that happens with other companies all the time
the_wizard_man said:
So they are suppossed to update immedately regardless of what actually changes were made in the software? I can see companeis expoilting that by mkaing pointless updates, oh wait MS already does, anyways I don't know if it's negligence or not to me that doesn't seem that bad considering the costs involved, I can see a company only upgrading every year but again I don't know what the industry standards are and I suspect neither do you |
Assumptions can be dangerous. I work in the software industry, with a decent amount of experience with the open source community.
There is a well-known fact about open source software such as Apache: the fixes to exploits happen very quickly once discovered, but in order for this to happen, the exploit must be made public in order for the explot to be replicated (to see if it's fixed when it's coded up). so it's a matter of keeping up with the community, because that's also where the hackers get their information. It's the lazy, negligent companies that end up getting slammed with known exploits.
I refer you to a post made in http://httpd.apache.org/
Apache HTTP Server 2.2.17 Released | 2010-10-19 |
|
This was the second update that Sony missed on it's authorization server. As you can see, some exploits have been fixed with a refactoring of the Authentication/Authorization protocol. You will also notice that this is dated October 19th of 2010. Sony didn't even have 2.2.16, letalone 2.2.17. They had 2.2.15. The exploit could have been delivered by anoyone browsing the Apache forums on what bugfixes were made to meet the 2.2.16 or 2.2.17 release.
In the terms of frequency, many financial institutions as well as places that store sensitive information, make it (at least) a daily occurance to frequent the sites that deliver this critical news. It's not like the news is scarce, either, I frequent several sites in order to keep up with recent changes in software. It's my job to do so.
don't get me wrong... from the info presented one can only conclude that sony was indeed negligent... but my point is that this is far from being isolated to sony... in fact i read something a few weeks back about the iphone leaking information pertaining to the location of its user... google sells information on its users to companies etc... im not saying that these other situations are as severe just comparable
o_O.Q said: don't get me wrong... from the info presented one can only conclude that sony was indeed negligent... but my point is that this is far from being isolated to sony... in fact i read something a few weeks back about the iphone leaking information pertaining to the location of its user... google sells information on its users to companies etc... im not saying that these other situations are as severe just comparable |
That doesn't mean that those situations are right, either. Apple, as far as I'm hearing, are getting a lot of criticism based on the fact that not only was this information collecting there, but nobody can opt-out of it, and I'm hoping they get even more pressure to remove it.
and thats just one other situation similar to this one with sony... im quite sure that if i tried i'd be able to find several other similar events that happened this year...
fordy said:
Assumptions can be dangerous. I work in the software industry, with a decent amount of experience with the open source community. There is a well-known fact about open source software such as Apache: the fixes to exploits happen very quickly once discovered, but in order for this to happen, the exploit must be made public in order for the explot to be replicated (to see if it's fixed when it's coded up). so it's a matter of keeping up with the community, because that's also where the hackers get their information. It's the lazy, negligent companies that end up getting slammed with known exploits. I refer you to a post made in http://httpd.apache.org/
This was the second update that Sony missed on it's authorization server. As you can see, some exploits have been fixed with a refactoring of the Authentication/Authorization protocol. You will also notice that this is dated October 19th of 2010. Sony didn't even have 2.2.16, letalone 2.2.17. They had 2.2.15. The exploit could have been delivered by anoyone browsing the Apache forums on what bugfixes were made to meet the 2.2.16 or 2.2.17 release. In the terms of frequency, many financial institutions as well as places that store sensitive information, make it (at least) a daily occurance to frequent the sites that deliver this critical news. It's not like the news is scarce, either, I frequent several sites in order to keep up with recent changes in software. It's my job to do so. |
financial insitutions it's alot more pressing then a gaming company, and all you really told me with that is that Sony isn't the premire of secruity (which I already knew) and you don't know what the industry standard is either, you seem biased because you work for a company that does have a higher industry standard then Sony's industry and it's your job to make sure they have top of the line secruity and any company that doesn't you call negliligent when it might not be realistic for other industries to do so
the_wizard_man said: financial insitutions it's alot more pressing then a gaming company, and all you really told me with that is that Sony isn't the premire of secruity (which I already knew) and you don't know what the industry standard is either, you seem biased because you work for a company that does have a higher industry standard then Sony's industry and it's your job to make sure they have top of the line secruity and any company that doesn't you call negliligent when it might not be realistic for other industries to do so |
What? I'm biased towards security? Shouldn't everyone be? There is no excuse for lax security, especially for one with a revenue as big as Sony.
Security is not a finite resource that has to be shared. There was nothing stopping Sony upgrading to 2.2.17 because my company may have done it, that argument is completely ludicrous.
So tell me, what was so unrealistic of Sony to NOT keep their services up to date? I'd really like to hear this. The company holds sensitive data for millions of users, their assets are one of the largest in the world, yet updating an Apache server is way to damn much to ask for from them!
fordy said:
Security is not a finite resource that has to be shared. There was nothing stopping Sony upgrading to 2.2.17 because my company may have done it, that argument is completely ludicrous. So tell me, what was so unrealistic of Sony to NOT keep their services up to date? I'd really like to hear this. The company holds sensitive data for millions of users, their assets are one of the largest in the world, yet updating an Apache server is way to damn much to ask for from them! |
"Shouldn't everyone be?" With that we enter the freedom vs security argument, and martial law and stuff, everyone would be safer if we were inside before it gets dark, but that isn't realistic for adults but it is for kids, see what I'm getting at
They were fine 10 months after they didn't upgrade and if they didn't piss off hackers they'd probably have been fine until they upgraded, and psn is a free service, if you pour too much money into a service you don't charge for the service itself can collapse and thats not good for your customers, and like I said before if you don't know what the indsutry standards are you shouldn't call them negligent, especially when all they lost on the psn servers was stuff most people put on facebook and are on 100 other different sites with next to no security some of them random people are allowed to see the info
o_O.Q said: and thats just one other situation similar to this one with sony... im quite sure that if i tried i'd be able to find several other similar events that happened this year... |
lol your sig is the absolute best. Thats all I wanted to say here.
But now to put my stock comment to warrant my posting on this thread:
I wonder how long hackers are going to keep attacking Sony, I think they have already proven their point (if that is what they wanted to do in the first place). Poor sony has been raped and ravaged so bad and it just doesn't stop, they are probably thinking "Oh god when is this nightmare going to end."
the_wizard_man said:
"Shouldn't everyone be?" With that we enter the freedom vs security argument, and martial law and stuff, everyone would be safer if we were inside before it gets dark, but that isn't realistic for adults but it is for kids, see what I'm getting at Uh, no. Where does freedom vs security come into this? Sony aren't keeping data hostage from users. They willingly put their information on there in confidence that Sony had the security to keep it locked away. there's no "exceptions" here. Nobody is whining that the added security wouldn't allow them to do something.
They were fine 10 months after they didn't upgrade and if they didn't piss off hackers they'd probably have been fine until they upgraded, and psn is a free service, if you pour too much money into a service you don't charge for the service itself can collapse and thats not good for your customers, and like I said before if you don't know what the indsutry standards are you shouldn't call them negligent, especially when all they lost on the psn servers was stuff most people put on facebook and are on 100 other different sites with next to no security some of them random people are allowed to see the info So this is what the defense has come to? "But....everybody else is doing it!" Does that mean it's still right? Of course not! And I'm not speaking from a professional point of view on this one, I'm speaking on the point of a consumer, one that is not a mindless drone who responds with "Yes Sony. you're right, Sony. We're sorry for being bad customers, Sony. We'll do better next time" |