1–1081–9091–100101–110111–120151–157

Sony Bastards

From: Wattsy (SLAYERPUNX) 4 May 2011 20:44
To: Peter (BOUGHTONP) 106 of 157
38415.106 In reply to 38415.104
The good old days when we played counter strike all day long.
Reply
0/0
From: steve 4 May 2011 21:11
To: Wattsy (SLAYERPUNX) 107 of 157
38415.107 In reply to 38415.106
And used GameSmurf to organised our servers :C
Reply
0/0
From: koswix 5 May 2011 15:07
To: ALL108 of 157
38415.108

You /utter/ CUNTS! :@

 


http://blog.lastpass.com/2011/05/lastpass-security-notification.html

 

After I just changed everything and started using Last Pass after the sony shit, I blame whoever recommended it in this thread :@

 

Oh the /irony/.

Reply
0/0
From: patch 5 May 2011 15:10
To: koswix 109 of 157
38415.109 In reply to 38415.108
<snigger>
Reply
0/0
From: Ken (SHIELDSIT) 5 May 2011 15:14
To: koswix 110 of 157
38415.110 In reply to 38415.108

That was me, and shit happens. I'll continue to use them.

 

But I love cunt!

Reply
0/0
From: koswix 5 May 2011 15:17
To: Ken (SHIELDSIT) 111 of 157
38415.111 In reply to 38415.110

It wouldn't let me log in with my password to change it to a new one :S Just had to go through account recovery, which was surprisingly straightforward. If anyone gets access to my email account they'd be able to get all my last pass passwords in about 30 seconds :|

 

I posted the link above before I'd read the details, but at least it seems they're being hyper sensitive and informing people as soon as possible about a possible breach, rather than waiting a week like Sony :@

Reply
0/0
From: koswix 5 May 2011 15:17
To: patch 112 of 157
38415.112 In reply to 38415.109
Racist :C
Reply
0/0
From: Ken (SHIELDSIT) 5 May 2011 15:19
To: koswix 113 of 157
38415.113 In reply to 38415.111
That's what I thought and I appreciate the way they are dealing with it. I love the service so I'll continue to use it unless something on the Sony scale would happen!
Reply
0/0
From: Serg (NUKKLEAR) 6 May 2011 06:45
To: koswix 114 of 157
38415.114 In reply to 38415.108
It's fine. For now.
Reply
0/0
From: Matt 6 May 2011 11:08
To: ALL115 of 157
38415.115
An observer of the Internet Relay Chat channel used by the hackers told CNET today that a third major attack is planned this weekend against Sony's Web site. The people involved plan to publicize all or some of the information they are able to copy from Sony's servers, which could include customer names, credit card numbers, and addresses, according to the source. The hackers claim they currently have access to some of Sony's servers.


Oh dear.
Reply
0/0
From: Matt 6 May 2011 11:12
To: ALL116 of 157
38415.116
And

In congressional testimony this morning, Dr. Gene Spafford of Purdue University said that Sony was using outdated software on its servers — and knew about it months in advance of the recent security breaches that allowed hackers to get private information from over 100 million user accounts.

According to Spafford, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which "was unpatched and had no firewall installed." The issue was "reported in an open forum monitored by Sony employees" two to three months prior to the recent security breaches, said Spafford.


To steal someone else's quote:

Playstation. It only does idiocy.
Reply
0/0
From: Ken (SHIELDSIT) 6 May 2011 11:45
To: Matt 117 of 157
38415.117 In reply to 38415.116
I read that yesterday and couldn't believe it! They run a multi-million dollar network and can't keep it updated. I run a dumb little blog and check it daily for updates!
Reply
0/0
From: Serg (NUKKLEAR) 6 May 2011 15:13
To: Ken (SHIELDSIT) 118 of 157
38415.118 In reply to 38415.117
While I kinda agree with you, I also see big problems with the amount of testing and so on needed when you roll something out to the kinds of servers that Sony runs. That's still no excuse though to not at least have their firewalls configured.
Reply
0/0
From: Ken (SHIELDSIT) 6 May 2011 15:20
To: Serg (NUKKLEAR) 119 of 157
38415.119 In reply to 38415.118
Usually a network like that would have a test lab where they would test updates before rolling them out to live machines. It would only require a few physical machines or a virtual environment to do it.
Reply
0/0
From: Drew (X3N0PH0N) 6 May 2011 15:25
To: Ken (SHIELDSIT) 120 of 157
38415.120 In reply to 38415.119
I've done web work for Sony Music. They had staging servers to work on to ensure everything worked right before pushing it live. Only it never did, because the live servers had completely different configurations, versions of everything and security settings. I would imagine this sort of fuckwittedness infects the whole of Sony (and other big corps. Things were exactly the same on EMI, VMG and Warner).
Reply
0/0
From: Ken (SHIELDSIT) 6 May 2011 15:27
To: Drew (X3N0PH0N) 121 of 157
38415.121 In reply to 38415.120
Wow! Yeah it wouldn't do much good to test something on a completely different machine! The dumb asses!
Reply
0/0
From: Peter (BOUGHTONP) 6 May 2011 15:40
To: Drew (X3N0PH0N) 122 of 157
38415.122 In reply to 38415.120
When you say "staging servers to work on" ... well, you don't work on staging, you test on staging. Sounds more like shared development servers, which also implies a lack of proper version control?

How can a tech company the size of Sony be *so* bad and survive this long? :S
Reply
0/0
From: Matt 6 May 2011 15:47
To: Drew (X3N0PH0N) 123 of 157
38415.123 In reply to 38415.120
Doesn't surprise me.

Reading more about the PSN debacle yesterday, and I came across an article (which I now can't find, of course) that revealed how developers could access the live PSN servers without any form of additional authentication beyond what was built into the PS3 dev-kits they bought from Sony.

This all sounds fine and dandy, using hardware as the authentication method. That is until some clever people work out that your random number generator you use for encryption isn't returning a random number at all and quickly realise how to put it to use to a) decrypt everything and b) turn a retail PS3 into a dev-kit.

Apparently this access included users account details including full names, addresses, etc. although not any payment details. I don't know if it's true, but from what you've said it certainly adds more weight to it being so.
Reply
0/0
From: Drew (X3N0PH0N) 6 May 2011 15:51
To: Peter (BOUGHTONP) 124 of 157
38415.124 In reply to 38415.122
<shrugs>

I called them what they called them.
Reply
0/0
From: Serg (NUKKLEAR) 7 May 2011 16:12
To: Ken (SHIELDSIT) 125 of 157
38415.125 In reply to 38415.119

I know but.. Sony..
Last place I used to work for had a dev environment synched daily from live more or l less - they had about 70 employees, so not exactly a big company, but having a good test environment was crucial.

 

Sony, eh?

Reply
0/0