Poll: What did Sony do wrong?

[ImSkeletor]

MovieBob did a great episode on Sony on his Game Overthinker show

http://gameoverthinker.blogspot.com/2010/08/episode-39-emperor-has-no-clothes.html

What the heck does that have to do with this? All he did was talk about what caused the sales decline.

 

[ImSkeletor]

It's not either/or. I blame both the hackers (whom I want to see put in jailed and fined into oblivion. Seriously, fine them so much that they will have no life to come back to once their sentence is served) and Sony (who are paying the price for slack security).

Get that? I blame BOTH. I don't know who started this either/or stuff with the blame, but just stop.

I never said it was either or. i just asked if you put any real blame on Sony.

 

[Gigatoast]

This is like saying that if you cut someone off in traffic and the chase you down and shoot you it's your own fault

Nooo, it more like saying if you flipped off a known serial killer on the highway, then they chased you down and shot you. OR if you bought a ton of really rare art and started up an art museum, then neglected to instal a security system, then got robbed.

 

[Astoria]

I've been wondering this too. It's hardly like Sony said hey here's all our information have it. It's not their fault that they were hacked. If you wanna sue someone sue the ones who are actually in the wrong.

 

[CHooe]

Obviously it's the hackers' fault for hacking Sony's system in the first place, but Sony has to be blamed for their borderline negligence with regard to the archaic security on their servers and lack of modern encryption on communications with their servers. They were cutting corners, and they paid for it with this massive security breach.

The system was not archaic or out of date. A more recent investigation says they had the most recent version.

The whole out of date argument arose because some guy said that a while back he apparently witnessed Sony employees posting on a public forum the (out of date) version they are currently using.

As for the encryption (or lack thereof), they encrypted the CC info. They cut the same amount of corners as any other company would have. If you think every company out there has your name and address etc. fully encrypted because they feel some kind of loyalty to you then you are wrong.

Admittedly I haven't stayed fully on-top of the situation as I haven't been personally affected by it, but the last thing that I had read was that Sony was in-fact NOT encrypting messages containing credit card names, numbers, and expiration dates between user and server, as illustrated in what was allegedly a chat log of the hackers. According to these logs those messages were being sent as unencrypted plaintext, which is unheard of in this day and age. Was that debunked? If so, I missed it.

I don't doubt that other companies cut corners, and I don't mean to ruffle feathers, but I don't feel that Sony can simply be excused for what has happened. Hacks on this scale aren't everyday occurrences.

 

[TelHybrid]

There's 2 arguments really.

There's the argument that "no matter how foolproof a system is, it's still hackable", in Sony's favour. Yes the hackers are at fault, but it goes without mentioning that they're pricks, as it's so obvious.

There's the other side that although any system is hackable, it's arguable that Sony are at fault for not putting in place enough preventative measures. Various sources have implied that Sony's security was severely lack, potentially due to them relying on the hardware rather than using any software encryption. In fact I'm fairly certain I read on this very website that they didn't even have any firewalls.

The fact of the matter is the consumers trusted private sensitive information to a corporation, and that corporation let them down. This is fact, not opinion.

People like the OP are too eager to bend over backwards and accept corporate bullshit, and this is why many big businesses get away with such things these days.

Consumers need to go back to demanding better service.

"Oh but isn't PSN free?". Well if someone's used their credit card details then they've obviously paid for something. How would you react if paypal or amazon leaked your credit card information? Just because something isn't subscription based shouldn't mean it should be slack with security.

"Haha this is why Xbox Live is better and deserves to be paid for, they keep information safe". We shouldn't have to pay for security in regards to sensitive information. That should be a given anywhere you pay for something. Saying Xbox Live fees are acceptable based on those grounds really is the sign of a really dumb and spineless consumer.
The only extra features that gold members get that incur any cost towards Microsoft is the chat feature. That's all. I'll take skype, teamspeak, xfire, any of those really.

 

[bob1052]

Admittedly I haven't stayed fully on-top of the situation as I haven't been personally affected by it, but the last thing that I had read was that Sony was in-fact NOT encrypting messages containing credit card names, numbers, and expiration dates between user and server, as illustrated in what was allegedly a chat log of the hackers. According to these logs those messages were being sent as unencrypted plaintext, which is unheard of in this day and age. Was that debunked? If so, I missed it.

I don't doubt that other companies cut corners, and I don't mean to ruffle feathers, but I don't feel that Sony can simply be excused for what has happened. Hacks on this scale aren't everyday occurrences.

On one hand we have Sony saying it was encrypted, and on the other hand we have anonymous (not part of the "group") people in the chat log who may or may not have been involved with Anonymous (the "group") saying it was. He said she said etc.

All we can really do is look at the data which has been published, none containing CC info, and the reports of fraud, which I haven't heard of any.

 

[Traun]

Sony are responsible for handling the user data, if something happens they are the one hold accountable. People are just holding them up to the responsibilities they've taken upon themselves.

 

[brinvixen]

I have recently seen a lot of hate at Sony because of recent events but why? Some scumbag hackers got in. Why is that all Sony's fault? Why are we filing law suits against them? There may be a very good reason for it, but as of now I don't see it. As a PS3 owner I kind of want to know what that is.

I'm with you. I own a PS3, and when all this started I didn't suddenly feel the urge to go burning Sony at the stake. I felt that they handled everything rather well, especially after reading the article that says that within a week of realizing something wrong, they hired three security teams to check things out. And every since their first information release, they've been giving customers a stream of data every time they learn something new.

People get their credit cards stolen all the time. They don't suddenly attack Discover, or Mastercard and call them villains or whatever. They just cancel the card until things blow over, then reactivate said card. If you were one of those people worried that the hackers got your credit card number, call your company and cancel it. No. Big. Deal.

I'd have been worried if Sony was some run-of-the-mill nobody company (like if this happened with the Minecraft people maybe). But Sony is huge. They have billions of dollars at their disposal. They're going to take care of things. The most I can be is surprised that this happened -- that they are hackers able to get into the system. But I have no reason to be filled with rage and constantly send attacks Sony's way.

 

[Rottweiler]

If you put your money in a Bank, you accept that they will keep it safe. If they don't, or don't live up to their claims of security, or allow your sensitive info to be stolen, of course you're going to hold them responsible.

Part of it is that Sony is a massive company, and has advertised its power and security publicly.

 

[gsf1200]

Sony deserves anything that happens to them. Does anyone remember when they installed rootkits on peoples computers? And not only that, they were poorly written rootkits. Sony has been run by idiots for years now. Read this: http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal

 

[gmaverick019_v1legacy]

The only thing Sony did wrong was handle the Geohot thing rather ungraciously. It's the mess that arguably started this.

roughly this, otherwise your information is always out there. period. change your cards and your good to go mostly, all that other stuff is out there anyways usually for people to find out.

 

[Joshica Huracane]

They got on the wrong side of some people who they really shouldn't have. I'm not entirely certain it relates, but in my mind, the whole Geohotz/Anonymous/Hacker community thing could have been handled better. As for their security, I think nothing is 100% secure, so I can't personally fault them for that.

 

[teh_spartan]

HOW CAN YOU NOT BLAME SONY THEIR SECURITY SYSTEM WAS FAULTY! Thats like not subprime mortgages for the economy collapse. sony is 100% accountable for what happened! they knowing ly had security flaws that they over looked!

 

[neurohazzard]

I blame the hackers AND sony, but the thing is, I expect hackers to hack stuff (that's kinda their thing), but I would also expect sony to used security measures that are stronger than a wet paper towel. I guess I shouldn't be surprised though, sony has a long history of not giving a damn about their customers.

 

[teh_spartan]

look up

They got on the wrong side of some people who they really shouldn't have. I'm not entirely certain it relates, but in my mind, the whole Geohotz/Anonymous/Hacker community thing could have been handled better. As for their security, I think nothing is 100% secure, so I can't personally fault them for that.

while impractical there are solutions that are 100% secure
its called "quantum cryptography"

http://www.nato.int/science/studies_and_projects/nato_funded/pdf/982735.pdf
http://www.gizmag.com/quantum-cryptography-secure-communication/16875/

 

[Ian Caronia]

Well it's not like it was just some random attack, obviously Sony did something to piss someone off. Assuming their network security was actually up to snuff, that someone is apparently a hell-of-a force to be reckoned with. And if the reason they got hacked was because they had shoddy network security then it IS their fault.

Besides, Sony isn't really the only victim here, it's not like THEIR credit card information was stolen.

Yep, pretty much damned if you do, damned if you don't situation at this point for them.
Shitty security = Sony is partially at fault
Great security? Well then: shitty timing on disclosing incredibly important information that could've saved people their financial security = Sony is partially at fault

It's true, mate. Anything can be hacked. Even the most air tight security can eventually be hacked (maybe, at some point, after like years of work). However, last time I checked, the hackers didn't steal Sony's ability to communicate with it's consumers who were in MAJOR danger.
Whether you blame Sony for being hacked or not, Sony deserves the international derision, and anybody who thinks they don't is being ridiculous.

Perfect explanation for what I and others are saying:
http://www.gamesradar.com/f/why-you-shouldnt-blame-sony-for-the-psn-mess-and-why-you-really-really-should/a-20110427114345836073

 

[Jaded Scribe]

The only thing Sony did wrong was handle the Geohot thing rather ungraciously. It's the mess that arguably started this.

Geohot got what he deserved, that douchebag.

Because people are idiots. They were hacked. If anything people should be mad about the delay in getting the news that its possible their info could have been compromised.

^^This.

Delaying press release was bad. NOTHING is unhackable (at least if it has internet access), so I don't really blame Sony for getting hacked.

 

[Veylon]

I've been wondering this too. It's hardly like Sony said hey here's all our information have it.

Actually, this is exactly what happened. The hackers didn't seize Sony's server buildings and take hard drives by force. They asked nicely (in computer protocol terms) and Sony's servers sent them the entire motherlode. Sony has total power over, and responsibility for, what their servers do.

First off, any IP asking for more than one account should have been a red flag. A huge unprecedented spike in account details should've been a bigger red flag.
Second off, no account data should've been given without the user password. Said password should never have been stored, only hashed.
Third off, no server accessible to the outside should have credit card numbers, let alone send them to anyone except the credit card system.

Sony alone is responsible for the security hole in PSN they created. No modded chip, no one special number should have allowed access to millions of users' account details.

And, yes, the hackers should be caught, convicted, and incarcerated for taking advantage of this.