@KonRudi - The purpose of sending this letter is to have the official responses to them become a matter of public record. I would expect that there will eventually be a public hearing where the committee will force a representative of SCEA to appear to answer additional questions from its members and these written answers will probably be gone over in great depth and at some length until the committee members are satisfied they have all of the facts. The SCEA rep is probably in for a bad day....
*ren* PSN Down, Customer Info Compromised
- Thread starter Cheezdoodles
- Start date
Sony press conference on Sunday regarding the breach.
http://ps3.ign.com/articles/116/1165327p1.html
http://ps3.ign.com/articles/116/1165327p1.html
5am in the UK, so we'll know what's been said when we wake up. How much of this is Kaz Hirai's responsibility as head of Network Products and Services?
You've obviously never heard of Sarbanes Oxley and for me (as a Massachusetts resident), MA 201...
SOX is more of a general accountability/auditing compliance regulation originally intended to prevent financial impropriety, but has impacted the IT field (in the US) by generally requiring organizations setup processes to ensure any data that affects financial results or records, including identity information, be protected with proper controls. It also defines disclosure requirements when that data is compromised, etc. http://en.wikipedia.org/wiki/Sarbanes–Oxley_Act
Look at the other similar or related laws for other countries... this is pretty universal now. UK's data privacy act is similar.
My organization has strict auditing requirements meant to satisfy SAS-112:
http://en.wikipedia.org/wiki/Statements_on_Auditing_Standards_(USA)
We are a private, not-for-profit. We also have to adhere to local laws: MA201 which is unique in that it is a state-level regulation detailing how companies must safeguard identity information: http://goo.gl/ARoKq
Pretty much all of it. When something like this happens, the top of the org chart is ultimately responsible. The PS3 is under the NPS division and Kaz is on top of that org chart. You can't roll out a chump for the firing range.
If he's going to be fielding questions, he could/should bring a security specialist with him but if this is a canned speech, then no need. Btw, this is what he should have done a day or two after knowing what had occured.
deathindustrial
Regular
Why would I edit it? No need to make a personal slight just because you don't agree with me.
Looking at the Energy And Commerce Committee's site, they are definitely pushing the news that they have mailed Sony:
http://energycommerce.house.gov/news/letters.aspx
http://energycommerce.house.gov/issues.aspx?IID=5
Via Google I found a copy of a letter they were supposed to have sent Epsilon about their breach earlier this month except there is no mention of it anywhere I can find on the above site. I am having to assume it either never actually got sent or they have decided to hush up about it after the fact:
http://bono.house.gov/UploadedFiles/Bono_Mack_Butterfield_Epsilon_Data_Breach.pdf
Obviously not a big enough sample size to make any assertions but it is strange that Epsilon / Alliance Data Systems has all but vanished from the system. I also could not find anything about the response that was supposed to have come by April 18th. . .
Cheers
He better show up with a humble attitude and not try to make anything look like it wasn´t their fault.
I looked back, and I stand by my statement... I work for MS, in the xbox org, and even I only have the vaguest idea of the internals of Live. Any statements I made about it would have almost the same chance of being right as anyone else who worked in the industry. (Now the messenger service internals I could talk about, but that wouldn't really help
)Microsoft sit in a glasshouse of their own, and they would probably like nothing more than to have people feel safe and secure when shopping and gaming online, so I don't think it'd be very likely for them to lobby against Sony here, sinceany new laws and similar would also affect themselves in the end.
Last edited by a moderator:
I looked back, and I stand by my statement... I work for MS, in the xbox org, and even I only have the vaguest idea of the internals of Live. Any statements I made about it would have almost the same chance of being right as anyone else who worked in the industry. (Now the messenger service internals I could talk about, but that wouldn't really help
I'm not saying you shouldn't stand by your statement, and I think I stood in support of your premise to begin with. I'm just saying that your initial query in that statement was followed by a presumed outcome that might have limited applicability to the individual you were asking it from.
But I will admit that I am not in a position to affirm or speak for anyone on the matter.For me it's more like what you just said regarding your involvement with XBox; now, were there a story on MS, and you chimed in with a fairly strong take on it, then knowing you are there and also that you likely would not plant a flag on an issue if you didn't feel adequately informed in your own right, then I would be less concerned with whether you worked in said division or not and simply more inclined to take your own confidence of knowledge in your position as sufficient to make me note your view. That is due to my own regard for your integrity and perception of your 'facts-required-before-speaking-with-authority' quotient. If you weren't yourself confident, you probably wouldn't say anything, right? And of course even moreso in situations like this, if you were asked to lend your official credentials to the matter after having spoken out on the subject, you likely would demure, since a PR firestorm like this would likely not benefit from your unsanctioned, unofficial participation providing title and position where the inevitable thread-linking and cross-talk would emerge across the net as a result.
I have that above respect for knowledge and insight towards Archie, given his past contributions, the areas in which he has shown particular expertise, and the particular glimpses into his official capacities he has in the past provided or shared on the forum. So it's true, support/evidence for his statements has not been provided, and he may be incorrect on the matter, but his entering the thread with specific color on the encryption situation is enough for me to say: ok, maybe it's this then.
Last edited by a moderator:
I'm curious...do you think this would have happened if he hadn't hacked the PS3?
Yes, because someone else would have.
Yes, because someone else would have.
well they hadn't up until now...I'm sure it's just a coincidence though
You mean they didn't tell you about it up till now. Criminal hacking is big business, do you think they are twiddling their thumbs while waiting around for some home brew guy to crack stuff for them?
Is it possible that what Geohotz did offered an opportunity? Yes. Is it possible that the Geohotz hack had nothing to do with, yes. Is he a convenient target for people looking to blame someone other than Sony? Also yes.
There's no question in my mind this would have happened with or without Geohotz, the timing may have changed, but if anything Geohotz releasing his info on the net should have made it very clear to Sony that the PS3 wasn't secure months ago and they should have stepped up efforts to secure PSN if the PS3 was supposed to be their lynchpin.
I doubt we'll ever know what really went down at Sony, but it didn't go right and it's going to be an expensive mistake. Governments are lining up to grill Sony and I suspect the class action suits are going to follow.
Well put, point taken.I'm not saying you shouldn't stand by your statement, and I think I stood in support of your premise to begin with. I'm just saying that your initial query in that statement was followed by a presumed outcome that might have limited applicability to the individual you were asking it from.
For me it's more like what you just said regarding your involvement with XBox; now, were there a story on MS, and you chimed in with a fairly strong take on it, then knowing you are there and also that you likely would not plant a flag on an issue if you didn't feel adequately informed in your own right, then I would be less concerned with whether you worked in said division or not and simply more inclined to take your own confidence of knowledge in your position as sufficient to make me note your view. That is due to my own regard for your integrity and perception of your 'facts-required-before-speaking-with-authority' quotient. If you weren't yourself confident, you probably wouldn't say anything, right? And of course even moreso in situations like this, if you were asked to lend your official credentials to the matter after having spoken out on the subject, you likely would demure, since a PR firestorm like this would likely not benefit from your unsanctioned, unofficial participation providing title and position where the inevitable thread-linking and cross-talk would emerge across the net as a result.
I have that above respect for knowledge and insight towards Archie, given his past contributions, the areas in which he has shown particular expertise, and the particular glimpses into his official capacities he has in the past provided or shared on the forum. So it's true, support/evidence for his statements has not been provided, and he may be incorrect on the matter, but his entering the thread with specific color on the encryption situation is enough for me to say: ok, maybe it's this then.
deathindustrial
Regular
Wow, did they really just try to use Anonymous protesting their brick and mortars as an excuse for the breach?
Similar threads
