Stolen Pixels #256: The E-Pology

[Misho-]

Snip.

The hackers did what they set out to do. Can't really make fun of them. They succeeded in a big way. I mean we hate them obviously, but it's hard to make fun of them for making such a massive company look like a bunch of dickheads. Sony were the ones caught with their pants down. They're the ones we make jokes about. The hackers are the ones we hit with spanners until the twitching stops.

I guess I see your point. Is easier making fun of the geek for getting a wedgie from a jock than the jock himself... I mean the jock just did what they do to nerds...

Anyway... Hackers did what most set out to do and people still support them. Steal the crap out of you and live the good life through your credit cards or your stolen personal information.

 

[leviadragon99]

But really... when are we going to move on to actually blaming the hackers?

 

[Delusibeta]

But really... when are we going to move on to actually blaming the hackers?

Never. After all, this is pretty much the worst case scenario for an online gaming network, Sony has a lot of responsibility on their hands.

 

[brinvixen]

I know this is funny... But I'm not really laughing. Just because I actually believe (call me dumb) that Sony isn't really at fault here... I mean, replace Sony (or $ony if you like) with Microsoft (again Micro$oft) in the story and every joke would be like: "Derp derp we just be laying these papers here on the backalley... We is smart!~~ Like with Bill Gates... Check the VG Cats web comic for inspiration" I mean... Lets get outside the realm of games... Just replace the company name (Sony) with something like Bank of America... Everyone would be like: "They took a week to realize what had happened?! You just lost my trust Bank of America!!!" (throw in a $ in the name... I couldn't find where to put it).

I mean seriously? And besides... Why nobody is making jokes about the hackers being dickwads???

This. While I too found the strip to be funny, I'm tired of people poking Sony with a stick. They've been trying their best to fix things, and should be applauded for finally getting their PR team together, as opposed to having more jokes thrown their way. Something even more hilarious than a Sony joke is the joke that can be made about these hackers. My friend and I were talking about this, and we thought about how hilarious it would be if the "hackers" turned out to be some fourteen-year-old boys not even knowing what they were doing.

Boy 1: ZOMG. The FBI is looking for the hackers. They mean us! What do we do?
Boy 2: We? This is all your fault! I didn't even want to look at any animal porn!

...Or something along those lines.

 

[Phishfood]

Flowers make everything better, right?

flowers are apropriate, considering how much their user base wilted because of the PSN outage.

You could say their customers wanted to make like a flower and leaf.

This has blossomed into quite the situation.

As far as Sony is concerened things aren't coming up smelling like roses.

OT:
Well, I still think Sony could have done more in advance but really, nothing is hack proof. Ever. As soon as you expose something to the internet there will be a way in. Especially when you put squishy humans in charge at the other end.

 

[bojac6]

I know this is funny... But I'm not really laughing. Just because I actually believe (call me dumb) that Sony isn't really at fault here... I mean, replace Sony (or $ony if you like) with Microsoft (again Micro$oft) in the story and every joke would be like: "Derp derp we just be laying these papers here on the backalley... We is smart!~~ Like with Bill Gates... Check the VG Cats web comic for inspiration" I mean... Lets get outside the realm of games... Just replace the company name (Sony) with something like Bank of America... Everyone would be like: "They took a week to realize what had happened?! You just lost my trust Bank of America!!!" (throw in a $ in the name... I couldn't find where to put it).

I don't understand what you're trying to argue here. If we replace Sony with any other company, everyone would react exactly the same? Yes, I think they would. I think we'd make fun of any company that react to a security breach the way Sony did. And, frankly, if Bank of America took a week to notify customers that credit card information had been stolen, they'd be in front of a Grand Jury by the end of the month, forget a silly class action suit.

 

[spwatkins]

But really... when are we going to move on to actually blaming the hackers?

Never. After all, this is pretty much the worst case scenario for an online gaming network, Sony has a lot of responsibility on their hands.

I don't know that we can even guess how responsible or irresponsible Sony might have been with user data. When the Blu-ray format came out with its new DRM scheme, a number of people were (justifiably) confident that someone would hack it. It is extremely difficult to keep data completely secure from hackers so we can't be sure Sony was lax in their site security. (Unless I missed the story where the data was in .csv files on an FTP site with no password for the default login).

 

[Misho-]

Snip

I don't understand what you're trying to argue here. If we replace Sony with any other company, everyone would react exactly the same? Yes, I think they would. I think we'd make fun of any company that react to a security breach the way Sony did. And, frankly, if Bank of America took a week to notify customers that credit card information had been stolen, they'd be in front of a Grand Jury by the end of the month, forget a silly class action suit.

Lol about that last bit. Yeah basically that was my point but I guess we should really look into the story with what we have instead of speculating... From what I read, it took around 6-7 days for Sony to understand first of all: "What had happened" second after learning that they had a breach: "What went wrong" and then learning that it was a information robbery: "What was stolen".

Maybe 6-7 days is too long but to be honest I'm not a security expert. I don't really know how long it would take me to know what exactly happened, if I ever find out what transpired.

A multimillion company has a lot more advantages but it doesn't make them the best... Maybe they had multiple layers of information to go through to see what was really compromised... Unless we have the... say... transcript hour per hour, day by day of their process learning exactly how long it took for them to know what had happened I'm willing to give them the benefit of the doubt.

Also before I forget. You have to confirm what truly happened... If you go 1 hour after shutting down the PSN and say (without any proof, clues or facts): "Hey, all your info is compromised. Cancel your CCs just to be safe" And then it turns out nothing really happened a lot of people would be pissed off. With good reason... But anyway that's my view.

 

[beema]

hehehe
very good
very good

 

[Spectere]

Ironically, the game Sony gives away will most likely be Flower.

That would be a good way to calm people down, actually...

 

[erztez]

But really... when are we going to move on to actually blaming the hackers?

Never. After all, this is pretty much the worst case scenario for an online gaming network, Sony has a lot of responsibility on their hands.

I don't know that we can even guess how responsible or irresponsible Sony might have been with user data. When the Blu-ray format came out with its new DRM scheme, a number of people were (justifiably) confident that someone would hack it. It is extremely difficult to keep data completely secure from hackers so we can't be sure Sony was lax in their site security. (Unless I missed the story where the data was in .csv files on an FTP site with no password for the default login).

Oh yes we can. Sony was storing plaintext passwords.
That's the very definition of epic security failure.

 

[Kavachi]

I know this is funny... But I'm not really laughing. Just because I actually believe (call me dumb) that Sony isn't really at fault here... I mean, replace Sony (or $ony if you like) with Microsoft (again Micro$oft) in the story and every joke would be like: "Derp derp we just be laying these papers here on the backalley... We is smart!~~ Like with Bill Gates... Check the VG Cats web comic for inspiration" I mean... Lets get outside the realm of games... Just replace the company name (Sony) with something like Bank of America... Everyone would be like: "They took a week to realize what had happened?! You just lost my trust Bank of America!!!" (throw in a $ in the name... I couldn't find where to put it).

I mean seriously? And besides... Why nobody is making jokes about the hackers being dickwads???
I guess it goes something like this: Anonimity + Normal person + Audience = Dickwad... Right?
So... Anonimity + Hacker + All your info = Some kind of ultra Dickwad... But wait! If you add "Sticking it to the man" into the Equation he becomes a Freedom Fighter ermmm fighting for liberty!

Oh sure and some people are like: "nobody thinks that, they be just as bad" or "without hackers we wouldn't have secure networks because they are the ones constantly breaking and breaching the security systems in place so that we can come up with stronger ones..."

I mean besides of the point that without hackers, we wouldn't need security upgrades constantly so that doesn't make it ok... I think that people should be focusing on the hackers more and making fun of Sony less... They are doing what they can at the moment and have a lot to lose right now. It's like kicking someone on the face while he's prone on the floor bleeding out from the bullet wound he just received from a mugger. And then going home and making fun on the Internet of how he was whimpering while I kicked him in the face. Oh, and he was trying to scrible an apology letter to give you at the same time...

Anyway... Make more fun of hacker$. I mean if possible.

ITT: People completely missing the point.
The reason why people are mad at Sony is NOT because they got hacked, but because Sony has taken a vow to protect your personal info that you gave them so you could buy their goods. However now that that information is with the hackers, Sony has broken that vow. This is why people are mad at Sony. Hackers are still bad and all, but Sony is also a bad guy here.

 

[Cliff_m85]

But really... when are we going to move on to actually blaming the hackers?

I think of it this way. When you're at a strip club, there are drunken pervs ready to jump on stage and grab the women.

Sure we can blame the drunks, but what would you think of such a place that decided to hire only one bodyguard? Who is 15 years old? And anorexic? And crippled from the waist down? And blind?

 

[ace_of_something]

Serious question -

Has anybody actually traded in their ps3's over this?

I doubt this whole episode is going to effect Sony's bottom line in the long run...

Even if someone DID trade in their ps3, it's already been paid for. They already have the money. The real problem comes from those who were considering buying one but won't now. Not sure if what you buy on the playstation store is that big a deal.

 

[Misho-]

Snip

ITT: People completely missing the point.
The reason why people are mad at Sony is NOT because they got hacked, but because Sony has taken a vow to protect your personal info that you gave them so you could buy their goods. However now that that information is with the hackers, Sony has broken that vow. This is why people are mad at Sony. Hackers are still bad and all, but Sony is also a bad guy here.

Serious question: ITT? Internet Troll... Trolling? or what is it? Can you please explain?

Also I guess I can understand your logic, they are the bad guys because they were robbed of the information they had to protect.

So a bank teller is the bad guy when robbed point-blank because he failed to protect the money that was under his/her care?

Ok I guess I can understand it. But not really. Look, I don't mean to sound rude and all but it's my point of view on the matter.
For me #1: GeoHotz was wrong... He had all the right to hack his PS3 but not post the system root key online because that's Sony's intellectual property.
#2: We (PSN users) are the victims of the PSN hack, not Sony. But they are not responsible. The hackers who perpetrated the robbery are.
#3: Sony has been doing a lot from my point of view as an outsider. We know next to nothing about the exact details about the hack that took place. And yet everyone is talking like they're experts.

Still this is the Internet, everyone blurts out their opinions as facts (Such as I'm doing now).

 

[bojac6]

Snip

I don't understand what you're trying to argue here. If we replace Sony with any other company, everyone would react exactly the same? Yes, I think they would. I think we'd make fun of any company that react to a security breach the way Sony did. And, frankly, if Bank of America took a week to notify customers that credit card information had been stolen, they'd be in front of a Grand Jury by the end of the month, forget a silly class action suit.

Lol about that last bit. Yeah basically that was my point but I guess we should really look into the story with what we have instead of speculating... From what I read, it took around 6-7 days for Sony to understand first of all: "What had happened" second after learning that they had a breach: "What went wrong" and then learning that it was a information robbery: "What was stolen".

Maybe 6-7 days is too long but to be honest I'm not a security expert. I don't really know how long it would take me to know what exactly happened, if I ever find out what transpired.

A multimillion company has a lot more advantages but it doesn't make them the best... Maybe they had multiple layers of information to go through to see what was really compromised... Unless we have the... say... transcript hour per hour, day by day of their process learning exactly how long it took for them to know what had happened I'm willing to give them the benefit of the doubt.

Also before I forget. You have to confirm what truly happened... If you go 1 hour after shutting down the PSN and say (without any proof, clues or facts): "Hey, all your info is compromised. Cancel your CCs just to be safe" And then it turns out nothing really happened a lot of people would be pissed off. With good reason... But anyway that's my view.

While I agree with the gist, I think in execution, Sony did it poorly. Let's assume that Sony has the best security in the world, and let us assume that the fastest anyone can verify an intrusion of this magnitude is a week. Basically, we remove any technical fault of Sony's. So, they discover the breach in the fastest possible time, investigate the breach in the fastest and most thorough manner, and know exactly what was taken in the shortest amount of time. Once they collect all of this data, they announce it to their customers.

The question then becomes, is this method of security good enough? Technically, it's perfect, but is that enough? I would say no. And here's why. A lot can happen in a week. By the end of a week, your credit card could be maxed out. It could be used in a way that gets you into trouble (buying explosives, for instance). If I wanted to kill someone, having a stolen credit card would be a great way to get the weapon. And most people do not check their statement daily, or even weekly.

So Sony customers went a week without any official announcement that there was a possibility of credit card theft. Would an announcement "We have suffered a security breach and are investigating it. Please be aware of the following concerns until we fully investigate the issue and determine what was stolen" at the beginning have been that bad for Sony? It would have alerted the public of a possibility, maybe started some outcry, and then people would pay attention to their credit reports. Then, after the investigation is complete, the final verdict on keep or cancel your card can be made.

The only reason not to make this announcement is PR. Sony hopes to discover that there was no serious theft, so after a week they can say "We suffered a breach, but our security held" and everyone thinks "good for them." But instead its, "We didn't tell you a week ago, but your credit card has been compromised" and it's a disaster.

The better method would be mine. You make the early announcement, people get wary and there is some shaken confidence. Then, a week later, either A. you find out it is the worst case scenario and everyone goes "Yeah, I sorta figured this was coming. At least I was able to prepare for it" or B. you find out that nothing too bad happened and everyone thinks "Oh, that's awesome, good security there."

The point is, Sony once again showed that they don't trust their consumers. Sony left them in the dark about important issues in order to protect Sony's image, and it backfired. Sure, crackers are at fault for the incident. But Sony's mishandling of the situation and serious risk they put their customers in is their own fault. Even assuming that they had a perfect security system, which I rather doubt.

 

[Misho-]

Snip

Snip

Snip

Snip

Sorry for cutting out all the other info, but yeah. Even tho we don't agree exactly in all the details I agree with you about what should have happened. Still I don't know personally if it took Sony 6-7 days to find out everything that happened or if they witheld the info. So I don't want to make assumptions and pass them off as facts. (As many do)

You sir (or ma'am) are correct in many points. Still Sony was screwed since it was hacked. It's a no win situation.