U.K. Information Commissioner Wants Answers From Sony

[JDKJ]

Good. I'm glad that powerful people and organizations aren't content with Sony's "We told people as soon as we know, honest!" story. I hope they find out if it's true or if Sony is lying their asses off to try and save face. I for one would really like to know before I ever purchase another Sony game platform again. If they're being honest, I'll consider it, but if they lied, Sony and I are done.

I wouldn't get all happy-sappy if I were you. The ICO can only impose a maximum penalty of £500,000 for data breaches (chump change in Sony's pocket) and rarely impose this maximum. In fact, they've never imposed a penalty greater than £100,000 (chump-chump change in Sony's pocket). I don't think Sony's much sweatin' the ICO.

http://www.silicon.com/technology/security/2011/04/21/most-data-breaches-escape-privacy-watchdog-fines-39747329/

 

[Jumplion]

Good Lord. I swear, if the world (or at least the U.S. and British) put this much effort into tracking down the people actually responsible for this, they'd already be caught, tried, quartered, and their heads left on pikes as a warning to the rest hackers that, piss off enough people, and you simply cannot hide. Sorry, too graphic?

Interesting thought. While I do want to know more information from Sony, there is the thought that more energy could be spent on tracking the bastards down. It's not like Sony wanted to shut the service down, and if it's electronic it's going to get hacked eventually. Depending on circumstances, of course.

Kind of weird that no one $eem$ to be blaming the one$ who actually $tole the data from $ony.

(I a$$ume thi$ i$ what we do with $'$ now.)

OT: $ooo, what? All they're going to be able to do i$ a$k them $ome question$ on it, like every gaming journali$t will do a$ $oon a$ they get the chance.

W?ll, som? p?opl? want to blam? th? big, fac?l?ss corporation. I blam? th? hack?rs just as much as I blam? Sony.

I can't typ? anymor?, my copy past? fing?rs ar? g?tting tir?d.

 

[JDKJ]

So ICO fined £100,000 for 2 misplaced documents.
This is 75million.
Goodbye, Sony.

And they've never fined anyone more than £100,000. And probably never will. And I don't think fines get calculated by the number of documents breached. It's by the number of breaches.

http://www.silicon.com/technology/security/2011/04/21/most-data-breaches-escape-privacy-watchdog-fines-39747329/

 

[Jumplion]

$ony has a right to protect the user information better than what it seems they had. Sure, the ones who took the information are wrong also, but it shouldn't of been this easy to take it in the first place.


its like a bank keeping all your money in a cardboard box out in the alley, if someone steals it, sure, they should be in trouble also along with the bank for not having sufficient protection for your money.

You know, it's hard to tak? anyon? s?riously wh?n th?y r?sort to r?placing a l?tt?r in a company's nam? for a mon?y sign. It com?s off as p?tty.

Just sayin'.

 

[Kimarous]

$ony has a right to protect the user information better than what it seems they had. Sure, the ones who took the information are wrong also, but it shouldn't of been this easy to take it in the first place.

its like a bank keeping all your money in a cardboard box out in the alley, if someone steals it, sure, they should be in trouble also along with the bank for not having sufficient protection for your money.

1) Learn proper terminology. "Right" is NEVER equal to "duty". By your very definition, they have "permission" to protect you well, not "necessity".
2) I highly doubt it was nearly as easy as that. Lose the hyperbole and blame the REAL villains.

 

[Misho-]

Sony. Charge people per month to use PSN and then use that money for secure protection. Retarded someone got all that information that could have major issues with cloned cards and stolen money. Atleast when you are paying for a service you should expect a certain amount of protection. When it is free then i am not surprised this stuff happens.

What makes you think that free or pay makes a difference? Servers getting hacked and credit card information stolen is a fairly common occurrence and one that doesn't seem at all dependent on whether the company involved is offering the service for free or not. Matter of fact, my intuition tells me that pay sites would be a more attractive target for a hacker. Those sites are more likely to contain juicy credit card information than free sites.

If it is free then you can hardly complain if it goes wrong. Thats just how i see it and everything online. You pay for what you get. If they charge you a subscription then they have even more responsibility to make sure your information is safe. Oh and by the way, i dont use live in case you were thinking that.

In my humble opinion, the fact that it is free doesn't make it blame-less or "you can't complain because it's free". It's a service they provide that involves- in most cases- online purchases, billing statements and other personal information. It would be like if someone hacked Facebook and steals a bunch of valuable information-identities and such (just an example) and people using the "it's free so you can't complain". It's just not a valid argument, if you (a company) are willing to put up a service online that handles personal information and it gets hacked you (the customer) can complain.

Also it doesn't make a difference that you pay or not really. I mean just recently they hacked the Xbox Live (for example, I know you don't use one) regarding the Call of Duty titles and some credit information.

In my personal opinion, the culprits are the people to blame here. Not Sony or the customers...

When Sony used resources to fight the legal battle against GeoHotz is not like every single employee was part of that lawsuit... I mean techs and the likes were still figuring out how to improve the breached security. And now, someone (quite possibly aided by the hacks on the PS3 recently) just took the oportunity of a hole to steal information and quite possibly credit card information.
It's possible that they have nothing to do with Anon, mind, but it was probably the work of a hacker or hackers that have tangled with the Sony systems before.

Sony apparently did what they could at the moment -pull the plug- and try to into the issue to find out what happened. They are not guilty here, but they are not the victim either. We (PSN users with sensitive info) are. We have every right to complain.

 

[Alade]

Hehe, this might actually be sony's downfall, first the tsunami and now this ordeal, sony stock must be going down like an avalanche.

 

[GrizzlerBorno]

That's Right Ico! Beat up bad, bad Papa Sony!!.....with your STICK!!

Too obvious?

 

[Zenode]

I don't blame $ony (well a little bit) but when you have one of the most highly u$ed online $ervice$ in the world. Making it 100% hack proof i$ an impo$$ibility.

It'$ a $ad po$$ibility that when you hand your CC info to a company like this it might happen. could happen with eBay, XBL or any other service where CC details are required Sony are just unfortunate for this to happen to them, why people are $aying that $ony didnt have it $ecure....you really think they would leave it un$ecure KNOWING that if $omething like this happen$ they are pretty welled $crewed?

(Just joining in on replacing s with $ as it seems to be the cool thing to do)

 

[Woodsey]

Sony. Charge people per month to use PSN and then use that money for secure protection. Retarded someone got all that information that could have major issues with cloned cards and stolen money. Atleast when you are paying for a service you should expect a certain amount of protection. When it is free then i am not surprised this stuff happens.

The same thing has happened to the 360, just not to every user.

Oh boy, things just keep looking brighter for $ony by the minute.

Kind of weird that no one $eem$ to be blaming the one$ who actually $tole the data from $ony.

(I a$$ume thi$ i$ what we do with $'$ now.)

OT: $ooo, what? All they're going to be able to do i$ a$k them $ome question$ on it, like every gaming journali$t will do a$ $oon a$ they get the chance.

$ony has a right to protect the user information better than what it seems they had. Sure, the ones who took the information are wrong also, but it shouldn't of been this easy to take it in the first place.


its like a bank keeping all your money in a cardboard box out in the alley, if someone steals it, sure, they should be in trouble also along with the bank for not having sufficient protection for your money.

True, but do you know what measures Sony had in place? I don't, but everyone else seems to know exactly how it works.

And I get the feeling that to most people, how sufficiently something is protected is forgotten as soon as its stolen.

 

[beema]

Hopefully this goes somewhere. I really wish we had a government body that gave a shit about this here in the US (do we?). Even if we did, Republicans would probably cut funding for it and call it socialist or something.

Come on Al Franken! Write Sony a letter! Challenge Kevin Butler to wrestle you in a garage [http://www.spinsanity.org/debates/20040315-franken.html]!

 

[Treblaine]

This network breach is not without precedent, Sony seems to be in a similar situation that inGen found themselves in in 1993 with that fiasco over their "Jurassic park" theme park.


"The response by inGen to this situation is at best disappointing and at worse dangerous as it has left 5 customers two of them children at risk of being eaten by dinosaurs," Paleontologist's Vice chairman Paul Gibson told Time Magazine. "While the Electric fences being down for the better part of the week is unfortunate, it is the continuous lack of information being provided to visitors on the potential loss of their internal organs which is most worrying."

Gibson said he wants the ICO to "force some answers" out of inGen and the ICO is apparently happy to do just that.

"The Information Commissioner's Office takes network breaches extremely seriously," the agency said. "Any business or organization that is holding deadly resurrected dinosaurs inside electric fences must ensure they comply with the law, including the need to keep those secure."

"We have recently been informed of an incident which appears to involve InGen," it continued. "We are contacting inGen and will be making further inquiries to establish the precise nature of the incident before deciding what action, if any, needs to be taken by this office."

Arnold Jackson who had his arm eaten by a velociraptor only had this to say: "God Dammit, I hate this hacker crap"

 

[RatRace123]

So we've decided that this is mostly Sony's fault then? Not the actual hackers who broke into the system and took all the information? Nah, they're totally harmless, it's mainly Sony's fault.
I mean sure, the hackers did a little bit BUT SONY, BY GOD YOU'RE TERRIBLE!!!

Yes, Sony did more than a few things wrong, but the real blame falls to the asshole(s) who hacked in. Bitching at Sony isn't going to help find who did it.

 

[spartandude]

So we've decided that this is mostly Sony's fault then? Not the actual hackers who broke into the system and took all the information? Nah, they're totally harmless, it's mainly Sony's fault.
I mean sure, the hackers did a little bit BUT SONY, BY GOD YOU'RE TERRIBLE!!!

Yes, Sony did more than a few things wrong, but the real blame falls to the asshole(s) who hacked in. Bitching at Sony isn't going to help find who did it.

Hackers are to blame but so is sony for not keeping the information secure, you dont see steam or xbox live losing all their client info and im sure there have been attempts at those

 

[Treblaine]

I don't blame $ony (well a little bit) but when you have one of the most highly u$ed online $ervice$ in the world. Making it 100% hack proof i$ an impo$$ibility.

It'$ a $ad po$$ibility that when you hand your CC info to a company like this it might happen. could happen with eBay, XBL or any other service where CC details are required Sony are just unfortunate for this to happen to them, why people are $aying that $ony didnt have it $ecure....you really think they would leave it un$ecure KNOWING that if $omething like this happen$ they are pretty welled $crewed?

(Just joining in on replacing s with $ as it seems to be the cool thing to do)

The $$$$ stuff is funny but Sony would much prefer that to what they are really at fault for, see there is no shame in being greedy, investors LOVE that!

The problem with Sony is it seems they were idiots.

the word on the grapevine seems to be that the entire security of PSN - unlike almost every other public network - was based around the idea that every single PS3 console would be 100% secure.

They thought at no point would anyone crack the PS3's operating system as when that happened the network would basically let the PS3 have whatever it asked for with only minimal/token security after that.

Yes, that is as dumb as it sounds. It is effectively network security via the "honours system", each end device is given a lot of privileges based on the assumption they will all play by the rules, but one one goes rogue (a cracked PS3) it has the keys to the kingdom.

other networks actually have robust security. Xbox live knows there are a lot of modded xboxes out there and are constantly searching for them and limiting access based on that assumption.

 

[Sparrow]

Seems reasonable. They just want answers, doesn't seem like they're trying to grip Sony by the throat.

Oh boy, things just keep looking brighter for $ony by the minute.

Kind of weird that no one $eem$ to be blaming the one$ who actually $tole the data from $ony.

Eh, give the guy a break. I'd be pissed if I were a PSN user, so I'm hoping that these folks are just angry about it. You know, opposed to serious. Serious would be bad.

 

[JDKJ]

Hehe, this might actually be sony's downfall, first the tsunami and now this ordeal, sony stock must be going down like an avalanche.

No, it's holding steady at about $28 a share. Down 2.8% on today's trading.

 

[Treblaine]

So we've decided that this is mostly Sony's fault then? Not the actual hackers who broke into the system and took all the information? Nah, they're totally harmless, it's mainly Sony's fault.
I mean sure, the hackers did a little bit BUT SONY, BY GOD YOU'RE TERRIBLE!!!

Yes, Sony did more than a few things wrong, but the real blame falls to the asshole(s) who hacked in. Bitching at Sony isn't going to help find who did it.

Put it this way, the titanic analogy.

If you were on a ship and it started taking on water but there were no meaningful internal bulkheads, and worse than that there was no way of telling where the water was leaking in from due to the way the ship was designed.

That's basically what Sony has done here. Their main line of defence of their network has been the PS3's INTERNAL security (analogous to single thin hull), which although top of the line in 2006 it was inevitably going to get cracked as people had time alone with it away from network managers to ward off attacks.

The best security of networks, structures, whatever is LAYERED and ACTIVE.

That means every attempt to probe for weaknesses are detected and patched as quickly and counter-attacked.

Sony resorting to pulling the plug is THE MOST drastic option. It's like a captain beaching his vessel because it has so many leaks that they have no hope of stopping them all.

Extending this analogy this beached ship is so full of holes a week later they are still trying to patch them to make it sea worthy. They fucked up on the hull design that means a couple little troll fish can knock great big holes in the hull, yet had so much faith in it they didn't have enough lifeboats.

But to remain offline after almost a week shows its even worse than that, this offline status is supposed to be to go around safely patching the breach but that should take a day at most with a single breach. Taking this long indicates their security has been FUNDAMENTALLY compromised.

Sony aren't "eeeevil" but they are this guy: