Oxymoron of the day: User Friendly
|
|
|
Sony is working with law enforcement on the Playstation Network hack
GAMING OUTFIT Sony has confirmed that it is working with law enforcement to hunt down the hackers behind the massive security breach of its Playstation Network and Qriocity services that compromised customer data.
The company said it is working with law enforcement and is "proceeding aggressively" to find the people responsible for the criminal actions. It added that it is working with a recognised technology security firm for a separate investigation, but it did not specify which firm.
Sony also said that all of the data stolen, which included usernames, passwords and potentially credit card information, was 'protected', but that only the credit card information was encrypted.
The personal data table, which included a slew of customer details, was not encrypted, but Sony claims it was stored behind a 'sophisticated' security system, but it was clearly not sophisticated enough to withstand hacking.
The company is moving its network infrastructure and data centre to a new location that it claims is more secure, hinting at the potential that its location might have been a factor in how the hackers gained access to Sony's network.
Sony has been wording things cautiously in terms of credit card details, saying there is no evidence that they have been taken, but refusing to rule out the possibility. It clarified that the security code on the back of cards was not exposed, as Sony did not ask for this information from customers.
Users eager to change their passwords on Sony's network will have to wait a while yet, as Sony is still working on bringing its systems back online with greater security. Sony said that all of its users will be required to change their passwords once the network is restored.
Up to 77 million people have been affected by the data breach and Sony's online services will remain offline until at least next Wednesday. µ
Tags: Security
Share this:
Share
Attention law enforcement people
After working on sony equipment please low-level erase your HD since they will probably have put a rootkit on your forensic equipment at that point.
Firstly, I believe this was an inside job; some disgruntled employee saw a chance, and he took it.
Secondly, I note that the only people screaming about "the evil hackers" are (1) Sony Management and (2) illiterate redneck PSN gamers who wouldn't know a hacker if one bit him on the epeen. Everyone else is aware that hackers are people who make their own stuff do interesting things; crackers and pirates are the evil people. Well, the evil ones outside Sony Management.
The news that in light of the hack, Sony plans to move its data centre to a location that it claims is more secure raises some interesting questions.
It is worth highlighting that no matter how secure the location and the technology, people are still the key to real security. If employees do not see security as a top priority, then even the most secure system can easily break down - especially if basic access practices relating to hardware, databases, etc. are ignored by technical staff.
Even with robust technology, there is always a need for high-quality ‘human management’. Corporate technologies like secure ID still require a strong bond of trust and a process of education in place between business and employee. After all, unprofessional or disaffected users all too often pass critical information on passwords, codes and ID numbers to others.
A even more farsighted or revolutionary approach for Sony might be to encourage its customers to access their online and gaming services through more secure network access that could, in turn, help track and monitor network external hackers and restore consumer confidence in the Sony network.
Secure services like tibboh, for example, can then become the basis for providing access to age appropriate games or the Internet and even for restricting the use of illegal download sites. They can also help provide a clearer audit trail back to the data thief, reducing the likelihood of a hack attack in the first place.
Phil Dawson, managing director, MDS Technologies
Prison is too good for hackers. They deserve the death penalty.
patrick_seybold@playstation.sony.com
jack_tretton@playstation.sony.com
Protected ? How ? With the kind that installs a rootkit, or the kind that can be defeated with a felt pen ?
Whatever, Sony has a long, inglorious history where security is concerned, and this is just one more testament to how badly Sony considers its customers.
Man, am I glad I don't have any Sony kit anymore.
...an injunction slapped on Sony, preventing it from accepting credit card details from users, partners or subsidiaries (or using said partners or subsidiaries to process credit cards.)
This injunction should last for 5 years. Long enough to teach the wankers in Sony management that security isn't something you cover as an afterthought.
This once more proves what a shitty network PSN is. People are calling it the Piece of Shit 3 NOTwork everywhere and goes to show how poor it really is.
This should never have happened and guarding our personal data unencrypted on servers is a nono that even the smallest of security firms know. One should never trust his or her personal data with Sony ever again. And since this hacking war on Sony will not stop any time soon, I advise everyone to stop using PSN, because it will be hacked again in no time.
@ alfie dantae kay
Grow up, it's only a games console.
Sony have a lot to answer for by not owning up to the problem as soon as they found out, and inform people of the issue instead of dragging their feet.
It show how poor their service was security wise.
i think the hackers actions are appoling and wish nothing but the worst for them (8) i have been playing with PSN for at least 4 years and in all honesty i thought the system would be stronger. to all my fellow gamers stay strong and do not fear they shall be back on shortly xxxx