Ranter's CornerSony Bastards

  

Press Ctrl+Enter to quickly submit your post
Quick Reply  
 
 
  
 From:  patch   5 May 2011 15:10 
 To:  koswix       109 of 157 
38415.109 In reply to 38415.108 
<snigger>
0/0
 Reply   Quote More 

 From:  Ken (SHIELDSIT)   5 May 2011 15:14 
 To:  koswix       110 of 157 
38415.110 In reply to 38415.108 

That was me, and shit happens. I'll continue to use them.

 

But I love cunt!
0/0
 Reply   Quote More 

 From:  koswix    5 May 2011 15:17 
 To:  Ken (SHIELDSIT)      111 of 157 
38415.111 In reply to 38415.110 

It wouldn't let me log in with my password to change it to a new one :S Just had to go through account recovery, which was surprisingly straightforward. If anyone gets access to my email account they'd be able to get all my last pass passwords in about 30 seconds :|

 

I posted the link above before I'd read the details, but at least it seems they're being hyper sensitive and informing people as soon as possible about a possible breach, rather than waiting a week like Sony :@


GIVE ME EYERON OR! :@ msg:38140.1
0/0
 Reply   Quote More 

 From:  koswix    5 May 2011 15:17 
 To:  patch      112 of 157 
38415.112 In reply to 38415.109 
Racist :C

GIVE ME EYERON OR! :@ msg:38140.1
0/0
 Reply   Quote More 

 From:  Ken (SHIELDSIT)   5 May 2011 15:19 
 To:  koswix       113 of 157 
38415.113 In reply to 38415.111 
That's what I thought and I appreciate the way they are dealing with it. I love the service so I'll continue to use it unless something on the Sony scale would happen!
0/0
 Reply   Quote More 

 From:  Serg (NUKKLEAR)   6 May 2011 06:45 
 To:  koswix       114 of 157 
38415.114 In reply to 38415.108 
It's fine. For now.
[...Insert Brain Here...]
0/0
 Reply   Quote More 

 From:  Matt   6 May 2011 11:08 
 To:  ALL 115 of 157 
38415.115 
An observer of the Internet Relay Chat channel used by the hackers told CNET today that a third major attack is planned this weekend against Sony's Web site. The people involved plan to publicize all or some of the information they are able to copy from Sony's servers, which could include customer names, credit card numbers, and addresses, according to the source. The hackers claim they currently have access to some of Sony's servers.


Oh dear.

doohicky
0/0
 Reply   Quote More 

 From:  Matt   6 May 2011 11:12 
 To:  ALL 116 of 157 
38415.116 
And

In congressional testimony this morning, Dr. Gene Spafford of Purdue University said that Sony was using outdated software on its servers — and knew about it months in advance of the recent security breaches that allowed hackers to get private information from over 100 million user accounts.

According to Spafford, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which "was unpatched and had no firewall installed." The issue was "reported in an open forum monitored by Sony employees" two to three months prior to the recent security breaches, said Spafford.


To steal someone else's quote:

Playstation. It only does idiocy.

doohicky
0/0
 Reply   Quote More 

 From:  Ken (SHIELDSIT)   6 May 2011 11:45 
 To:  Matt      117 of 157 
38415.117 In reply to 38415.116 
I read that yesterday and couldn't believe it! They run a multi-million dollar network and can't keep it updated. I run a dumb little blog and check it daily for updates!
0/0
 Reply   Quote More 

 From:  Serg (NUKKLEAR)   6 May 2011 15:13 
 To:  Ken (SHIELDSIT)      118 of 157 
38415.118 In reply to 38415.117 
While I kinda agree with you, I also see big problems with the amount of testing and so on needed when you roll something out to the kinds of servers that Sony runs. That's still no excuse though to not at least have their firewalls configured.
[...Insert Brain Here...]
0/0
 Reply   Quote More 

 From:  Ken (SHIELDSIT)   6 May 2011 15:20 
 To:  Serg (NUKKLEAR)      119 of 157 
38415.119 In reply to 38415.118 
Usually a network like that would have a test lab where they would test updates before rolling them out to live machines. It would only require a few physical machines or a virtual environment to do it.
0/0
 Reply   Quote More 

 From:  Drew (X3N0PH0N)   6 May 2011 15:25 
 To:  Ken (SHIELDSIT)      120 of 157 
38415.120 In reply to 38415.119 
I've done web work for Sony Music. They had staging servers to work on to ensure everything worked right before pushing it live. Only it never did, because the live servers had completely different configurations, versions of everything and security settings. I would imagine this sort of fuckwittedness infects the whole of Sony (and other big corps. Things were exactly the same on EMI, VMG and Warner).
0/0
 Reply   Quote More 

 From:  Ken (SHIELDSIT)   6 May 2011 15:27 
 To:  Drew (X3N0PH0N)      121 of 157 
38415.121 In reply to 38415.120 
Wow! Yeah it wouldn't do much good to test something on a completely different machine! The dumb asses!
0/0
 Reply   Quote More 

 From:  Peter (BOUGHTONP)   6 May 2011 15:40 
 To:  Drew (X3N0PH0N)      122 of 157 
38415.122 In reply to 38415.120 
When you say "staging servers to work on" ... well, you don't work on staging, you test on staging. Sounds more like shared development servers, which also implies a lack of proper version control?

How can a tech company the size of Sony be *so* bad and survive this long? :S
0/0
 Reply   Quote More 

 From:  Matt   6 May 2011 15:47 
 To:  Drew (X3N0PH0N)      123 of 157 
38415.123 In reply to 38415.120 
Doesn't surprise me.

Reading more about the PSN debacle yesterday, and I came across an article (which I now can't find, of course) that revealed how developers could access the live PSN servers without any form of additional authentication beyond what was built into the PS3 dev-kits they bought from Sony.

This all sounds fine and dandy, using hardware as the authentication method. That is until some clever people work out that your random number generator you use for encryption isn't returning a random number at all and quickly realise how to put it to use to a) decrypt everything and b) turn a retail PS3 into a dev-kit.

Apparently this access included users account details including full names, addresses, etc. although not any payment details. I don't know if it's true, but from what you've said it certainly adds more weight to it being so.

doohicky
0/0
 Reply   Quote More 

 From:  Drew (X3N0PH0N)   6 May 2011 15:51 
 To:  Peter (BOUGHTONP)      124 of 157 
38415.124 In reply to 38415.122 
<shrugs>

I called them what they called them.
0/0
 Reply   Quote More 

 From:  Serg (NUKKLEAR)   7 May 2011 16:12 
 To:  Ken (SHIELDSIT)      125 of 157 
38415.125 In reply to 38415.119 

I know but.. Sony..
Last place I used to work for had a dev environment synched daily from live more or l less - they had about 70 employees, so not exactly a big company, but having a good test environment was crucial.

 

Sony, eh?

[...Insert Brain Here...]
0/0
 Reply   Quote More 

 From:  Ken (SHIELDSIT)   7 May 2011 16:16 
 To:  Serg (NUKKLEAR)      126 of 157 
38415.126 In reply to 38415.125 
Yeah, Sony is so good they don't need no stinking tests right!?
0/0
 Reply   Quote More 

 From:  Serg (NUKKLEAR)   7 May 2011 16:26 
 To:  Ken (SHIELDSIT)      127 of 157 
38415.127 In reply to 38415.126 

Everything they produce is almost a piece of God. Not.

 

Even Apple with their immeasurable arrogance test things pretty damn well (antenna fiasco aside), so Sony have no excuse.

[...Insert Brain Here...]
0/0
 Reply   Quote More 

 From:  Ken (SHIELDSIT)   7 May 2011 16:28 
 To:  Serg (NUKKLEAR)      128 of 157 
38415.128 In reply to 38415.127 
100% agree. There is no excuse for a lack of security. It's one thing to get hit with a zero day. Quite another to be lax!
0/0
 Reply   Quote More 

Reply to All  
 

1–20  …  61–80  81–100  101–120  121–140  141–157

Rate my interest:

Adjust text size : Smaller 10 Larger

Beehive Forum 1.5.2 |  FAQ |  Docs |  Support |  Donate! ©2002 - 2024 Project Beehive Forum

Forum Stats