaming bloody murder. The only difference is that you actually care about the game and not the OtherOS feature - plenty of other people are in exactly the opposite situation, and couldn't care less about the PSN but do care about the OtherOS feature. YOU ARE NOT THE SOLE ARBITER OF WHAT IS USEFUL AND WHY OTHERS BOUGHT THE PS3.


RE: Angry little men
By haplo602 on 5/26/2011 2:51:25 AM , Rating: 2
smitty3268 you have my admiration for trying to argue with that 1d10t. it is evident from his first 2 posts, that he cannot see past things directly stuck under his nose.


RE: Angry little men
By Reclaimer77 on 5/26/2011 6:37:17 PM , Rating: 2
quote:
First, Sony turned off a key feature in the PS3.


And that's where your argument gets retarded. Key feature? No. Not even close. Maybe a "gee wiz" feature for those Linux wackos, but their in such a minority it's not even funny.

Netflix support. Blu-Ray playback. Blu-Ray Live support. Playstation Network. These are "key" features and are what the public cares about.

quote:
If Sony decided to remotely disable one of the games you are trying to play on the PS3 and defended it by saying you had agreed to the EULA you'd be screaming bloody murder.


Apparently extreme analogies and stupid straw men are the only way you can debate something. This is the dumbest thing you've said since the Verizon turning off cell phones crock. This would NEVER happen. Just another smitty stupid "what if" that's not relevant at ALL.

Damn right people would scream bloody murder if a $60 game was made to not work. How much does Linux and the OtherOS feature cost people again? Oh yeah, NOTHING.

quote:
YOU ARE NOT THE SOLE ARBITER OF WHAT IS USEFUL AND WHY OTHERS BOUGHT THE PS3.


Yes, actually yes I am. Just get used to it. I AM A LIVING GOD!


RE: Angry little men
By Uncle on 5/26/2011 2:40:38 AM , Rating: 2
"YES it's your device, and you can use it however you want as long as it complies with Sony's EULA that you AGREED upon."
Why is the EULA always inside the box and you can't read it until you get it home and open it up. The only thing the EULA does is take all your rights away and gives it to sony or who ever. Its guys like you with your attitude that keeps giving these Corporations more power over the consumer. Your the type of person who would let these jokers take your warranty away as long as you got to play with your toy.


RE: Angry little men
By Reclaimer77 on 5/26/2011 6:41:10 PM , Rating: 1
When has a warranty ever been "taken away"? Jesus you're as much of a dumbshit as that other guy.

I don't care what you think, there is NO excuse for the behavior of these hackers.


RE: Angry little men
By Uncle on 5/27/2011 12:33:46 AM , Rating: 2
You missed my point, I said IF sony did take your warranty away you'd let them as long as you got to play with your toy. Sounds like you have the twitch of an addict not getting your drug of choice.


"So, I think the same thing of the music industry. They can't say that they're losing money, you know what I'm saying. They just probably don't have the same surplus that they had." -- Wu-Tang Clan founder RZA














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki