| dsister said: Stating the truth makes you an Xbox fanboy! *tracking* |
The thruth is way more in-between then what many are saying, one side or another.
imaprettyhotguy said:
So then what do you say to visa and mastercard and all those other companies that got hacked and actually lost CC information, why is Sony being held to a higher standard then them? |
It wasn't acceptable for them either. Its not acceptable, it wasn't then, it isn't now, and it never ever was or will be.
Its not acceptable and thats all there is to it.
fordy said:
Your view of "everything is hackable" is indeed correct. However, the ease of breaching security is related to the amount of encryption placed on the data. You could be the smartest person in the world, but it still comes down to taking pot-shots in the dark when it comes to breaking encryption, and as key bitrates rise, the likelihood of success for one of these breaches becomes exponentially lower. Sony made a few fundamental mistakes, and I'll point them out: 1. Sony stated that passwords may have been stolen. This in itself is a scary concept, considering a good system never actually stores the password in a text format, rather a hash of a digestable encryption format (complexity level 1 in one direction, but complexity level 2 ^ encryption-bitrate to decode). When the user enters a password, that is then digested, and checked against the stored hash. To say that passwords were taken implies that they have been keeping them in text format. 2. Sony was incredibly defensive over the security integrity with it's PS3 consoles for a reason. The fact of the matter is that they assumed that since they had the client-side locked down, there was no need to enforce a 2nd level of security on the PSN. It was to cut the costs in order to maintain a free service. Why else would they have a zero-tolerance approach to such consoles, even ones that weren't openly abusing the jailbreak for cheating. They neglected a major fundamental taught to even first year engineering students, and that is to never assume a secure system across a communications medium. 3. This hasn't been 100% confirmed, but there is talk that Credit card info was secured using 128bit encryption. This may have been acceptable in the 1990s, but it's 2011. Even Virtual Private Networks are encrypted with at least 256bit (plenty in the 2048bit range). Processing power has climbed to levels that can breach a 128bit encryption using purely brute-force (ie, checking every possible combination of 2^128 within the given time of expiration of the encryption. Once again, might just be a rumor floating around.
Sony is not 100% to blame, of course not. However, some of these obvious oversights does mean they deserve a good portion of the blame. |
For 1 isn't it possible that the hacker too the passwords in their encrypted form? and basing an oversight over a rumor isn't very smart, so that leaves you with one oversight, pretty much everything has atleast one major oversight if you care to look
| yo_john117 said: It wasn't acceptable for them either. Its not acceptable, it wasn't then, it isn't now, and it never ever was or will be. Its not acceptable and thats all there is to it. |
My question is still valid why are people holding Sony to a higher standard then them saying the loss will be 23 billion when the places that lost more credit card numbers didn't even come close to that, it's just riddicules the amount of blame and responsibility people are putting on Sony, as far as we know they didn't eve lose credit card info and were up to industry standards 90% of the blame is based on assumptions people are jumping the gun way to much on this
imaprettyhotguy said:
For 1 isn't it possible that the hacker too the passwords in their encrypted form? and basing an oversight over a rumor isn't very smart, so that leaves you with one oversight, pretty much everything has atleast one major oversight if you care to look |
There is no reason to take the paswords in their encrypted form.
They could generate common hashtag code like to try and decript it... though again this is why websites vary the code system they use.
imaprettyhotguy said:
My question is still valid why are people holding Sony to a higher standard then them saying the loss will be 23 billion when the places that lost more credit card numbers didn't even come close to that, it's just riddicules the amount of blame and responsibility people are putting on Sony, as far as we know they didn't eve lose credit card info and were up to industry standards 90% of the blame is based on assumptions people are jumping the gun way to much on this |
Why are you asking me? I'm not holding them to a higher standard....and I really don't care if others are.
My point is that its not acceptable...which its not.
imaprettyhotguy said:
My question is still valid why are people holding Sony to a higher standard then them saying the loss will be 23 billion when the places that lost more credit card numbers didn't even come close to that, it's just riddicules the amount of blame and responsibility people are putting on Sony, as far as we know they didn't eve lose credit card info and were up to industry standards 90% of the blame is based on assumptions people are jumping the gun way to much on this |
People saying 23 billion are likely talking about the fact that each offense of a theft like this usually costs like, $300 and Sony would be repsonsible for that.
As would ANY company.
77 Million... times 300 = 23 Billion.
http://www.psu.com/PlayStation-Network-hack-could-cost-Sony-$318-per-account,-claims-research-firm--a011467-p0.php
imaprettyhotguy said:
For 1 isn't it possible that the hacker too the passwords in their encrypted form? and basing an oversight over a rumor isn't very smart, so that leaves you with one oversight, pretty much everything has atleast one major oversight if you care to look |
It takes a great deal of complexity to brute-force decrypt a digested password hash. This is why they're used. Even if taken, they're still pretty useless, so they wouldn't be kicking up a fuss that they were stolen. You really should research the use use before trying to argue your stance on it.
Secondly, I stated quite clearly that it MAY be a rumour, but if it is indeed true, then it is a major oversight.
Even one of these points is more than enough to conclude that Sony did have major neglect towards adopting a security policy that is dangerous. If it was so effective, why wouldn't anyone else adopt the same policy?
yo_john117 said:
It wasn't acceptable for them either. Its not acceptable, it wasn't then, it isn't now, and it never ever was or will be. Its not acceptable and thats all there is to it. |
Lets wait for the conclusion of the class action lawsuit, they want to determine if there was negligence or not. After all, Sony didnt got hack after 5 years, and it did happens at the moment where they have thousands of hackers against them. Its a possibility they really did think their system was safe. Its also a possilibity that their system was considered sufficiently safe by independant sources. Lets wait a bit, its reasonable given the circumstances.
fordy said:
It takes a great deal of complexity to brute-force decrypt a digested password hash. This is why they're used. Even if taken, they're still pretty useless, so they wouldn't be kicking up a fuss that they were stolen. You really should research the use use before trying to argue your stance on it. Secondly, I stated quite clearly that it MAY be a rumour, but if it is indeed true, then it is a major oversight. Even one of these points is more than enough to conclude that Sony did have major neglect towards adopting a security policy that is dangerous. If it was so effective, why wouldn't anyone else adopt the same policy? |
There Blog would seem to suggest it. They say Personal information was not encrypted, but credit card information was. Could just be a PR oversight though.
About Us |
Terms of Use |
Privacy Policy |
Advertise |
Staff |
Contact
Display As Desktop
Display As Mobile
© 2006-2025 VGChartz Ltd. All rights reserved.
