Sony Website Hacked By the "Lulz Boat"

[Raesvelg]

I understand there's a difference between server access and server decryption. I'm inclined to believe them for three reasons.

Well, that was almost civil.

Anyway.

It wasn't a "we have encrypted material that we need to decode, and thus require more time/money", it was a "we got into the database, but could only get a fraction of it because we are underfunded and it would take several more weeks."

They were quite explicit in their explanation of the situation.

That explanation, however, doesn't entirely jive with the claim that the hack was ridiculously easy. We also know that they're pursuing a personal agenda against Sony, and not simply wreaking havoc for the sake of wreaking havoc. They hacked Nintendo recently as well, and did... nothing in particular. Just left a little proof so that Nintendo would know that they'd done it.

At this juncture, if you wanted to discredit Sony (and LulzSec obviously does), the clear path would be to claim that whatever damage you managed to do, or access you managed to gain, was accomplished with considerable ease. It's difficult to prove you wrong, after all; even if you post the method you supposedly used, if someone tries and it doesn't work, you simply say that Sony closed the vulnerability and it's impossible to dispute your word on the matter, unless Sony themselves comes out and says precisely how the hack was accomplished.

And that is, shall we say, rather unlikely?

Your stance regarding the hackers having unreleased data and lying about why they need time/money inherently undermines your related stance about the hackers being more trustworthy than Sony, you realize. If they're lying, they're not trustworthy.

 

[Raesvelg]

I'm not suggesting that these hackers are trustworthy. I just think they're likely more trustworthy than Sony.

I expect that neither of them is particularly trustworthy, to be honest. Sony's agenda is to not look bad in public, LulzSec's agenda is to make Sony look bad in public. Both of them would probably lie to accomplish their respective goals if they think they can get away with it.

 

[Hogbinladen]

Now that the information is out no security measure can keep it safe. Way to make a point, LulzSec.

 

[the_green_dragon]

These hackers belong in prison for massive breaches of privacy of the innocent public.
Sony suck for not doing more to prevent it, and really need to address the problem. But it still doesn't make the crime acceptable and the hackers are still the ones who are solely responsible for their actions (ie. theft of personal information and making it readily available to every other criminal with a computer).

yes Hackers are bad people but at the end of the day, they are out there and will steal stuff on the web left lying around.

I think most of the blame here lies with Sony for not doing more, leaving that kind of info so easily accessable is a joke.

 

[aarontg]

Since the first attack on sony this seems like some kind of green light for everybody to start attacking big company web sites. It happened to nintendo recently but they got the lucky break.

 

[TitanAtlas]

Goddamit Sony... you dun goofed up...

Spoiler: Imagine the girl is Sony

Just imagine that the girl is Sony... just do it for me while youre watching the video xD

I think That than sums up our responses to this thread

Or it could in general be the equivalent of this thread

Ah well

Acctually.... both our videos are an exact explenation of what happened.... metaphorical this is...

Sony: Noooo... i must get the hackers...
Anonymous: No Playstation... you are already hacked...

And so Playstation was a hack itself...

 

[erztez]

To all the people implying that stuff like this is only making more of the public get behind(or rather, in front of) Sony...

http://www.marketwatch.com/investing/stock/sne

That is all.

 

[Firehound]

To all the people implying that stuff like this is only making more of the public get behind(or rather, in front of) Sony...

http://www.marketwatch.com/investing/stock/sne

That is all.

Thank you.


Having it proven repeatedly that your security measures are a couple dobermen and a unconnected switch labelled 'INTERNETZ KILL SWITCH' definately does not make people want to trust money in you.

 

[Char-Nobyl]

Sony apparently didn't have the wherewithal to encrypt the personal information collected on SonyPictures.com. "What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it."

I'm not sure that kind of rape-logic holds up, but LulzSec does have a point. Sony is a big company, with lots of interchangable parts, but you think database security would be at the top of every divisions to-do list right about now.

Ehm...actually, I think this is one of those few instances when the "they were asking for it" logic actually does apply. Cybercrime is quite possibly one of the easiest forms of crime to carry out without remorse. If there is a considerable deal of valuable information with such shoddy security that it might as well be there for the taking, and all it takes is a few keystrokes to take it, Sony is asking for it.

Hell, if anything, they should be happy that it was LulzSec that did it. Going back to the rape analogy that OP used, would you prefer to be accosted by an actual rapist, or a guy who threatens to rape you, then says "I hope you learned something from this" and leaves?

 

[SelectivelyEvil13]

To all the people implying that stuff like this is only making more of the public get behind(or rather, in front of) Sony...

http://www.marketwatch.com/investing/stock/sne

That is all.

Thank you.


Having it proven repeatedly that your security measures are a couple dobermen and a unconnected switch labelled 'INTERNETZ KILL SWITCH' definately does not make people want to trust money in you.

Wait, people actually thought that Sony was going to become more trusted after this?

Seriously though, I think the most people will do is get behind Sony "in spirit." In other words, nobody likes what the hackers are doing because nobody likes hackers. Hell, look at the infighting with Anonymous; even hackers hate other hackers. But will anyone actually support Sony in money? Well, ha ha, that's just adorable! [sub]But seriously, it's quite unlikely given the circumstances...[/sub]

Sony is going to be getting plenty of damage from this in the long term, and it only gets worse as consumers grow more and more cautious to the point of abandoning the brand altogether. What stealing and frustrating the customers of Sony will actually prove to those affected other than (1) bye Sony and (2) #$*% hackers, is beyond me.

 

[Jezzascmezza]

I wish these hackers would just stop.
It's all becoming rather irritating.

 

[MGlBlaze]

The 'they were asking for it' logic doesn't hold up at all and I'm tempted to start going 'Fuck You And Die' on them, but if they are sincere about not being interested in the customer's actual data, then maybe this will work out beneficially in the end.

That is, I repeat, if they are sincere about that claim. This is the Internet, so I'm not even remotely convinced they are.

 

[Aesthetical Quietus]

Ckeymel? Pfft! I posted this hours ago. [http://www.escapistmagazine.com/forums/read/18.288638-LulzSec-steals-SonyPictures-everything-Updated?page=1]

Anyway, I have absolutely zero idea of both how to hack systems, and also how to encrypt information, so I can't really side with one group or the other on this...but I default to siding with Sony, if only because in an ideal world, we should be able to leave our doors unlocked without fear of being raped and murdered in the middle of the night. Then have the corpse kicked. Over and over and over.

Anywho, I kind of doubt LulzSec's claim that they were only doing it to show vulnerability since they posted the information publically. Sure it was needed as proof, but they compromised personal information and accounts in doing so. Wouldn't it have been better to just email Sony's CEO with the information? Not to mention LulzSec's claim of Sownage being 'The beginning of the end for Sony'

Plain-text encryption for passwords and the like is just wrong. Secure encryption can take some work and I can forgive them for having a mild encryption broken but not having any encryption, especially with what has happened to them lately is plain wrong. It would take maybe an hours work to add basic encryption, which when you are that big and that big of a target is absolutely necessary.
What LulzSec did was wrong beyond doubt but this is more like agreeing to look after a million dollars of friend's money, then leaving it in plain sight with the doors open.

Sure, it would have been better to contact Sony's CEO but in doing as such you miss out on drawing peoples attention the fact that Sony aren't learning. If you just had a major attack such as they have with the PSN you make sure that everything is secure. That definitely means no plain-text information at the least.

 

[xxlefordxx]

over-rall regardless of the encryptions etc.... hacking them still wouldnt be hard...

 

[xxlefordxx]

Strong point.

 

[SnowBurst]

that is VERY funny because everyone who says "lul" is being trolled because it means dick in dutch lmao