News - PlayStation Network still offline while Sony rethinks security

[HEXUS]

Sony details new security measures as PlayStation Network downtime continues.

Read more.

[3dcandy]

I've seen it reported that Sony were warned that they had unpatched versions of Apache and their firewall was off. If that's the case, then they deserve all they got...

[TheVoice]

I've seen it reported that Sony were warned that they had unpatched versions of Apache and their firewall was off. If that's the case, then they deserve all they got...

I don't know why people keep saying this; whatever Sony goes through, the PSN userbase has to go through too. I hardly think they deserve it.

[gtech]

I don't know why people keep saying this; whatever Sony goes through, the PSN userbase has to go through too. I hardly think they deserve it.

The Voice has spoken. I agree, why do we deserve this candy?

[3dcandy]

If you ran a large corporation and blindly go about your business with no thought to security (especially users data) then would you think the same? Companies have a responsibility to safeguard your data, and by all accounts Sony have not even followed basic security. Do you still think the same, especially if your credit card is now ripped off? Leaving a web server unpatched and unsecured is just lazy, arrogant and disrespectful, especially when it has caused pain for over 100 million accounts. think about it, more than the population of the UK could possibly have been affected....

[aidanjt]

What, exactly, do you think a firewall will do to increase the security of Apache? It'll let internet connections through to port 80, anyway. Besides, the attack vector was the 'developer mode' of the application.

[3dcandy]

Probably not a great deal. The biggest issue is that they were warned and chose to not heed the warning...

[Kjnowak]

It's probably more accurate to say PSN Users DON'T deserve to be affected in this way but they DO deserve to know how unsecure their personal data that Sony hold on them is.

[oolon]

I would have expected the web servers to be run on different machines from the database, and a firewall to limit the access to the database machine. So rooting a web server would not provide a root on the DB. However it probably would gain a user/password, and that would allow someone to query the DB, i doubt the database restricted access to more sensitive data from a normal querying user.

[watercooled]

As I've said before, when a company is entrusted with personal information they should know how to protect it. When someone gains access, the COMPANY deserves all they get but of course the people who have had their data stolen and have no control over it don't deserve it.

[.havoc]

PlayStation Network still offline while Sony rethinks security

Would that thinking be to maybe actually implement some security?






Just a thought...

[3dcandy]

As I've said before, when a company is entrusted with personal information they should know how to protect it. When someone gains access, the COMPANY deserves all they get but of course the people who have had their data stolen and have no control over it don't deserve it.

Hell yeah. Let me make it 100% clear, I'm not anti-Sony at all. Just anti any company that has such a blatant disregard for their customers. It makes me wonder sometimes, Sony have screwed their customers over yet again and still people choose them over others...maybe some will learn this time!

[watercooled]

Yeah, I said the same about Play, and others that came before that and I will say it again for any other idiotic companies who choose to be complete undesirables and essentially hand out users data. There should be MASSIVE fines to threaten these companies with and they should be adjusted based on the size of the company - a company like Sony will shrug off a few grand. No, they should be so huge they risk bankrupting the companies - that way they might actually listen. Harsh? Good! Individuals may end up in massive debt because of the carelessness of these companies, so the punishment should fit the crime. I have no sympathy for them, especially since nearly all of these 'hacks' are through carelessness or sheer stupidity of a company/organisation. Something needs to be done NOW to make them sit up and listen.