the_wizard_man said:
fordy said:
the_wizard_man said:
fordy said:
the_wizard_man said:
financial insitutions it's alot more pressing then a gaming company, and all you really told me with that is that Sony isn't the premire of secruity (which I already knew) and you don't know what the industry standard is either, you seem biased because you work for a company that does have a higher industry standard then Sony's industry and it's your job to make sure they have top of the line secruity and any company that doesn't you call negliligent when it might not be realistic for other industries to do so
|
What? I'm biased towards security? Shouldn't everyone be? There is no excuse for lax security, especially for one with a revenue as big as Sony.
Security is not a finite resource that has to be shared. There was nothing stopping Sony upgrading to 2.2.17 because my company may have done it, that argument is completely ludicrous.
So tell me, what was so unrealistic of Sony to NOT keep their services up to date? I'd really like to hear this. The company holds sensitive data for millions of users, their assets are one of the largest in the world, yet updating an Apache server is way to damn much to ask for from them!
|
"Shouldn't everyone be?" With that we enter the freedom vs security argument, and martial law and stuff, everyone would be safer if we were inside before it gets dark, but that isn't realistic for adults but it is for kids, see what I'm getting at
Uh, no. Where does freedom vs security come into this? Sony aren't keeping data hostage from users. They willingly put their information on there in confidence that Sony had the security to keep it locked away. there's no "exceptions" here. Nobody is whining that the added security wouldn't allow them to do something.
They were fine 10 months after they didn't upgrade and if they didn't piss off hackers they'd probably have been fine until they upgraded, and psn is a free service, if you pour too much money into a service you don't charge for the service itself can collapse and thats not good for your customers, and like I said before if you don't know what the indsutry standards are you shouldn't call them negligent, especially when all they lost on the psn servers was stuff most people put on facebook and are on 100 other different sites with next to no security some of them random people are allowed to see the info
So this is what the defense has come to? "But....everybody else is doing it!" Does that mean it's still right? Of course not! And I'm not speaking from a professional point of view on this one, I'm speaking on the point of a consumer, one that is not a mindless drone who responds with "Yes Sony. you're right, Sony. We're sorry for being bad customers, Sony. We'll do better next time"
|
|
Probably went to far with the everyone pro security, but bottom line, the more secrurity you have, the more problems you have in terms of freedom (or accessing) so no not everyone is pro secruity atleast not in the extremes
More like why are you expecting them to be better then rest, why are you singling them out, you aren't saying companies in general are negligent you are saying Sony is negligent, until you stop singling them out it's a fair critisism
|
they don't have to exceed security standards, but they at least have to be on par with companies carrying sensitive information. They didn't even follow the tips in Apache's security guide:
http://httpd.apache.org/docs/2.2/misc/security_tips.html
Keep up to Date
The Apache HTTP Server has a good record for security and a developer community highly concerned about security issues. But it is inevitable that some problems -- small or large -- will be discovered in software after it is released. For this reason, it is crucial to keep aware of updates to the software. If you have obtained your version of the HTTP Server directly from Apache, we highly recommend you subscribe to the Apache HTTP Server Announcements List where you can keep informed of new releases and security updates. Similar services are available from most third-party distributors of Apache software.
Of course, most times that a web server is compromised, it is not because of problems in the HTTP Server code. Rather, it comes from problems in add-on code, CGI scripts, or the underlying Operating System. You must therefore stay aware of problems and updates with all the software on your system.
As you can see, it's not that hard to keep up to date. Apache themselves has an announcements list, which only requires a hookup to a feed reader.
Didn't you read my earlier post? I criticize ANY company who has sensitive information taken from them. I'm not a fanboy who kicks up a stink because somebody criticizes about his favourite company.