Sony Security Issues

General Discussion of atomic repo and development projects.

Ask for help here with anything else not covered by other forums.
laughingbuddha
Forum Regular
Forum Regular
Posts: 512
Joined: Mon Mar 10, 2008 9:12 pm
Location: Southampton, UK

Sony Security Issues

Unread post by laughingbuddha »

As a PS3 user, and after getting my second apologie email from Sony today, I can't help but think Sony should've been running ASL on there servers :D

Just a thought.
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Sony Security Issues

Unread post by scott »

Yeah really :P If you followed their news they apparently didnt 1) have a chief information security officer 2) ever invest any money in security

And they ask my why Im a cynic. :P
hostingguy
Forum Regular
Forum Regular
Posts: 661
Joined: Mon Oct 29, 2007 6:51 pm

Re: Sony Security Issues

Unread post by hostingguy »

The corporate employed security officers these days are often just paid monkeys to appease the sox and pci complaince - its unlikely they would have been able to stop a determined hacker no matter what they were running.
laughingbuddha
Forum Regular
Forum Regular
Posts: 512
Joined: Mon Mar 10, 2008 9:12 pm
Location: Southampton, UK

Re: Sony Security Issues

Unread post by laughingbuddha »

True. Scary to think they did it for this long, insane. Wouldn't surprise me if they didn't hash all the users passwords. Lord knows I'm getting new cards re-issued.

Mined you the amount of connect attacks and web vulnerability scans my logs tell me about daily, just goes to show how little people think about security.

Makes you wonder if people really are ready to enter this brave new world of the internet.
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland
hostingguy
Forum Regular
Forum Regular
Posts: 661
Joined: Mon Oct 29, 2007 6:51 pm

Re: Sony Security Issues

Unread post by hostingguy »

Sony says the stolen information includes names, addresses, e-mail addresses, birthdates, gender, phone numbers, login names and hashed passwords.
At least the pws were hashed.
laughingbuddha
Forum Regular
Forum Regular
Posts: 512
Joined: Mon Mar 10, 2008 9:12 pm
Location: Southampton, UK

Re: Sony Security Issues

Unread post by laughingbuddha »

well I guess that's one thing at least.
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland
Highland
Forum Regular
Forum Regular
Posts: 674
Joined: Mon Apr 10, 2006 12:55 pm

Re: Sony Security Issues

Unread post by Highland »

I don't think they were incompetent per se. You only need one hole in your security. That's why I live by the greater principle that ASL brings: security in layers. As someone who has been nearly hacked twice I can vouch that it works. Even still, the hacker could have gotten our DB if he had wanted it (he was only after the kernel thankfully). It's not terribly hard to get into the layer with the DB in most web apps.

My suspicion is that Sony had a hole on the PS3 itself. There's been lots of drama over a guy named "Geohot" who apparently hacked the OS (Sony wasn't bothering to digitally sign their OS so once you knew the key you could create your own custom signed OS). This apparently let people run their boxes in "developer mode" and do things like get fake credit on PSN and then buy games. I am willing to bet it let you do more than that and they probably found that they could run DB commands directly from these hacked PS3 OSes.
"Its not a mac. I run linux... I'm actually cool." - scott
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Sony Security Issues

Unread post by scott »

Yup, we always assumed that everything was going to fail. So you layer it all up, and then assume that is going to fail, and then layer up more :P
laughingbuddha
Forum Regular
Forum Regular
Posts: 512
Joined: Mon Mar 10, 2008 9:12 pm
Location: Southampton, UK

Re: Sony Security Issues

Unread post by laughingbuddha »

On my server I've done all the normal stuff, ASL is running, updates are maintained daily, SHH access is not allowed by any customers, and the SHH port is blocked to all but 1 IP address.

As far as the domains I host, there are some WP installs, but most domains are email only, apart from a few that run sites/apps I've built, and these have a lot of security measures in the code itself.

I'm no Linux guru, so I rely on ASL to pick up the slack where my knowledge of Linux stops, in protecting my server.
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland
laughingbuddha
Forum Regular
Forum Regular
Posts: 512
Joined: Mon Mar 10, 2008 9:12 pm
Location: Southampton, UK

Re: Sony Security Issues

Unread post by laughingbuddha »

At least I can't do any worse than Sony ;)
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland
Highland
Forum Regular
Forum Regular
Posts: 674
Joined: Mon Apr 10, 2006 12:55 pm

Re: Sony Security Issues

Unread post by Highland »

It just keeps getting better and better.
Spafford told the subcommittee that, according to security mailing lists he subscribes to, "individuals who work in security and participate in the Sony network" had learned "several months ago" that PSN was hosted on servers running "very old versions of Apache software that were unpatched and had no firewall installed."
http://www.joystiq.com/2011/05/05/psn-s ... lled-secu/

Can we get Congress to mandate Sony buy ASL and install it? Or at least sit through Mike's testimony about why firewalls and security are kinda important?
"Its not a mac. I run linux... I'm actually cool." - scott
laughingbuddha
Forum Regular
Forum Regular
Posts: 512
Joined: Mon Mar 10, 2008 9:12 pm
Location: Southampton, UK

Re: Sony Security Issues

Unread post by laughingbuddha »

Hell yeah I vote for that.

Good god. Pass me the "dumb ass" rubber stamp and red ink pad, cos I'm off to PSN HQ :D
Matt

"Given that God is infinite, and that the universe is also infinite... would you like a toasted teacake?"

about.me/mattauckland
twitter.com/mattauckland
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Sony Security Issues

Unread post by scott »

Yeesh, even Gene Spafford came down on them :P And hes super nice
Post Reply