If you had a password that included punctuation marks or other symbols like <>/=+-_ would that be included in these tables?Originally Posted by Flack
If you had a password that included punctuation marks or other symbols like <>/=+-_ would that be included in these tables?
I just tried connecting and it's still down for me.
Just so I'm clear, and I ask this with no intention to get in your or anybody else's face about this, since I think we've all remained remarkably civil.
Because I stated that I don't harbor any negative feelings/bias towards Sony for their recent past business decisions not specifically related to any criminal attack/data compromise, I'm somehow not looking at this situation objectively?
*edit* since I guess you've indeed bowed out, I'll take a moment to defend my position on the matter further.
For the record:
I don't think that Sony is 100% in the right here. They've obviously had clear security failings. I've never denied that. I've taken issue with editorial misrepresntation of fact through sensationalism, but, as I stated earlier, I'd have done that no matter what the company since that kind of thing typically burns me.
Where my personal position on Sony is concerned, I've said and done everything that I can to acknowledge the significance of the event while at the same time taking every opportunity to inject logic and reason into the discussion and prevent what I see as needless panic and fear mongering.
And where many have completely ignored them in favor of uniquely vilifying Sony, I've attempted to assign the appropriate amount of responsibility/blame on the hackers responsible for the criminal intrusion/potential theft of data in the first place.
Just because my opinion of Sony as a company isn't the popular one in this community and elsewhere, that doesn't mean that I think that they're completely free from responsibility. I simply feel that they've effectively publicly addressed their failings it to date, apologized and have offered assistance and reparations where they're able.
Wearing my passion for Sony's product on my sleeve is just plain honesty, not necessarily me being subjective where this fiasco is concerned.
If Microsoft got hacked in the exact same fashion with the exact same results I'd be happy to throw my two cents in for their defense the same way as I have for Sony while at the same time stating in similar honesty that I've not always been a fan of their products and and policies.
*shrug* not really sure what else to say about it. If I'm coming off with a bias where I'm trying to be logical/resonable to a fault, I guess I'll just bow out on the subject too. Knew that was an inevitability from the get-go.
I was referring to the "no chatter" portion, but I suspect you already knew that.
Last edited by Frankie_Says_Relax; 05-03-2011 at 05:04 PM.
"And the book says: 'We may be through with the past, but the past ain't through with us.'"
Actually, no. I thought that it had come back up since today was originally to be when it returned, right? Or was that also just a baseless rumor?
This. That pretty sums up my mentality for this entire situation, while everyone else got their torches and pitchforks ready, I just waited to see what Sony had to say for themselves. There's no use in complaining when everything is said and done, it's not going to change what happened and only thing that's left to do is wait.
Breaking Bad 3x02 - Caballo Sin Nombre
Heh, thought you were being clever.
They did say that service was on track to be restored sometime this week, we'll see.
The reported SOE info compromise may have derailed that time line.
"And the book says: 'We may be through with the past, but the past ain't through with us.'"
You should know me better than that.
Glad I'm not the only one who noticed, although I already brought this up a few days ago in this thread. Some are going to hate Sony regardless of what they do and some will blindly defend them no matter how much worse the situation gets. I suppose those are the two sides of fan hatred and fan boys. Luckily most people in here have taken an objective view, where they are pissed that this happened but are willing to give Sony a chance to redeem themselves.
But atleast we now know one of Sony's upcoming E3 announcements: that PSN will be up and running again by fall.....2012.
ALL HAIL THE 1 2 P
But isn't that the problem, though? That no matter how bad the situation gets, Sony gets the blame. And just the same, Sony is expected to be the ones to do the redeeming.
Like I said earlier, if Sony's security measures were substandard that would be one thing. But all evidence so far points to their security being at least equal to standard practice, at least matching what would be the equivalent of the reasonable person standard in tort law.
Are we really going to hold Sony (or any other person/entity/organization) to a strict liability standard? That no matter how reasonable you acted, no matter what the standard practice is, if anything at all goes wrong you will be held responsible, even in the case of a focused, premeditated criminal attack?
I think Sony making amends is good business, sure. They don't want to come off as callous. But to lay moral/legal blame? I think that's a stretch unless, again, they were not acting responsibly with the data.
For all the outrage that Sony must pay, where's the outrage that the hackers/thieves should be in jail?
Last edited by TonyTheTiger; 05-03-2011 at 06:09 PM.
As Flack outlined above, this is not true.
If storing passwords hashed but not salted is standard practice or otherwise "reasonably prudent" then it is true. That doesn't mean standards can't change and evolve as time goes on. It just would mean that at that specific point in time, Sony was acting "reasonably." "Reasonably prudent" doesn't mean the unreasonable, paranoid person. Neither does it mean "use each and every precaution conceivably available." Even though we all would like people/entities to do just that when our asses are on the line, for better or worse, that's not the way the world works.
I have no idea what the standard is for storing sensitive information. I'm just pointing out that Sony very well may have been acting reasonably prudent, which is, in most cases, enough to absolve blame. At least legal blame. And even if Sony is blameworthy, I don't think they could possibly be more blameworthy than the criminals themselves which is why the outrage seems misplaced to me. Lots of "Sony, pay for this!" and pretty much no "Hey hackers, do not pass Go, do not collect $200!"
Last edited by TonyTheTiger; 05-03-2011 at 06:51 PM.
I disagree that they were acting reasonably. A network that includes things like digital purchases and subscription services, with 75+ million accounts to boot, should be held to a higher standard of security than, say, an obscure message board on some corner of the internet with about 20 users. If we were talking about the latter, sure, storing passwords hashed only is reasonable. But on a network like PSN, it is not. In fact on any large network it really isn't. It's not as though salting passwords is an arcane practice, something that was just invented last week, or requires an overwhelming amount of resources. The briefest glance at Network Security 101 will tell you that hashing is not enough.
And that's your prerogative. Not everybody is going to come to the same conclusions regarding what's reasonable behavior in any given situation. But how other companies in Sony's position, dealing with the same kind of information, handle it would be very persuasive evidence. If Microsoft, Nintendo, Citibank, etc. handle it one way and Sony handles it another, then that would be a strong strike against them. But if they all handle it the same way?
Sure, maybe that just means they're all negligent. But that would be a tougher sell, I think.
It's like when they put a doctor on the witness stand in a medical malpractice case against another doctor. They'll ask the witness whether or not the procedures in question were essentially up to snuff, commonly practiced within that field, or otherwise "the norm." They might toss in the essentially meaningless "within reasonable medical certainty" to fancy it up and drive home "yo, this is how doctors are expected to behave." A doctor could very well screw up yet as long as he performed to the standard of the profession he wouldn't be liable.
So, yeah. Without more information about how companies in a similar position to Sony protect personal data, I can't say one way or the other whether or not Sony took reasonable precautions. Maybe they didn't. But I'm not about to go on a blind witch hunt.
If salting actually is easy and inexpensive to implement then I agree it should be the norm. But I don't know if it actually is the norm at the moment. Somebody who knows about this would have to shed some light on that for me.
Last edited by TonyTheTiger; 05-03-2011 at 08:08 PM.
I wish everyone would just come out and admit what they're really angry about: the inability to download that Gulliver's Travels movie.
Remember when Google launched Buzz, and early on, it accidentally exposed a bunch of users' personal information? Google was embarrassed, but came forward and admitted to the mistake. People were upset, but at least Google 'fessed up quickly to keep its users informed. It may have cost Google a little credibility in the short term, but it was the right thing to do.
Sony, on the other hand, kept its users in the dark for a week. A week is equivalent to eons in internet time. During that week, the hackers could've been poking around in people's online financial accounts unbeknownst to the victims. If Sony had kept its users informed from the very first minute, I doubt the current backlash would be as severe.
From the tech podcasts I listen to, that is why people are so upset with Sony...not that the network was hacked, not that personal information was obtained, but that Sony pretended everything was fine for a week and kept its users in the dark. I can't stress that enough.
And I happen to think both you and Frankie are clever.
Last edited by Rob2600; 05-03-2011 at 09:33 PM.
If by "clever" you mean that we have huge cocks.And I happen to think both you and Frankie are clever.
Yes. Very clever.
"And the book says: 'We may be through with the past, but the past ain't through with us.'"
I glance away for a few hours and look at what I come back to find. This thread is going places.
The problem is that none of us know who the hackers in question are but we all know who Sony is. I agree that the hackers do get first blame and I'll even differenciate and say that not all hackers are bad. Hacking for fun and your own enjoyment to download emulations or something similiar is fine with me but when you start hacking to cheat in online multiplayer games or to steal people's personal info or intellectual property you've obviously crossed way over the line.
As for Sony's blame, it seems to be two fold at this point. First it appears that they could have done atleast alittle better at protecting their private date and second(as has already been stated by Rob2600) they should have informed their customers earlier than they did.
Again, I definitely blame the hackers first and Sony second but the average person will most likely never even find out who these hackers were and that also puts more heat on Sony because basically people need somebody to vent their anger towards. I would blame Bin Laden but he's kind of dead now and also was a really bad hacker so this was way above his skill level.
ALL HAIL THE 1 2 P
Some more questions answered:
http://kotaku.com/#!5798492/sony-exp...yberterrorists
http://blog.us.playstation.com/2011/...presentatives/
The letter to House of Representatives:
http://www.flickr.com/photos/playsta...7626521862165/
Edit:
And Oh yay!
Note: I don't have aPS3 anymore but I did at one point have an acct and got the letter saying my info had been takenWe told the subcommittee about our intent to offer complimentary identity theft protection to U.S. account holders and detailed the “Welcome Back” program that includes free downloads, 30 days of free membership in the
PlayStation Plus premium subscription service; 30 days of free service for Music Unlimited subscribers; and extending PlayStation Plus and Music Unlimited subscriptions for the number of days services were unavailable..
Last edited by Darren870; 05-04-2011 at 12:18 PM.
Posting Permissions
Reply With Quote
