1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Sony Pictures hacked

Discussion in 'Article Discussion' started by CardJoe, 3 Jun 2011.

  1. azazel1024

    azazel1024 What's a Dremel?

    Joined:
    3 Jun 2010
    Posts:
    487
    Likes Received:
    10
    Maybe it is my perspective working in the public sector in IT, but things take time. Private sector can sometimes be more agile, but when you get to the really big companies they aren't much more agile than the public sector is, sometimes worse depending on the culture. Things just take time. Its not as simple as just saying "oh, we have a problem, lets hash our passwords". You might have to rework a dozen systems and a bunch of databases to handle the new way of storing passwords.

    Should it have been done to begin with? Certainly, should they have set things up so that they weren't vulnerable to SQL injection attacks, deffinitely. That doesn't mean something wasn't overlooked and wasn't discovered in testing.

    Once it is discovered it takes time to fix. Its not like we are talking a single system here that they haven't fixed. We are talking dozens and dozens of systems and hundred of applications. Probably that took a few tens of thousands of work years to put together all together. It doesn't take a single programmer 45 minutes to fix. It probably takes a couple of hundred several months to fix everything and that is assuming there is nothing preventing them from making the changes quickly (like having to implement a system wide change all at once instead of being able to roll it out piece meal).
     
  2. Bungletron

    Bungletron Minimodder

    Joined:
    25 May 2010
    Posts:
    1,169
    Likes Received:
    62
    As an IT worker your perspective is odd, it sounds more like a management perspective. I remember at my last firm the system was so old it creaked, passwords were not encrypted there either. Engineers and developers would be battling management everyday to try and get these things improved, they were mostly ignored and they made their feelings of frustration about how **** it was very vocal indeed! When the Risk team finally took interest and started to do some calculations the improvements very suddenly started to happen, new IT contractors appeared very sharply indeed.

    You can do this in the technology industry in the private sector, just depends how serious you are about it. Sony could have taken down everything, checked it and put it back up when it was fixed like PSN, they decided it was cheaper not to.
     
  3. will_123

    will_123 Small childs brain in a big body

    Joined:
    2 Feb 2011
    Posts:
    1,060
    Likes Received:
    15
    Welcome to my boat!
     
  4. supermonkey

    supermonkey Deal with it

    Joined:
    14 Apr 2004
    Posts:
    4,955
    Likes Received:
    202
    I'm really getting tired of all these "hacker" groups. If they were at all interested in improving network security in the corporate world, they wouldn't be posting all the user names and passwords to the internet for all to see.

    No, this is just criminal behavior coupled with publicly bragging about the results. You want to highlight the holes in Sony's security? Fine. Own up to it, put your name to the actions, and work with Sony to fix the problem.
     
  5. Fizzban

    Fizzban Man of Many Typos

    Joined:
    10 Mar 2010
    Posts:
    3,683
    Likes Received:
    271
    I agree. Both parties could gain. The company would gain by getting free information on how to secure their systems, and the hacker groups would gain by getting the recognition they seek. But the moment they post information online or use that info in any way, they are criminals.
     
  6. Glix

    Glix Left Thumb Stick in the mud.

    Joined:
    11 May 2010
    Posts:
    318
    Likes Received:
    1
    Your kidding right?

    I've just hacked bit tech... oh you want proof, err, erm I don't really want to expose any info that could be used to prove I did it...

    How do you propose they work with Sony? How do you know that they didn't already send a warning email?
    This is what happens in the hacker world, they find an exploit, let the party know about it, then a week later release it to the public to speed up the addressing of said exploit. Where have you been these last few years?
     
  7. geemsean

    geemsean What's a Dremel?

    Joined:
    19 Jul 2010
    Posts:
    2
    Likes Received:
    0
    This is one seriously flawed analogy. Your juvenile reasoning implies that Sony is the sole victim of the incident, whereas the true victims were the innocent customers who put their faith in Sony to keep their personal information secure. Sony has had enough time and resource to make corrections in their security, or lack thereof. This just proves that PSN wasn't just a freak accident, but a timebomb waiting to happen. If Sony doesn't wake up and tighten the security in the rest of their branches, the catastrophes would be massive.
     
  8. Sloth

    Sloth #yolo #swag

    Joined:
    29 Nov 2006
    Posts:
    5,634
    Likes Received:
    208
    I almost find the bit about having hacked PBS more shocking. A non-profit television station is "punished" for broadcasting a show the hackers don't agree with? First amendment anyone? Certainly not the kind of justice I'm interested in.

    +1 to that. You can't claim to only want to reveal weaknesses when you're exploiting them as you speak!

    In reality where there is no email and the hacker just takes your credit card info to use your money. Robin Hood is a fairy tale, criminals exploit it and in turn get the respect and admiration of they very people they're harming. I sure as hell don't want some malicious group of people telling me who I should or should not do business with and ain't buying their noble claims.
     
  9. llamafur

    llamafur WaterCooled fool

    Joined:
    27 Jul 2009
    Posts:
    859
    Likes Received:
    21
    Same here. I'm thoroughly enjoying this conniption.
     
  10. themax

    themax What's a Dremel?

    Joined:
    2 Dec 2005
    Posts:
    1,060
    Likes Received:
    3
    No, this doesn't happen in the hacker world. In the IT Security world, real poeple, with real names, own up to an exploit they find and inform the party invovled, not run off to twitter, first tweeting about said attack, then days later posting the stolen information. These guys just want attenttion, and are far from any sort of group fighting any "injustice". They are criminals at best.

    I'll try to dig up the article, but I also read that these guys tried to drag a former member into this by outting his username as having paid them to do it. Seriously? People are rooting for that?

    Edit: Unfortunately Fox is where I found the article so I'm not posting that because I can't say wether it's %100 true. The article states that Branndon Pike was the person Lulzsec identified on their twitter when they referenced Shadow DXS as having paid them to hack the PBS website.
     
    Last edited: 3 Jun 2011
  11. supermonkey

    supermonkey Deal with it

    Joined:
    14 Apr 2004
    Posts:
    4,955
    Likes Received:
    202
    No, I'm not kidding. I don't need proof because I don't care about your hypothetical reputation in the hacker world. If you found an exploit and hacked the Bit-tech server, you could very easily send an e-mail to the Bit-tech staff and provide them with whatever proof they desire. Posting all of Bit-tech's users' details online is utterly unnecessary. You could then work with them to patch the exploit.

    Like I said, work with the company. The company being slow to react is not justification to screw over thousands of people who have nothing do with the company's IT security.

    EDIT:
    Go ahead and have your laugh. When your bank gets hit and your credit card is stolen, be sure to let us know so we can be condescending in return. :)
     
  12. SexyHyde

    SexyHyde Minimodder

    Joined:
    24 Jul 2009
    Posts:
    609
    Likes Received:
    11
    Sony are not all innocent. remember not to long ago they hid a root kit in a product and didn't disclose it was there. They sold a product then retracted one of the features they used to sell it, then went after someone who tried to add these features back in. then they leave passwords unencrypted.

    To the person saying they are trying to coerce them into doing something their way, it seems to me they are only trying to get them to upgrade their lax security which will only benefit Sony and their customers. if they just rang up and said "these accounts/sites need better security" what do you think Sony would do?
     
  13. TWeaK

    TWeaK Minimodder

    Joined:
    28 Jan 2010
    Posts:
    521
    Likes Received:
    7
    How is it that everyone here seems to think an organisation that calls themselves 'LulzSec' has any particular demands for Sony, or even any particular motive?
     
  14. SexyHyde

    SexyHyde Minimodder

    Joined:
    24 Jul 2009
    Posts:
    609
    Likes Received:
    11
    everyone has a motive for doing something. the detective in me says "lulz" = for a laugh (by making someone look stupid) "sec" = security (where they did the lulz!). Hackers they are in Sony's servers, rofling. maybe even roflcoptering!
     
  15. PaulC2K

    PaulC2K PC Master Race

    Joined:
    14 Apr 2004
    Posts:
    812
    Likes Received:
    6
    Will all users registered on there before the attack all get to pick 2 free photo albums to make up for this as a 'welcome back, no please come back' offer? :D

    I wouldnt say its irresponsible of Sony not learning from the whole PSN saga, they must have hundreds of sites, and this is just one of them. What IS irresponsible is the fact that clearly Sony give no value to storing personal and confidential data in plain text, not encrypted. Store it backwards at least Sony, make some sort of effort with the data that people trust you to keep hold of and protect.

    The whole hacking thing doesnt concern me at all either, if 1 Scottish chap can hack into servers used by NASA, CIA, FBA, US Military etc looking for proof of aliens and environmental coverups for over a YEAR... how is Sony meant to stay foolproof on a network designed to allow 77m people to connect to it?? The real concern is they clearly dont do all they can to ensure IF hacked, the data is worthless to those people.
     
  16. Sloth

    Sloth #yolo #swag

    Joined:
    29 Nov 2006
    Posts:
    5,634
    Likes Received:
    208
    How are they benefitting customers? Thousands have had their accounts compromised. They are the people customers don't want to have hacking into anything.

    And for some reason people want to glorify people terrorizing innocent customers. I don't even want to think about how many account holders are completely non-tech savvy and don't care or know about any of this yet end up having their account stolen thanks to their passwords being exposed because a group of neck-beards (no offense) want to tell them where to take their business.
     
    Last edited: 4 Jun 2011
  17. themax

    themax What's a Dremel?

    Joined:
    2 Dec 2005
    Posts:
    1,060
    Likes Received:
    3
  18. Tulatin

    Tulatin The Froggy Poster

    Joined:
    16 Oct 2003
    Posts:
    3,161
    Likes Received:
    7
    You can blame the people who breached the security all you want for letting the information out into the world, but Sony's fully at fault for incompetence here. It's like saying the burglars are at fault when your home security system's monitoring center makes no effort to contact the police to stop them.

    Oh, and trying to work "With" a company is a good way to have them litigate and report you. It's probably not a good idea. Now where's a handy class-action I can join against this lumbering company?
     
  19. PCBuilderSven

    PCBuilderSven What's a Dremel?

    Joined:
    3 Oct 2010
    Posts:
    130
    Likes Received:
    1
    Ha, Ha Sony

    It's unlikely my bank will get hit because my bank (and basicly every single other one) stores data encrypted, not in plain text.

    I agree with llamafur and Mentai, this is great fun:hehe:.

    [​IMG]
     
  20. SexyHyde

    SexyHyde Minimodder

    Joined:
    24 Jul 2009
    Posts:
    609
    Likes Received:
    11
    Sony will or at least should shut it down and make it safe. As a lot of people have already said, they should also be liable for everything, they have been negligent, plain and simple. I'd love to live in a nice utopian world but I'm a realist, we simply don't. It's why I lock my house and car when I am not in them.
     
Tags: Add Tags

Share This Page