http://www.theinquirer.net/inquirer/...cked-countries
Sony got hit in Thailand and Indonesia also it seems

What other companies are the target of an international group of hackers with a chip on their shoulder due to one of their own being subjected to lawsuit? Nobody is saying that Sony is blameless here but you don't seem to be able to comprehend that any company's security can compromised if enough people decided that they want to take them down.

For what it's worth there are post on GAF right now today about people having their Live accounts hacked and items purchased on credit cards, hackers are doing that right now today on LIVE, the difference is the size and scope of the efforts and sadly Sony's poor IT infrastructure. You seem to not understand the context or complexity here.

You claim this is why sony is being targeted. I disagree with you. In fact the group you claim has targeted sony has denied doing most of this.

Yes a few acounts taken by outside means (email scams or key loggers) is the same as having your whole database stolen.

Bravo on that one

Bravo on you if you think a criminal denying responsibility means anything, prison is full of people who would give you an earful if you're that thick.

My point about LIVE still stands, anybody's network can be hacked given enough time and resources; in the case of Sony there a significant amount of resources being targeted at their websites. Furthermore, its happening in a way to keep the story dripping so people such as your self can keep posting articles about new hacks and reminding everyone how evil and stupid Sony is.

In other news Al Qaeda denies being a terrorist organization... :roll:

It's not the first time that Sony has sued someone for enhancing a product. Even worse, they could've had more customers buy the products because of the hack (and it has nothing to do with piracy).

http://grep.law.harvard.edu/articles.../1613203.shtml

There is nothing wrong with taking someone to court if you feel they are genuinely breaking the law causing you harm in any way. I dont think sony should be looked down on for this, at the moment there is a grey area in the law that needs resolving. If the outcome of the case could well have been that it was legal and could be then used as a test case in the future and work against Sony, but in order for some resolution either way the case must be tested.

Its actually quite sad that companies now have to think about letting possible criminal activities go unpunished because they are worried about attacks against them if they do.

Cui bono obviously applies here.

Attack attempts (the vast majority automated) happen continuously to *anything* connected to the Internet. The fact that Sony's lax security has become more prominent just means that they have cemented themselves in as low hanging fruit for every script kiddie and bot on the planet. There also may be some honeypot action going on as well with these marginal services (I am sure Sony would love to have some foolish script kiddie's head to put on a stick).

Cheers

It's actually quite sad that companies feel they can bully individuals with the might of a corporation. Perhaps this is balance.

Is it really bullying though? Its more like kicking a huge bloke in the nuts and then calling him a bully for kicking your ass.

Companies are expected to sit back and do nothing, because they are a company? If you are not willing or able to defend yourself in court you should not do things that you will end up there for. Geohot had noone to blame for ending up there but himself. If you are willing to push the boundaries of law you have to be willing to make and defend your case and accept the concequence.

OK, sorry. I will not post about that again in this thread.

Quite a few actually including Master Card, Visa, Amazon, PayPal and Bank of America, which have all been targeted by Anonymous. Anonymous pulled back out of concerns of hurting regular everyday citizens. Furthermore, Anonymous targetted those companies based on their contributions of negatively affecting Wikileaks.

There is a major difference between hacking a Live account and hacking Live itself.

If Anonymous backed off isn't that in itself a highly probable reason why we don't hear about security breaches...


Agreed, which is why in my original post I stated its a question of size and scope of the efforts. I think any company's IT backbone would be in danger if a worldwide group of hackers decided to make them a target. That does not excuse Sony but it does mean there is a context here that some gloss over.

Are you saying its an assumption of mine that Apple , Google and MS pay people to find exploits in their code so they can patch it ?

No, it's an assumption of yours that those companies would be doing any better than Sony if the same group of determined hackers were mounting a similar campaign to smear them. But we're all well aware of the source of your assumptions on these matters.

Do you genuinely think MS was not and is not an active target for hacker groups?

Has anyone issued a fatwa against MS? I am pretty sure Sony is the only one of the big three in the sites of Anonymous ATM. Which is the point, we all know of examples of fraud on LIVE too but they are relatively minor compared to this in part because of the size and scope of the campaign against Sony. If MS did something to annoy the hacker community would they be fairing any better?

Sure they are, but the interesting narrative to people is the hackers versus Sony. No one wants to hear how many hotmail accounts are hacked on a daily basis, although I'm sure people would be shocked by the numbers. Everyone knows that cheating and griefing on Xbox Live are a daily occurrence, but no one seems to think this reflects poorly on Microsoft's security measures. We could be talking about the millions of zombie bot-net computers all over the world that just so happen to be running Windows and that their OS security has been a joke for decades, but apparently the real scandal is when some Sony website no one has looked at in years gets compromised.

If Anonymous had declared war on MS this would all magically be newsworthy, plus you'd have a bunch of nuisance hacks of forgotten services and sites on top of that.This isn't about a profit motive for the hackers. It's about crafting a picture of one company as negligent and incompetent. Sony is being targeted right now, but it would be comically easy to replicate the same effect for the Microsoft brand. It's naive to think otherwise.

Nicely stated :yes:

I think this 'hacking' of websites is being pulled out of proportion. Sony is not Google or Microsoft. Sony is a multi industry company. They're in consumer electronics, music, movie, service, semiconductor, mobile phones etc. They don't have one single website for the groups entire services. A large part of each division and subsidiaries manages their own website and content. As such, you have very different sites with different software running on different webservers in entirely different locations to target very different demand and consumers.

To find some security flaw in some of the hundreds of different websites that are somewhere, somehow related to Sony is a lot easier (for obvious reasons) than hacking a single site like Amazon that uses the same software across all its regions and is probably updated on a regular basis for security.

It's a bit like 'hacking' myspace and then talking about 'Microsoft' being hacked.

Not saying it's not possible for a giant like Sony to secure all its websites, but the work and complexity to do so is on another level.

I think this a legitimate observation. There isn't one IT department for all of Sony, and if you know much about It departments, you'll know plenty are populated by less-than-ideal engineers - that's true for every profession actually, you always get some who aren't any good at their job. Sony HQ can make a demand for security updates, but the individual IT departments may not be up to it. It's the Sony brand that's hurt, but it's no more Sony's responsibility than, say, a shopping centre's management being responsible if one of its tenants' employees dips into the till. Just as individuals can act in Anonymous's name and Anonymous as an organisation takes the blame. Except of course Anonymous is even less structured than the Sony group.

What makes me 'laugh' is all the "Sony security is rubbish" etc comments. Also the comments regarding MS/add any other company here "obviously has much better security" implecations.

This (to me) is not true. If Sonys security is so 'bad' why has it taken so long to be hacked? And then why are we now seeing so many attacks?

Personally I think (as mentioned earlier) the attacks have revealed a weakness which people may well be now attacking - or maybe they are attacking Sony because they are working hard on PSN (and therefore they are maybe taking their eye off the other sites?).

I also think no company has a 100% secure system. IIRC didn't MS have to patch a major security hole in Windows 'recently' (Vista IIRC)?

And here's something else...why is IE the browers that suffers the biggest security issues/viruses etc and this being a reason why many use Opera/Firefox etc? Is it because MS make bad software/security or because it's the most used product so an easy target?

That's true but I would not put the burden only on people (even higher level executives to some extend). I saw companies that went throught various mergers acquisitions, the very nature of their infrastructure is fucked even less than ideal engineers try their best to make something "hereterogeneous" work but it ha its limits, I guess. I'm not sure that the problem with Sony but I just want to enlight that sometime people are facing stuff that have not been set up "clean" to begin with due to the company(or a division within a company, etc.) history.

MS would be too easy pickings for most hackers to bother with. To say that you exploited a flaw, zero day or otherwise, in MS software would be as grand an achievement as breaking into your own house with your key.

There isn't a system out there that is 100% secure against exploitation. There are just degrees of vulnerability. The majority of the flaws exist in third party packages and patches are reliant on those parties finding such flaws and then patching them. Not every server is going to be running Apache2 with the Suhosin patch for example.

For an example of how many fundamental flaws exist in server technologies, it is possible to crash a server running php if you just feed 2.2250738585072011e-308 (or any other randomly long float) in a GET clause. Simply because php has a flaw that causes an infinite loop when converting a float to a string (Intel only).

The general ire against Sony is like flogging a dead horse. They are running servers that obviously needed some attention but until they began to be attacked wholesale those servers would have been perfectly fit for service.

Ultimately the only people who really get hurt are the end users. People like you and me. Maybe it's time all the anger got re-directed from the easy, and wrong, targets like Sony and were channelled into something better like finding the losers who committed the hacks in the first place. They're the ones who are deserving of the anger and vitriol aimed at Sony. After all since Sony are victims and we are victims too, everything piece of mud flung at Sony lands on us too. Sony were stupid because they let data be stolen and we were stupid to give it to them in the first place. And the hackers walk around saying aren't we cool, we're the only ones are aren't getting covered in sh*t.

As ever, the blame is apportioned across lots of people, none of whom can be held aloft singularly as the culprit, and none of whom can be wholesalely changed to solve the issues. If Sony had better engineers, this wouldn't happen. If the engineers had better management, this wouldn't happen. If the server software companies had better testers, these flaws wouldn't get through, and if the testers had better management and tools, they could do a better job. And, of course, if the hackers had any principles, we wouldn't have to worry about security flaws in the first place! And if they had better parents. And if the parents had a better, more supportive society...

If it were possible to isolate one part of the chain and make it perfect, we could solve all the problems of hacking. But that is not possible, and there will always be crime and victims.

It's the same as console piracy. Each generation the console companies implement security measures to prevent piracy, and each generation some new exploit they never considered is found. The next iteration of hardware fixes those known faults, only for some new vulnerability to be found. Same with internet services - you can only protect against known issues and expected issues. Trying to defend against and every unknown possible attack vector is impractical.

The question here is whether the hacks are because Sony at large was complacent/incompetent, or if they were just a victims of the ordinary run of cat-and-mouse hacking. If, like the PS3 encryption fault, Sony were sitting on weak servers that they knew were weak, then they didn't do as much as they realistically could and need to shoulder a lot of the blame. But if their security was 'as good as every one else' and they were led to believe that they weren't open to hacks, then it's not particularly their fault if they couldn't preempt security measures that would have prevented this. At the moment there's lots of noise saying Sony were incompetent, but there's no hard evidence yet, but most people seem to prefer to judge long before the trial is ever held. ;)