Sony Website Hacked By the "Lulz Boat"

[faspxina]

So... are PSN users in danger again?

 

[Kopikatsu]

Jesus, what's with all the hacker hate? They aren't hurting people. They're just pointing out a whole in a dam. Thanks to their actions, countless companies are realizing their own vulnerabilities and fixing them, protecting our data.

Let's face it, it we had the equivalent of grey-hat hackers for the banking industry 6 years ago, do you have any idea how many people would still have their homes? Sometimes the only way to convince someone of their gaping wound is to poor salt in it, and maybe they're pissed about it now, but they're better off than if the bled out and died.

They posted hundreds of thousands of names, phone numbers, addresses, usernames, passwords, and other various information with the note 'Plunder what you can!' and 'Go wild!' written on the top of the files. Some people have had their accounts stolen due to using the same password/username for multiple sites. So bullshit.

So... are PSN users in danger again?

No, this is Sony Pictures. SCE is something completely different.

 

[Sikratua]

This is getting stupid now okay I'm just going to say that there's no point in lying about their methods, I really can't see a reason why they would do that. Yes saying it's SQL Injection makes it look easy but honestly, if it were some other method they would have said so and then what would everyone be crying about? "OMG These hackers are terrible, they used BLIND Sql Injection, it was actually difficult to hack into Sony's database so that means their security was actually moderately good but their DB still got hacked! So.. Sony isn't so bad but their security was still pretty shit...Wahhhh".

It won't make a huge difference if it turned out it was something else so why lie about it? Bottom line is that Sony was hacked into again, PERIOD, whether it was sort of hard or really easy isn't the point. The point is that they were hacked into again because their security isn't amazing for the large company it is. This wasn't a complicated statement and the fact that people have found something to argue about and call deceptive is fucking beyond me.

Nicely shoveled.

The difference here is the difference between "Sony upped their defenses, but someone still beat them," and "Jesus H. Christ! Sony doesn't fucking care! Fuck Sony!"

Guess which one of those is happening. Are you seriously trying to ignore that?

 

[Asehujiko]

But, moving past your failed analogy, Sony is only guilty of this level of ineptitude IF you take a group of confessed criminals completely at their word. Why are you doing that, again?

Your entire argument hinges on the assumption that to be a hacker, you have to be a pathological liar about things the entire hacking scene would call you out on in minutes if it were false and get away with it.

This isn't CSI, where people are completely incapable of telling the truth unless the lead investigator is beating them around the head with a bag of evidence the size of his car and until you stop basing your views on that, I'm done talking to you.

 

[Blackpapa]

Don't try to insultingly make me out as some conspiracy nut as I have not even remotely claimed anything as ludicrous as you are trying to paint me. I'm not thinking of a conspiracy here. Only that they can easily skew facts. They could lie about how much information they stole (as they only gave a few), they could lie how long it took, they could lie about the methods used, they could lie about the security measures, they could lie about how much resources they need to gouge money off of people, they could lie about a dozen things in this situation. Why the hell should I trust these hackers when I can't trust anybody in this situation?

It is not a good idea to take any group's info at face value. That is what some people are doing here. I'm being skeptical of every bit of info that they toss out. Considering that they've got some bones to pick with Sony, I doubt they'd be above skewing the facts.

I was actually going for something even more far-fetched then I realized I probably could publish it as a short story.

No, I'm not implying that's the way you think. It's called a hyperbole, and it's meant to be funny - some figures of speech don't translate well to text, unfortunately.

Obviously nothing should be taken as a fact and blindly accepted as status quo. It's so obvious that I don't think it's not even worth mentioning - we're all weighing the odds and coming to conclusions.


Whatever the case, Sony has been humiliated once more. Sure, Japan's Sony-branded music store is run by completely different people than PSN. But both fall under a common brand. One would think the people pulling the strings aren't imbeciles and figured out they need to prioritize security everywhere, understand the concept of threat prevention, security and testing. Nada, zilch. Nobody's home, go away.

Apparently Sony is stupid - since customer data is free why should they invest to protect it? But this will teach them responsibility - since apparently the only responsibility they ever accept is to their shareholders. This is a very carrot and stick situation, but if there's no other way then I can only express my full support of the people who are making this change happen.

 

[Sikratua]

But, moving past your failed analogy, Sony is only guilty of this level of ineptitude IF you take a group of confessed criminals completely at their word. Why are you doing that, again?

Your entire argument hinges on the assumption that to be a hacker, you have to be a pathological liar about things the entire hacking scene would call you out on in minutes if it were false and get away with it.

This isn't CSI, where people are completely incapable of telling the truth unless the lead investigator is beating them around the head with a bag of evidence the size of his car and until you stop basing your views on that, I'm done talking to you.

Meanwhile, your entire arguement depends on those same hackers being paragons of virtue and honety, ignoring the fact that honest people don't brag about committing felonies, mainly because they don't commit felonies. Guess which one I think is more likely.

As a general rule, I go out of my way to avoid blindly accepting as fact the word of known liars or known thieves. This group of hackers falls into the latter group. So, yeah. Be done talking to me. I won't be able to convince you of basic entry level logic, because you're too busy with your fingers in your ears, chanting "Sony's Fault! Sony's fault!"

By the way, I fucking HATE CSI.


Addition:

Now that this is out of the way, how's about you answer my goddamn question? You kinda completely ignored it before.

 

[Jumplion]

No, I'm not implying that's the way you think. It's called a hyperbole, and it's meant to be funny - some figures of speech don't translate well to text, unfortunately.

I'm sorry if I took it a bit too seriously, I'm just a bit on edge with this whole ordeal now. It's just really friggin' annoying at this point.

Whatever the case, Sony has been humiliated once more. Sure, Japan's Sony-branded music store is run by completely different people than PSN. But both fall under a common brand. One would think the people pulling the strings aren't imbeciles and figured out they need to prioritize security everywhere, understand the concept of threat prevention, security and testing. Nada, zilch. Nobody's home, go away.

Bureaucracies are fun, aren't they?

Apparently Sony is stupid - since customer data is free why should they invest to protect it? But this will teach them responsibility - since apparently the only responsibility they ever accept is to their shareholders. This is a very carrot and stick situation, but if there's no other way then I can only express my full support of the people who are making this change happen.

Again, that's assuming that whatever we've heard by now is true. There's so much finger pointing, shit throwing, assumption making going on here that it's practically impossible to find the truth at this point.

Personally, I can't support a group of hackers that deliberately steal information and proceed to post said information online, telling people to "Go nuts!" on the info, and then insultingly claim that they are defending said people. A criminal with a cause is still a criminal, as someone had said.

 

[fenrizz]

These people are starting to annoy me...

Don't give them more attention.
It's what they are after.

DON'T FEED THE TROLLS!

 

[Blackpapa]

Again, that's assuming that whatever we've heard by now is true. There's so much finger pointing, shit throwing, assumption making going on here that it's practically impossible to find the truth at this point.

With Sony's record I'm more inclined to give lulzsec the benefit of doubt. Have you forgotten the time when Sony said "Hey, wouldn't it be cool if we'd secretly root people's boxes using innocent-looking audio CDs?"

Well, I haven't forgotten that one. In my eyes exploiting trust and screwing the people who put bread on your table is even worse than what lulzsec did, ever.

Personally, I can't support a group of hackers that deliberately steal information and proceed to post said information online, telling people to "Go nuts!" on the info, and then insultingly claim that they are defending said people. A criminal with a cause is still a criminal, as someone had said.

Sometimes the only way to fight a man with a gun is to bring a bigger gun. In an ideal world there would be no hack - Sony would never spray golden rain on to it's customers' mouthes, hackers would never get pissed at Sony, Sony would see the point of spending on security measures and everything would be okay.

It's complex, yes, but I'll always stand that corporations need to become responsible - for their clients, for their products, for their employees, for the environment, for the world - even if it kills them.

 

[Ukomba]

Criminals are criminals. I might have cut them more slack if, after hacking SCE, they contacted the company. Posting the stolen info publicly is a dick move.

 

[Jumplion]

With Sony's record I'm more inclined to give lulzsec the benefit of doubt. Have you forgotten the time when Sony said "Hey, wouldn't it be cool if we'd secretly root people's boxes using innocent-looking audio CDs?"

Well, I haven't forgotten that one. In my eyes exploiting trust and screwing the people who put bread on your table is even worse than what lulzsec did, ever.

I did not live at that time, so I really wouldn't know, unfortunately.

Sometimes the only way to fight a man with a gun is to bring a bigger gun. In an ideal world there would be no hack - Sony would never spray golden rain on to it's customers' mouthes, hackers would never get pissed at Sony, Sony would see the point of spending on security measures and everything would be okay.

You don't bring a bigger gun and then proceed to shoot the man's customer (he owns a restaurant, makes some fine Italian cuisine, though there's hair in the sauce occasionally.)

I would be more inclined to agree with you if these hackers hadn't deliberately stolen 1,000,000+ people's (allegedly) information and then proceeded to use this information to terrorize said customers. People have already lost multiple accounts to this, and these guys are basically going "Hey, guys, use this shit we got!"

It's complex, yes, but I'll always stand that corporations need to become responsible - for their clients, for their products, for their employees, for the environment, for the world - even if it kills them.

Sure, corporations should be responsible, but then you get into this whole "rape-logic" thing, and then people start yelling and blaming someone at every corner, Sony should have done this, hackers should have done that, Sony brought this unto themselves, the customers did not, what have you.

 

[Awexsome]

They're not out to help the customer. They're out to discredit and ultimately destroy Sony. Probably for the lulz.

Anyone thinking Sony ending up going under from this would be a good thing is mentally handicapped.

 

[Blackpapa]

Sure, corporations should be responsible, but then you get into this whole "rape-logic" thing, and then people start yelling and blaming someone at every corner, Sony should have done this, hackers should have done that, Sony brought this unto themselves, the customers did not, what have you.

Rape-logic is the next Godwin's law.

 

[Blackpapa]

I would be more inclined to agree with you if these hackers hadn't deliberately stolen 1,000,000+ people's (allegedly) information and then proceeded to use this information to terrorize said customers. People have already lost multiple accounts to this, and these guys are basically going "Hey, guys, use this shit we got!"

If they were more ethical about it they'd release full data on each first registered used each month and then truncated data for the rest, with some obscure hash instead of a plaintext password. To prove they have it but prevent it from being used maliciously.

Of course then the topic on Sony's lips would be "Since they aren't doing real damage, someone explain why we should give a shit". I know Google for example would appreciate and understand such a gesture. But not Sony.

 

[Krion_Vark]

I just don't get this. How can Sony keep letting this happen to themselves? They've been attacked constantly recently. They should have increased security across the board right now. Plus these guys were constantly bragging about how they were going to hack Sony prior to actually doing it. I understand that threats on the internet aren't usually taking seriously, but if your company has been ransacked by hackers recently you'd think that would be a cause for concern.

Que a bunch of people calling the hackers pricks even though they clearly don't give a shit and know they are being assholes.

Other thought is why do these people want to be dicks. They can find all the security flaws they want as long as they report them in a nice mannor. They have no right to be a dick by embaressing a company and causing problems for the users who did nothing wrong.

Because they enjoy being assholes and want as much attention as possible. "Hackers carefully point out flaw in Sony security" isn't much of a headline compared to "Hackers steal a ton of data from Sony and post it online".

did you see what they did to PBS? They really don't care what people say about them they really are just pretty much doing it for the lulz. I mean they posted a story about how Tupac was found alive in New Zealand and this picture:

with the head line I EAT CHILDREN.

Lulzsec is the biggest gray hat group in existence right now

 

[Zookz]

Siding with Sony here; not because I think they're security is fine (they really need to do something about it, fast), but because these hackers weren't doing this in any noble intent to help Sony as much as they may want to believe. If they were, they would of simply told Sony about how piss-poor their security measures are, rather than try to prove a point to them and everyone else about how piss-poor they are.

This all reminds me of that case with Rift where somebody found a major flaw in their login system. Unlike this guy; where he could of taken customers passwords and posted them online for people to use, mocking Trion's lack of security, he simply told the guys at Trion that their login has a flaw. That is a hacker having noble intent.

 

[Jumplion]

I would be more inclined to agree with you if these hackers hadn't deliberately stolen 1,000,000+ people's (allegedly) information and then proceeded to use this information to terrorize said customers. People have already lost multiple accounts to this, and these guys are basically going "Hey, guys, use this shit we got!"

If they were more ethical about it they'd release full data on each first registered used each month and then truncated data for the rest, with some obscure hash instead of a plaintext password. To prove they have it but prevent it from being used maliciously.

Of course then the topic on Sony's lips would be "Since they aren't doing real damage, someone explain why we should give a shit". I know Google for example would appreciate and understand such a gesture. But not Sony.

Or, alternatively, target the higher-ups rather than the innocent bystanders (hopefully without malice). That is real damage that can easily paint Sony in a bad light while avoiding any backwards ass-logic these guys are doing now.

 

[Blackpapa]

Or, alternatively, target the higher-ups rather than the innocent bystanders (hopefully without malice). That is real damage that can easily paint Sony in a bad light while avoiding any backwards ass-logic these guys are doing now.

Please expand on that, I'll be taking notes.

 

[bootz]

I love how eveyones mad at the hackers for release the private info.

Sony already published the info where the public can see.

No encryption really. Just online in plain text

 

[Davinator]

I really have to support LulzSec in this whole thing. Not because I totally agree with everything they do, but the only other party to root for is Sony. And after the business with GeoHot, OtherOS, and the blatant lack of security, I just can't support anything they do.

And their PSN Welcome Back package? I've been hearing people saying that it doesn't work, or works very poorly. That really could've been a great move that Sony apparently decided they didn't feel like working on.

However, if their E3 panel is especially good, I might regain some faith in them.