bit-gamer.net

Sony: "We can't guarantee security"

Sony: "We can't guarantee security"

Sony has said it won't be able to guarantee security in the 'bad new world' of cybercrime.

Sony has admitted that it can't guarantee the security of the PlayStation Network and has warned of a 'bad new world of cybercrime'.

Speaking to the Wall Street Journal Sony CEO Howard Stringer said that maintaining a secure system is a 'never-ending process...[but I don't know] if anyone is 100 per cent secure.'

Addressing accusations that the protections in place around the now-restored PlayStation Network, Stringer said: 'We had no reason to believe that our security was not good and still no reason to believe it because we have plenty of people looking at it.'

'We've learned that we just have to keep improving our security.'

Sony also defended itself over it's percieved slowness to publicly react or to alert users about the extent to which the PSN had been compromised.

'We were trying to find out in a very volatile situation what had happened and when we did we relayed it...If your house has been burglarized, you find out if you've lost something before you call the police.'

'We have to earn back the trust and loyalty we may have lost in this circumstance. That's our goal and that's one we have to reach,' Stringer said.

'Our case, unfortunately, is so large and the scale of the PlayStation Network so big that it's forced a lot of attention to be paid. In the long run, that'll be good for everybody.'

Let us know your thoughts in the forums.

45 Comments

Discuss in the forums Reply
mi1ez 18th May 2011, 12:38 Quote
Burglarized?

And no, I wouldn't run an inventory before calling the police!
liratheal 18th May 2011, 12:39 Quote
....What?

If my house was broken into, whether something was taken or not, I'd phone the police first :/

Also, how did they not know that cyber-security is an ongoing battle that they're likely to lose already?
Phalanx 18th May 2011, 12:39 Quote
Face, meet palm...
greigaitken 18th May 2011, 12:40 Quote
Only those who CAN guaruntee secuirity should be storing IMPORTANT info.
If somebody is making guarantees they cant uphold - thats different issue
proxess 18th May 2011, 12:42 Quote
Palm, say hello to face...
Jaffo 18th May 2011, 12:44 Quote
I don't expect a system to 100% secure. I do expect the data within it to be encrypted.
DbD 18th May 2011, 12:48 Quote
They protect their own IP quite happily - making our lives hell with their ott DRM, rootkits and lawsuits against anyone they don't like the look of (i.e. the little guy not the hackers as they can't catch them).

However when it comes to our data seems they aren't quite so bothered - leaving it lying around unencrypted, then having to cheek to tell us it's not their problem - pointing out if you look in the terms and conditions the small print says they are not liable.

So far Sony all you've done is convince me the hackers are right - if the only way I avoid you wrecking my PC with your rootkits is to use hacks well what choice to I have. If the only way I can get my paid for bluray to play is by using hacks to strip the (unbreakable lol) DRM off it first well what choice to I have. If the only way I can protect my identity is by making sure you don't get all my details well then it looks like I'll not be signing up to Sony.
azrael- 18th May 2011, 13:20 Quote
Here's the world's smallest violin playing just for Sony!

Honestly, one would at least expect sensitive customer data to be encrypted.

(By the way, shouldn't it be 'perceived' and not 'percieved'?)
N!ck 18th May 2011, 13:36 Quote
bad new world of cyber-morons from big corps =)
Paradigm Shifter 18th May 2011, 13:50 Quote
The first step, then, is encrypting everything. That way, if someone does break in, it's not handed to them on a silver platter.

Even after all this, with the PSN back online, Sony aren't fully encrypting the data they store, at least according to their FAQ.
Bungletron 18th May 2011, 14:17 Quote
For a failure of this scale this is a monumentally pathetic and weak excuse, with future 'its not our fault if people hack us' let off kicker attached to boot, its a disgrace.

And certainly if my house was buglarized I would phonerelize the police right away, what idiot would not? Americanisms accepted the content itself is senseless and treats Sony customers with contempt.
Valinor 18th May 2011, 14:18 Quote
Quote:
Originally Posted by Paradigm Shifter
The first step, then, is encrypting everything. That way, if someone does break in, it's not handed to them on a silver platter.

Even after all this, with the PSN back online, Sony aren't fully encrypting the data they store, at least according to their FAQ.

Yes, but if they encrypt everything well then they'll be unable to unencrypt it so you can see what information you've got stored, or they can have a reversible encryption, but in that case it'd be far easier for hackers to also reverse the encryption so there's little point.
Woodspoon 18th May 2011, 14:32 Quote
Quote:
Originally Posted by Article
'We were trying to find out in a very volatile situation what had happened and when we did we relayed it...If your house has been burglarized, you find out if you've lost something before you call the police.')

NO YOU DON'T...... you call the police, then work out what you've lost.
And burglarized isn't a word, the word is burgled, I'm not normally a grammar Nazi but this just annoy's me.

Sony: "we're not secure, we know we're not secure, you know we're not secure, we may never be secure and there's not a lot you can do about it, if you want to continue using the Playstation network"
Thank you, come again.
SMIFFYDUDE 18th May 2011, 14:39 Quote
Burglarized sounds like somthing that happens in prison showers.
Fizzban 18th May 2011, 14:41 Quote
Quote:
Originally Posted by SMIFFYDUDE
Burglarized sounds like somthing that happens in prison showers.

lol it begins with a B for sure.
Fod 18th May 2011, 14:42 Quote
Well, what do you expect them to say? "Your data and stuff is now 100% secure"? That's patently false. Sony is doing the best thing here and being brutally honest. No computer system is infallible - and with complexity and size comes ever more possible attack vectors.
paulp 18th May 2011, 14:43 Quote
Quote:
Originally Posted by greigaitken
Only those who CAN guaruntee secuirity should be storing IMPORTANT info.
If somebody is making guarantees they cant uphold - thats different issue

Could this may have been a strategic decision not to encrypt in order to save money in work time, space programing or some other benefit that might accrue to them? If so they took a big risk of injuring and upsetting customers!!
Tsung 18th May 2011, 14:47 Quote
Yes, I can sign into PSnetwork, yes I'm forced to change my password.. At this point I decide the best cause of action is to remove my CC details (already stopped) and change my personal details. Ok, horse has already bolted, and im shutting the stable door, but there is a new horse in the stable and I'm certain it will bolt again.

The thing is, When I try to remove my name & address from the sony playstation network, it wont allow it. It INSISTS on having an address even if I do not wish for it to be included. So, as it required an address I gave it one... Sony's UK customer services. Storing customer information that is not requried should be outlawed, preventing customers from removing their information should be illegal. :/
memeroot 18th May 2011, 15:20 Quote
dont care - the banks are liable under fsa guidelines.
cjoyce1980 18th May 2011, 15:48 Quote
'We had no reason to believe that our security was not good and still no reason to believe it because we have plenty of people looking at it.'

*facepalm*

famous last words sony....
DwarfKiller 18th May 2011, 15:51 Quote
'We've learned that we just have to keep improving our security.'

One lesson learned a little too late.
mi1ez 18th May 2011, 16:12 Quote
Quote:
Originally Posted by Woodspoon

And burglarized isn't a word, the word is burgled, I'm not normally a grammar Nazi but this just annoy's me.

LOL @ apostrophe added to annoys...
tristanperry 18th May 2011, 16:30 Quote
Reports that a security flaw in their 'new' 'secure' system has already been discovered:

http://www.mcvuk.com/news/44380/Sony-suffers-frech-hack
http://www.eurogamer.net/articles/2011-05-18-sonys-psn-password-page-hacked

For times when even a double facepalm isn't suitable..

http://verydemotivational.files.wordpress.com/2010/02/129092786498235257.jpg
Woodspoon 18th May 2011, 16:36 Quote
Quote:
Originally Posted by mi1ez
Quote:
Originally Posted by Woodspoon

And burglarized isn't a word, the word is burgled, I'm not normally a grammar Nazi but this just annoy's me.

LOL @ apostrophe added to annoys...

Shhhhh...... nobody noticed : )
User-sam 18th May 2011, 16:42 Quote
I want to laugh but it's really not even a joke anymore, especially when I think my account has been compromised now...

http://www.videogamer.com/news/psn_password_reset_page_hacked.html
Bauul 18th May 2011, 16:43 Quote
Quote:
Originally Posted by Woodspoon
Quote:
Originally Posted by mi1ez
Quote:
Originally Posted by Woodspoon

And burglarized isn't a word, the word is burgled, I'm not normally a grammar Nazi but this just annoy's me.

LOL @ apostrophe added to annoys...

Shhhhh...... nobody noticed : )

I couldn't tell if people were saying burglarized as some sort of Internet joke or they thought it was a real word...

Anyway, it's probably the best Sony can come up with. They can't declare everything to be safe in case they get hacked again, but they're trying to divert attention from the fact they stored everything in plain text.

They're caught between a rock and a hard place (granted a hard place they built themselves).
mr00Awesome 18th May 2011, 17:43 Quote
Quote:
Originally Posted by Woodspoon

And burglarized isn't a word

right.
eternum 18th May 2011, 17:59 Quote
http://www.thefreedictionary.com/burglarized

American English, folks. It is indeed a word, just not one of yours.
digitaldave 18th May 2011, 18:03 Quote
this whole episode confirms my years of un-interest in supporting sony.

nobody can guarantee security but the way sony have handled it so far stinks of arrogance and I dont like that one jot.
FelixTech 18th May 2011, 18:19 Quote
Quote:
"Addressing accusations that the protections in place around the now-restored PlayStation Network, Stringer said"

No obvious grammatical flaws, but you left out out the crucial part of the sentence which says what the accusations were... Total mindf**k!
Sloth 18th May 2011, 18:22 Quote
Quote:
Originally Posted by Fod
Well, what do you expect them to say? "Your data and stuff is now 100% secure"? That's patently false. Sony is doing the best thing here and being brutally honest. No computer system is infallible - and with complexity and size comes ever more possible attack vectors.
Shhh, just let it go. By now all the people complaining will pick at anything, it's long been turned into a matter of blindly disliking the brand regardless of reality.
thehippoz 18th May 2011, 18:28 Quote
you have to remember.. they are talking to console gamers
Quote:
Originally Posted by Woodspoon
Originally Posted by Woodspoon View Post
And burglarized isn't a word

buttsecked
Bauul 18th May 2011, 18:41 Quote
Quote:
Originally Posted by eternum
http://www.thefreedictionary.com/burglarized

American English, folks. It is indeed a word, just not one of yours.

Oooooh so it is! That makes much more sense. Could have guessed actually, American English does often tend to the longer versions of words. My younger brother was telling me recently when he toured America, the number of times he asked someone "Where's the loo?" only to be told "Erm, in the restroom".
doggy 18th May 2011, 18:43 Quote
Identity theft is a pain in the arse but not the end of the world, it is just convincing your bank that you do not have reason to make regular purchases of items of womens underwear from Anne Summers or draw money in countries you have never visited.

It can happen anywhere and nothing is 100% secure so why people are complaining so much as if they had been personally violated or something along those lines, it is beyond me.
themax 18th May 2011, 19:00 Quote
Quote:
Originally Posted by Sloth
Shhh, just let it go. By now all the people complaining will pick at anything, it's long been turned into a matter of blindly disliking the brand regardless of reality.


A simple patch to any part of the software can wreck havoc on that ecosystem. And oudated software is sometimes needed/used because it might be the only version that plays nice with rest of the running services. But who knows besides Sony. Until then I hope Sony's makes it a point hire the many experts that have come out the wood works to backseat drive their IT department with every news article that comes out on this whole fiasco.
tcool93 18th May 2011, 19:15 Quote
If they have anyone's personal info, then they are responsible for anything that happens to it.
digitaldave 18th May 2011, 19:16 Quote
FYI sony's PSN network is down again due to a known password exploit.

they couldn't even guarantee a day of service when they made these comments.
tcool93 18th May 2011, 19:17 Quote
Don't you love the people who defend Sony over this. Obviously they own stock in the company. There is no excuse for this, especially when Sony was so lame to not even encrypt the data. That is just plain negligence.
Waynio 18th May 2011, 21:32 Quote
Quote:
Originally Posted by digitaldave
FYI sony's PSN network is down again due to a known password exploit.

they couldn't even guarantee a day of service when they made these comments.

Oh wow why did they choose to make hacker enemies lol .

Glad I only like some exclusive single player games on it so the psn network doesn't mean much to me, everything was crazily overpriced on it anyway, I just like the demos you could get through it.
greypilgers 18th May 2011, 22:13 Quote
Quote:
Originally Posted by Bungletron
And certainly if my house was buglarized I would phonerelize the police right away, what idiot would not? Americanisms accepted the content itself is senseless and treats Sony customers with contempt.

Absolutely THIS.

Made me laugh, and my tea came out of my nose!

:D
Artanix 19th May 2011, 00:24 Quote
Oh crap somebody broke into my house, oh, they just trashed the place... I'll not call the police this time eh?
Waynio 19th May 2011, 00:31 Quote
Quote:
Originally Posted by Artanix
Oh crap somebody broke into my house, oh, they just trashed the place... I'll not call the police this time eh?

Yeah that was a ridiculas thing for a rep to say, unbelievable.
Kallyfudge 19th May 2011, 01:37 Quote
I guess if someone burglerinated your house you'd want to hide any illegal loot left behind before callerinerating the police. I dont think I will give my account details to sony ever if possible. It would seem they aren't too fussed about security, can you imagine if a bank said that? Its not as if its anything new that there is an arms race between system security and hackers but it would of only taken a bit of their profit to stay ahead of the game - like everyone else! If your going to store sensitive information it should take a hacker as much money to hack the system as the value of the data on the system. Continuously audit your security, everyone else does it (well they should!)... Use open BSD for goodness sake!
D B 19th May 2011, 15:32 Quote
I do not ever leave my credit card information stored on anyones site.


Anyone who thinks that Sony did all they could/should do to prevent this ... just needs to read what they're saying about it, (like the above statement) to see that they are trying desperately to cover their own azz
AcidJiles 19th May 2011, 20:19 Quote
Well I said I would never buy sony after geohot. Seems I have another few reasons after the last month
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums