By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - Sony - SoE hacked and is out for the count

o_O.Q on 03 May 2011

he has no proof of that because to even suggest something like this "behind any companies with equally sensitive information" is preposterous.... companies leak sensitive info on their customers all the time as i mentioned before it is not an issue isolated to sony... but because the media is focused on sony people tend to miss these things... in fact this report was posted recently ( yesterday actually ) :

gsmarena ( dot ) com/android_location_tracking_troubles_sound_familiar-news-2586.php

apparently android has a similar locatin leaking feature as iphone... but of course no one is paying attention to this because at this point in time the attention is on sony... you have to admit that there is unbelievable irony when, for example an iphone owner berates sony for their leak but is woefully unaware that his/her phone is leaking just as much info

 



Around the Network
fordy on 03 May 2011
the_wizard_man said:
fordy said:
the_wizard_man said:
fordy said:
they don't have to exceed security standards, but they at least have to be on par with companies carrying sensitive information. They didn't even follow the tips in Apache's security guide:

http://httpd.apache.org/docs/2.2/misc/security_tips.html

Keep up to Date

The Apache HTTP Server has a good record for security and a developer community highly concerned about security issues. But it is inevitable that some problems -- small or large -- will be discovered in software after it is released. For this reason, it is crucial to keep aware of updates to the software. If you have obtained your version of the HTTP Server directly from Apache, we highly recommend you subscribe to the Apache HTTP Server Announcements List where you can keep informed of new releases and security updates. Similar services are available from most third-party distributors of Apache software.

Of course, most times that a web server is compromised, it is not because of problems in the HTTP Server code. Rather, it comes from problems in add-on code, CGI scripts, or the underlying Operating System. You must therefore stay aware of problems and updates with all the software on your system.

 

As you can see, it's not that hard to keep up to date. Apache themselves has an announcements list, which only requires a hookup to a feed reader.

Didn't you read my earlier post? I criticize ANY company who has sensitive information taken from them. I'm not a fanboy who kicks up a stink because somebody criticizes about his favourite company.

Again what proof do you have that they are behind any companies with equally sensitive information (btw I don't think your name and date of birth is sensitive or your address is all that sensitive either) again address not all that sensitive and nothing else is even close, so yeah and again no proof they are behind the industry standards and you have yet to call any other company or companies in general what you have been calling Sony 

Are you goddamned dense?

Sony's version level: 2.2.15

Version available at time of the hack: 2.2.17 (By open source standards, this IS the industry standard, as dictated even by Apache)

Do you realise how supidly childish your comments are? Your last sentence translates to "Waah....but you didn't call him names!" and if you paid attention and took off your rose tinted glasses you'd see that I criticized Apple earlier in this very thread!If you honestly wish to lose any shred of credibility you have left here, please by all means, continue...

So in otherwords you have no proof that majority of companies who have the same kind of info that Sony have updated anymore then they have

Once again, back to the "everyone else is doing it" fallacy. If "other companies" are doing the same thing, then I look forward to bashing them out too when their info is breached.

Here are the main points:

- Apache had an update available for the past 11 months. In fact, they had 2

- Sony didn't implement it

- Hackers used a well known exploit fixed by said updates to get to sensitive information.

 

No ifs, buts or whats. That is negligence, full stop. Are you going to defend BP next? "Well, Exxon also don't provide routine maintenance to their oil rigs. BP doesn't deserve this!" Your stance is a goddamn joke!



the_wizard_man on 03 May 2011
o_O.Q said:

he has no proof of that because to even suggest something like this "behind any companies with equally sensitive information" is preposterous.... companies leak sensitive info on their customers all the time as i mentioned before it is not an issue isolated to sony... but because the media is focused on sony people tend to miss these things... in fact this report was posted recently ( yesterday actually ) :

gsmarena ( dot ) com/android_location_tracking_troubles_sound_familiar-news-2586.php

apparently android has a similar locatin leaking feature as iphone... but of course no one is paying attention to this because at this point in time the attention is on sony... you have to admit that there is unbelievable irony when, for example an iphone owner berates sony for their leak but is woefully unaware that his/her phone is leaking just as much info

Exactly my point and Sony seems to be the only one trying to go after the people exploiting it and strenghing their secruity so when people are soley bashing Sony it annoys me, if they say like the industry standard for security is attrocious and it is the reason these things happen thats fine but they don't they call Sony negligent and it just annoys me 



the_wizard_man on 03 May 2011
fordy said:
Once again, back to the "everyone else is doing it" fallacy. If "other companies" are doing the same thing, then I look forward to bashing them out too when their info is breached.

Here are the main points:

- Apache had an update available for the past 11 months. In fact, they had 2

- Sony didn't implement it

- Hackers used a well known exploit fixed by said updates to get to sensitive information.

 

No ifs, buts or whats. That is negligence, full stop. Are you going to defend BP next? "Well, Exxon also don't provide routine maintenance to their oil rigs. BP doesn't deserve this!" Your stance is a goddamn joke!

The fact that you are only bashing Sony when dozens if not hundreds of companies did the same thing is a joke



fordy on 03 May 2011
the_wizard_man said:
fordy said:
Once again, back to the "everyone else is doing it" fallacy. If "other companies" are doing the same thing, then I look forward to bashing them out too when their info is breached.

Here are the main points:

- Apache had an update available for the past 11 months. In fact, they had 2

- Sony didn't implement it

- Hackers used a well known exploit fixed by said updates to get to sensitive information.

 

No ifs, buts or whats. That is negligence, full stop. Are you going to defend BP next? "Well, Exxon also don't provide routine maintenance to their oil rigs. BP doesn't deserve this!" Your stance is a goddamn joke!

The fact that you are only bashing Sony when dozens if not hundreds of companies did the same thing is a joke

Then tell me the companies, and make sure you provide the proof that the hack was from the cause of an exploit that was fixed 11 months ago.



Around the Network
the_wizard_man on 03 May 2011
fordy said:
the_wizard_man said:
fordy said:
Once again, back to the "everyone else is doing it" fallacy. If "other companies" are doing the same thing, then I look forward to bashing them out too when their info is breached.

Here are the main points:

- Apache had an update available for the past 11 months. In fact, they had 2

- Sony didn't implement it

- Hackers used a well known exploit fixed by said updates to get to sensitive information.

 

No ifs, buts or whats. That is negligence, full stop. Are you going to defend BP next? "Well, Exxon also don't provide routine maintenance to their oil rigs. BP doesn't deserve this!" Your stance is a goddamn joke!

The fact that you are only bashing Sony when dozens if not hundreds of companies did the same thing is a joke

Then tell me the companies, and make sure you provide the proof that the hack was from the cause of an exploit that was fixed 11 months ago.

Just because they haven't been hacked doesn't mean they've updated a fact you seem to be missing 



Xbbjf9s on 03 May 2011
the_wizard_man said:
fordy said:
Once again, back to the "everyone else is doing it" fallacy. If "other companies" are doing the same thing, then I look forward to bashing them out too when their info is breached.

Here are the main points:

- Apache had an update available for the past 11 months. In fact, they had 2

- Sony didn't implement it

- Hackers used a well known exploit fixed by said updates to get to sensitive information.

 

No ifs, buts or whats. That is negligence, full stop. Are you going to defend BP next? "Well, Exxon also don't provide routine maintenance to their oil rigs. BP doesn't deserve this!" Your stance is a goddamn joke!

The fact that you are only bashing Sony when dozens if not hundreds of companies did the same thing is a joke

didn't citibank get hacked a month or so ago? We we taking about the hack and my boss was sayig that sy wasn't the only one, for some reasn we think it's citibank lol.



o_O.Q on 03 May 2011

well sony were negligent with their security to an extent hes right on that... but as i demonstrated leaking of users' personal info is common among networks like these... furthermore yes you are right in saying that sony is one of the rare cases where a company tries to retaliate against hackers ( and funny enough faces opposition for trying to protect its investment and consumers ). In addition they are provide measures to mitigate against the effects of the attack ( if there are any ).



the_wizard_man on 03 May 2011
o_O.Q said:

well sony were negligent with their security to an extent hes right on that... but as i demonstrated leaking of users' personal info is common among networks like these... furthermore yes you are right in saying that sony is one of the rare cases where a company tries to retaliate against hackers ( and funny enough faces opposition for trying to protect its investment and consumers ). In addition they are provide measures to mitigate against the effects of the attack ( if there are any ).

negligence is relative, if no other company in their industry does better it's not negligence it's poor practices in the industry, which I would agree with



fordy on 03 May 2011
the_wizard_man said:
fordy said:
the_wizard_man said:
fordy said:
Once again, back to the "everyone else is doing it" fallacy. If "other companies" are doing the same thing, then I look forward to bashing them out too when their info is breached.

Here are the main points:

- Apache had an update available for the past 11 months. In fact, they had 2

- Sony didn't implement it

- Hackers used a well known exploit fixed by said updates to get to sensitive information.

 

No ifs, buts or whats. That is negligence, full stop. Are you going to defend BP next? "Well, Exxon also don't provide routine maintenance to their oil rigs. BP doesn't deserve this!" Your stance is a goddamn joke!

The fact that you are only bashing Sony when dozens if not hundreds of companies did the same thing is a joke

Then tell me the companies, and make sure you provide the proof that the hack was from the cause of an exploit that was fixed 11 months ago.

Just because they haven't been hacked doesn't mean they've updated a fact you seem to be missing 

That's perfectly fine...BUT as soon as that negligence results in the loss of customer data to hackers, expect the lynch mob to come knocking at their door.

You could leave the stove on all day at your house. Nobody is stopping you, but you wont get any sympathy if your house burns to the ground because of it.