Ok so here we are, over a week since the PSN and Qriocity services were attacked by an intruder, who stole your personal information and caused Sony to do what would seem like a whole re-tooling of their entire network security.
Sony released a statement via the PlayStation blog today which basically says that they turned off the networks after an attack on their San Diego data center in order to prevent the breach from getting any worse (which was actually a good move), then hired some good pen testers to come in and audit their security systems and implement new security measures based on the audits. That’s what the long delay was all about.
But there is good news, the credit card data that was stolen was in an encrypted file and we all know that once something is en-crypted it can never be de-crypted….wait a sec…half the world just told me that’s not true. Stupid stupid Sony expects people to really believe that whoever was smart enough to get into their systems and steal the information in the first place couldn’t decrypt the file? or at least knows someone who can? I would wager that the people or person who did this is not stupid enough to try and use, sell or do anything with the card numbers at least, it would be too easy to trace back and most likely whomever did this was trying to prove a point. PSN and Sony in general is not secure. Sure they’ll spend millions on lawyers to sue people, but they get real cheap when it comes to hiring proper pen testers to make sure their security is at least somewhat legit. I guess they figured encrypted credit card information was enough. I guess they didn’t take into consideration that people wouldn’t be able to access PSN or Qrocity and didn’t bother to put up proper security to defend against an attack in the first place.
The next bit of good news for al you PSN and Qriocity users out there is that Sony has implemented such cutting-edge and revolutionary new security techniques such as:
- Automated software monitoring and configuration management to help defend against new attacks
- Enhanced levels of data protection and encryption
- Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns
- Implementation of additional firewalls
Wooooweeeee that’s secure, I feel real safe now thanks Sony! This looks like a superheroes stat list, not like some wimpy computer security system I-am-impressed. Hold on though, what about physical security, how do we know this wasn’t someone inside the data center in the first place? I’m getting scared again… wait, there is more from Patrick Seybold who is the one posting on their blog:
“The company also expedited an already planned move of the system to a new data center in a different location that has been under construction and development for several months.”
Well ok then, I’m sorry I doubted you Sony.
If all that wasn’t enough Sony felt they’d do right by their users and give them a free 30 day membership to PlayStation plus, which if you were already a year long subscriber saves you all of $4 for that month hooray.
Sony hasn’t given an official date for when service will be restored, they only said their networks should be back up by the end of next week.
More to read:
Source: PlayStation Blog
Article: PSN Still Down And If That's Not Enough Someone Stole Your Info
Old But Funny Vid:
Thanks for reading!
No comments:
Post a Comment