Sony CEO Howard Stringer: Month-long Hackathon Merely A 'Hiccup'
from the sony-shouldn't-be-left-in-charge-of-your-metaphors-much-less-your-personal-i dept
As we’ve all seen over the last thirty days or so, Sony has handled their month-long data breach/pwnage with all the grace and humility that one expects from an out-of-touch megacorporation. Between dismissing the breach as "harmless" and fingering the ever-popular "Anonymous" for all the trouble, Sony has managed to stay at least one step behind their attackers the whole way. To add insult to injurious class action lawsuit, it emerged from the 30-day hackout bruised, bleeding and completely unable to go back online in its own country.
CEO Howard Stringer apparently has come to the conclusion that there’s still plenty of room for more foot in Sony’s mouth, dismissing the longest outage by any console maker as merely a "hiccup in the road to a network future."
Now, I don’t want to presume to speak for everybody, but generally when I have the hiccups (inside or outside of the road), it tends to leave the nearest 77 million people unaffected. Sure, I may get some random advice (drink a glass of water/hold your breath/salt your passwords), but otherwise life goes on and I’m the only one bothered by it. Plus, these hiccup attacks never run more than 10-12 days at the most and only rarely do I lay the blame at the feet of unrelated hacking entities.
Thank you, Howard, for clearing that up. I’ll be sure to dismiss any unknown charges to my credit cards as mere "hiccups in the road to financial instability" and when my linked email account becomes a spam-spewing zombie, I’ll just hold my breath until it all goes away.
Filed Under: hack, hiccup, howard stringer, psn
Companies: sony
Comments on “Sony CEO Howard Stringer: Month-long Hackathon Merely A 'Hiccup'”
For even more fun, Slashdot is reporting that SOE is back down again. Apparently the info they want you to enter for the password change.. is the same information that the hackers got away with.
http://games.slashdot.org/story/11/05/18/151211/PSN-Up-And-Then-Down-Again
Re: Re:
Not sure when it went down again. I am logged into it right now and watching Netflix. Haven’t experienced any downtime since it came back up.
Re: Re: Re:
In fact, when following the link, you learn that:
“This story’s headline is completely inaccurate. What’s been taken down is several website login pages that use PSN accounts, such as Qrocity.com.”
Re: Re: Re: Re:
Oh?
http://www.engadget.com/2011/05/18/psn-logins-exploited-again-sony-takes-sign-in-pages-offline/
http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/
Re: Re: Re:2 Re:
The statement that the PSN was down was incorrect and still is incorrect. Still up. Still signed in. Not saying there wasn’t an exploit, just saying that the PSN is not currently down here in eastern US.
If that’s just a hickup, then they are probably in trouble. Who ever has just one hickup and then they are done? They come in scores. Just imagine what Sony will look like by the time they subside.
Don't taunt hackers...
Just.. don’t. Speaking as someone who is an old school hacker, there are 3 things you never do.
1) Never hit a beehive.
2) Never wave fresh meat in front of a bear.
3) Never say that a hacker attack is “Harmless”.
All 3 will get you in a load of hurt.
Re: Don't taunt hackers...
Don’t tug on Superman’s cape.
Don’t spit into the wind.
Don’t pull the mask off the ol’ Lone Ranger.
Don’t mess around with Tim.
Re: Re: Don't taunt hackers...
“Don’t mess around with Tim.”
You’re goddamn right….
Re: Re: Re: Don't taunt hackers...
I think he meant Tim Drake. Sorry!
Re: Re: Re:2 Don't taunt hackers...
I just wanted to provoke a Tim fight.
Merely a hiccup...
… compared to what we plan to do to our users (tents fingers in evil scheming manner).
Well said, Tim. Looking back on their history of asshattery (smackdown from the FTC over BMG CD rootkits, rootkits on USB sticks, COPPA violations for collecting kid info, DADC Securom and its attendant class actions), I’m surprised Sony’s permitted to operate without regulators perched on their shoulders 24/7.
Hiccup attack
Hiccup or no, reports seem to indicate another serious failure allegedly caused by a major problem. This site apparently found the problem and reported it to Sony:
http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/
There are a series of updates there relating progress.
I laughed.
Re: I laughed.
DANG IT! FIX THAT ACCURSED ENTER KEY ISSUE ON SUBJECT ALREADY!
Back on track…
I laughed at the “salt your passwords” advice.
I’ll see how this works the next time someone gets them.
🙂
As for Sony’s issues: doesn’t matter. According to NPD, people are still buying their products.
Re: Re: I laughed.
“people are still buying their products”
Uninformed masses. Typical.
Re: Re: Re: I laughed.
Of course they’re uninformed. Their network is down. 😉
I just read this it’s down again.
Because the information originally compromised was needed to restore access.
I’ll repeat this because it truly does suck, but it’s damn sickening to see a once FANTASTIC company like this go down in flames from its own stupid mistakes.
I have to admit their products were awesome (and probably still are) but no way in hell will I buy one in exchange for their recent actions, which started with a damn rootkit file.
No way.
Re: Re: Re:2 I laughed.
actually not so much anymore
http://www.hdtvtest.co.uk/news/outsourcing-sony-design-bravia-201104291133.htm
and has anyone actually looked at the tv part of sony’s google tv? its absolutely awful
Re: Re: Re:3 I laughed.
Well, it’s not like Sony actually made their TV anyway, given only a handful of companies actually make the screens.
“Made In Japan” isn’t something I see stamped on anything imported from Japan anymore.
I’m more than used to it. It’s like “Made in USA”, where the “made” only means “A company, based in the US, imported and taped the box shut”.
Not that this is a bad thing.
Re: Re: I laughed.
But who’s credit cards are they using?
Re: Re: I laughed.
“DANG IT! FIX THAT ACCURSED ENTER KEY ISSUE ON SUBJECT ALREADY!”
Just [TAB] instead of [ENTER]. An old boss of mine used to use the space bar instead of enter for selecting things too, so he would tab around all over the page until he got to the submit button and then press space….because far too often the enter key doesn’t give you the desired response…
Hiccup?
I’ve sneezed hard enough to crack a rib before, but I’ve never hiccuped hard enough to land in the hospital for a month. I have heard they can get dangerous, but I wouldn’t label them as “just a hiccup”.
Friends don't let friends buy Sony
A philosophy I’ve used and it’s worked pretty well so far.
“”The PlayStation Network is down again. Sony had originally enabled passwords to be reset onscreen simply by entering an email address and date of birth. Whoever has the data from Sony, could, in theory, then reset any of the captured users accounts simply by entering the details they stole.””
It would be funny if hackers went in and changed everyones e-mail addresses using the stolen data.
Re: Re:
Some people are reporting exactly that.
Humility
Sony, repeat after me:
We are being attacked by some amazingly skilled hackers. We can’t touch them. I hope that we can figure out who they are, just so we can give them jobs securing our network. We were a very technologically advanced company in the 80’s, but now we are just a bunch of inept empty suits.
Hackers, please don’t hurt us!
Shoot Our Network and put it out of it’s miserY
Even if they did get the credit card numbers, sony claims that they were encrypted. Depending on the encryption used on the data, they probably won’t be able to hack it for a long time. They would have to have a lot of time on their hands in order to get any of that data. Years depending on the strength of the ecryption used.
Re: Re:
Given the fact that someone got the data in the first place I wouldn’t want to be relying on the encryption to save my credit card.
It would be ironic if the people responsible used the credit card information to purchase boatloads of Sony products.
Re: Re:
Imagine everyone’s relief, given the general Sony security cluelessness and prevarication.
Stored BASE64 — Check
Credit card numbers were encrypted — Check
Seriously:
1. Believe NONE of Sony’s claims unless verified by an independent (preferably hostile) third party.
2. Encryption is tricky to get right and incredibly easy to do wrong, even by security professionals.
3. If you know what the encrypted data are supposed to contain (general format and/or specific text), any encryption method could probably be attacked with much less effort and much greater likelihood of success.
4. “But it was encrypted” sounds nice. Replace that with “They stole our safe with everything in it, but don’t worry, we think it is a really strong safe with a good lock” and see how that sounds. Especially if it is *your* money and reputation locked in there.
5. The “but it was encrypted” defense is probably just another damage control dodge to avoid specifically notifying millions of customers until the encryption is proven to be weak or worthless.
NMM
Re: Re: Re:
Plus ‘encrypted’ is great but if you accessed the data via their own API that decrypts the CC info before passing it along for a purchase it doesn’t help much. Encrypted HD’s are great if your Laptop gets stolen, not so much against a machine that has a legit reason to decrypt the data into memory. After all it has to be ‘plain text’ to someone at some point or it’s useless, but if you WANT one I’ll sell you a SUPER secure hash that makes all credit card numbers store as ‘x’ totally 100% non-reversible 😛