LulzSec Hacks SonyPictures–1,000,000 Customer Accounts Compromised

Sometimes you just gotta sit back and say...............WTF?...Nah...that don't work. Duh maybe....nope. That's a given. Maybe......oh well...seems about right but what it really comes down to is this. 

Wake The F*** up Sony...what's wrong with you...sheesh!

It's about time Governments put in place robust penalties for not looking after personal information. Maybe then they will start taking it serious.

"It turns out that these accounts weren’t even encrypted!"  DOH!!! 

Maybe they went the Apple way...Oh no...we're not vulnerable. BAM!

There's a very good article about what you should do if you're the victim of a data breach:

http://www.pcworld.com/businesscenter/article/229301/are_you_a_data_breach_victim_heres_what_to_do.html#tk.fv_rel

1. Change your passwords.

2. Be on the alert for Phishing attempts, malicious e-mail, and snail mail.

3. Keep a close eye on your financial statements.

4. Put a fraud alert on your credit report (very important).

Punish the victim, is what you mean.

That's just brilliant.

By the way, Islam follows a similar philosophy when its in regards to rape of the female.

Much needs to be defined and clarified should we wish to punish the victims.

-.-

hang him up by the short and curly's using a brick and then dangle him from a bridge and let the priahna's  have a nibble or 2

No, you just don't get it. The penalties would actually help, because core of these problems are managers who think security is an afterthought and waste of money and resources. I am a sysadmin, I know what I talk about. Only when you show these suits that data security of their customer is their problem, that will cost them dearly if neglected, only then they will allocate sufficient resources that will actually allow improvement. Banks are the same crap, when I wanted to discuss authentication schemes with my bank, they could not even get me anyone half competent ("no, lady, password change actually does not help.... duh!")

Therefore, Sony should be punished for it, and hard. In the core of the problem, there is bound to be some overpaid clown suit who has great social, powerpoint and meeting skills, but who is clueless otherwise about priorities.

And please stop using stupid, irrelevant evil empire analogies, it invalidates every argument automatically - before it was "you are like Hitler", now Islam.

Yes.  Penalizing the victim does help tremendously.  We agree.  I did say it was brilliant (.....sigh!), didn't I?

My input referencing Islam was as an example I tried to make regarding their position on how there is a huge cost in neglecting the security/protection of 'private' female property.  In fact, part of the reason why Islamic females are required to wear a the burka is to do just that -- to keep their private property, well, private; only for their husband's eye/pleasure.  Of course the assaulting individual gets punished to some extent, but the female receives, in many cases, lashing and imprisonment or, depending on how you look at things...worse.  Fitting punishment for the careless female?  Well, if penalizing would help, then like what I had stated previously:  "much needs to be defined and clarified should we wish to punish the victims."

I agree with you there too.  Banks are crap-ish; their very existence is a threat to all humanity, not just the personal monetary debt we create for them.

I'm not sure what we're disagreeing on.  It seems we both are on the same page on many things you mentioned.....except with the Hitler/evil empire comment.  Hitler, though I've never mentioned him in my posts, was never "evil" and empires are never sovereign so they can not possibly determine their own outcomes, effects, etc.  Hitler, for example, was an "employee", which implies that there was/is an employer.....   got bank?

Well, look.  Just because you don't understand something, doesn't mean it's invalid.  Maybe just your actual understanding of the thing is...well..., invalid.

Can I get an Amen (Ra)?

-.-

Let's keep religion out of this.

Who's the victim? The people whose info was stole. Not SONY. SONY was negligent.

*sigh* ... its been a long night

Yes, let's.

What is needed is appropriate penalties for the criminal, not the inept OR the victim.

The hackers need to be dissuaded from repetition...if that means execution then I'll pay for the bullet/s gladly.

Don't blame Sony OR their hapless customers.

There is only ONE arsehole in this picture.

JB,

Your primary identity is not the same as the identity assigned to you by the state.

The identity given to you by the state is the identity that replaces your primary identity.  It is this 2nd identity that the state uses to log your production of debt.  THAT is the primary and single function of that 2nd identity.

If your Social Security Number is stolen and used, then if we follow the same logic with Sony, then it is the federal government that is negligent because that number is their property to begin with, and if that stolen identity is used without the state's knowledge, then how can we place blame on the primary representative of that identity (e.g. you) or the third parties who logs this state identity (e.g. Sony)?

It is property of the state, therefore the state is negligent.

-.-

What we're seeing happen here with Sony is something technology companies - particuarly game companies - assume wasn't going to happen: large scale backlash.

Sony let loose its legal hounds on the PS3 cracker Geo-hotz, and attempted to make a well documented example of him for allowing people to modify the PS3.  Instead, Sony is being made the example of by people who treat freedom of information quite seriously.  Companies are quite literally removing people's rights to their own property, and are laughing all the way to the bank - while screaming they're the victims of piracy!

I have little sympathy for Sony to be quite frank.  They'll learn from this mistake, however as the multi-level breaches of their multi-sever global networks continue to show, Sony thought it could do whatever it wanted.  Spend zero money on security and spend quite literally hundreds of millions on lawyers, and you'll laugh all the way to bank.
When Sony launched the PS3, they boldly claimed they could sell it at US$1,000.00 with no games and it would still sell a million units in it's first month.  They were made the laughing stock of the industry when the PS3 and all it's powerhouse glory were left in the dust by Nintendo's Waggle machine.  They've gone back on their "open OS" promise, and have been vocal in their attempts to prevent any and all attempts to modify their consoles.

Sony are arrogant, and now they're paying the price for thinking they could do whatever they wanted with no repercussions.  The cost of these multiple breaches is approaching the US$250,000,000.00 mark for Sony.  The PR damage is intense, and has already cost them quite significantly thanks to the PSN's blackout.

I don't usually agree with these types of actions, however I can't say I'm against what's happening here.  Customers are being pushed into a corner and being left with little to no rights, no protection and yet expected to pay more than top dollar for the things we enjoy.  It's about time someone pushed back.

How long before we see these types of attacks elsewhere?

The way I understand it is that certain/various groups are incensed and targeting Sony due to its method of doing business and forcing users to constantly update their PS3's so they lose control over what content they can play on their machines. The forced updates take away a users ability to play burnt games/movies/music, and many users are up in arms about it, saying that their burnt copies are merely to protect the original media and are taken from legitimate purchases they made.

I don't know about any of that and I don't care, but I know that my son is totally pissed off with Sony right now. His very first PS3 was backwards compatible with PS1 and PS2 games, but it was returned as faulty and when his replacement arrived it was NOT backwards compatible, meaning all his earlier games were now useless.

Okay, so he sucked it up and bought some PS3 games, but that did not end his woes.  Despite not connecting his unit to the internet in over 12 months Sony still got him with forced updates anyway.  That's right, he bought and inserted a very recent game, it performed the forced updates and now  he cannot connect his Laser MP3 player as before to play [perfectly legit] music or transfer it to the PS3's internal HDD.  The PS3 no longer recognises his MP3 device, suggesting that Sony is now limiting users to connecting only Sony products to PS3's.

For me, Sony lost my custom when they came up with that rootkit idea and compromised millions of PC's worldwide.  Besides, Sony products lost that quality of its yesteryear and I much prefer LG or Samsung these days anyhow.  No, they don't do game consoles, but I don't want or need one.  Got a PC if and when I want to play games...

You outta be in Healthcare IT in the US.

The healthcare providers are responsible for the security of patient health information and there are SERVERE penalties involved if data is comprimised.

As a matter of fact, by 2013 patients will have the right to see exactly who has accessed their information and for what purpose. Similar to a free credit report.

This is putting one hell of a burden on we in I.T.

I don't like the way they do business either, starkers - so I'll not be disagreeing with you on that account (good pun, wot?).

However, I feel they were substandard in their security. This means they are guilty of negligence with respect to their customers imo.

As for the hackers? I don't care what reason they give publicly for their illegal behavior. They are GUILTY of computer crime. END OF STORY.

No amount of ridiculous sophistry can alter that.

The victim is the poor bugger who entrusted negligent SONY with his data. My sympathies are with him and him alone.

starkers... make sure your son takes care of the credit/personal data stuff. You and he certainly don't want further exploitation of his data.

Here's a useful link:

http://www.pcworld.com/businesscenter/article/229301/are_you_a_data_breach_victim_heres_what_to_do.html#tk.fv_rel

Hay Sony hire me I can boil water without burning it... DRY ICE  ...  

wow I am glad I NEVER hooked my PS2 to the internet  or dose this only affect PS3 I don't have one..

link not working

http://lulzsecurity.com/releases/sownage_PRETENTIOUS%20PRESS%20STATEMENT.txt

*feigns surprise*

thanks Dr.JBHL  but this one too is not working for me

The connection has timed out
      The server at lulzsecurity.com is taking too long to respond.

the other 2 in your OP work fine...

Some of you people just don't get it do you?

It doesn't matter what SONY would have done to "protect" the user information.  When groups of individuals who feel they have an axe to grind with a business or the practices of same choose to perform illegal (even if same can only be deemed morally corrupt for the sake of argument) activities/actions against said instiitution then there is nothing that could be done to prevent said actions.

So what if SONY had encrypted information.......then the attack would have just taken longer.  IT security is not unlike having a home security (no matter how basic or complex).  If someone wants into your home badly enough then they will get in.  The objective with any/all IT security (again....not unlike personal security) is to make one the least desirable target.  Obviously (as I've already stated) if an institution or it's practices cause and individual or group to use same as an excuse for being targeted then it is (and always will be) only a matter of time......nothing more.

The best protection for any institution is to hope to not make a target out of themselves.  Of course in a world where everyone seems to have an axe to grind with everyone this seems to have become a rather tall order.

The world we live in suffers from entitlement-itis to a terrible level and until that changes (which of course we know it won't since each new generation adds a new "healthy dose" of entitlement to the equation) nothing will really change for the better.

Oh and starkers......you think PC gaming is immune from what's happening to the consoles? 

The problem's at your end, I'm afraid. Check/reboot your internet connection/modem/router.

I think these types of things are cool. Breaking the system AND getting away with it

Sony messes with people by invalidating their pirated/backuped games and what Starkers said so Sony getting punished for it is gleefully delighting (don't know any other way to say it in english).

Aeligos,

I like your posts. Deep and thoughtprovoking

You won't get very far on WinCustomize by advocating piracy and a backed up game is not the same as a pirated one. I can assure you that starkers will be the last person in the world who would agree about what you said about software piracy. 

TWhile it might suit your sense of (and incorrect definition of) "justice", your equating hackers with Robin of Locksley is way off base: They are nothing but criminals out for their own gain and nothing else.