Sony Running Unpatched Servers With No Firewall

This makes me happy. This makes me happy cause even though I fucked up something at my job today. It didn't cost 30 million people a lot of headache.
Poor poor Sony, remember when you were the king of all electronics? Remember when the Sony XBR's were godlike? Hrrrmm? Remember that arrogance and swager you had about your product?

Chickens just showed up, and its roosting time ;)
 
Only 30 million? Last I looked the total across both PSN and SOE was over 100million. As far as credit card information, unshockingly they're being mum on the total number.
 
DOOMHAMMA said:
Seems like I really dodged a bullet here when I bought an external bluray for my PC's instead of a PS3 to watch movies with (I really, really considered it). Wow. Definitely not buying any Sony's products (and gladly, really haven't to begin with). To me, incidences like this, where the ineptness is so flagrant, I can only think of the total disregard Sony has for their customers.
Click to expand...

I said this in another post and will say it again, you do not need a PSN account to play BD or games on a PS3. PSN is an added service and not mandatory.
 
I'm kind of confused now. In order to maintain compliance to PCI DSS, doesn't your software have to remain up to date? Either there's some shoddy auditing, legitimate shenanigans, or we're all talking out of our ass before we know the real deal.

Will I buy Sony products? Absolutely. NGP baby, yeah.
PSN Usage? ehhh...
 
After all this it wouldn't surprise me that somewhere on one of their hacked servers they had a file with the name "Credit Card Encryption Key."
 
naninani said:
I'm kind of confused now. In order to maintain compliance to PCI DSS, doesn't your software have to remain up to date? Either there's some shoddy auditing, legitimate shenanigans, or we're all talking out of our ass before we know the real deal.

Will I buy Sony products? Absolutely. NGP baby, yeah.
PSN Usage? ehhh...
Click to expand...

Glad i'm not the only one saying it now... as for shoddy auditing, the PCI DSS auditing is done entirely by third parties, and costs a fair chuck per year. While there is a slight chance of shenanigans, it would put a company out of business to be caught, and I think if that was the case, sony would be screaming loud "They got in through an exploit, that Such and Such was suppose to be testing." instead of trying to blame anonymous.
 
Uhm... They didn't blame anonymous for hack, they blamed anonymous for "distracting them".
The attack that stole the personal data of millions of Sony customers was launched separately, while the company was distracted protecting itself against the denial-of-service campaign, Sony said.
Click to expand...
 
The level of ineptitude on display here is frightening, to be 100% honest. How can any serious, reasonable company avoid securing this much data? How many people had to have had their heads up their collective asses so as to run servers on old software without firewalls?

Seriously...I've seen companies that are microscopic go to greater lengths to protect the information of their customers then Sony has done here. This is one of those truly epic fail moments...Sony used to be a brand that you knew was cutting-edge and reliable. That earned a reputation as a damn good company...now they are flushing all that right down the crapper.
 
Krazypoloc said:
Sony is the stranger my parents warned me about as a child.




This is why I don't own any consoles....
Click to expand...

right, because this is the first time anything has been hacked on the internet :rolleyes:


It sucks, but seriously is it that big a deal? if your card gets used without your permission, you get the money back anyway. if you are that worried, request a new card and problem solved.

as for my other details? it sucks but most people put half that information up on facebook for everyone to see anyway..
 
FoBZY said:
right, because this is the first time anything has been hacked on the internet :rolleyes:


It sucks, but seriously is it that big a deal? if your card gets used without your permission, you get the money back anyway. if you are that worried, request a new card and problem solved.

as for my other details? it sucks but most people put half that information up on facebook for everyone to see anyway..
Click to expand...

Why the hell do people use such stupid strawman arguments like that? Why do you people see the need to defend this bullshit!? Yes it happens, but it sure as hell isn't an excuse. It should NEVER happen period. Companies have been told for YEARS how important network security is. Yet they continue to ignore it and this is what happens. It shouldn't be brushed aside so easily. People like you are why companies get away with it. Who cares if people put information on Facebook? They put it their by choice, its not information stolen from them on what was supposed to be a secure server. I sure as FUCK do not put that information anywhere on the web and guess what now it could be in the hands of people I'd rather not have it. There is no excuse for poor security and there is no excuse for people stupidly defending it. You think this shit will get any better if you brush it off and ignore? Pull your head out of your ass.
 
FoBZY said:
right, because this is the first time anything has been hacked on the internet :rolleyes:


It sucks, but seriously is it that big a deal? if your card gets used without your permission, you get the money back anyway. if you are that worried, request a new card and problem solved.

as for my other details? it sucks but most people put half that information up on facebook for everyone to see anyway..
Click to expand...

:rolleyes:

It's not just stolen CC#s, it's all the stolen passwords, emails, and personal info that will make it extremely easy to steal thousands if not millions of identities. It costs thousands to repair a stolen identity.
 
i can't really believe that sony would be running their servers like that. im guessing someone thought "its apache" on "linux" lol, but really?, a couple of people should be losing their jobs at sony
 
Their retarded lack of security has just lost all my future business.
 
Derangel said:
Why the hell do people use such stupid strawman arguments like that? Why do you people see the need to defend this bullshit!? Yes it happens, but it sure as hell isn't an excuse. It should NEVER happen period. Companies have been told for YEARS how important network security is. Yet they continue to ignore it and this is what happens. It shouldn't be brushed aside so easily. People like you are why companies get away with it. Who cares if people put information on Facebook? They put it their by choice, its not information stolen from them on what was supposed to be a secure server. I sure as FUCK do not put that information anywhere on the web and guess what now it could be in the hands of people I'd rather not have it. There is no excuse for poor security and there is no excuse for people stupidly defending it. You think this shit will get any better if you brush it off and ignore? Pull your head out of your ass.
Click to expand...

and why the hell do you need to attack them so much? The only way for it to never happen period, would be to get the entire planet to decide hey, hacking sucks, lets not do it anymore. No one is just brushing it aside, we know it's a serious problem, but guess what, it's not going away, and if it's not sony, it'll be someone else. You don't want your information stolen, stay offline.
 
LordCalin said:
What security experts?
why are they remaining unnamed?
If they really discovered this months ago, why do nothing except "post it to a forum"?

And my final curiosity question ... since when does any large company run just one server for web & db, so one machine hosting the forum they checked was outdated, does that really mean anything? was that machine just strictly for the forum and they didn't care? to me it's "retarded" to jump to conclusions because of one man's say so.
Click to expand...


it doesnt really matter if they remain unnamed or not so long as the position can be substantiated. the who part is really just scenery in this issues. its the what that matters.
you are correct in wanting more details however. and it doesnt really matter if the company runs one server or many servers. what really matters is the network structure once you are on the inside of the network. you only need access to one system and from there if the security isnt set up correctly you can access multiple systems.
lastly, if its a forum that sony monitored, then they were warned and it does not matter if they were given warnings from multiple sources or not. they were warned and they apparently did nothing in regards to those warnings. you cannot shift that blame to anyone else for your own failure to secure your servers and network infrastructure correctly.
 
FoBZY said:
right, because this is the first time anything has been hacked on the internet :rolleyes:


It sucks, but seriously is it that big a deal? if your card gets used without your permission, you get the money back anyway. if you are that worried, request a new card and problem solved.

as for my other details? it sucks but most people put half that information up on facebook for everyone to see anyway..
Click to expand...

yes. its that big of a deal. if your card gets used without your permission yes generally speaking you will ultimately get that money back but it takes time and with some financial institutions its not quite as easy and clear cut that you just call them and they fix everything.

having to request a new card also means that on several items that you may have automatic payments set up you have to then call each of those companies and fix your billing which depending on various factors may also lead to an inability to pay in a timely manner which then causes possible late fees which the consumer should never have had to deal with in the first place.
add the possibility of having to deal with the aftermath of issues that can come from this for several years and yeah... its that big of a deal
 
LordCalin said:
and why the hell do you need to attack them so much? The only way for it to never happen period, would be to get the entire planet to decide hey, hacking sucks, lets not do it anymore. No one is just brushing it aside, we know it's a serious problem, but guess what, it's not going away, and if it's not sony, it'll be someone else. You don't want your information stolen, stay offline.
Click to expand...

Sony and any company that fucks up and loses millions of people's data deserves all the shit that people can give them. I'm not going to be nice about it just because it happens to other companies. Companies need to realize how important security is and not try to pass the blame, which is exactly what Sony is trying to do. I also feel rather insulted by Sony's bullshit attempts to apologize. Oh look Sony is offering me an ad to a service I don't fucking care about! Fuck Sony, just fuck them.
 
The story just keeps getting worse and worse with each passing day. It's the video gaming equivalent of Shane Warne's diuretic defense.
 
whole mess makes me thankful I blocked my PS3's MAC address from accessing the outside world on my router after jailbreaking it.
 
well, actually. I blocked it from connecting to the internet immediately after taking it out of the box. I don't play any games online anyways.
 
This just gets worse and worse... and Microsoft is laughing this one all the way to the bank.
 
LordCalin said:
I'd say claiming to find a file pointing to anonymous on the server... as blaming anonymous.
Click to expand...

If you mean this :
http://edition.cnn.com/2011/TECH/gaming.gadgets/05/04/sony.anonymous/index.html

Then i just found a file on my computer, named SONY.hacked.your.computer.txt, and it contains following text : "make.believe". Does that means SONY hacked me ? Of course not. Same is true for the file Sony found. They need someone to put blame on, what is easier than plant a text file on the server ?
 
Man...I can't believe Sony would be so dumb and shrug it all off and let this all happen. Sure, they couldn't predict it would happen, exactly, but they could have totally prevented it had they taken the right steps. There's no excuse for what happened now in my opinion - it doesn't matter who is responsible for the attack. I believe it all comes down to Sony not patching and staying protected, forget all the rest. They were basically asking for trouble by staying knowingly vulnerable.
 
This blows my mind! Every time you think this cannot get worse, two days later... Seriously it is starting to really piss me off.
 
This is really a shame in this day and age.
Even my grandparents know better than this.
 
Sony screwed me over on activation of Sony Vegas after I upgraded system. They told me "too many installs on that serial number" over the phone and I explained I upgraded systems only a couple times and had to reinstall. Then they had the gall to suggest I purchase the new version. F#^K you SONY.
The brains behind Vegas was Sonic Foundry. Excellent software company; until Sony bought them.
I have NOT had anything to do with a Sony product of any kind since.

This was the MAIN reason I switched to Linux. To get away from the Windows world of proprietary and DRM ladened software. I can do everything I need with FREE software on a FREE OS.
 
Inexcusable behavior by Sony. Incredible.
Can't imagine all the lawsuits coming from all different angles. Users in general. All the credit card companies that will have to generate new accounts and issue new cards. Banks......
 
LordCalin said:
I refuse to conceed it until the proof is visible, this hear-say and third party talk / rumours is all 90% of the entire thing has been from the start. I mean look at how many stories were flying around about why PSN was down in the first place, until it was finally confirmed why. I will gladly bow down on my knees in acknowledgement if it turns out in the end they were right, but because one forum was outdated is not proof to me, nor is it even known if that's how they got in. In the end i'm sure glad I never used any sony services tho :|
Click to expand...

Sony had a chance to debunk this and guess what ... they diddnt even show up ! A world wide coporation like sony cant send one guy ?
 
FoBZY said:
right, because this is the first time anything has been hacked on the internet :rolleyes:


It sucks, but seriously is it that big a deal? if your card gets used without your permission, you get the money back anyway. if you are that worried, request a new card and problem solved.

as for my other details? it sucks but most people put half that information up on facebook for everyone to see anyway..
Click to expand...
If Sony had done everything they could and hackers still stole the data, that's one thing. If this is true and Sony knew they were running outdated software with security holes, that's another thing entirely. It then becomes a huge deal because they should have fixed the security holes.
 
LordCalin said:
and why the hell do you need to attack them so much? The only way for it to never happen period, would be to get the entire planet to decide hey, hacking sucks, lets not do it anymore. No one is just brushing it aside, we know it's a serious problem, but guess what, it's not going away, and if it's not sony, it'll be someone else. You don't want your information stolen, stay offline.
Click to expand...


FoBZY said:
right, because this is the first time anything has been hacked on the internet :rolleyes:


It sucks, but seriously is it that big a deal? if your card gets used without your permission, you get the money back anyway. if you are that worried, request a new card and problem solved.

as for my other details? it sucks but most people put half that information up on facebook for everyone to see anyway..
Click to expand...

I love all the apologists, fanbois, whatever. Seriously, I issued this challenge to someone in another thread: If you think it's not that big a deal that all of that information is now in the hands of criminals, go ahead and post all of YOUR information on hundreds of message boards and go to sleep at night without any care or worry. I mean, you probably posted half of it on FB already, right? :rolleyes:
I like the "then stay off the internet" argument too. That one is so brilliant it's makes my head hurt. I think we should actually get rid of all cops, period. I mean crime is going to happen, right? It's an inevitable occurrence, so we might as well resign ourselves to just staying at home, getting rid of cops as they serve no purpose, and if someone pulls a B&E....oh well...sucks to be us I guess
 
This doesn't surprise me.
It take a big company, who follow their SoP, to update any software about 2-3 months. They usually have to do regression testing before propagating to the rest of their network. What I found funny was that there was no firewall. Someone in network security is going to have to explain that one.
 
You must log in or register to reply here.
Back
Top