By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - Sony Discussion - SoE hacked and is out for the count

dsister on 02 May 2011
thedaftman said:

Well at least no damage has been done because judging by the information provided no CC info has been comprimised, and as far as my street address goes, its on Google Maps, directorys and all types of things they didn't have to hack PSN for that. -_- Lemme game damn it! And I will still support Sony not because I am so fanboy but because nothing was taken from me and thats what matters and it should not have happened but alot of things in life should not happen; yet they do. 


Why are you talking about PSN? This is a thread dedicated to SOE. Who actually did have a whole host of personal information leaked 

http://gamrconnect.vgchartz.com/post.php?id=4033928

Lots and lots of stuff... 



Sig thanks to Saber! :D 

Around the Network
o_O.Q on 02 May 2011

ah yes nsanity... great to see you're on top of any speculation related to the sony hacks as usual...



the_wizard_man on 03 May 2011
fordy said:
the_wizard_man said:
fordy said:
the_wizard_man said:

financial insitutions it's alot more pressing then a gaming company, and all you really told me with that is that Sony isn't the premire of secruity (which I already knew) and you don't know what the industry standard is either, you seem biased because you work for a company that does have a higher industry standard then Sony's industry and it's your job to make sure they have top of the line secruity and any company that doesn't you call negliligent when it might not be realistic for other industries to do so 


What? I'm biased towards security? Shouldn't everyone be? There is no excuse for lax security, especially for one with a revenue as big as Sony.

Security is not a finite resource that has to be shared. There was nothing stopping Sony upgrading to 2.2.17 because my company may have done it, that argument is completely ludicrous.

So tell me, what was so unrealistic of Sony to NOT keep their services up to date? I'd really like to hear this. The company holds sensitive data for millions of users, their assets are one of the largest in the world, yet updating an Apache server is way to damn much to ask for from them!

"Shouldn't everyone be?" With that we enter the freedom vs security argument, and martial law and stuff, everyone would be safer if we were inside before it gets dark, but that isn't realistic for adults but it is for kids, see what I'm getting at 

Uh, no. Where does freedom vs security come into this? Sony aren't keeping data hostage from users. They willingly put their information on there in confidence that Sony had the security to keep it locked away. there's no "exceptions" here. Nobody is whining that the added security wouldn't allow them to do something.

 

They were fine 10 months after they didn't upgrade and if they didn't piss off hackers they'd probably have been fine until they upgraded, and psn is a free service, if you pour too much money into a service you don't charge for the service itself can collapse and thats not good for your customers, and like I said before if you don't know what the indsutry standards are you shouldn't call them negligent, especially when all they lost on the psn servers was stuff most people put on facebook and are on 100 other different sites with next to no security some of them random people are allowed to see the info 

So this is what the defense has come to? "But....everybody else is doing it!" Does that mean it's still right? Of course not! And I'm not speaking from a professional point of view on this one, I'm speaking on the point of a consumer, one that is not a mindless drone who responds with "Yes Sony. you're right, Sony. We're sorry for being bad customers, Sony. We'll do better next time"



Probably went to far with the everyone pro security, but bottom line, the more secrurity you have, the more problems you have in terms of freedom (or accessing) so no not everyone is pro secruity atleast not in the extremes 

More like why are you expecting them to be better then rest, why are you singling them out, you aren't saying companies in general are negligent you are saying Sony is negligent, until you stop singling them out it's a fair critisism 



NoCtiS_NoX on 03 May 2011
twesterm said:

http://kotaku.com/#!5797858/more-than-12700-credit-cards-stolen-from-sony-online-entertainment

They've got to be fucking kidding me.  I've been angry with the PSN hack but it wasn't some unforgiveable thing (though 30 free days of a service I don't want didn't do anything to help, it's more of an insult) but now, if true, I'm about done with Sony with gen.

I was going to continue buying their games and even multi-plats that are better on their system and I was leaning more towards buying an NGP but if true every multi-plat with be on the 360, the NGP is out of the question, and I'm simply borrowing (not even renting) exclusives.

Tsk tsk...

This is the 2nd time you post something that came from Kotaku. Really disappointing, really.


Update: Sony Online Entertainment has issued a notification assuring customers that current credit card information has not been compromised. "There is no evidence that our main credit card database was compromised. It is in a completely separate and secured environment."



fordy on 03 May 2011
the_wizard_man said:
fordy said:
the_wizard_man said:
fordy said:
the_wizard_man said:

financial insitutions it's alot more pressing then a gaming company, and all you really told me with that is that Sony isn't the premire of secruity (which I already knew) and you don't know what the industry standard is either, you seem biased because you work for a company that does have a higher industry standard then Sony's industry and it's your job to make sure they have top of the line secruity and any company that doesn't you call negliligent when it might not be realistic for other industries to do so 


What? I'm biased towards security? Shouldn't everyone be? There is no excuse for lax security, especially for one with a revenue as big as Sony.

Security is not a finite resource that has to be shared. There was nothing stopping Sony upgrading to 2.2.17 because my company may have done it, that argument is completely ludicrous.

So tell me, what was so unrealistic of Sony to NOT keep their services up to date? I'd really like to hear this. The company holds sensitive data for millions of users, their assets are one of the largest in the world, yet updating an Apache server is way to damn much to ask for from them!

"Shouldn't everyone be?" With that we enter the freedom vs security argument, and martial law and stuff, everyone would be safer if we were inside before it gets dark, but that isn't realistic for adults but it is for kids, see what I'm getting at 

Uh, no. Where does freedom vs security come into this? Sony aren't keeping data hostage from users. They willingly put their information on there in confidence that Sony had the security to keep it locked away. there's no "exceptions" here. Nobody is whining that the added security wouldn't allow them to do something.

 

They were fine 10 months after they didn't upgrade and if they didn't piss off hackers they'd probably have been fine until they upgraded, and psn is a free service, if you pour too much money into a service you don't charge for the service itself can collapse and thats not good for your customers, and like I said before if you don't know what the indsutry standards are you shouldn't call them negligent, especially when all they lost on the psn servers was stuff most people put on facebook and are on 100 other different sites with next to no security some of them random people are allowed to see the info 

So this is what the defense has come to? "But....everybody else is doing it!" Does that mean it's still right? Of course not! And I'm not speaking from a professional point of view on this one, I'm speaking on the point of a consumer, one that is not a mindless drone who responds with "Yes Sony. you're right, Sony. We're sorry for being bad customers, Sony. We'll do better next time"



Probably went to far with the everyone pro security, but bottom line, the more secrurity you have, the more problems you have in terms of freedom (or accessing) so no not everyone is pro secruity atleast not in the extremes 

More like why are you expecting them to be better then rest, why are you singling them out, you aren't saying companies in general are negligent you are saying Sony is negligent, until you stop singling them out it's a fair critisism 

they don't have to exceed security standards, but they at least have to be on par with companies carrying sensitive information. They didn't even follow the tips in Apache's security guide:

http://httpd.apache.org/docs/2.2/misc/security_tips.html

Keep up to Date

The Apache HTTP Server has a good record for security and a developer community highly concerned about security issues. But it is inevitable that some problems -- small or large -- will be discovered in software after it is released. For this reason, it is crucial to keep aware of updates to the software. If you have obtained your version of the HTTP Server directly from Apache, we highly recommend you subscribe to the Apache HTTP Server Announcements List where you can keep informed of new releases and security updates. Similar services are available from most third-party distributors of Apache software.

Of course, most times that a web server is compromised, it is not because of problems in the HTTP Server code. Rather, it comes from problems in add-on code, CGI scripts, or the underlying Operating System. You must therefore stay aware of problems and updates with all the software on your system.

 

As you can see, it's not that hard to keep up to date. Apache themselves has an announcements list, which only requires a hookup to a feed reader.

Didn't you read my earlier post? I criticize ANY company who has sensitive information taken from them. I'm not a fanboy who kicks up a stink because somebody criticizes about his favourite company.



Around the Network
the_wizard_man on 03 May 2011
Tony_Stark said:
dsister said:
Tony_Stark said:

No, no they clearly did not, PSN was hacked through a modded PS# something Sony didn't believe was possible, they didn't even take proper security measures to guard against it. So seriously, stop trying to defend this.


@bolded

Really? Link!  O.o 


Correction, Judging from what I've read here, that was probably speculation. http://www.extremetech.com/article2/0,2845,2384369,00.asp

Doesn't matter though, Sony's network security clearly wasn't up to par.

So then you know what par is? Like I have been saying no proof Sony was behind the industry standards, if they are thats one thing but I'd like proof of that if they aren't they are either unlikely or industry standards are lacking 



the_wizard_man on 03 May 2011
Nsanity said:

Sony says 25 million more users at risk in second data hack.

http://www.reuters.com/article/2011/05/03/sony-idUSN0224988320110503

lol at facebook games because of personal info leak, most people have their address displayed on facebook



the_wizard_man on 03 May 2011
fordy said:
they don't have to exceed security standards, but they at least have to be on par with companies carrying sensitive information. They didn't even follow the tips in Apache's security guide:

http://httpd.apache.org/docs/2.2/misc/security_tips.html

Keep up to Date

The Apache HTTP Server has a good record for security and a developer community highly concerned about security issues. But it is inevitable that some problems -- small or large -- will be discovered in software after it is released. For this reason, it is crucial to keep aware of updates to the software. If you have obtained your version of the HTTP Server directly from Apache, we highly recommend you subscribe to the Apache HTTP Server Announcements List where you can keep informed of new releases and security updates. Similar services are available from most third-party distributors of Apache software.

Of course, most times that a web server is compromised, it is not because of problems in the HTTP Server code. Rather, it comes from problems in add-on code, CGI scripts, or the underlying Operating System. You must therefore stay aware of problems and updates with all the software on your system.

 

As you can see, it's not that hard to keep up to date. Apache themselves has an announcements list, which only requires a hookup to a feed reader.

Didn't you read my earlier post? I criticize ANY company who has sensitive information taken from them. I'm not a fanboy who kicks up a stink because somebody criticizes about his favourite company.

Again what proof do you have that they are behind any companies with equally sensitive information (btw I don't think your name and date of birth is sensitive or your address is all that sensitive either) again address not all that sensitive and nothing else is even close, so yeah and again no proof they are behind the industry standards and you have yet to call any other company or companies in general what you have been calling Sony 



fordy on 03 May 2011
the_wizard_man said:
fordy said:
they don't have to exceed security standards, but they at least have to be on par with companies carrying sensitive information. They didn't even follow the tips in Apache's security guide:

http://httpd.apache.org/docs/2.2/misc/security_tips.html

Keep up to Date

The Apache HTTP Server has a good record for security and a developer community highly concerned about security issues. But it is inevitable that some problems -- small or large -- will be discovered in software after it is released. For this reason, it is crucial to keep aware of updates to the software. If you have obtained your version of the HTTP Server directly from Apache, we highly recommend you subscribe to the Apache HTTP Server Announcements List where you can keep informed of new releases and security updates. Similar services are available from most third-party distributors of Apache software.

Of course, most times that a web server is compromised, it is not because of problems in the HTTP Server code. Rather, it comes from problems in add-on code, CGI scripts, or the underlying Operating System. You must therefore stay aware of problems and updates with all the software on your system.

 

As you can see, it's not that hard to keep up to date. Apache themselves has an announcements list, which only requires a hookup to a feed reader.

Didn't you read my earlier post? I criticize ANY company who has sensitive information taken from them. I'm not a fanboy who kicks up a stink because somebody criticizes about his favourite company.

Again what proof do you have that they are behind any companies with equally sensitive information (btw I don't think your name and date of birth is sensitive or your address is all that sensitive either) again address not all that sensitive and nothing else is even close, so yeah and again no proof they are behind the industry standards and you have yet to call any other company or companies in general what you have been calling Sony 

Are you goddamned dense?

Sony's version level: 2.2.15

Version available at time of the hack: 2.2.17 (By open source standards, this IS the industry standard, as dictated even by Apache)

Do you realise how supidly childish your comments are? Your last sentence translates to "Waah....but you didn't call him names!" and if you paid attention and took off your rose tinted glasses you'd see that I criticized Apple earlier in this very thread!If you honestly wish to lose any shred of credibility you have left here, please by all means, continue...



the_wizard_man on 03 May 2011
fordy said:
the_wizard_man said:
fordy said:
they don't have to exceed security standards, but they at least have to be on par with companies carrying sensitive information. They didn't even follow the tips in Apache's security guide:

http://httpd.apache.org/docs/2.2/misc/security_tips.html

Keep up to Date

The Apache HTTP Server has a good record for security and a developer community highly concerned about security issues. But it is inevitable that some problems -- small or large -- will be discovered in software after it is released. For this reason, it is crucial to keep aware of updates to the software. If you have obtained your version of the HTTP Server directly from Apache, we highly recommend you subscribe to the Apache HTTP Server Announcements List where you can keep informed of new releases and security updates. Similar services are available from most third-party distributors of Apache software.

Of course, most times that a web server is compromised, it is not because of problems in the HTTP Server code. Rather, it comes from problems in add-on code, CGI scripts, or the underlying Operating System. You must therefore stay aware of problems and updates with all the software on your system.

 

As you can see, it's not that hard to keep up to date. Apache themselves has an announcements list, which only requires a hookup to a feed reader.

Didn't you read my earlier post? I criticize ANY company who has sensitive information taken from them. I'm not a fanboy who kicks up a stink because somebody criticizes about his favourite company.

Again what proof do you have that they are behind any companies with equally sensitive information (btw I don't think your name and date of birth is sensitive or your address is all that sensitive either) again address not all that sensitive and nothing else is even close, so yeah and again no proof they are behind the industry standards and you have yet to call any other company or companies in general what you have been calling Sony 

Are you goddamned dense?

Sony's version level: 2.2.15

Version available at time of the hack: 2.2.17 (By open source standards, this IS the industry standard, as dictated even by Apache)

Do you realise how supidly childish your comments are? Your last sentence translates to "Waah....but you didn't call him names!" and if you paid attention and took off your rose tinted glasses you'd see that I criticized Apple earlier in this very thread!If you honestly wish to lose any shred of credibility you have left here, please by all means, continue...

So in otherwords you have no proof that majority of companies who have the same kind of info that Sony have updated anymore then they have