|
-
Quote:
Originally Posted by Jokersvirus
The attack occurred on April 16-17
two days later, april 19, Sony detects the breach. That is... scary right there. Your network had unauthorized personnel in it and it takes you two days after the attack to detect it? Yes, security is a bit... out of date...
April 20, they shut down the network due to technical issues. This is where they should have been forth coming and said they were attacked and explain the breach.
April 26 they call the FBI. 10 days after the attack they call the FBI, it had to be an investigation that was either done very slowly and throughly OR they were trying to make up some BS execuse as to why it was down.
I agree 9 days after the attack they call for FBI? Why not when they detected the breach? For that we cant hold it against them unless they didnt do what they were suppose to. They could have had protocol to follow and what not to do their own internal investigation to make a determinacy that it was a hacker attack. There is alot of information missing but the time is really screwed up. But again there is information we are missing like what happened after they detected the breach. I would love to see their protocol on what they do when a breach is detected.
http://www.youtube.com/watch?v=QVU6v53ow8k
it seems pretty stupid they couldnt detect it straight away, you would think sony being the size it is would have measures in place to prevent it, hopefully they will learn from this (probably not) and it wont happen again (same time next year)
-
Quote:
Originally Posted by Jokersvirus
The attack occurred on April 16-17
two days later, april 19, Sony detects the breach. That is... scary right there. Your network had unauthorized personnel in it and it takes you two days after the attack to detect it? Yes, security is a bit... out of date...
April 20, they shut down the network due to technical issues. This is where they should have been forth coming and said they were attacked and explain the breach.
April 26 they call the FBI. 10 days after the attack they call the FBI, it had to be an investigation that was either done very slowly and throughly OR they were trying to make up some BS execuse as to why it was down.
I agree 9 days after the attack they call for FBI? Why not when they detected the breach? For that we cant hold it against them unless they didnt do what they were suppose to. They could have had protocol to follow and what not to do their own internal investigation to make a determinacy that it was a hacker attack. There is alot of information missing but the time is really screwed up. But again there is information we are missing like what happened after they detected the breach. I would love to see their protocol on what they do when a breach is detected.
Quote:
Originally Posted by Sony Hack Attack Protocol
1.Scratch balls
2.Repeat
3.?????
4.PROFIT
(5. call FBI if bored.)
But didn't a SOE breach happen even before the 16th? The one where 25m other accounts and a credit card database of 10k non-US users had been stolen? And they didn't even notice that until May.
I have of course no clue whatsoever how hacking works, but I think depending on how they gained access, if it was a subtle way like via exploit or sniffing, they could've concealed themselves well among the thousands of employees/users with access to the servers.
I'm not sure that there are tripwires that cause an alarm if you enter the server. Although there should be... ò_Ó, bad Sony, bad!
Sonys imaginary security aside, waiting 10 days before calling the FBI is... madness. And while I understand that they wanted to keep this whole thing low profile, which ended up biting them on the ass, I'm not quite sure whether the FBI are publicity whoars who have a meeting with the media every afternoon to discuss new glamorous cases of crime.
But then again, the messenger pigeon has to fly from the Sony servers in the USA all the way to Sony HQ in Japan, then they have to discuss what to do next over some sushi and sake, and then they have to send the pigeon back to America with the reaction. I can imagine that may take some time.
Maybe it was even an inside job. Or maybe they just spoofed the access logs to make it look like stuff was stolen.
But then again, good hackers would have spoofed the access logs, and nobody would have found out about this ever.
So is this a fail hack?
OR maybeee... they left it the way it was on purpose, to get Sony cranky which would lead to the status quo.
Then it was a masterpiece.
If this was the work of professionals, it was clearly to sabotage Sony, I don't think the theft of the data was so important at this point. Because whaddya gonna do with a big list of names, addresses and logins? Passwords are hashed anyway so that's useful. Credit card info, debatable; number + expiration date is only occasionally useful, not much use without the pin.
Also credit card fraud is rather risky because it's more traceable.
So if this whole thing was performed just to expose how Sony handled the trust of their customers, it was a 100% positive result.
But the biggest poop Sony made was the massive delay. In case the stolen data was mistreated, not warning the users about it, was just giving the thieves more time, not reporting it to the FBI, the same.
Two days time until detection is a century in internet time, 48 hours in a situation in which every lost minute is a disaster on its own is a screwup of stellar dimensions. Maybe Sony realized that and decided that damage control is pointless at the time, so they didn't rush it with informing the FBI.
Naaah, that's dumb. But so is the unreasoned waiting.
Maybe it was all a prank on Sonys behalf, because they wanted to see how far the can go with "there is no such thing as bad publicity."
But I have one question:
How badly, if at all, can Sony be sued for this? (In the USA)
-
Quote:
Originally Posted by Havoc
But I have one question:
How badly, if at all, can Sony be sued for this? (In the USA)
It would all depend. If enough harm is done, pretty damn bad. They'd definitely try to settle outside of court, though.
-
Quote:
Originally Posted by Havoc
But I have one question:
How badly, if at all, can Sony be sued for this? (In the USA)
I dont really think they can be, they arent obliged to provide the PSN service as you are not paying for it, the only thing can be sued for is the loss of private data, but they will only compensate the amount lost.
-
How can sony be sued? Yes they were breached and what not but thats not their fault, their security was bad it shows by two attacks however there is no standard to base security off of so they did what they thought was best for the information so really you cant sue Sony. If they didnt take any steps to protect the information than yes sue them.
-
Well, in America people who try to dry their dog after bathing it in a microwave sue the manufacturer for not putting on a giant sign: "GET SOME COMMON SENSE MORONS!" on the machine. (No offense my USfriends, stupid people are everywhere, I'm just pointing out that lawsuits are apparently very popular in the US.)
So I can imagine that people, lots of people, will try to sue Sony for inadequate protection of their trusted personal data, like the imaginary firewall Sony was sporting or the lack of encryption on the data.
Also in court this would be a huge popularity lawsuit, depending on how many of those 77m+ users will try to sue Sony, and how many of those are lawyers/have dads who are lawyers.
-
They can sue all they want however, I believe i said this in another thread i dont remember at this moment, If Sony was not stupid in their duty to protect the data, meaning they had security in place and it wasnt just in the open for the taking they took steps to protect the data. Unless their is some law that says they have to meet certain requriements on security measures for such data I think any and all lawsuits will fall through.
Some of those people could be lawyers but since Sony is HUGE im willing to bet they got some grade A lawyers ready to fight.
-
Don't worry everyone who has a PS3, I have great news.................Xbox Live is still working fine : D
-
you know, its getting mad difficult finding games that have good replay value. its all about add-on (content) to keep your game on. =\
I can't believe rumors anymore. (it will be back on the 3rd, wait no, make that the 6th, or the 7th? or tomorrow? the next day? etc.)
-
Quote:
Originally Posted by Echo
Don't worry everyone who has a PS3, I have great news.................Xbox Live is still working fine : D
OMG Echo!! LOLOLOL!!!!! Well yeah, If PSN doesnt come back soon my new favoroute will be XBOX and the reason why i love the PS3 more is because SONY was my VERY FIRST game system i owned and it was fun! : D
|
» Site Navigation
» Friends
» Recent Threads
» Sponsors
|
