Sunday, May 01, 2011

We still have no clue.” Look at all the basic (Best Practice) security not in place...

http://news.cnet.com/8301-31021_3-20058731-260.html

Sony: PSN services return this week, compensation for customers

Two weeks since after Sony's PlayStation Network was hacked Kazuo Hirai, chairman of Sony Computer Entertainment, addressed the issue in a press conference in Tokyo tonight.

Though they still don't know who orchestrated the intrusion on the PSN servers in San Diego, Calif., they were "very sophisticated," Hirai said. It's still not entirely clear what kind of data they got their hands on, but he reiterated that they don't believe credit card data to have been taken, and added that the company has received no complaints of ID theft or credit card fraud yet.

Most services will be restored "within the week," Hirai said.

… "We are aiming to restore full services including the PlayStation Store and purchasing features within the month," said Hirai.

Only 10 million of the 70 million PSN accounts had credit cards attached to them, Hirai said.

… The company today explained how it would try to make it up to customers. Sony will provide free identity theft protection service, and "will consider" helping customers who have to be issued new credit cards. Sony will also be offering free selected downloads, as well as 30 days of free PlayStation Plus service. Music Unlimited subscribers will also get free service for 30 days.

Sony also says it is also making some changes to enhance its security. It will create a new position of Chief Security Information Officer for Sony Computer Entertainment, and in addition to that is accelerating its already-planned move of data servers from San Diego to a different location with more enhanced system security, adding automated software monitoring and configuration management, enhancing data encryption, and implementing more firewalls, Hirai said.

Once the system comes back online customers will be forced to download a software update [More likely, this will be a “push update” and no threats will be made. Bob] that will require everyone to change their PSN and Qriocity passwords.


(Related) I wonder if Sony bothered to read the chat? Aside from the bug warnings it would give them useful customer feedback.

http://www.wired.com/threatlevel/2011/04/trixter/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

Wrongly Jailed Security Whistleblower Caught Up in PlayStation Hacker Hunt

Armchair cybersleuths on the trail of the PlayStation Network hackers have been focusing attention on a chat log that shows several technically sophisticated PlayStation tinkerers discussing Sony’s security vulnerabilities in knowing detail just two months before the breach.

“If Sony is watching this channel they should know that running an older version of Apache on a RedHat server with known vulnerabilities is not wise, especially when that server freely reports its version and it’s the auth[entication] server,” writes “Trixter,” one of the chatters.

… The parts of the discussion that delve into Sony’s security posture appear eerily prescient in the wake of the intrusion that exposed personal information on 77 million users, and copies of the chats are now lighting up gaming blogs and Twitter feeds. “IRC chat of PlayStation Network hacker!” reads one post.


(Related) The client side of the PS3 security debacle...

http://www.eurogamer.net/articles/digitalfoundry-ps3-security-in-tatters

Hackers leave PS3 security in tatters

January 3rd, 2011

PlayStation 3's internal security scheme is a shambles, with all of its major anti-piracy features failing abysmally. The system is so vulnerable that hackers now have the exact same privileges as Sony in deciding what code can run on the console.



Undue reliance... TSA can't say, “I was just following the orders of my computer overlord.”

http://www.pogowasright.org/?p=22647

Muslim Rights Advocate Has Valid Privacy Case

April 30, 2011 by Dissent

Kevin Koeninger reports:

A Muslim American can pursue Privacy Act claims against the government after she was detained at the Canadian border because she was mistakenly classified in a federal computer system as “armed and dangerous,” the 6th Circuit ruled.

Julia Shearson lives in Ohio and works as a regional office director for national nonprofit dedicated to Muslim civil rights. As Shearson was driving into New York with her 4-year-old daughter from a weekend trip to Canada in 2006, Border Patrol agents handcuffed and detained her for several hours.

When they had scanned the mother and daughter’s passports, a Customs computer flashed “ARMED AND DANGEROUS.”

Read more on Courthouse News.



Someone has managed to communicate with politicians? Amazing!

http://yro.slashdot.org/story/11/04/30/208236/Sweden-May-Mandate-Opt-in-For-Cookie-Transfer?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29

Sweden May Mandate Opt-in For Cookie Transfer

"The present government in Sweden has published a proposition regarding 'Better rules for electronic communication.' Amongst other proposed amendments, it suggests that websites must inform the user of the 'purpose' regarding each individual cookie transferred to the user's browser upon connection. Secondly, it is suggested that the user must give his consent before the transfer of the cookie in question. The proposition is to be voted by the Swedish parliament on the 18 May this year. If accepted, the law will be in effect in June."


No comments: