Sony hacked again: 1m compromised, claims LulzSec

sonii.gif Already infamous for defacing PBS's website earlier this week, cracking outfit LulzSec today claimed a familiar scalp—whatever remains of it, anyway. This time, it's Sony Pictures Entertainment, the movie-making division. From a statement attributed to the group:
Our goal here is not to come across as master hackers, hence what we're about to reveal: was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks? What's worse is that every bit of data we took wasn't encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it's just a matter of taking it. This is disgraceful and insecure: they were asking for it.
The haul of data, already posted to The Pirate Bay, also includes 3.5 million Sony Music coupons. Sony traditionally is run as a set of 'silos', independent departments, divisions and joint ventures that have much autonomy from one another. This might be why there are so many different attacks: perhaps there is always another Sony silo which runs its own web infrastructure, where hundreds of dollars worth of web development can go down the drain, just like that.


  1. “… hundreds of dollars worth of web development”… I think that’s the problem right there.

  2. Well, it would certainly explain why their security sucks if every single division is completely independent in their web and server security, as opposed to having an overarching cyber-security department.

  3. I don’t condone LulzSec’s behaviour in any way – but being vulnerable to SQL injection and storing plain text passwords should be made criminal.

    1. Actually in some states/regions, storing personally identifiable information in plaintext IS a criminal act. Especially if tied to any personal account information.

      I’m still boggling that the various Sony silos still haven’t bothered to self-check their web presence for exploits. You’d think that would be job #2 after the latest breach.

  4. lulzsec just taking anyone out….for the meme’s at that! everyone was scared anonymous was gonna hax their stuff. lulzsec will do it and put a nyan cat on the screensaver to mock you.

  5. “they were asking for it.” – Where have I heard that before to make a crime okay?

  6. The DOBs of the Sony Pictures account details LULZSEC has published are all pre 1933 ie old possibly vulnerable people. Not funny.

  7. I seem to recall that a division of SONY put root-kits on customers’ PCs (Sony’s attempt at enforcing music anti-piracy).

    While not exactly moral, it seems fitting that Sony should get a taste of its own medicine. These corporate guys are just profit driven dick heads. They won’t even “get it” from this break-in. They’ll just consider it a cost of doing business.

    This lackadaisical approach to ethics is more wide spread than just the entertainment industry. Recently the FDA announced that they would begin CRIMINAL PROSECUTION of pharmaceutical company executives in an attempt to get their corporations to obey the rules. Previously, the pharma companies just interpreted FDA fines and penalties (however big) as simply a cost of doing business.

    It would be nice to see some other corporate executives rot behind bars! Start with Wall St CEOs and expand from there.

  8. If Sony leaves their bike leaning unlocked against the wall at the downtown bus station all night, it isn’t exactly their fault when it gets stolen, but it isn’t exactly not their fault, either.

    1. Ok, but try this on for size.

      What if that “bike” was actually a door pass. And they required their customers to use said door passes to enter a building they had paid for access to. And then Sony just left all those door passes in a pile of trash bags in the middle of the busiest street in the largest, most dangerous city in the world.

      That’s much closer to a physical representation of how irresponsible Sony has been.

  9. “This is disgraceful and insecure: they were asking for it.”

    Not to get too straw-man, but just as in cases of rape where the victim is wearing skimpy clothing, the victim is not “asking for it”. Nor did the unsuspecting people who signed up for $2 off coupons deserve to have their shit stolen.

    It’s a crime, and whether it took 5 minutes or 5 years to break in, it’s still wrong and these scriptkiddies belong in jail.

    1. To slightly shift my example of semi-victim-blaming: If Sony leaves *my* bike leaning unlocked against the wall at the downtown bus station all night, from my perspective it is *totally* their fault when it gets stolen.

    2. Not to get too straw-man, but just as in cases of rape where the victim is wearing skimpy clothing, the victim is not “asking for it”.

      But Sony isn’t the victim. This is more a case of your babysitter leaving your toddler in the car while she does her shopping.

      1. It’s really not that black or white here.

        I don’t care whether it’s your babysitter’s negligence of watching your toddler or Sony not keeping your bike secured, the fact of the matter is, both the person responsible for your possession/child AND the one doing the stealing/kidnapping are BOTH at fault. I mean, is it okay for one to kidnap or steal if it’s made easy for them on behalf of someone else’s negligence? Of course not.

        Now depending on the circumstances, one will have to decide who is more at fault.

      2. The whole ‘blame the victim’ thing that comes across in hacker culture and the fact that people are willing to go along with it kind of worries me, to be honest. I wonder if people have the same attitude when their car gets stolen or when their lap top gets lifted?

        Though, on the other hand, people do realise the FBI doesn’t actually have that much trouble finding you if you actually get to the point where they give enough of a shit to devote any kind of resources to it? Which does make wonder about exactly how much shrieking there’ll be about political prisoners when charges do start getting laid.

      3. Ok. So, the babysitter leaves your kids in the car and to prove a point about how dangerous that is, rather than telling you or the babysitter.. someone walks up and kidnaps your kids and leaves them at a neighboring mall for the afternoon.

        Sure, the babysitter shouldn’t have done that, and who knows how many times the kids were in danger before that. But shame on the person who put them in true danger to prove a point rather than doing something productive about it.

      1. We’re all victims of victims. True love and forgiveness is the only way we can heal. Neither Sony nor LulzSec are innocent nor are any of us in the sense that we all make mistakes, sometimes on purpose, sometimes when damn near completely out of control. We need a real change of heart on a mass level if this world is ever gonna heal and even it it heals, eventually its gonna pass away.

        In the time of your life, live—so that in that good time there shall be no ugliness or death for yourself or for any life your life touches. Seek goodness everywhere, and when it is found, bring it out of its hiding place and let it be free and unashamed.
        Place in matter and in flesh the least of the values, for these are the things that hold death and must pass away. Discover in all things that which shines and is beyond corruption. Encourage virtue in whatever heart it may have been driven into secrecy and sorrow by the shame and terror of the world. Ignore the obvious, for it is unworthy of the clear eye and the kindly heart.
        Be the inferior of no man, or of any men be superior. Remember that every man is a variation of yourself. No man’s guilt is not yours, nor is any man’s innocence a thing apart. Despise evil and ungodliness, but not men of ungodliness or evil. These, understand. Have no shame in being kindly and gentle but if the time comes in the time of your life to kill, kill and have no regret. In the time of your life, live—so that in that wondrous time you shall not add to the misery and sorrow of the world, but shall smile to the infinite delight and mystery of it.—William Saroyan

  10. Could these idiots please find a way to make their stupid little statement without ruining MY day? Or at least change their name to something that isn’t so goofy as to cause headaches?

    Maybe they could go hook up with the guys who hacked Lockheed Martin, Northrop Grumman and L-3 Communication. Those guys are doing some serious work that could really change things.

    They’ve also got black helicopters and some extremely long prison sentences waiting for them.

    “Lul.” :P

    1. So hacking Sony is just ruining your day, but hacking military contractors is changing things?

      Like what? National security policy?

      A corporation is a corporation. If Sony is getting hacked, then maybe they and everyone else will tighten up their security.

      Perhaps if enough military contractors get hacked they would learn that any connection to the outside world is not to be trusted or assumed secure.

      1. I have purchased Sony products and use Sony services. Because of the noble actions of “Lulzsec,” I have been unable to use one of Sony’s core services for around a month now. Now that they’ve attacked AGAIN, I wonder if it’s going to be even longer than that. I’m not mad at Sony right now; Sony’s only mistake was waiting so long to announce the intrusion. They didn’t lose my credit card information and they’ve promised me a ton of stuff as an apology. The reason I can’t get that stuff? Lulzsec.

        Meanwhile, I do not and have never owned even a small fleet of F-22 fighter jets so that doesn’t bother me too much.

        There’s a time and a place for vigilantism but I’ve never heard of Batman beating someone up for a month straight just because they littered.

        1. How is not securing your information not Sony’s fault? Please clarify how Sony’s failure to prevent scriptkiddie hacking and storing your personal data in plaintext is not their fault. You should be suing.

  11. “claimed a familiar scalp—whatever remains of it, anyway”

    when do we hit brain tissue?

  12. The nicer everyone plays with each other the less chance for a very sad divided and conquered world becoming even more sad divided and conquered than it already is, amiright?

  13. Knowing the morons who run corporate IT as I do, the biggest problem is probably a culture where you are regarded as a traitor for pointing out security problems. After all, the problem wasn’t there until you made it appear by pointing it out, right? They totally work on the principle of the HHGTTG “Peril Sensitive Sunglasses” which black out if there’s a chance you might see some on-coming doom that would really upset you.

  14. @ Antinous

    “But Sony isn’t the victim”

    No, this illegal hack job, wasn’t designed to hurt Sony at all was it?

    Huzzah for the civic minded LulzSec and their apologist supporters!

    1. If my bank doesn’t bother to lock up at night and my money is stolen, it’s the robber’s fault that my money is gone, but it’s the bank’s own fault that its reputation is ruined.

  15. Why is a harmless entertainment company being attacked? Surely there are actual causes that the hackers could commit to? They’d have to look beyond their entertainment devices to find a target though. Maybe they could attack the makers of Nachos? Or those nasty lava lamp companies.

    Or if they’d look at a newspaper, maybe they’d see that there are dictatorships in the Middle East that Americans would probably appreciate some hacking of.

    The bashing of one Japanese company for no clear reason other than “XBox rulz!” is just silly.

    1. Harmless? The company who installed a rootkit backdoor, wide open and just begging to be exploited, on millions of their own customers’ computers without their knowledge is HARMLESS? Uh huh?

      1. Exploited by people like Lulz. Irony much?

        And Sony’s attempt to copy protect CDs was seven years ago. Lulz’s mom was probably still making him a bag lunch back then. He couldn’t possibly claim that makes his industrial sabotage a-ok.

  16. ok, they disagree with some of Sony’s moves like the rootkits on the cds and geohot. But no one is buying these guys saying they’re whitehat hackers as they do blackhat shit.
    we only STOLE all this personal info to prove how unsecure it is. We’re compromising your personal data for your own good!

    they are not coming across as master hackers, they’re coming across as master asshats. I like my ps3. From all the coverage here on boingboing, it seems that PSN wasn’t actually just low hanging fruit. And I’m not going to switch to another console that I do not like. I’m just going to be SOL out of the console I do prefer. Corporate responsibility? Microsoft knowingly rolled out hardware with 60% or so failure rate in order to beat the competition to put out next gen consoles. Where’s Lolsec’s campaign against MS?

    1. Sorry, but feel a need to respond to someone trotting out the “60% failure rate OMG!!” rhetoric. First off, the only statistic that even came close to 60% was a Game Informer survey that reported 54%. As you should be well aware, a voluntary survey is not going to provide results that represent reality. If you believe that people answered that survey completely honestly, I’ve got a bridge and some ocean-front property I can sell to you.

      Meanwhile, an electronics warranty provider, SquareTrade, actually surveyed their records of over 5,000 Xbox 360s and found a ~24% failure rate. That’s from a company that actually handles thousands of console units, not from asking a bunch of gamers to be honest about whether or not their Xbox 360 died. Is that a high failure rate? Absolutely. Is it even remotely close to 60%? Not hardly. For comparison, SquareTrade reported a ~10% failure rate for PS3s.

      But those numbers aside, I think comparing the reaction of Microsoft and Sony to high failure rates is in order. What did Microsoft do? They retroactively extended the Xbox 360 warranty to 3 years and allowed thousands of Xbox 360 owners to get their machine repaired free of charge. What did Sony do? They blamed it on user error and charged $100+ to replace the “damaged” units.

      I don’t know about you, but I’m going to go with the company that admits they screwed up and offers to replace their defective product for free, rather than the company that blames it on me and wants to charge me to replace their defective product.

  17. Ooh, I hate it when I can’t figure out who’s the bad guy.

    At least I had the foresight to give up on Sony 10 years ago.

  18. The corporatists and their dumb libertarian everyday stooges always act like they want a dog-eat-dog, survival of the fittest system.

    The only problem for them is they honestly can’t compete on a level playing field. The only reason they win time and time again is through bribery, corruption and government paid-for monopolies within the corporate communistic system they usually inhabit.

    Welcome to the Thunderdome. Your rich daddy can’t always throw money at every situation to make up for your inbred ineptitude.

    Corporatists. They can’t compete on a level playing field. Never have. Never will. They are inept.

    You want dog-eat-dog? Well, you look simply delicious.

    1. Thank you for replying to me man. Your posts have played a big part in inspiring me to participate after sitting on the sidelines of the conversation for a long time, talking to myself. I’ve been in profound grief ever since my girlfriend died and this blog has been my connection to the world pretty much ever since. Our conversation continues forever. Peace be with you.

      1. I’m very sorry for your loss; I hope you gained much more while she was here with you. I’ve had to deal with losing those I care about and it really does take some time to deal with it. But I’m sure I don’t have to tell you that anyone that cares about you would want you to have remembrance, but also move on and live a happy life. Once you’re ready for that step and I hope you get back to exploring this mysterious and beautiful planet beyond the blogs. I’m sure if you had passed you’d want that for her as she did for you.

        1. Thank you for saying it man there’s no need to be sorry. There is no loss and the gain isn’t passed tense. Grief is balanced and turned into joy by the fact of what a wonderful family we’re a part of, understanding the cyclical nature of existence. A dear friend who also has gone on once told me there are no negative numbers. It’s all about the understanding embracing balance. I love you. Forever.

          I hope you get back to exploring this mysterious and beautiful planet beyond the blogs.

          I’m already There :: the Wall ::

  19. Heh.

    I know around where I live, if the police notice that your car was left unlocked, they will give you a ticket. Supposedly for ‘encouraging’ crime. Is this that different than the noted case?

    In another vein, all these big companies are making tons of money. And yet they aren’t spending much at all on security?? Shouldn’t we be pissed at this?

  20. Somebody kicking Sony’s ass. Tell me it isn’t so.

    Especially after their little escapade of using a rootkit on their customers.

    Especially after their intense campaign to go after anyone copying their precious music.

    Especially after they were dumb enough to use simple text to store customers’ personal information/passwords rather than at least trying more elaborate means to keep others from “acquiring” it.

    Who knows what other stuff Sony has been into?

  21. I think it’s pretty obvious at this point that we can blame Sony. They’ve been the subject of multiple high-profile cyber-attacks in the last few months. They clearly do not have their security shit together. Is it any surprise that they were targeted for more hacking? What is surprising is that having a major network under their control compromised didn’t wake them the fuck up. If you have a problem with blaming the victim at this point, you don’t understand why this kind of thing is possible. Sony has apparently decided that putting the key under the doormat is the best security system. You’re a victim of Sony’s incompetence/devotion to profit motive and LulzSec’s successful lulz seeking. I’m more inclined to blame the multinational corporation with massive profits than a bunch of script-kiddies looking for lulz.

    I have to admit. I’m lulzing over how fail Sony is.

    I’d even wager someone told these Sony divisions about their security flaws years ago. I’ll put a couple hundred bucks on it.

  22. Oh they stole all of these poor peoples information.

    Take 2 steps back with me for a sec kthks…

    If LulzSec was able to get this, do you think NO ONE EVER HAS DONE IT?
    The difference being that Sony or the others who took it will never admit it happened.
    They will happily use the data and enrich themselves at YOUR expense.
    They do this to keep you safe in ignorance that they honestly don’t give a shit.
    If your whole life collapses, they are never held accountable for providing the information required.

    LulzSec does the hack and releases the information –
    1 – for the lulz
    2 – to get your panties in a bunch about how dare they hurt Sony.
    3 – to prove beyond any doubt “We claim this it must be true” is not that believable.
    4 – to make a big enough shit pile that the media and those who refuse to believe that Sony would be so negligent can no longer ignore the smell of shit coming from the pile they are standing in.

    Would you prefer they don’t expose companies for being lax in their responsibility to protect your data?
    Would you prefer they go the extra step to redact data to protect people, when Sony will then claim they didn’t have it all and this was faked?
    Would you prefer to remain ignorant to the possibility that they have been compromised for YEARS, and their customers have been getting much more screwed that a mass info dump on the net?

    Guess what, the infodump forces people into action to protect themselves and ask Sony WTF, you can’t be bothered to do even simple things to protect me – but I had to “sign” a EULA longer than War and Peace that protects you?

    I love the idea someone thinks this is a group that thinks Xbox is the reason for this.

    Could not have anything to do with Sony blaming all of their failures on elite hackers, when a script kiddy tool is all you need to get the keys to the whole kingdom?!

    But poor Sony, evil LulzSec… the consumers were screwed before LulzSec got there – the difference is now the consumer is aware.

  23. maybe now these clowns will stop spying and stealing personal info form their customers.

    I will never buy a Sony produced again. Stopped after their Nazi like TOS agreement way back at the beginning of the year.

    Consoles are for noobs anyway. Anyone who still supports Sony is an uninformed, ignorant, fan boy.

  24. 3 Cheers for LulzSec. Remember $0ny-BMG? Perhaps this will jog your memory:
    “”. $0ny’s level of arrogance is unmatched anywhere in the known universe. Storing customer passwords in plain-text and being owned by an SQL injection? $0ny deserved a good slap in the face. And $0ny’s customers deserve A LOT more than a simple “Oops! ..sorry about that”. Like maybe $0ny should hire IT personel that actually know what the hell their doing. — Daemon_ZOGG

  25. If LulzSec can point out a vulnerability in Sony’s data security, that’s one thing. If nobody pointed out security holes, they might never get patched, and getting security holes patched is a good thing.

    And I can’t say I have much sympathy for Sony to begin with, considering the rootkit scandal and their repeated failure to fix their own very broken information security procedures.

    But– LulzSec completely lost me when they published the user info they swiped online. Why punish the innocent users for the incompetency of Sony? Now these poor people are even *more* at risk for identity theft, etc. than they originally were from Sony’s malfeasance. If you, or someone you cared about, had ever been a victim of identity theft or credit hijacking, you wouldn’t be cheering this a$$hat move. It can take years to straighten out identity theft and it can thoroughly mess with people’s lives.

    Nope, my sympathies are with the true victims, the users. LulzSec gets no love from me.

    1. “Now these poor people are even *more* at risk for identity theft, etc. than they originally were from Sony’s malfeasance.”

      And these poor people are actually being made aware that they are more at risk. As I pointed out before, this “hack” was childs play, to think LulzSec was the first and only to ever get this information is insane.
      I am not praising LulzSec, but I understand the reasoning. It is not the nicest way to give people a wake up call, but how else could they accomplish this?
      LulzSec can claim all day they got x, y, z and without proof no one would hear them over the Sony PR spin.
      You might not agree with the methods, but how else is a random group of “hacktavists” going to raise awareness that Sony is the ultimate honey pot for info theft because it is amazingly clear they don’t give a rats ass about basic security standards.

      In the original Sony hack that took down PSN, it was pointed out on forums where Sony monitored info that the vulnerabilities were posted for months. Sony claims they fixed those, but that is blatantly not true… had they patched they never would have been owned like that. And after the massive “rework/resecuring” of their network to find this many holes in every division should raise a whole bunch of red flags.

      I guess the better question should be how many more Sony sites need to be owned before Sony decides maybe they should lock the sites down until they get them secure? How many of their customers were previously harmed by a blackhat sneaking in, getting the info and not telling it on the mountain? Identity theft sucks for the end person having to fight it all on their own, maybe someone will make a real law and make the corporation who leaked it responsible to clear up the consumers record they helped fuck over.

      1. Why put the details up on TPB or similar?
        Why not take the white hat approach and contact those affected and a few sympathetic news sites?

        There are better ways and means to demonstrate you’re not bullshitting people saying you’ve just breached another Sony site. Putting the details up, un-edited, uncensored, is just asking for hate from those that’ve been failed by Sony.

        Instead: imagine Sony customer service hotline lights up like it’s on fire because of customers who’ve been kindly informed that their details are essentially unprotected, and they’ve got to pay some attention, while the media covers it and verifies it. But no bad feeling, because lulzsec has done the adult thing and kept the details to itself – releasing just enough as proof, without blowing the whole load and ruining some people’s days.

        By publishing the details to torrent sites, it’s just pissing on the real victims, and making lulzsec look like the bad guy here – which is a shame, because there’s enough ill-feeling from the PSN hack anyway misdirected at them rather than Sony for having the (in)security of a emo teenager.

  26. I guess LulzSec achieved their goal because Sony’s poor security measures were uncovered, and presumably their security will be better from now on… but what was the point of them posting the passwords, coupons and etc on Pirate Bay?

    Their point was already proven when they hacked into Sony.

    Also what’s the point of hacking onto all of PBS for only ONE episode of ONE show that put Wikileaks in a negative light?

    Hacking a Public Funded Educational TV Station’s website; Really??!!

    It seems that these guys think they’re doing a Public service, but they’re really not. They’re just vigilantes trying to justify a hobby.

    Also, I know all these analogies get tiring but let me offer another one:
    LulzSec is like the new neighbors that justify buying guns because they live in an “unsafe neighborhood”; It’d be safer if they moved out.

  27. Wow, lucky for Sonypictures Lulzsec would be considered whitehat hackers. I guess huge multinationals still haven’t learned why AIG failed so hard.

  28. So if Lulz turns out to be an American, assuming he eventually gets arrested, would he be extradited to Japan? What are Japanese jails like for Americans, anyway? And will his mother be able to afford his legal defense bills, or has he basically just screwed over his family?

  29. @ #42
    I have been trying to understand which one is the evil one in this story and I must say, I give more credit to lulzsec after reading your post (the EULA being bigger than War and Peace did it for me, as I did some localization jobs and we are probably the only ones to ever read that through in its entirety).
    It is stealing and putting the data online isn’t what you expect from your 21st century Robin Hood, but somehow I don’t believe that by sending Sony a private e-mail pointing out their security flaws, they would step up security like they would now. I mean, this whole “you have been hacked, again” is their worst marketing campaign ever and remember that E3 is up next week.
    And as far as I know, Lulzsec isn’t making any profit of this (except for internet fame, but that only lasts for 6 days).
    If I were Sony, I would seriously consider giving some hackers a job, which probably already happens, if they can get over their hurt pride.

    1. @S1s3but0 – They are getting internet fame, and in the hysteria no one has considered the idea of – if the leak is out there and all over, it takes a special kind of dumbass criminal to use a widely known compromised identity.

      This also sadly is a crystal clear example even the slowest of users can understand.
      If you use the same password everywhere it is only a matter of time before your screwed.
      Getting hacked isn’t something that happens to just other people who use “questionable” services.
      Security is not measured by how well known the brand is.
      Never assume a corporation will do more than the bare basics to protect you if it costs them money.

      To paraphrase Barbie – Different passwords are hard….
      But do you think you can convince them of that now?

  30. there’s a lot of analogies being thrown around ITT, here’s mine:

    if you pay your doctor to give you your immunizations and then you contract small pox, do you confront the small pox virus or do you confront your doctor?

    “Yesssss… just buy my network. your password and the information behind it are all immunized!”

    the internet is a far more chaotic system than a fucking bank or somewhere you park your bike or your car with your children inside. my point is: the internet is far more chaotic than ANYTHING on a human scale IRL. let’s keep our analogies proper, people.

    Sony is clearly at fault. an entity exposing Sony’s negligence, albeit maliciously, is only drawing attention to Sony’s ineptitude. Sony can afford to have the world’s most badass IT dept. It boggles the mind why they haven’t bothered to create it.

  31. @Antinous

    If my bank doesn’t bother to lock up at night and my money is stolen, it’s the robber’s fault that my money is gone, but it’s the bank’s own fault that its reputation is ruined

    No it’s not. It’s the robbers fault. The Bank can act as stupid as they like. It’s their business to lose.

    But if the Bank is accused, and found guilty of, some misfeasance then their are legal avenues for restitution.

    Sony were victims of an unlawful attack. You may dislike the apparent faulty security measures of the company, but that still does not negate the simple fact that that they were unlawfully compromised.

    Justify it all you want. Sony is the victim.

  32. Sony isn’t the victim. Sony is a faceless and irresponsible corporate entity failing to institute best practices for securing their IT infrastructure and customer data.

    The negligence of their sys admins and by extension the company’s management has put their customers at risk, and their shareholder’s value at risk. The companies management is also subject to criminal and civil penalties, for being negligent.

    You don’t have to condone the actions of hackers to condemn the negligence of the corporation. Besides… condemning the actions of hackers is a pointless exercise. They don’t care.. they aren’t concerned with your values.

    For the record, I’m totally happy with Lulzsec for being funny, and making such information public. Most hackers don’t deface and publish, as that ruins the value of the information, cuts off access, and makes law enforcement involvement more likely.

  33. Why is it that no one even mentions that Sony would fail PCI compliance checks many times over. A large company like Sony doesn’t need to follow the rules, but small time web developers and system administrators do? It is unbelievable.


    this very public hacking of corporations just to say they can is going to end with everyones internet access controlled by gov’t.

    If these jokers aren’t really a gov’t agency pushing for funding by creating a fictitious threat I would be very surprised.

    I am saddened by these thoughts.

    1. I admire your paranoia, but the government really doesn’t need a false flag operation like this. The US, UK and many other governments have been dropping Narus “mass intercept” black box probes into network carriers for years. Also, I believe the US President has the authority to shut down parts of the Internet at will. There is already a level of control, and they are just getting started.

      If you want to start a revolution, don’t bank on being able to do it via the Internet.

  35. @Antinous

    Due diligence? If Sony are guilty of demonstrating a lack of due diligence then someone needs to prove it in court.

    I have been refuting your claim that Sony has not been victimized, not if Sony has acted in the best interests of their customers.

  36. The problem for many establishment organizations is they have alienated the very people they want to buy their product and/or need to produce their product.

    I don’t know any good computer security people that would be willing to work for Sony because of their past and ongoing behavior.

    As a result, the establishment tends to hire people that are more salesmen than technology people. You remember the guy in your programming class that wore a tie but had trouble compiling the code the teacher wrote on the board? Yeah, those are the guys these companies are hiring. In the past, they maintained their position though monopolizing the shelf space in retail stores. Today, we don’t need retail stores. Publishers will go the way of the record stores.

  37. a few points.

    1. Sony is a corporation. Not a person. There was an exchange between that corporation and customers. It was somebody’s job to ensure the safety of such transfer. It wasn’t done. It was somebody’s job to ensure that the security job was done. It wasn’t done.

    2. Sony have always used extreme tactics about people modifying their products. Remember how hard they pounded on George Hotz ? That was totally unnecessary. Of course they are not alone in the douchebag boat. It seems like a lot of companies want to force us to use their products like they want. I understand the desire to stop piracy, it is a legit battle, some hack, they build better security, and so on. It is totally OK to try to counter pirates, it helps the security technology develop and I understand the desire to protect one’s income. However, forcing the PS3 users to periodically get heavy and long-to-install updates that have no use but stopping said user to modify his console, that is malpractice in my opinion. Sony are certainly not the only ones doing it. If I was to destroy my PS3 with a hammer, that would certainly be a modification of the device. But the device is MINE. I bought it with MY money. It is no longer Sony’s. As simple as that. And I’m sure the hammer company would not sue me for misuse of their product. Sony, like others, punish immorally all their customers to insure punishment to copyright infringers. That may explain the frustration and desire of vengeance felt by LulzSec.
    Linux rocks and should be allowed to rock where I want.

    3- Leaking the information is an act of information violence that has concrete consequences. It is much more damageable to Sony than just publicly say : We went in. It is proof of the deed and was necessary to make their point. If the fact that the leaked users age was very old is true(I did not check), it may be because of the location of said users in database or belief that they were probably all dead anyway. It may be wrong to leak that information, I don’t know. But right or wrong, it did meet the objective. Was it worth it ? I have no idea.

    4- Their website is pretty cool :

  38. Sony is incompetent and concerned only with profit, no big surprise there. Good so far?

    The infiltrators are assholes because they are concerned with notoriety and proving their power against incompetent gluttons as opposed to exposing problems in a tactful and inert manner. Check…

    The customers are STILL getting the shaft from both of these F-tards and probably should have thought long and hard about the highly likely probability that that would be the case sooner or later.

    The last thing I bought from sony was a VCR, a friggin VCR! And the only reason I did that was because I needed a rugged production quality machine to produce VHS masters nearly fifteen years ago. Back then sony was the shit, now they are just shit. Expensive overly inflated brand name junk.

    The reason I stopped buying from sony was because I found better cheaper alternatives. And to further that ideal, I was continually shocked by their customer service practices that I heard of from friends and the net. From a friend of mine that had to send his viao all the way back to Japan just to have a hard-drive replaced to the friend that had to ditch three years worth of minidisc material because the gluttons refused to service his recorder that he had just bought. It was apparent that their heart was just not in making devices that were worth the extra money. Their heart was just into making money.

    BTW, FWIW, that fifteen year old VCR still works like a champ to this day and was (at the time) the best four hundred dollars I have spent on equipment but I am very very unlikely to ever give sony any more of my money because they just don’t have it anymore, shit on their customers and then there is all this other foolishness to abide by. Furthermore, not only would I never give sony my hard earned money I sure as hell would not give them my personal information. Neither should you.

    Branding is only as good as the product under the label and it should be obvious now that sony’s product has been just a label for a long time now. And of course a label is worthless if the thing it labels is worthless too. Need I say more?

Comments are closed.