It's About Time That Companies That Let Their Customers Data Be Vulnerable To Hacking......

be held responsible. I heard that Sony Playstation data was hacked to the tune of 77,000 customers. That in my opinion is just gross negligence on the part of Sony.

We keep hearing these hacking stories where consumers data gets stolen because the companies entrusted with the data don't protect it. I don't know if it is greed and they don't want to spend the money to protect their customers data or that they just don't make it difficult to thwart hacking - whatever the reason - we as consumers entrust our info with them and they are careless.

There needs to be a law that will protect consumers from having their data stolen by negligent companies. They need to be severely fined. The fines need to be big so as to give the companies incentive to spend the money to protect the data versus having to pay the fine.

Am I being a jerk about this or are there others on this board that feel the same?

You can put as much protection and encryptions on your data as you want, but Hackers are people who all they do is hack, so they are eventually going to break the protections and get what they want.

That's what we do - make excuses for bad service.

I guess maybe we should hire the hackers to protect our data.

If what you are saying is correct - then any of us that do any business that involves our identity data - should not given any of their data out. What you are saying is that everything is vulnerable. Credit card data; banking data; health data; education data; etc, etc, etc.

Maybe if we put a substantial fine on companies it would give them an incentive to protect us. Surely making excuses for them doesn't give them any incentive.

or at least 100% evil. Sony has always been fair to me and I've never had any problems with their products. Stop defending criminals, because thats what hackers are criminals. Sony probably could have done a better job yes, but its the hackers that actually stole the data.

there are a lot of evil elements in the world. There always will be. Not all hackers are criminals. If you want to claim that anyone which attempts to reverse engineer a product to enhance it for their personal use, is a criminal - say so. If you want to protect companies that release a poor product that exposes your personal data, because you trusted that they created a user-safe product... then say so. Otherwise, your post is completely vague and far fetching of a point.

I'm not trying to be a dick, but you seem to be making an attempt at protecting the bank for leaving the vault door unlocked with your money in it.

Did this to expose sony as having poor security. They did it to steal peoples information which is highly criminal.

of information? Skim a few buck from each persons credit card? Steal their trophies? Do you know how fast these individuals are going to be caught? It probably took the entire two days to offload the data from the server. That's going to leave quite a long logging trail.

We're sorry about that rootkit that we installed on your computer that gave everyone on the internet access to everything, and we'll never do it again until we do. To show what an awesome company Sony is, here's an uninstaller for the rootkit that won't actually uninstall it, but will install several other things you can't get rid of and we demand your email address so we can sell it and add it to mailing lists. It also opens multiple other security holes on your computer, and we'll never do this again until we think we can get away with it. Then they turned around and did most of it again.

Yeah, Sony is probably a poor choice to pair with "Not all companies are evil".

Level-0 access gives you nothing if you are using a third party trusted cert and encrypting the data with a good algorithm.

Unless you are talking about attaching a kernel-level debugger to capture data streams post-decryption.

on the same server that performs the crypt/decrypt, and the CRUD operations into the database... then it's possible.
In a distributed environment such as PSN... highly unlikely. A single tier would never handle the throughput needed. My guess is that it is multi-layer distributed SOA - very scalable to handle the load among the different layers. So, well... there ya go.

If this is the case, then these companies should be hiring Cryptologists and Security Engineers, which all they do is try to make the system more and more secure (since that would be their job).

Or do you think that the common practice of sending work offshore to the lowest bid contract is a more viable approach?

God forbid that they actually spend some of those millions in profits in retooling the security of their systems.

any time customers' data is compromised. Currently companies and government agencies enjoy relative impunity and that's the biggest problem.

It's costing them untold millions in lost revenue and lost productivity. Sony has sent employees home because with the network down there is nothing for them to do...and they are still being paid.

Yeah, it's real pain.

Coincidental ramifications like this do not always occur.

They were a victim of a crime.

It was their responsibility to be more diligent.

Stop being a victim of companies that sell you products that you never, ever needed before they created them and then managed to get you hooked on their product to the point that you dare complain about anything that happens after the fact.

Give them up. Find something else to do. Avoid getting hooked again on what you don't really need to make you happy, (you can never get enough of it) and move on to something in life that you feel cannot be hacked and you won't have to invest in only to end-up posting complaints about what was inevitable when you give personal information to a corporate person who could care less if you live or die or eat and only has a relationship with you as long as you give them your hard-earned, faith-based tickets.

Simple, really. Why complain when you can just as easily be powerful and opt-out?

would you "dare complain" if they got hacked?

I use neither these days as I am a Serf.

I would have to refer that question to the most kind, gracious and generous DU user who gave me the star.

Try a different straw man. That one didn't work.

the technology the OP is referring to is nearly a requirement in this day.
Hell, my insurance company, bank, phone and cell provider will only issue statement electronically, starting in June. Yep, all my information is online at the mercy of hundreds of companies... mergers, bankruptcies, etc.. they all perpetuate the flow of your data from database to database. Hell I bet my data is housed in both India and China at this very moment.

You cannot just go off the grid unless you enjoy living under a bridge. If you think you have no traces out there, you are sorely mistaken. :rofl:

Thanks for your valid elucidation on the matter, though. My personal data is sparse and I try to keep it that way, but living like this makes that far easier. While it may not always be a matter of choice, getting out of, and staying out of, the system is a very important option, these days.

The point I made still stands, from my perspective.

(No, I'm not being sarcastic) I do not have the dedication or the desire to put the ones that depend on me for a modern standard of a comfort level, in that position. Maybe someday, after the kids are grown and done with school and FAFSA is not a requirement for their education.... and I don't have to file taxes.. and I no longer need a bank account, credit cards or a checking account... when I don't have a mortgage or require a job... when I don't need an address or health care... when I no longer plan to collect social security or need to obtain a library card. when i no longer need to register my vehicle's plates and renew a driver's license...

Maybe then I'll go off the grid and we can toast a beer together. As for now, my data is out there and out of my control.

I just hope you can sustain it.

Yes, toasting a beer would be great.

Thanks for your respectful response.

The NSA should be responsible for putting out all security standards, going beyond the stuff they already do. They need to be common sense and doable. Then you can demand corporate compliance with NSA standards. You can't do that now. When I got my macbook years ago, the NSA recommendation included physically disabling the camera and microphone, removing the files needed to use them, and on and on. You basically disabled half the computer, so nobody does it. A sane middle ground standard should be established, and then you can demand compliance by law.

companies need to be more aware of the data they store. The only way they will be forced to be more aware, is to penalize them monetarily when they screw up.

Yes, criminal hackers are a risk to all systems, and the owners of these systems need to be held accountable for exposing sensitive data in an unprotected manner.

Unfortunately, your data is connected to the same network that your courts have no jurisdiction over. So, going after a hacker is kinda moot in a lot of cases.

unique not only to each post but to each viewing of each of your posts.

That's a pretty neat trick, and if you don't mind my asking, is it meant as some sort of fingerprint for anyone viewing your posts? Does it relate in some way to this thread we're in?

I haven't noticed it before.

Yes, the 'meaning' is spoken through the hover-over event, it is.

Or it could be a DOJ Authorized Intercept, imposed only on your browser, because you are believed to be from an oil-rich nation, requiring the full potential of the Patriot Act in these desperate times of war.

Or it could be a random chunk of ECMA-262 compliant ECMAScript code that serves no other purpose but to distract attention away from typographical errors that go uncorrected.

Something is out-of-control around here! I think it must have something to do with a doomsday device on the floor of a random math building.

http://www.privacyrights.org/data-breach

TIA lives...

If somebody is skilled and determined enough to get into the system, they will. There are no unhackable systems.

There are no systems that should not have their securities from illegal penetration left in an unattended, or non-upgraded state. If hackers are getting smarter, so must the system architects and network engineers.

Isn't this why a PS3 system goes goes for $299, a new game for $60, and download of a 42 minute television program goes for $2.99. Oh, and the $299 for the PS3 is a rental fee.. you don't actually have the right to install a different operating systems of your choice, and you cannot build your own games to play on it... those types of things need to be authorized by the manufacturer of the hardware platform.

Imagine if you bought an IBM PC for $400 and were not allowed to install Linux, OS/2, an older version of Windows... nope you must run Vista or appear in court.

Yeah, I'd say they can afford to lock down their system a little better... especially since they are all about the threats lately.

They do it for the lolz.

Yes, there should be a reasonable expected degree of security but I'm not sure that fining them will help the problem. What they are concerned about is their reputation hurting their sales (that kind of hit hurts the worst). Fines are just fees for being in business.

If you are that concerned about security issues either don't use the online feature at all or pre-loaded Visa cards and phony signup data.

I don't see why Sony is getting singled out. Take a look at microsoft windows, it has more holes than the Iraqi navy.

Theres no system the is invulnerable or any fortress that is impenetrable. Theres always going to be holes, especially on the internet with the flow of information back and forth.

These companies spend more money than most of us will see in a lifetime just on the security aspects of these systems. I am a developer myself and I can tell you, there is non sure fire way of creating a system that is both publically accessible (like any of these internet provided services offered by Sony and other companies are by nature) and have them be 100% full proof.

I'm a customer of Sony myself as I play their DCUO game. So I'm effected by this. But I'm not mad at Sony over it. These are not simple systems to create and its always going to be subject to human imperfection.

Would not be that difficult to use a Kerberos-style Ticket exchange with a third party public certificate installed in the firmware. Then, encrypt the stored data.

Nothing is perfect when it comes to security... but adding a level of encryption that would take weeks/months to brute force attack a single row of data.. is not difficult if data integrity and security were a high priority from the initial design.

From Sony's explanation, passwords (NOT HASHES), user information, accounts and potentially credit card information were gathered... if all of this was stored as a single record and not distributed with different methods of security... really poor design.

There was an old saying in IT security circles. You can take a computer, remove it from power and bury it in ten feet of concrete and that might make it secure but I wouldn't bet money on it.

You make it sound like they left the checkbook sitting on the dresser overnight and some bad folks took it.

Internet and computer security is a constantly evolving problem. Too secure and it becomes almost impossible to do business. Too loose and we have issues like this.