Security Expert Testifies That Sony Knew Its Security Was Out of Date for 'Months'

  • 100 results
  • 1
  • 2
  • 3
#51 Posted by OneManX (1682 posts) -

I dont think most people care... because at this point, if they were super paranoid, they would of canceled their cards (and would of had new ones by now) or sold their PS3s. This just seems like okay...


Turn the servers on now, please? IMHO, people just want to get back online again.
#52 Posted by OmegaPirate (5523 posts) -

I fear for 80% of the internet when this thing is over, the amount of dick slapping outrage you guys get to throw around every day is sure to be addictive. 


When the cut-off comes it's gonna be cold and hard
#53 Posted by spankingaddict (2659 posts) -
@TOYBOXX:  You're a dumbass.

 I find these recent news funny, everyone's overreacting :)
#54 Posted by SparkEngineer (69 posts) -
@Sevan said:
" @SRanker said:

" I would assume this is not true. Theres no proof. It's not an offical report from a company. "

...your not serious are you? Sony took a week to tell us something that could have potentially millions of people. Screw their official reports. this is a man with a doctorate speaking officlally at a  Congressional House Subcommittee on Commerce hearing. This aint a discussion forum where any Jack@$$ can say whatever. you have to have some serious cred behind you to be allowed to talk at one of those.  The proof will be looked into, but it has probably already been tampered with as much as possible by Sony. But technology is not an opinion. If a bunch of tech heads on a forum said "hey, this is old $#ity software... its old $#ity software.   I figured Sony was cutting corners somwhere simply for economic reasons. They have a more expensive system that they wernt making money from for years, and a free (although not as good) online system with dozens of outside programs having access to it. Where more secure systems like xbox live and apple, there are very few programs that are allowed anything more than a shallow access into their systems, PSN just kinda let anyone do whatever. none of PSN's "Apps" have any of the trademarks of a program stripped down and rebuilt for security and efficiency on the network. IF Psn survives this, we'll start seeing more structure. But pretty much PSN was thrown together like the little rascals second race car... except it didnt win the race. "
Sony didn't do anything out of the ordinary with their response. It is and always will be policy to wait until the security breach is official to make comments to customers. Windows XP/7 have plenty of security holes. Most of which make far more data available to criminals than sony has. Microsoft does not, and will not, announce to all its users that there are security holes before they verify with proper work that this is the case. As an engineer and someone who works in a comparable industry the media has blown this far out of proportion, it's barely a deal at all. No one is going to be hurt by this other than Sony. We should all feel bad for them. They are just as much victims here as PSN members. If sony knew there was a security leak that would expose this information they would of done something about it. Especially after the Hotz incident. No server is hack proof. There is not a single piece of data in existence that cannot be hacked. All of your information everywhere is vulnerable in one way or another. We have no idea what went into this hack. It could of been hundreds of expert hackers working together. 
#55 Posted by Commando (1878 posts) -

I heard Ohio State's coach Jim "Sweatervest" Tressel is the hacker.

Note: If you don't follow college football, you'll have no idea what I'm talking about.

#56 Posted by Choffy (440 posts) -
@Ontheocho
That E3 Sony press conference is going to be so uncomfortable.  It's going to be like Pee Wee Herman's first stage appearance after his arrest.  It's going to be so cringe worthy, and I'm not going to miss a minute of it.
It'll be like watching a train wreck: you know you probably shouldn't be watching but you can't turn away.
#57 Posted by beej (1674 posts) -
@Goldanas said:
" @beej said:
" Wow, this combined with not showing up when a congressional committee summons you? This is looking rough for Sony. "
It's worse than that. He's quoting something someone else read on the Internet. I'm pretty sure this is hearsay and inadmissible. True or not, this doesn't even qualify as evidence. The only things that have been swirling around about this whole mess is a bunch of rumors blasting Sony with no real proof. I know my name is blue, but can we please read the whole article or at least wait til' we have a conclusion before selling off our consoles? "
I did read the article, I wasn't making an argument about whether or not any of the evidence he offers is valid, merely commenting on how this is a ad time for Sony. Sorry I said that, allow me to perhaps offer a statement you will like.
"Man this is all really good for Sony, the veracity of the claims in question doesn't matter because things are going to go A-OK! Times aren't looking a little tough or anything! Anyone who says that they are probably didn't even bother to read the article." That better?
#58 Posted by Crash_Happy (655 posts) -
@Nadafinga: Worse. He testified that someone told him they read something on the internet.
#59 Posted by McGhee (6094 posts) -

  

#60 Posted by PhilESkyline (774 posts) -

If this is true, things just went from bad to worst for Sony.




#61 Posted by bearshamanbro (284 posts) -
@Krakn3Dfx:  I agree, well said
#62 Posted by GozerTC (456 posts) -


Hmm... I see another form letter in the mail saying I'm part of some "Class Action Lawsuit" here in a few years. :\

 

#63 Posted by umdesch4 (772 posts) -

All a tempest in a teapot. If Sony can survive something like a CD copy protection rootkit scandal , they'll eventually get a free pass on this one. This example of what seems to be the attitude in all departments of Sony hasn't changed one iota:

  Thomas Hesse, Sony BMG's Global Digital Business President, told reporter Neda Ulaby, "Most people, I think, don't even know what a rootkit is, so why should they care about it?"

#64 Posted by Beb (240 posts) -

Looks like some people are misunderstanding the news.

The point here is not that "some guy" read "some rumor" on "some message board" and is repeating it as fact.

The point is that a bunch of people noticed Sony's security flaw, and informed Sony by posting the info on a board that Sony employees read, thus informing Sony of the flaw. But Sony didn't do anything about it.

#65 Edited by TheHT (10933 posts) -

  @Beb said:

" Looks like some people are misunderstanding the news.The point here is not that "some guy" read "some rumor" on "some message board" and is repeating it as fact.The point is that a bunch of people noticed Sony's security flaw, and informed Sony by posting the info on a board that Sony employees read, thus informing Sony of the flaw. But Sony didn't do anything about it. "


Fair enough, save for the fact that not responding on an internet forum doesn't equal not doing anything about it.

Also, if they didn't acknowledge it, the forum thing isn't much to support the claim that they knew about it.
#66 Posted by CornBREDX (4873 posts) -
@SRanker said:
" @Sevan said:
" @SRanker said:

" I would assume this is not true. Theres no proof. It's not an offical report from a company. "

...
Sony didn't do anything out of the ordinary with their response. It is and always will be policy to wait until the security breach is official to make comments to customers. Windows XP/7 have plenty of security holes. Most of which make far more data available to criminals than sony has. Microsoft does not, and will not, announce to all its users that there are security holes before they verify with proper work that this is the case. As an engineer and someone who works in a comparable industry the media has blown this far out of proportion, it's barely a deal at all. No one is going to be hurt by this other than Sony. We should all feel bad for them. They are just as much victims here as PSN members. If sony knew there was a security leak that would expose this information they would of done something about it. Especially after the Hotz incident. No server is hack proof. There is not a single piece of data in existence that cannot be hacked. All of your information everywhere is vulnerable in one way or another. We have no idea what went into this hack. It could of been hundreds of expert hackers working together.  "
I just want to say I am glad you said that. It's quite funny how many people think the internet is 100% safe because sites tell you it is.

Everything can be hacked given time and man power.

That being said: If you're a big infrastructure there is always someone that is going to attempt to break in and the infrastructure should be updated and proven secure constantly. If Sony was cutting corners on their security they were not doing their customers any favors or even being responsible with sensitive information. This is the responsibility of any company (large or small) that handles sensitive information (such as credit card info, and other personal info) on the internet or even not on the internet.

Most large internet companies are constantly finding new ways to keep your information safe and safe guarding that information constantly. Often they use third party security provided systems/programs for this (which is generally the best way as its primary focus is safe guarding information).

While you are 100% correct- anything can be hacked- this is not a home computer network we're talking about here. This is a multi-billion dollar company that has the sensitive information of reportedly 77 million clients (said to be more like 35 million actual subscribers or something) and as such they have the responsibility to safe guard that information at all times.

The only thing Sony is a victim of is not putting enough interest in keeping their network secure- and therefore not giving a shit about their customers personal data. This should be a major priority for anyone holding that much sensitive information.

I don't think the argument here is that anything can be hacked. This is 100% true. I think it's more important and what should come out of this is that Sony did not bare responsibilities that their customers required of them and Sony is now paying the price for that. Sony is fully to blame for anything that happens to their network with your personal info on it- it is your right as a consumer that this information be protected. If they can't handle that burden they shouldn't store it at all.
#67 Posted by chickdigger802 (501 posts) -

Believe what you want to believe. But the one law of the world is, believe in the beard.

#68 Posted by thehuntsmen5434 (427 posts) -

I know how to turn on firewall's Sony. And I have some Anti-virus software.

Give me a job.

#69 Posted by Siphillis (1290 posts) -
@N7 said:
" @SRanker said:
" I would assume this is not true. Theres no proof. It's not an offical report from a company. "
But... Look at how old he is! Life is too short to tell lies! "
or to make a name for yourself at the expense of a multi-national billion-dollar corporation.
#70 Posted by utino (5 posts) -

STOP SPECULATING ON BULLSHIT

THIS WAS NOT AN EXPERT

THIS WAS ONE RANDOM IDIOT ON A SONY FORUM WITH 1 POST

HE WAS NOT PART OF THE HEARING SO STOP REPORTING IT LIKE HE WAS.

#71 Posted by AhmadMetallic (18955 posts) -

i don't wish anyone harm, but... watching a big greedy corporation like SONY get fucked sounds awesome and historic !


too bad i own a PS3 :( 
#72 Posted by JohnPaulVann (209 posts) -

 This guy's testimony is total bull shit; he has no facts to back up these outrageous claims. He just hates the Japanese and wants to fuck Sony. 


#73 Posted by RandomInternetUser (6789 posts) -

Would a man named Gene Spafford lie to you? 

#74 Posted by Dipic (5 posts) -
@TadThuggish said:
" hahahahaha r.i.p. sony whocares-2011 "
Tryin' way too hard there, brah.
#75 Posted by quinistheman (150 posts) -
@dipic: And so is this guy:
@JohnPaulVann said:
"  This guy's testimony is total bull shit; he has no facts to back up these outrageous claims. He just hates the Japanese and wants to fuck Sony. 

"
#76 Posted by damnboyadvance (4059 posts) -
@utino said:

" STOP SPECULATING ON BULLSHITTHIS WAS NOT AN EXPERTTHIS WAS ONE RANDOM IDIOT ON A SONY FORUM WITH 1 POSTHE WAS NOT PART OF THE HEARING SO STOP REPORTING IT LIKE HE WAS. "

"...an open Internet forum used by security experts, including several Sony employees..."

Check your facts before you post.
#77 Posted by THRICE (167 posts) -
@JohnPaulVann said:
"  This guy's testimony is total bull shit; he has no facts to back up these outrageous claims. He just hates the Japanese and wants to fuck Sony. 

"
The racist card, really?
#78 Posted by Goldanas (546 posts) -
@beej:  Oh, sorry, man, I quoted the wrong guy. My statements weren't directed at you, but I probably still deserve the bashing. I've changed my original post to reflect the right person's statement.
#79 Posted by slantedwindows (272 posts) -
@Beb said:
" Looks like some people are misunderstanding the news.The point here is not that "some guy" read "some rumor" on "some message board" and is repeating it as fact.The point is that a bunch of people noticed Sony's security flaw, and informed Sony by posting the info on a board that Sony employees read, thus informing Sony of the flaw. But Sony didn't do anything about it. "
+1

and now it's sony's burden to prove that their servers were up to date at this time. something they should definitely have records of... if they were doing what they were supposed to be doing.
#80 Posted by thunderbear (9 posts) -

Haha, yeah I am sure Sony didn't care at all about the threats and left their servers wiiide open with a sign saying "Welcome in, please take everything you want."

Ever since the PS3's firmware was hacked, Sony has been in trouble. Some people took extreme anger to Other OS being removed (who used it?! I installed it once, looked all over for useful ways to use it but only the main CPU, 256mb of available ram and no GPU support meant Linux was useless on the PS3).

#81 Posted by ShaneDev (1696 posts) -

I wonder who was in charge of security at Sony or even just server maintenance and whether they still work there. This is pretty embarrassing if they did not update the servers even without some guy telling them but if they didn't even do it when someone else pointed it out to them then now they just look  incompetent.

#82 Posted by Phished0ne (2486 posts) -

Alright, im officially sick of hearing about this.  There have been almost no reports of people's  cards being charged, i've only heard one.  Sony cant even prove that any information was actually even accessed yet.   


The hacker was just some kid that wanted to brag to his scumball friends, I guarantee it. They probably don't even  know what to do with credit card numbers even they  did take them.     Its sad that Sony had to wait this long to do anything about it, but it is what it is.  My cards not going back on their service, the number has been changed, and from now on im using PSN cards until i feel safe with them again.  
#83 Posted by weavminas (83 posts) -

Our great esteemed Congress takes testimony from a guy who read something in an open forum. This is called hearsay. "I found a note that says that Billy thinks that Susie likes Gary." So Gary pushes Susie off the jungle gym because he thinks girls are icky.
On a related note, how long until PSN misses it's 'deadline'?

#84 Posted by RE_Player1 (7551 posts) -

I think for E3 Jack Tretton has to come out and say," I know the past few months have not been kind to Sony and the Playstation brand... but here are a fuck ton of games to make up for it!!!!" And 50 trailers play non-stop. Sly 4, Uncharted 3, Last Guardian, NGP etc. Not saying they'd be off the hook but that would be badass. Kind of like Microsoft giving out those 360 slims at their press conference. 

#85 Posted by Marz (5646 posts) -

tsk tsk Sony,  

#86 Posted by gunslingerNZ (1900 posts) -

We like to call that sort of thing hearsay. Still, damning if true.

#87 Posted by Koobz (364 posts) -
@slantedwindows said:
" @Beb said:
" Looks like some people are misunderstanding the news.The point here is not that "some guy" read "some rumor" on "some message board" and is repeating it as fact.The point is that a bunch of people noticed Sony's security flaw, and informed Sony by posting the info on a board that Sony employees read, thus informing Sony of the flaw. But Sony didn't do anything about it. "
and now it's sony's burden to prove that their servers were up to date at this time. something they should definitely have records of... if they were doing what they were supposed to be doing.
"
#88 Posted by James_ex_machina (905 posts) -

SONY went to shit when Kevin Butler disappeared from the commercials. E.O.S.

#89 Posted by tourgen (4432 posts) -
@Xeiphyer said:
" Not surprising.Well, this is something we already knew, but the fact is that the people in charge of security answer to the people who have the money, and they don't always have a lot of say.

Spending a bunch of money to upgrade something that they just upgraded a few months ago probably seems insane to the admin/accounting people at Sony who don't understand how security works
The sad thing is that Apache is free, open source software so it would have only cost them tech time to update their servers.  It really looks like they had no idea what they were doing though.  It may have been as much of an issue as (lack of) expertise in the security field as cold hard cash.  they didn't even know WHAT to spend the money on.

Anyway this was the same company that thought it was totally O.K. to put rootkits on their music CDs, then got off with a light slap on the wrist for essentially a mass distribution of malware (felony) and unauthorized access to computer systems (felony).  They deserve to burn and I'm happy to finally see it happen.
#90 Posted by Xanth93 (485 posts) -

Holy shit! That's just not right. Wow... I am appalled now.

#91 Posted by Xpgamer7 (2377 posts) -

CONTROVERSY IN THE PUBLIC EYE. We knew this was coming. 

#92 Posted by selbie (1847 posts) -

Yo i got my facts from the internet.

#93 Posted by YukoAsho (2001 posts) -
@selbie said:
" Yo i got my facts from the internet. "
Q
F
T

Seriously, why would anyone take FORUMS seriously?
#94 Posted by Sevan (83 posts) -

@SRanker: 
i understand not saying "weve been hacked" on day one, but at least saying "there is a security issue being handled" or something like that would have been acceptable. But jut being dead silent for a week while my PSN is down is crap. No policy should ever mean keeping your customers in the dark for extended periods of time when you at least have an IDEA of what happened.
 and as its already been said, Windows is a PC system. The average person who is one in billions of internet users can use it. If you are the type of person who might be intentionally targeted for hacking, you up your protection. Steve Job's probably has a pretty hardcore home setup. And when your a company, responsible for millions of peoples information, you pay for good security. You can tell from how Open PSN has been since launch that they havent been doing as much as Apple and Microsoft to keep people out of their infrastructure. Apple doesnt let any outside company make any apps that leave even a small opening in their security. XBlive doesnt even do  outside applications, with Netflix, last fm, and now Hulu being the only exceptions... and even those were tested and designed to follow lives rules. Where as PSN let you pretty much make your own OS for a while, and still has several apps that cant possibly be as secure as a more responsible company would make them.
 and Hotz was on a whole different level. he was hitting their hard and Software, not their online network. The fixes they put down after him removed weakness in individual PS3's. But this was an attack on the network, and they were still running the cruddy system they had put down for when they were a free program.
honestly, they really didnt have any reason to guard themselves from hacking, as the hacker community and the gaming community have allot of overlap, and they dont have something like the Microsoft points system to draw the attention. But that doesnt mean they shouldnt keep their security up. and if you have a forum full of peope saying your programs are out of date....

@CornBREDX:
lol. wish i had read this before i started typing....
#95 Posted by Xaviersx (157 posts) -

Taken down by the Bowtie Mafia . .

#96 Posted by Crash_Happy (655 posts) -
@Beb: Honestly, I feel like you're missing the point.
What we have is someone claiming third hand knowledge of Sony being aware of a security flaw. What we lack is any detail that provides a framework to evaluate this information.
Interpret it whatever way you like.
#97 Edited by BradGrenz (58 posts) -
#98 Edited by Dagbiker (6939 posts) -

A guy saying he heard from a guy, that that guy saw on a website that  someone claiming to be from Sony said that their Server was unprotected.

Totally admissible in a court of law.

#99 Posted by MonkeyKing1969 (2593 posts) -

There is a big discussion over on Bitmob about if only seven out of a few dozen servers were not updated, and what those seven servers actually did.   The overall discussions seems to have ground to a halt with the concluded that --- There were instances of certain servers not being up to date, but in a majority of instances show Sony's servers were up-to-date.

This seems like a Red Herring issue, yet people are saying, "Ah ha, I've found a smoking gun". However, the reality is that gun was half-way around the world, pointed seemingly the wrong direction, and was in fact not a gun but a comically shaped novelty cigarette lighter.   Sony was hacked but the reason it was possible was unlikely the Apache software's age.

#100 Posted by Xsheps (114 posts) -

Just imagine Sony employees going onto forums and lamenting that their Apache software is totally out of date.  What an amateur organization.

This edit will also create new pages on Giant Bomb for:

Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.

Comment and Save

Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.