Now that the Playstation Network is back online, the great downplaying by Sony has begun. Sony CEO Howard Stringer has been making the rounds in the media world, talking about the massive security fail, and in his eyes, it’s not that big of a deal. He calls it a ‘hiccup’, something that happens to all large networks.
Sony’s Howard Stringer started the process of downplaying the security fail by telling Bloomberg that it really wasn’t that big of a deal. ^aEURoeNobody’s system is 100 percent secure,^aEUR he told Bloomberg, ^aEURoeThis is a hiccup in the road to a network future.^aEUR Apparently, exposing personal information – including credit card data – of nearly 80 million people the world over is a ‘hiccup’.
Talking to The Wall Street Journal, Stringer continued the downplaying by addressing the state of Sony’s security before the attack. “It was generally perceived to be very good,” he said, “You have to understand that [Sony Online Entertainment] has been in business for 10 years and PlayStation Network has been in business for five years without any breaches of magnitude. We have no reason to believe that our security was not good.”
This line of reasoning makes no sense. Just because nobody hacked you before, doesn’t mean your security was up to snuff. It’s all part of the PR offensive; mention how many years the PSN functioned without leaking 80 million users’ data as many times as possible, and maybe it’ll distract from the fact that, you know, 80 million people just saw their personal information compromised by criminals.
As far as I see it, the fact that this much data has been stolen clearly means Sony’s security wasn’t good enough, and I would hope that the CEO of Sony would be able to acknowledge that. This doesn’t instill me with confidence for the future.
Unfortunately, while the line of reasoning that you’ve never been hacked before, so you thought that you were secure makes no sense, it will probably fly with at some of the less-educated – and particularly less tech-savvy – folk out there. Fortunately, those who were directly impacted will likely be far less forgiving about it. But as ridiculous as this PR campaign is, it’s likely that it’ll have some positive effect for them.
I just hope that they get some seriously negative legal and monetary consequences for their “hickup.” If the hickups were really as bad as Sony’s “hickup,” you’d have to go to the hospital every time that you had them.
AKA a large portion of Playstation users.
Edited 2011-05-18 02:54 UTC
Duhurrr, I had no idea using an unpatched Apache server with no firewall was bad! We were never hacked before so it must be secure to run without patches or security software! Duhurrr…
That’s what this PR campaign sounds like to me.
There really needs to be a penalty for something like this. Surely duty of care has to play a part in this and if there aren’t laws governing and appropriating punishment for lack of compliance, then there darn well should be.
There is where White hat Hackers come in, searching possible holes for a salary.
Hackers working for a salary; heck, Hackers simply given permission. Discovery and information sharing tends to be a primary interest of real Hackers which can often outweigh monetary motivations. A bug bounty certainly wouldn’t hurt though.
With the majority of Hackers being ethical property respecting people, we don’t even need to specify cheesy hat colors. Technically, the Hacking ends in the person’s home lab when they discovery something new. Any criminal use of that knowledge is simply a repetition of the prior discovery. Repeating a method previously discovered by a Hacker doesn’t make a criminal a Hacker anymore than taking an Aspirin makes one a Chemist or Pharmacist.
Not to take this threat off topic down a well trodden path; Sony, and many other organizations, could benefit significantly by tapping the natural resources of the Hacker community rather than vilifying and attacking it.
“…Billy Johnson was hit my a meteor this week. The world health organization down played Billy’s injury and came out today and stating that ‘people have been around for many thousands of years without being seriously damaged/impaled by meteors, so clearly we were fairly secure against them…”
“…and having your whole body burned to piece and brains splattered on the ground are clearly just minor hickups. We re-structured him with very advanced technology [present picture of a bobhead figure] and we can proudly say he’s just as good and healthy as ever, if not even better.”
We can rebuild him. Stronger. Faster. Better.
Although considering how much more common getting hacked is…
“I’ve never been in a car accident so I don’t need to wear a seat-belt and I’m sure there will be plenty of time to prepare when the time comes. Smashing your head against the windshield is just a minor hiccup anyway.”
(scratch head….)
I though it was more like “projectile vomiting”……
Maybe even projectile vomiting uncontrollably on Gadaffy’s newest favorite outfit while in one of his “shoot ’em on the spot” moods.
Well kudos to them. I hope that they this time their servers are secure, but I really wish Sony would just drop the arrogant attitude already. Just the way that they put off that it’s not biggie makes me feel as though they really don’t take responsiblity for making sure keeping data is secure and that it isn’t a priority to them.
Edited 2011-05-18 01:10 UTC
Kudos for what? o_O
Since Sony feels that “exposing personal information – including credit card data – of nearly 80 million people the world over is a ‘hiccup’.“, it seems like Sony has reverse engineered Jobs’ RDF, at least for internal use.
Would think that deserves some kudos.
“It’s just a flesh-wound”
more like “first wound was fatal and caused instant death, while rest of his injuries luckily weren’t dangerous or causing any permanent damage”
or was it a loud, wet, foul-smelling belch of utter ineptitude.
Tough call.
And Sony begins its attempt for damage control, which should have been expected, as most companies do it.
*yawns*
If this is hiccuping, installing a rootkit is … farting?
Man I could not help it. Sorry.
Good lord, can’t wait for the sneeze…
the problem with downplaying this is that it might invite yet more greater and more spectacular hacks … not a good PR move.
So Sony has Marketing running the IT department? Maybe that explains it. Next up, put the janitor in the CEO position.
Yeah why not. Probably do a better job of it!
The most common thing about common sense, is it ain’t so common! Putting the janitor in at CEO would be the first sign of common sense in the whole debacle!
On the other hand ,putting the Legal department and Marketing department in charge of explaining your huge flagellation of air (or hiccup), makes no sense at all.
what?
shit happens.
No, no system is 100% secure unless turned off, encased in concrete and burried somewhere the depth where the earth’s crust solidifies.
However, knowingly running an outdated and unpatched version of the web server software? Really?
Sensative data stored unencrypted? Really?
You where shocked when a criminal broke in through vulnerable software you neglected to maintain? Really?
Come on Sony; you didn’t even put in the minimum effort required to responsibly store user data. That’s what makes this a big deal. If this was crossing the street, you didn’t wait for the light or even bother to look both ways before stepping out into blatantly obvious traffic.
Here’s a fun thought; maybe in the future, you protect your customer’s personal information with even a modicom of the zeal you direct at things like court actions against your own customer base. Try that and next time you have a security breach, we’ll be a little more understanding. Maybe give your IT folks the same kind of budget you give your lawyers; just for kicks.
The issue is not that you had a breach.. it’s that you had a forseeable breach which could have easily been mitigated.
I thought the whole “old version of apache” thing was debunked?
http://www.joystiq.com/2011/05/09/report-sonys-psn-servers-were-up-…
At any rate, Yeah you don’t call it a hiccup. Sure, they aren’t the only one out there with less than stellar network security and I’m sure if a concentrated attacked where to happen they would go down just as easy as PSN (the sad part is I’m talking even that of financial institutions) but to down play it to that of a blip….truely silly.
Maybe it is time for that CEO change to happen?
Sony has treated its customers with contempt for a couple of decades. Is it surprising that they don’t consider their customers private data worth protecting or that losing that data is unimportant?