Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Sony Compromised, Again

timothy posted more than 2 years ago | from the kicking-while-kicked dept.

Privacy 452

Konsalik writes "The hacker group LulzSec on Thursday posted information it took from Sony Entertainment and Sony BMG on its site, called the LulzBoat. Lulz Security said it broke into servers that run SonyPictures.com. The information includes about a million usernames and passwords of customers in the US, the Netherlands and Belgium and is available for download and posted on the group's site."

cancel ×

452 comments

Sorry! There are no comments related to the filter you selected.

I wonder if the hackers would stop.. (4, Insightful)

Barrinmw (1791848) | more than 2 years ago | (#36326580)

...if sony came out and apologized for being asshats and promising to never do it again.

Re:I wonder if the hackers would stop.. (4, Insightful)

MarkvW (1037596) | more than 2 years ago | (#36326596)

I certainly wouldn't hold Sony to a promise that was extorted from them.

Re:I wonder if the hackers would stop.. (1)

flimflammer (956759) | more than 3 years ago | (#36327206)

I don't see where the extortion comes from, unless someone involved in any of the hacking actually said they had to apologize. I think what the GP was suggesting would be if Sony, on their own, came out and apologized for being so negligent. Of course that will never happen.

Re:I wonder if the hackers would stop.. (1)

drb226 (1938360) | more than 3 years ago | (#36326656)

didn't they just do that (the "promising" part) with the PSN?

Sony company culture of indifference won't change (5, Insightful)

Lead Butthead (321013) | more than 3 years ago | (#36326718)

Sony company culture of indifference won't change over a few hacks. It may have made them look stupid (and that's got to hurt their ego) but ultimately the data being lost doesn't contain those of their officers, and frankly I don't think Sony gives a flying f_ck what happens to their customers (as demonstrated by rootkit) or their rights (demonstrated by repeatedly removing features from products and lied about it despite being caught lying.)

Re:Sony company culture of indifference won't chan (0)

Anonymous Coward | more than 3 years ago | (#36326862)

Lets be real here: These hacks might make it to /., but mainstream media doesn't bother with them.

Sony might pay some guy with a CISSP to look at stuff, and they might tighten a router ACL. However, to a lot of companies, security is a cost center, and to be minimized.

Realistically, these hacks only hurt Sony's customers. People will have completely forgotten about this stuff come September, unless the victims are nailed with ID theft.

Re:Sony company culture of indifference won't chan (1)

Anonymous Coward | more than 3 years ago | (#36326934)

Are you serious? The PSN hack has been covered by pretty much every media outlet on the planet. This new hack is already being covered by The Wall Street Journal, The Financial Times and CNN, and the news only broke an hour ago. It'll be all over the news tonight and in every paper tomorrow.

Re:Sony company culture of indifference won't chan (2)

erroneus (253617) | more than 3 years ago | (#36326960)

You know, either way I'm okay with the results. I haven't been a Sony customer for years. I won't buy anything with a Sony label on it. If it takes some "hard lessons" for everyone else to stop being a Sony customer, then that's what will have to happen. I had to learn it hard too -- expensively. Laptops, Clie' and more. I'm just done with them and their amazingly well-timed breaking after the warranty expires.

Sony isn't going to voluntarily rehabilitate itself. They will have to lose customers before they take any notice. I think one unfortunate reality is that none of this may be enough. The number of people who will buy from Sony will probably always out-number those who won't by 100 to 1. We live in a world filled with consumer zombies.

Re:Sony company culture of indifference won't chan (4, Insightful)

quickgold192 (1014925) | more than 3 years ago | (#36327046)

Yeah, this'll hurt them like Kazaa hurts the MPAA - it won't. In fact, it'll more likely lead to the govt giving more public companies "emergency" legal powers to smack down anyone they suspect of being against them. Especially since today CNN had a "are your passwords safe online? Are YOU safe online?" special earlier today.

Re:Sony company culture of indifference won't chan (3, Insightful)

hexagonc (1986422) | more than 3 years ago | (#36327094)

I don't know. . . repeatedly losing this much customer data or really any customer data is a serious public relations blunder. Sony Computer Entertainment already lost this console generation. I don't know if it can handle too much more egg on its face. At some point this is going to start making a serious dent in the bottom line.

Re:Sony company culture of indifference won't chan (5, Insightful)

brainzach (2032950) | more than 3 years ago | (#36327198)

The hackers don't give a flying fuck about the customers either by releasing all their personal information on the Internet.

If they really cared about the customers, they would have released the information to a trusted 3rd party to verify instead of to the public. They decided not to do that because they knew releasing it to the public would cause a much greater financial loss to Sony at the expense of its customers. The Hackers have no moral high ground here.

Re:I wonder if the hackers would stop.. (1)

nurb432 (527695) | more than 3 years ago | (#36326766)

Why would they believe Sony?

Re:I wonder if the hackers would stop.. (1)

poity (465672) | more than 3 years ago | (#36326844)

That sets an unwanted precedence. Same reason governments don't negotiate with terrorists (or at least not in public)

Re:I wonder if the hackers would stop.. (1)

Anonymous Coward | more than 3 years ago | (#36327162)

Then again, terrorists demands are fundamentally ineffective against a nation ruled by law. Too bad that in the matters of war and conflict some nations lose their democratic character and lawful standing even if they had them at the beginning.

Anonymous would probably be appeased with social behavior our mothers and kindergarten teachers hopefully teach before elementary school. In the base for all real authority lays responsibility, which is what we require for those who build and maintain our worlds, virtual or real. Anonymous clearly requires that from the authorities, just like a responsible and active citizen would require from his or hers government. And for this, some people in the Nato think they should be "persecuted"..

Re:I wonder if the hackers would stop.. (5, Insightful)

Labcoat Samurai (1517479) | more than 3 years ago | (#36326864)

If the point of the hack is just to embarass Sony, they don't need to post customer information on their website. That is potentially hurting real people who are not responsible for Sony's activities. And no, paying for a Sony product does not make you responsible for their activities, particularly when it's you, the customer, who generally gets screwed by such activities.

That's like exposing a wife beater by publishing the names and addresses of all his past wives.

Re:I wonder if the hackers would stop.. (3, Interesting)

ATMAvatar (648864) | more than 3 years ago | (#36327034)

Strictly speaking in a free market sense, paying for Sony products does make you partially responsible. Why, you ask? Because the invisible hand that supposedly corrects poor behavior in corporations is supposed to be the swath of customers who will willfully boycott products in response. Continuing to purchase the corporation's products serves only to reinforce any behavior the it may be involved in.

Re:I wonder if the hackers would stop.. (1)

smash (1351) | more than 3 years ago | (#36327060)

the content proves that the hack took place. without that evidence, sony would just deny, cover up and continue on with their insecure ways.

Re:I wonder if the hackers would stop.. (1)

Labcoat Samurai (1517479) | more than 3 years ago | (#36327120)

And yet, to my knowledge, no one has posted any information on customers from the other major Sony hacks, and we know about them. If nothing else, they could have claimed to have performed the hack and that they have the proof and then only expose any of it *if* Sony denied it, which they presumably wouldn't do, since it's just going to make them look even worse once the intrusion is proven.

Re:I wonder if the hackers would stop.. (1)

flowwolf (1824892) | more than 3 years ago | (#36327212)

This is a ridiculous justification. The actions taken are clearly an attack on the customers of sony and it's clear that these kids running this "security company" are only in it for the lulz. A name says alot. There is no higher motive behind these attacks. They are being very reckless about how this data was released and don't know anything regarding responsible disclosure. Its easy enough to prove you have the data with enough of a mask over it so that it's unusable. If they simply showed the first and last letter of every password that would be enough to prove it. They didn't do this.

Re:I wonder if the hackers would stop.. (1)

brainzach (2032950) | more than 3 years ago | (#36327146)

It's more like exposing a building for poor fire safety by burning it down

Re:I wonder if the hackers would stop.. (1)

Labcoat Samurai (1517479) | more than 3 years ago | (#36327158)

With the tenants inside, no less! :)

Re:I wonder if the hackers would stop.. (1)

kehren77 (814078) | more than 3 years ago | (#36326886)

...if sony came out and apologized for being asshats and promising to never do it again.

I wonder if they realize the only people they really hurt by doing this is the average gamer who just wants to play a video game and doesn't give a crap about "jailbreaking" their PS3.

Re:I wonder if the hackers would stop.. (1)

sortadan (786274) | more than 3 years ago | (#36327108)

I think we already have the answer to that... the giveaway is the mute button on the Lulz website -> "Volume increased by 100%!"

Re:I wonder if the hackers would stop.. (0)

Anonymous Coward | more than 3 years ago | (#36327220)

Nope... hackers have just one moto: "Don't Fuck With Us"

lul (-1)

Anonymous Coward | more than 2 years ago | (#36326582)

Fuck the nips.

Re:lul (-1)

Anonymous Coward | more than 3 years ago | (#36327068)

Frak the Nips. Totally corrupt country. 100's of thousands will die from radiation at Fukushiama. What the frak are the Japanese people doing besides giving their politicians a blow job? A pathetic stupid people. They deserve what happens to them. They should be rioting.
I forgot they are sheeple. Gee I think we are too. DUH

People are just blind... (4, Insightful)

Frosty Piss (770223) | more than 2 years ago | (#36326584)

Groan...

Certainly Sony has some major responsibility here...

But when will people stop trusting the Intertubes security implicitly and just blindly dumping all their personal info into various "secure" web sites and Internet connected systems?

People are just blind...

Re:People are just blind... (1)

yuhong (1378501) | more than 2 years ago | (#36326622)

An easy way would be to use different passwords.

Re:People are just blind... (0)

Anonymous Coward | more than 3 years ago | (#36326706)

So what about all the rest of peoples personal information....? You know.. the stuff that they use to validate that they are them whenever they need to tell Sony that they "forgot their password" ?

Re:People are just blind... (1)

yuhong (1378501) | more than 3 years ago | (#36327008)

And even if Sony itself don't do this, other sites do. This is a fundamental flaw with that approach.

Re:People are just blind... (1)

RobbieThe1st (1977364) | more than 3 years ago | (#36327048)

Like, say my security answer being: 8a1b3fb14ba5c80be1bf03606f225fec?
Why use your own personal information for that? Just use a hash of something, or use simply a key-value pair that you keep written down and stored in a secure place(and is unique to each site)? Sure, it'd be open to a physical security break, but 99.999% of the attackers involved do not have physical access to your computer or safe.

Do they have a choice? (4, Insightful)

saikou (211301) | more than 3 years ago | (#36326710)

In most cases people don't really have much choice.
You go to register to do something, and marketing department demands that registration form has a mandatory City, Address, Zip, blah blah, whatever their data appetite demands (and probably with data validation too, so doing New York, Blah Street, won't work).
Sure, some people will stop right there. But if "free" thing you gain access to by filling out registration form seems compelling enough, people will fill in the address.
And only a few of them will be clever enough to give some other (easily remembered, in case of site's trickery) address.
That data will live in archive forever, because marketing will never ever allow deleting anything.
Until it gets stolen (heck, probably afterwards too, but there will be a marketing blurb about being very secure, tested daily for hacker intrusions and stuff like that, wash, rinse, repeat)

Re:Do they have a choice? (1)

Frosty Piss (770223) | more than 3 years ago | (#36326762)

In most cases people don't really have much choice.

Nonsense.

There are very few (if any) random web sites that validate your name against known data, except perhaps credit card transactions.

Sure, many sites validate real zip codes (though I have never seen street level validation - except CC transactions), but to say people *HAVE* to spill all their personal info is just ignorent.

And, this doesn't even address the issue of saving your private personal documents and images "in the cloud" ... totally unnecessary and unwise.

Re:Do they have a choice? (1)

node 3 (115640) | more than 3 years ago | (#36326944)

What does any of this have to do with Sony?

People signed in to use the service, entered in their credit card in order to buy things, used their real info because not only is it honest (and not fraud, which you seem to be recommending--how moral of you!) and easier to remember, but necessary, as you admit, when you use a credit card.

I'm unaware of any Sony service which is commonly used to store private documents in the cloud.

You are raving.

Re:Do they have a choice? (0)

Anonymous Coward | more than 3 years ago | (#36326948)

but to say people *HAVE* to spill all their personal info is just ignorent.

Delicious.

Re:Do they have a choice? (1)

brainzach (2032950) | more than 3 years ago | (#36326950)

Your address isn't that private of data. If you really want to steal some addresses, just open a phone book.

Re:People are just blind... (3, Insightful)

Jarik_Tentsu (1065748) | more than 3 years ago | (#36326740)

With an attitude like that, I assume you don't buy much stuff online.

At this stage, we should be able to trust internet security for major corporations to protect our data. What happens if PayPal gets hacked? "When will people stop trusting the intertubes security implicitly"?

I think its a rather reasonable expectations to expect a company like Sony to protect its user information.

Re:People are just blind... (1)

h4rr4r (612664) | more than 3 years ago | (#36326756)

I think its a rather reasonable expectations to expect a company like Sony to protect its user information.

Recent history seems to disagree.

Re:People are just blind... (2)

Jarik_Tentsu (1065748) | more than 3 years ago | (#36326800)

That's the problem. It should be a reasonable expectations to expect any large company like that to have adequate security measured protecting customer data. The fact that they haven't should be a big issue with them specifically. I dunno how you can say people are blind for trusting them - or any other major company - in the first place though.

Re:People are just blind... (1)

node 3 (115640) | more than 3 years ago | (#36326986)

I think its a rather reasonable expectations to expect a company like Sony to protect its user information.

Recent history seems to disagree.

Which "recent history"? The one where ONE such company got targeted by the most notorious hackers on the web? Or the thousands of other companies in "recent history" where no such breach has occurred?

Historically speaking, this sort of data tends to be quite safe, just not without risk. But, then again, a life without risk is impossible, and trying too much to live such a life is essentially a waste of a perfectly good life.

I'd MUCH rather have my credit card information potentially at risk, but have the convenience of things like PSN, XBL, iTunes, Amazon, Netflix, etc., than keep my credit card info under lock and key for fear of possibly having to change my password, cancel my card and get a new card number (oh my!).

Re:People are just blind... (1)

shentino (1139071) | more than 3 years ago | (#36327156)

Reasonable yes.

Realistic? Not so much.

Re:People are just blind... (2)

Anrego (830717) | more than 3 years ago | (#36326780)

But when will people stop trusting the Intertubes security implicitly and just blindly dumping all their personal info into various "secure" web sites and Internet connected systems?

The problem is, in this day you have little choice. Yes you can pick and choose the sites you think are likely to be secure (despite everything, before the PSN incident I would have guessed Sony's servers would be secure...) but just about anything can get hacked (RSA got hacked... wouldn't have guessed that one either).

I don't think people implicitly trust anything .. it's just that the only other choice is to restrict ourselves to services which don't require personal info .. a category which is getting smaller and smaller.

The two things that really need to happen are:

- This info needs to somehow become irrelevant. I'd love a day where I could post all this info to the world and it mean absolutely nothing. Relying on a set of secrets that you have to share with virtually everyone you do business with is kinda stupid.
- People who managed need to be held responsible.. and I mean _really_ be held responsible. People should be going to jail over the PSN thing, as it stands we'll be lucky if they get a fine.

Re:People are just blind... (1)

twocows (1216842) | more than 3 years ago | (#36326784)

Maybe when useful products stop forcing it to be a requirement.

Which is to say, never.

Re:People are just blind... (1)

grumbel (592662) | more than 3 years ago | (#36326792)

But when will people stop trusting the Intertubes security implicitly and just blindly dumping all their personal info into various "secure" web sites and Internet connected systems?

When companies will stop requiring the data to gain access. In the PSN case for example you have to give name and address, even so that is completly unneeded for operating the free part of the service. It will even go so far as to do a bit of error checking on the data, so you can't just enter random stuff as address, it has to be a valid one. And once there faking the information actually becomes work, it is no longer a case of just not entering it and thus most people will provide real data.

The way to get companies to limit data collection of course requires some new laws, i.e. only allow companies to collect data necessary for the given transaction and not more then that.

User education of course is needed as well, but that only goes so far and won't really fix the underlying problem.

People are just gullible (1)

Lead Butthead (321013) | more than 3 years ago | (#36326814)

Certainly Sony has some major responsibility here...

People are just gullible. Just because there's a perceived responsibility does not equate to acting responsible.

Re:People are just blind... (2)

node 3 (115640) | more than 3 years ago | (#36326910)

Groan...

Certainly Sony has some major responsibility here...

But when will people stop trusting the Intertubes security implicitly and just blindly dumping all their personal info into various "secure" web sites and Internet connected systems?

People are just blind...

Blind? That implies they could have looked into Sony's security and made an informed and rational decision as to the quality of their security.

It's not that people are stupid or blind or anything else. There's this thing called "trust". It's at the very heart of society. It's wholly unfeasible to expect people to be able to verify for themselves the quality and security of everything they do in the world. You can't check the farm where you get your lettuce, you can't test every electronic component for hazards, you can't check the purity of your medication, and you can't check the security of the web sites you interact with.

That's why we have public and private organizations like the FDA, FCC, UL, USDA, etc. Of course some of these have become something of a sham, but the idea is sound. If these things have become inept, it's not because it is their nature to become so, but because people like you who put too much responsibility on those least able to bear that responsibility coupled with a blind eye to corruption.

What do you expect of people? That they verify the unverifiable? Or simply eschew participation in our culture? If so, you are right about one thing, at least SOME people really are blind...

Re:People are just blind... (2)

steelfood (895457) | more than 3 years ago | (#36327070)

I don't think past behavior was blindness in any way, but rather the reasonable expectations of paying customers. I think it is reasonable to assume that large companies will put at least a small amount of effort into securing their users' data, and that any breech wouldn't result in the immediate compromise of that data.

On the other hand, I do hope this will serve to change those who made the assumption in such a way that they will start to think about the consequences of their choices. People weren't forced to submit their information to Sony; they did so as a requisite to engaging in a business transaction with Sony. After this, they hopefully will take a second look at companies that offer services tied to some sort of registration, possibly question its necessity, and maybe as a result, question their own need for the company's product. In the end, I can't find fault in those who signed up for such services in the past, but I do hope they won't so casually do so again in the future after this.

What probably is going to actually happen is that a few people will never buy Sony again though they wouldn't think about the information in their iTunes account or their Xbox Live account, while the rest will simply forget about this whole affair once it's over, and go back to their usual habits again while holding onto their usual assumptions.

Ha-Ha! (0)

mythosaz (572040) | more than 2 years ago | (#36326592)

<Nelson>
Ha-Ha!
</Nelson>

Sony time to rebuild the severs from the ground up (1)

Joe_Dragon (2206452) | more than 2 years ago | (#36326594)

Sony time to rebuild the severs from the ground up all of them. It seems like the same bugs / holes are on all of your severs. And whiles you are rebuilding trun other os back on.

Re:Sony time to rebuild the severs from the ground (1)

sirsnork (530512) | more than 2 years ago | (#36326610)

If it's the same bugs/holes, why would you start from scratch when you only have to fix a single flaw?

What they need to do is severely audit heir entire web code, as well as either pay for people who know how to do the above and pay for people to maintain their systems (since one of the break ins was because of an old apache)

If you ask me they have been having their code written, and their hardware managed by the lowest bidder, and as they saying goes, you get what you pay for

Re:Sony time to rebuild the severs from the ground (1)

sgrover (1167171) | more than 3 years ago | (#36326660)

It would seem to me that Sony has had plenty of time to rebuild the servers. It would seem the problem is not with the hardware or the configuration of the servers (though I'm sure that plays a very important role!), but with the software they built. If that software is THAT buggy, the right solution should be to rebuild that software with modern security practices in mind (as opposed to NO security implementations at all).

This up then immediately cracked fiasco they are dealing with shows that they continue to use the same passwords and the same failed security routines. Maybe if they put their hand in the fire just one more time they won't get burned anymore. Seems to be a flaw in the thinking, but I just can't put my finger on it.

Re:Sony time to rebuild the severs from the ground (0)

Anonymous Coward | more than 3 years ago | (#36326904)

Because if all servers have the same bug, then all servers may have already been compromised and the only way to reliably clean the servers is to start fresh.

What are they trying to prove at this point? (4, Insightful)

Derekloffin (741455) | more than 2 years ago | (#36326628)

That the hacking community has 0 sense of morality at this point? That is more and more the impression I'm getting. This isn't going to help. If anything it is going to be more fuel to the camp that wants our governments to have insane legal powers to combat this stupidity.

Re:What are they trying to prove at this point? (1)

Aardpig (622459) | more than 3 years ago | (#36326674)

Morality? Son, hang out in 4chan for an hour, and get back to us.

Re:What are they trying to prove at this point? (-1)

Anonymous Coward | more than 3 years ago | (#36326708)

Not to mention how do crimes against a faceless corporation constitute a lack of morality.

Re:What are they trying to prove at this point? (4, Insightful)

captaindomon (870655) | more than 3 years ago | (#36326772)

But they aren't crimes against a faceless corporation in this instance. This is a crime against thousands of individual humans who just had their credentials stolen and published.

Re:What are they trying to prove at this point? (3, Insightful)

kaffiene (38781) | more than 3 years ago | (#36326810)

When they expose the personal details of millions of innocent customers? Jesus, use your fucking brain

Re:What are they trying to prove at this point? (1)

Anonymous Coward | more than 3 years ago | (#36326804)

So ok there are dicks out there. They are on the internet. They are even semi organized. Does that make it right?

Re:What are they trying to prove at this point? (1)

Anonymous Coward | more than 3 years ago | (#36326738)

There is no hacking community. Hackers aren't members of some central hacking club. They all behave independently. LulzSec is just one of many hacking groups. If a server is popular, then sooner or later it will get targeted. If it's hacked, and if it happens to be a white hat, then maybe they will responsibly disclose the vulnerability. If it happens to be a black hat, then maybe they will publish everything and start the server on fire.

Hacking is on the rise, and there's no telling what will happen when you're the victim. There are lots of white hats, and lots of black hats. Better to just secure your shit.

Re:What are they trying to prove at this point? (2, Insightful)

Anonymous Coward | more than 3 years ago | (#36326788)

Sony continues to be a target because Sony refuses to learn its lesson. And make no mistake, that lesson is about the consequences of abusing your customers, not about network security.

Re:What are they trying to prove at this point? (4, Informative)

node 3 (115640) | more than 3 years ago | (#36327042)

Sony continues to be a target because Sony refuses to learn its lesson. And make no mistake, that lesson is about the consequences of abusing your customers, not about network security.

And what lesson is that? There are legitimate, legal, recourses is Sony did anything wrong. Shit, they didn't even do something that even 1/10th of 1% of their users even knew about, let alone had any expectation of ever using.

Seriously, walk up to anyone on the street, ask if them they have a PS3, then if so, ask them if they either:

A. Knew was "Other OS" was.
B. Ever used it, or had plans to.

If it was something Sony needed to "learn a lesson" over, it would have resulted in loss of market share. All this really is is a bunch of juvenile criminals who think they have the right to do whatever they want. I can only imagine how sad their lives must truly be to think this as some kind of moral crusade.

Re:What are they trying to prove at this point? (4, Insightful)

arth1 (260657) | more than 3 years ago | (#36327182)

So..... If your car manufacturer (this is /. after all) removed the tow point on your car when you had it in for service, without giving you a choice, it would be fine with you? After all, only a tiny fraction of drivers would know about it, and even fewer use it...

See http://en.wikipedia.org/wiki/Argumentum_ad_populum [wikipedia.org] for why your argument is bullshit.

Re:What are they trying to prove at this point? (1)

brainzach (2032950) | more than 3 years ago | (#36327092)

The hackers are the ones abusing the customers the most.

Sony is guilty of taking away a feature from one of its products, which 99% of the customers don't care about. The hackers are responsible for stealing and releasing the personal and credit card information of millions of customers.

Re:What are they trying to prove at this point? (2)

AK Marc (707885) | more than 3 years ago | (#36326790)

Sony is amoral (and amoral with a profit motive is indistinguishable from evil). Sony committed fraud and violated their own TOS. However, everyone knows that the worst that would happen if they lose in court is that anyone that gave them money would be graced with temporary access to some free content, which is a waste of time and money.

So, some have taken it upon themselves to extract some justice, as none will be seen in the legal channels. Yes, it's vigilante justice and should be denounced.

Interesting that you think the removal of an advertised feature (clear criminal FTC violation, even if the TOS allowed them to remove any and all functionality at a later date) that's going completely unpunished shouldn't warrant more government controls, but a few people lashing back at the multinational criminal organization will lead to justifications of taking away our freedoms. If that's really the case (and I'm not doubting you, just supposing), then our system is already so broken that such things would be the least of our worries.

Re:What are they trying to prove at this point? (1)

Derekloffin (741455) | more than 3 years ago | (#36326834)

If it is truly a violation of the law, I'm all for punishing them. However, that has yet to be shown so don't run an argument that assumes this. The problem here is, Sony isn't the one being primarily hurt. It the people that are the ones being primarily hurt. This isn't even vigilante justice, this is probably more attention grabbing more than anything else. And sadly, yes it will lead to justifications for taking away our freedoms. It is a pattern that is all too common.

Re:What are they trying to prove at this point? (0)

Anonymous Coward | more than 3 years ago | (#36326982)

they should've just used violence.

Re:What are they trying to prove at this point? (1)

AK Marc (707885) | more than 3 years ago | (#36326992)

If it is truly a violation of the law, I'm all for punishing them.

So your argument is that you are illiterate and ignorant? Why not read the law yourself and form an opinion?

However, that has yet to be shown so don't run an argument that assumes this.

Why not? Are you going to argue that OJ didn't do it? Are you going to argue that because Ken Lay was acquitted (or some other legal finding to the same effect) that he didn't commit fraud? Your stupid argument is that because nobody was convicted of killing Nicole, that it must have been a suicide.

And sadly, yes it will lead to justifications for taking away our freedoms. It is a pattern that is all too common.

They don't need real justification. They have the next set of unconstitutional laws written and ready to go (the time from 9/11 to the USA PATRIOT Act was less than the time to write the entire thing from scratch, so we know they've done it in the past). Because a buch of Saudis attacked the US, the US passed laws allowing them to tap Americans and went to war with Iraq and Afghanistan. There could be an increase in DUIs and they'll bring out the next set of laws against computer crime.

Re:What are they trying to prove at this point? (1)

Derekloffin (741455) | more than 3 years ago | (#36327036)

So your argument is that you are illiterate and ignorant? Why not read the law yourself and form an opinion?

Yeah, that's real mature, start immediately with personal attacks. Unless you are a judge, and have decided the case, with the full set of facts, I'll just have to stick to what I said (and even if you are, well you're not impressing me with your level of reasoning). If you want to actually debate me, at least try to keep it civil.

Re:What are they trying to prove at this point? (0)

Anonymous Coward | more than 3 years ago | (#36326874)

"lashing out", they're not pestering people with flyers or ads or bad publicity campaigns, they're doing something illegal to combat something they perceive as illegal.

What happens next, Sony becomes the victim, will gain more rights than the end-user, and then bye bye privacy, hello government controlled internet.

Fucking idiots

Re:What are they trying to prove at this point? (5, Interesting)

kaffiene (38781) | more than 3 years ago | (#36326802)

Case in point - I've been pro open source, anti IP laws, anti harsh pirating / copying fines for a very long time. I'm pretty liberal and I don't like big corporations. But this shit just pisses me off. They don't like Sony so they fuck over the services that millions of paying customers are using and expose all their personal details? What a pack of pricks. That ain't cool, that's fucked up and selfish.

Re:What are they trying to prove at this point? (2)

vga_init (589198) | more than 3 years ago | (#36327132)

It depends on why they are doing it thought. I'm glad that this stuff is coming out now, and the hackers being possibly benign, rather than these things being silently exploited by more nefarious groups/individuals. It makes me feel better that Sony lose face and tighten its security than risk anything further.

Re:What are they trying to prove at this point? (1)

Anonymous Coward | more than 3 years ago | (#36327168)

That ain't cool, that's fucked up

So is trusting Sony Corp. with your CC #, your real name, your real home address, and everyone at Lulzsec knows what else.

I'm so glad this keeps happening. I hope everyone that trusted Sony continues to lose big for supporting Pure Evil[TM].

Re:What are they trying to prove at this point? (-1)

Anonymous Coward | more than 3 years ago | (#36326824)

That the hacking community has 0 sense of morality at this point? That is more and more the impression I'm getting.

No, we have lots of morality. Check out our lengthy moral code... [bit.ly] .

Prove? No. Punish. (0)

Anonymous Coward | more than 3 years ago | (#36326880)

They have nothing to prove. They just want Sony to hurt. It is out of revenge.

Those who post usernames and passwords aren't the noble protectors of the public. They are adolescent script kiddies who got pissed off and are striking back.

Re:What are they trying to prove at this point? (1)

godlessgambler (1274386) | more than 3 years ago | (#36326924)

What are they trying to prove? Nothing. Judging by their group name, I'd guess they're just "doing it for the lulz" (a.k.a. personal comic enjoyment without moral compass). This isn't your father's hacking community. Morals, standards and ethics have no place when the goal is sociopathic entertainment.

wow... (0)

Anonymous Coward | more than 2 years ago | (#36326640)

Way to give the site free advertisement you dim-wits

Re:wow... (0)

Anonymous Coward | more than 3 years ago | (#36326680)

I'm pretty sure the moms of LulzSec children can't afford the slashdotting.

Captcha: retard, exactly what's going on since it's a quest of self-esteem reconcilation by alleged hacking prestige. Oh what the kids do for attention these days.

Annoying.. (5, Insightful)

laxguy (1179231) | more than 2 years ago | (#36326642)

Personally I'm pretty tired of hearing this shit.. at this point is it really even worth the effort? SQL injections? Script-kiddies leeching off of unsecured websites.. this shit happens every day. Any else suspicious about the line "said that the group has more, but can’t copy all of the information it stole." Why can't they copy all the data? Probably because the "hack" wasn't as big as they want everyone to believe.

Re:Annoying.. (0)

Anonymous Coward | more than 3 years ago | (#36326688)

Are you dumb? Groups never release all the data, just a sample for verification. Why? Because it's sold to the highest bidder.

Re:Annoying.. (0)

Anonymous Coward | more than 3 years ago | (#36326754)

I just took 3 random email address and password combos and tried them on their respective sites, one worked. Lesson for that is, use a different password for every single site you sign up on. But still. Also, the first hack on Sony the other week by Lulz wasn't a SQL injection, they compromised a Linux server with a 0 day they discovered (or maybe bought) but it was for an unpatched system running 2.4 or something.

Re:Annoying.. (0)

Anonymous Coward | more than 3 years ago | (#36326876)

Personally I'm pretty tired of hearing this shit.. at this point is it really even worth the effort? SQL injections? Script-kiddies leeching off of unsecured websites.. this shit happens every day. Any else suspicious about the line "said that the group has more, but can’t copy all of the information it stole." Why can't they copy all the data? Probably because the "hack" wasn't as big as they want everyone to believe.

But it's happening to Sony, and therefore it's hilarious.

Re:Annoying.. (2)

future assassin (639396) | more than 3 years ago | (#36327166)

I don't mind, its better than whats on tv AND its real life drama. I'm watching a 7 hour dvd set on WW2 and its amazing how people went out and died for freedom and kill tyranny and at the end their great/great grand children now have to live with corporate tyranny taking over the world.

The money quote (0)

DigiShaman (671371) | more than 3 years ago | (#36326676)

"When asked why the data was hashed instead of encrypted, he said it was standard industry practice."

Re:The money quote (0)

Anonymous Coward | more than 3 years ago | (#36326852)

Um... seeing as their server was compromised, then the fact that the password was hashed instead of encrypted is a good thing, since it means the actual password is not recoverable (assuming it

Re:The money quote (3, Insightful)

nedlohs (1335013) | more than 3 years ago | (#36326870)

How is that a money quote?

Or do you mean showing the stupidity of the person asking the question?

Re:The money quote (0)

Anonymous Coward | more than 3 years ago | (#36327088)

I don't think you know what hashing is. It is better then encryption because you can't reverse it. The only way is to create a rainbow table of the hashing algorithm used. Even then, you should use a salt with it and use password stretching to make it even harder to do a bruteforce against it with rainbow tables.

With encryption, all you need to find out is how it was encrypted and figure out the key. Then you can get the original passwords back. Hashing prevents all this because they never know what the original text is.

Another Script Kiddie Failure (0)

Anonymous Coward | more than 3 years ago | (#36326678)

So some script kiddies are claiming they hack some random Sony server and obtained a million users data but they can't prove it other than posting some BS torrent on the PirateBay...

Right...

Re:Another Script Kiddie Failure (0)

Anonymous Coward | more than 3 years ago | (#36327226)

can't prove it other than posting some BS torrent on the PirateBay...

...What? The data is completely valid. How is that not legitimate proof?

Death by a thousand cuts (1)

Gideon Wells (1412675) | more than 3 years ago | (#36326770)

At this point Sony is a beached whale. Maybe there is some merit to security through obscurity, but now everyone knows Sony is wounded and has lack luster defenses. Heck, I'm wouldn't be surprised at this point if the vending machines at Sony buildings didn't give out free food/drinks when prompted.

At what point now does Sony get forcibly shut down? They are nearing the point they might as well hand out a random customer's identification, credit card number, address and phone number with every purchase from them. The information would still be leaking out slower if they TRIED to be intentionally malicious at this point.

Re:Death by a thousand cuts (2)

Mashiki (184564) | more than 3 years ago | (#36326848)

Well if Sony is a beached whale, does that mean some genius is going to break out the dynamite and blow it up in a few days? I think that the rain of putrid guts, entrails and rotting flesh falling all over the globe will be fun had by all.

Re:Death by a thousand cuts (1)

xMrFishx (1956084) | more than 3 years ago | (#36327076)

That sounds like the marketing deployment of Blu-ray.

you know (0)

Anonymous Coward | more than 3 years ago | (#36326828)

These hackers should be dragged out into the middle of the street and beaten. Not because they hacked Sony, but because they use the idiotic and infantile "lulz."

Mis-Directed R&D funds... (0)

Anonymous Coward | more than 3 years ago | (#36326840)

All that loot spent on DRM, and they could've spent it on security.

This is an embarrassment to Sony (0)

Anonymous Coward | more than 3 years ago | (#36327018)

SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities.
Sony stored over 1,000,000 passwords of its customers in plaintext.

Re:This is an embarrassment to Sony (0)

Anonymous Coward | more than 3 years ago | (#36327138)

I'm copying this from enemy's propaganda and i'll be happy if Sony deny:

Sony stored over 1,000,000 passwords of its customers in plaintext.
Sony stored over 1,000,000 passwords of its customers in plaintext.
Sony stored over 1,000,000 passwords of its customers in plaintext.
Sony stored over 1,000,000 passwords of its customers in plaintext.
can you believe it?
Sony stored over 1,000,000 passwords of its customers in plaintext.
Sony stored over 1,000,000 passwords of its customers in plaintext.
Sony stored over 1,000,000 passwords of its customers in plaintext.

Anonymous C.

I am not crying (0)

Anonymous Coward | more than 3 years ago | (#36327100)

All I really care about is getting official Linux support back from Sony. It seems like having Linux support didn't have any real impact on security anyway since Sony and the PS3 is getting hacked left and right anyway. So how about giving us back the feature? At least you would make your honest customers happy.

Anyway, this is just another case of douchebags hurting douchbags. Nothing to see here, move along.

Sounds like a Honey Pot for computer viruses (3, Insightful)

XxtraLarGe (551297) | more than 3 years ago | (#36327144)

I wanted to go to the site to see if my name was on the list, but then I realized they're the types that would probably have the latest version of MacDefender just waiting for me.

SONY SUCKS (1)

Anonymous Coward | more than 3 years ago | (#36327152)

Big List of Sony's Crimes
===================
- Totally sucking balls
- Being an oppressive, money sucking super-organism
- Crash Bandicoot
- Installing rootkits and spyware on your computers, as a sadistic form of DRM
- Violating the GPL
- Violating your mom
- http://en.wikipedia.org/wiki/List_of_Sony_Music_Entertainment_artists (With the exception of R.Kelly, clearly awesome dude)
- Disc Read Error
- Having a superior console
- Including OtherOS in the first place
- Etc...

Would've that happened if... (1)

pecila (1647383) | more than 3 years ago | (#36327228)

...Sony used unix-based servers instead?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?