Sony's uncomfortable security microscope will last for months

Sony's uncomfortable security microscope will last for months

Summary: Sony's problems with its PlayStation Network is likely to keep the company under the security spotlight for months to come. Every small security detail will be magnified.

SHARE:
TOPICS: Hardware, Security
9

Sony's problems with its PlayStation Network is likely to keep the company under the security spotlight for months to come.

And that's not a great position to be in.

The latest news on the Sony security front is barely worthy of a mention. Sony Thailand has a live phishing site on one of the company's servers. F-Secure highlighted the attack.

In the security industry figuring out what not to cover is just as important as knowing what to expand on. If F-Secure's alert wasn't attached to Sony it would merely pass by. In fact, it's a non-event.

However, Sony is under fire due to suffering a data breach and outage for its PlayStation Network (PSN). Once a company is deemed insecure it can take forever to rebound. In recent days:

Simply put, Sony is taking a beating and probably will continue to do so no matter how much it apologizes, overcommunicates and offers free credit monitoring. Every potential security hole will be probed by hackers. Every small security problem will be magnified by the press. Sony is a big target and will remain so until it has perfect security. The problem: No company has perfect security, but Sony better get damn close.

Sony is retooling security processes in real-time and that takes time. Repairing the hit to Sony's reputation will take even longer.

Topics: Hardware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • Where do I even *start*?

    "The latest news on the Sony security front is barely worthy of a mention. Sony Thailand has a live phishing site on one of the company?s servers. F-Secure highlighted the attack."

    WHAT? Barely worthy of a mention? Are you on crack or something?

    If any company ends up with a phishing site on *their own server* it is a big, huge, honking deal. It means they were compromised, big time. Even if that server wasn't connected to their internal data systems, there's still a question of liability. To set up a website like that you need a lot of privileges on the server--which brings up the uncomfortable idea of how they got those privileges...and where else they might have gone in the network!

    Point 2, Sony *deserves* the ridicule they've gotten, and the distrust, and the scrutiny they'll get in the months ahead.

    100 *million* customer accounts compromised? Really? And this isn't a big deal either? Because they weren't even *attempting* to follow best practices? Really?

    "Repairing the hit to Sony?s reputation will take even longer."

    Damn straight! This is the same company that put a root kit on CDs and couldn't see what the fuss was about. The same company who's root kit opened a security vulnerability criminals took advantage of.

    So yeah. I haven't trusted them since the root kit incident. Turns out, that was a good idea. Will I trust them in the future?

    Nope. Not ever. Even now they haven't learned their lesson.
    wolf_z
    • Sony deserves a second chance if

      @wolf_z
      they embrace FOSS and its principles.
      Linux Geek
      • RE: Sony's uncomfortable security microscope will last for months

        @Linux Geek You need mental help.
        flargh
      • Give it up

        @Linux Geek

        It's obvious you're a Windows fanboi trying to give Linux a bad name. Just let it *go*, ok?
        wolf_z
  • RE: Sony's uncomfortable security microscope will last for months

    Sony may not even have a conference at E3 this year. They may be too ashamed to even show up now.
    Bates_
  • Stong and unfair?

    @wolf_z

    You start out essentially taking a strip off Larry's back, but then you end up agreeing with him on most of his points.<br><br>I think regarding the Sony Thailand issue, he may have inadvertently left out a couple of "normally"s. Since he did mentioned it in a Sony blog, he clearly felt it was worth mentioning.<br><br>I think he set the stage quite well in this blog with the "microscope" reference and handled the matter fairly and responsibly. I sympathize with your anger towards Sony, but I think you might have overreacted just a tad in this case.
    Economister
    • No, I really don't think so.

      @Economister

      The third paragraph is blatant apologist. Larry's point was clear, Sony is being unfairly targeted because of a very public screwup.

      My view is the opposite. Sony is FAIRLY being targeted, and every time another security breach comes to light (there has been *another* one since this article came out) it points out that Sony deliberately cut corners on security, while collecting vast amounts of personal information that they A) knew was a juicy target and B) knew they were being negligent in protecting.

      Saying "If F-Secure?s alert wasn?t attached to Sony it would merely pass by. In fact, it?s a non-event." is so wrong there's no excusing the author.

      Sony has systematically been unforgivably stupid in its handling of customer data, in failing to protect that data, and in providing any assurances they have learned *anything*.

      For any author to claim that *yet another* example of Sony's disdain toward their customers and their well-being is a "non-event" deserves ridicule.

      While I'm normally willing to give someone a break, Sony clearly has abused their customer's trust, and this author is clearly an apologist for them.

      So, no, not overrreacting at all. Time for things like this to be cleaned up.
      wolf_z
  • RE: Sony's uncomfortable security microscope will last for months

    There is blood in the water. The sharks are circling. The homebrewers/modders/hackers and crackers are foaming at the mouth to make Sony look incompetent, I think it's working...I have a feeling this is going to get much worse before it gets any better. Im gonna keep my PS3 offline, to be safe. I dont like the IRC chatter I've heard lately. They dont really want to inconvenience Sony customers, they just want to bring Sony down, entirely. Seeing as how this data theft and downtime cost them over a Billion dollars so far, I think they are well on their way.
    Animus et Illuminat
  • RE: Sony's uncomfortable security microscope will last for months

    The thing that kills me about this is that, since the hackers got sony's master password, theres almost nothing they can do about it, and its really not their fault. Yet, people are completely justified in not forgiving them for this kind of thing. I think we can all agree that dickless 4chan hackers who think stealing peoples' credit card numbers is funny are the bad guys here.
    nickswift498