By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - Sony Discussion - What people blaming Geohotz and the "hackers" seem to be missing...

rocketpig on 28 April 2011
imaprettyhotguy said:
How the hell do you still not understand what I said wow, this is just getting so frustrating trying to make you understand simple concepts, the CC database was more secrue and it's possible passwords were the only thing encrypted on the personal one, how hard is that for you to understand 

 

Because they said the database was unencrypted. Companies don't tell people the database is unencrypted if it's, you know, encrypted (even just a part of it).




Or check out my new webcomic: http://selfcentent.com/

Around the Network
imaprettyhotguy on 28 April 2011
rocketpig said:
imaprettyhotguy said:
How the hell do you still not understand what I said wow, this is just getting so frustrating trying to make you understand simple concepts, the CC database was more secrue and it's possible passwords were the only thing encrypted on the personal one, how hard is that for you to understand 

 

Because they said the database was unencrypted. Companies don't tell people the database is unencrypted if it's, you know, encrypted (even just a part of it).

So you are saying, if one file in a database was encrypted out of millions they'd say it was encrypted 



rocketpig on 28 April 2011
imaprettyhotguy said:
rocketpig said:
imaprettyhotguy said:
How the hell do you still not understand what I said wow, this is just getting so frustrating trying to make you understand simple concepts, the CC database was more secrue and it's possible passwords were the only thing encrypted on the personal one, how hard is that for you to understand 

 

Because they said the database was unencrypted. Companies don't tell people the database is unencrypted if it's, you know, encrypted (even just a part of it).

So you are saying, if one file in a database was encrypted out of millions they'd say it was encrypted 

They'd most certainly mention that password data was encrypted. Companies don't try to make themselves look WORSE than they already do in a situation as bad as this one.

It seems as if you think they're somehow willing to make themselves look more incompetent than they already do just for the hell of it.




Or check out my new webcomic: http://selfcentent.com/

Icyedge on 28 April 2011
Gnizmo said:


I can name a thousand companies right now that are doing better. They haven't been hacked or had significant portions of data compromised. That automatically puts Sony behind them on the scale you are using. What gets me is everyone seems to assume these other companies got a pass on the same problem. You link news articles slamming the companies over the problem and yet tell people not to do the same with Sony? Why shouldn't they be held to the same standard? Sony also failed in one major one those other companies almost universally didn't. They told their users  the second it appeared the data could have been compromised. There is no excuse for sitting on that information for a week. None at all.

I damn near changed banks after an issue with a data leak that was far less serious. The only reason I stopped is they knew precisley who was potentially affected, informed me immediately and then took steps to make sure none of it came back to me. That is, any charges I contested would be instantly assumed fraudulent unless proven otherwise (not the status quo for debit cards by the by) and I would have no liability for anything potentially related to the mishap.


The big question in this case is does the other companies have thousands of hackers on their back :P. A company with the worst security ever, if they dont get attack, they arent going to leak any kind of informations.That doesnt automatically excuse Sony, an investigation is needed for sure.

Between, according to Sony, they did tell their users when it appear the data could have been compromised. An investigation is needed to determine whether they are lying or not. Personally, I dont understand why they wouldnt tell their users sooner if they knew sooner. But yeah its a possibility.



Icyedge on 28 April 2011
rocketpig said:
imaprettyhotguy said:
How the hell do you still not understand what I said wow, this is just getting so frustrating trying to make you understand simple concepts, the CC database was more secrue and it's possible passwords were the only thing encrypted on the personal one, how hard is that for you to understand 

 

 

Because they said the database was unencrypted. Companies don't tell people the database is unencrypted if it's, you know, encrypted (even just a part of it).

The credit card was encrypted while name, adress and date of birth wasnt. Negligence is a

"Conduct that falls below the standards of behavior established by law for the protection of others against unreasonable risk of harm. A person has acted negligently if he or she has departed from the conduct expected of a reasonably prudent person acting under similar circumstances."

Its common practice to not encrypt personal information such as name, address and date of birth. If there is negligence, it will most likely not have anything to do with the name, adress and date of birth database not being encrypted.



Around the Network
Kasz216 on 28 April 2011
Icyedge said:
Gnizmo said:
 


I can name a thousand companies right now that are doing better. They haven't been hacked or had significant portions of data compromised. That automatically puts Sony behind them on the scale you are using. What gets me is everyone seems to assume these other companies got a pass on the same problem. You link news articles slamming the companies over the problem and yet tell people not to do the same with Sony? Why shouldn't they be held to the same standard? Sony also failed in one major one those other companies almost universally didn't. They told their users  the second it appeared the data could have been compromised. There is no excuse for sitting on that information for a week. None at all.

I damn near changed banks after an issue with a data leak that was far less serious. The only reason I stopped is they knew precisley who was potentially affected, informed me immediately and then took steps to make sure none of it came back to me. That is, any charges I contested would be instantly assumed fraudulent unless proven otherwise (not the status quo for debit cards by the by) and I would have no liability for anything potentially related to the mishap.


The big question in this case is does the other companies have thousands of hackers on their back :P. A company with the worst security ever, if they dont get attack, they arent going to leak any kind of informations.That doesnt automatically excuse Sony, an investigation is needed for sure.

Between, according to Sony, they did tell their users when it appear the data could have been compromised. An investigation is needed to determine whether they are lying or not. Personally, I dont understand why they wouldnt tell their users sooner if they knew sooner. But yeah its a possibility.

One issue may be... didn't they already lie?  They took down the servers because they were hacked... didn't they original say because of sporadic matinence or something like that?  (Or maybe i'm thinking of the anonomyous hack.)



yo_john117 on 28 April 2011

I'm sooo glad that guy is banned....he was getting on my nerves.



Gnizmo on 28 April 2011
Icyedge said:


The big question in this case is does the other companies have thousands of hackers on their back :P. A company with the worst security ever, if they dont get attack, they arent going to leak any kind of informations.That doesnt automatically excuse Sony, an investigation is needed for sure.

Between, according to Sony, they did tell their users when it appear the data could have been compromised. An investigation is needed to determine whether they are lying or not. Personally, I dont understand why they wouldnt tell their users sooner if they knew sooner. But yeah its a possibility.


No they didn't tell them when the data appeared to be compromised. They informed the users when they knew the data was compromised. Sony knew there was a security breach the first day they took the PSN down. Given how drastic a step that is it also says they new the potential seriousness of the breach. That is when they should have told users to cancel cards, change passwords, and monitor credit. They should not have waited a week just to confirm what was taken.

As to negligence, well we will have to see. It could be that any company given the security would have little reason to also encrypt, plus or minus one major hole. It could have been the PS3 being trusted so heavily that opened up the personal data which would be negligence. It could be some guy managed to get private info on a higher up and guess his password through social engineering in which case their security system would hold no fault in this (people are dumb after all). Taking the PSN down still makes me lean at PS3 related, but I again add the caveat that there is no concrete evidence I can back this up with.

@iamaprettyhotguy
So now you are saying Sony is lying to make themselves look worse? Seriously? I try not to pose questions like this to banned users as it seem bad form, but that has me stunned. You seriously think Sony is lying about something that makes the company look bad?



Starcraft 2 ID: Gnizmo 229

Icyedge on 28 April 2011
Kasz216 said:
Icyedge said:
Gnizmo said:
 


I can name a thousand companies right now that are doing better. They haven't been hacked or had significant portions of data compromised. That automatically puts Sony behind them on the scale you are using. What gets me is everyone seems to assume these other companies got a pass on the same problem. You link news articles slamming the companies over the problem and yet tell people not to do the same with Sony? Why shouldn't they be held to the same standard? Sony also failed in one major one those other companies almost universally didn't. They told their users  the second it appeared the data could have been compromised. There is no excuse for sitting on that information for a week. None at all.

I damn near changed banks after an issue with a data leak that was far less serious. The only reason I stopped is they knew precisley who was potentially affected, informed me immediately and then took steps to make sure none of it came back to me. That is, any charges I contested would be instantly assumed fraudulent unless proven otherwise (not the status quo for debit cards by the by) and I would have no liability for anything potentially related to the mishap.


The big question in this case is does the other companies have thousands of hackers on their back :P. A company with the worst security ever, if they dont get attack, they arent going to leak any kind of informations.That doesnt automatically excuse Sony, an investigation is needed for sure.

Between, according to Sony, they did tell their users when it appear the data could have been compromised. An investigation is needed to determine whether they are lying or not. Personally, I dont understand why they wouldnt tell their users sooner if they knew sooner. But yeah its a possibility.

One issue may be... didn't they already lie?  They took down the servers because they were hacked... didn't they original say because of sporadic matinence or something like that?  (Or maybe i'm thinking of the anonomyous hack.)


Well, when you were trying to log on PSN it would say maintenance. But in their PR statement, they  said it was a maintenance due tu an intrusion and that they were also upgrading everything. With that said, I agree they should have been more explicative when it comes to the PSN message.



Icyedge on 28 April 2011
Gnizmo said:


No they didn't tell them when the data appeared to be compromised. They informed the users when they knew the data was compromised. Sony knew there was a security breach the first day they took the PSN down. Given how drastic a step that is it also says they new the potential seriousness of the breach. That is when they should have told users to cancel cards, change passwords, and monitor credit. They should not have waited a week just to confirm what was taken.

As to negligence, well we will have to see. It could be that any company given the security would have little reason to also encrypt, plus or minus one major hole. It could have been the PS3 being trusted so heavily that opened up the personal data which would be negligence. It could be some guy managed to get private info on a higher up and guess his password through social engineering in which case their security system would hold no fault in this (people are dumb after all). Taking the PSN down still makes me lean at PS3 related, but I again add the caveat that there is no concrete evidence I can back this up with.

@iamaprettyhotguy
So now you are saying Sony is lying to make themselves look worse? Seriously? I try not to pose questions like this to banned users as it seem bad form, but that has me stunned. You seriously think Sony is lying about something that makes the company look bad?

Your logic does make sense, its possible that it is the case, theres other valid logic though. So, Ill let the judge decide whether Sony knew or not and lets not forget, if it was likely enough to justify telling your customer before getting the confirmation.

 

Agreed completely.