Sony BMG Greece has became the latest property of the entertainment giant to be hacked. The miscreants attacked over the weekend. The Hackers News uploaded sample extracts from a database of users' names and email addresses onto pastebin after hackers who broke into SonyMusic.gr sent them a dump from their hack. The data as …
Bertelsmann sold their shares in Sony BMG a couple of years ago. There is no Sony BMG Greece.
don't mess with OpenSource
Sony - and hopefully others too - might now understand that it's not a good idea to make ennemies with the free & open-source people. The price they're paying is incomparable to the little they would have lost by leaving the "other OS" option in the PS3.
What the heck?
Has this got to do with open source?
I think a more correct phrasing of the above is:
Sony - and hopefully others too - might now understand that it's not a good idea to make ennemies with the bunch of Windows running script kiddies with too much time on their hands, very few of which would actally even bother using the Other OS option, even if it was still there.
The vast majority of people i know who run open source, do so because they WANT to be law abiding citizens.
Your anecdotal evidence doesn't change the fact that open sourcers are often tinkerers, Sony pissed on the beehive by removing that functionality, making them choose between OtherOS and gaming online/blu-ray updates/buying games/extra free and subscription services if they wanted to stick legit.
Just depends if you want revenge after being pissed on, I guess.
As far as it goes..
As far as it goes, you are correct, However, the point i was trying to make was that the parent post seemed to equate all open sourcers with crackers, which is very far from the truth.
Sorry, what? Are you kidding me?
Sony and others are supposed to just give up and take no action to protect their products and services in case a bunch of cyber-terrorists decide to go after them? What's next? Protection money?
Suggesting that Sony shouldn't have tried to protect the PS3 after people (including Hotz) publicly posted various keys and information that lead directly or piracy and platform insecurity because the hackers threaten revenge is like telling someone to give in to blackmail. You simply can't do that.
It's ridiculous to expect any company to give in to the implied threats of a bunch of malcontents, anarchists and script kiddies if said company tries to protect it's products. There's no way in hell that's sustainable, and no one should expect it to be. I know lots of commenters here have a hatred for Sony that goes so deep as to be irrational, but I would hope that even they can see that if you take Sony out of this discussion and substitute any leading tech company in instead, you cannot expect them to give in to that kind of blackmail or threat. It's just impossible. You cannot do business in a situation where your ability to do business is governed by the whim of a few entitlement minded hackers and their egotistical friends in dark places.
Sony should not have raided Graff's house. His 'crime?' Putting Linux back on the PS3. Are we learning yet Sony? I hope Sony is hacked into receivership, looks like it's open season.
I might be mistaken, but wasn't it the publishing of the root key which they are taking him to court for, as it potentially opens up the PS3 to be hacked by anyone? Hacking and revealing information into the wild which could cause a threat to every PS3 console out there is slightly more serious than "Putting Linux back".
Not saying that I agree with Sony's stance, but it's naive to believe that the guy did nothing wrong. He is allegedly a hacker, and it looks like he was just showing off his "conquest" to gain praise from others. Whatever he says of his reasons for releasing the key now, I find it hard to believe it was anything other than "willy waving".
You think this is why it's happening?? You think hackers will stop once Sony disappears?? You're REALLY that naive?? Sony may be getting kicked while they're down (while the Anti-Sony Hoodlums post comments akin to standing around and laughing) and, to a degree, they may deserve it, but the real problem is what they'll do once they've finished with Sony. Where's the next challenge? Perhaps it's a credit card company, or a hospital, nuclear power station?? Who knows. Whatever happens, I can guarantee one thing: the minute it affects you, you'll start disliking these criminals like the bastards they are. They don't care who gets affected, or how their lives may be compromised. We'll wait and see.
Geohotz (USA) published the keys and made custom firmware. Graff (German) made tools to enable use of the Hypervisor under OtherOS or linux. Sony knocked down his front door TWICE, stealing his property. Two completely different people, 2 different continents.
And no, I don't believe the hackers will stop if Sony is destroyed, but I will throw a party. What I'm saying is Sony's behaviour (dawn raids) lit the fuse. Watch the fire works.
I don't like the hackers
I'm glad that it's hurting Sony. I don't agree with stealing people's details or breaking into networks, but if it Hurts Sony then let it continue. Sony's actions made me sick, getting subpoenas to get the details of people who WATCHED a video on the net? Trying to silence people who talk about the PS3? Snooping on the stuff contained on users PS3's and the network they are connected to, hiding behind EULAs. Sony's methods and contempt for the law and people's right to own their own property. painted a target on themselves. Rather than spend money on security, they chose to use fear and lawyers to stop the attacks. You reap what you sow.
Excellent post. This is all targeted at Sony today, and for whatever reason Sony has garnered a great deal of hatred from a certain fraction of the tech community (hatred that is far in excess of any wrong doing that Sony, or BMG could ever have been accused of). However, Next year, tomorrow, whenever it could easily be someone else. there is a bigger picture that goes far beyond the petty hatred for Sony and the glee at their discomfort.
Re Graf. Sony did no door kicking, it was the German police with a German court order
Whatever Graf did, in Germany Sony has sufficient strength of case against him to gain two court orders that involved the police seizing items from Graf. Not Sony, the German police. Sorry, but whatever your personal opinions of the laws, if you break them, there are consequences. Graf seems to think that because 'hacking the PS3 is his life' he should be exempt from German computer mis-use laws, It doesn't work that way BTW, Graf also published a great deal of information about the PS3 firmware's innards, much of which is useful to those attempting to break the platform's security, pirate games and access PSN in unauthorized ways.
preach on brother
Only a media studio who cares little for its customers (all thieves) or even its own hardware division (except as a way to control their paying thieves) who go out of its way to destroy what little goodwill they had left. Perhaps Sir Stringers business model isn't so ideal what with Sony having record losses the past few years and the PS3 ultimately being unable to pay for itself.
Jack, at least research things before casticgating Sony.
The subpoenas from Sony's Attorneys were for sufficient information to establish jurisdiction in the Californian court. The data did not, nor would it ever, go to Sony. Sony is not trying to silence people who talk about the Ps3, or people who modify their hardware. You can turn your Ps3 into a Foreman grill if you like, they don't care. If you start discussing protected information such as encryption methods, or keys or how to circumvent those things, they care. If you put that discussion on the Internet, they care, of you modify your Ps3 with custom firmware that allows the breaking of game copy protection or PSN security - they care.
Sony sued GeoHot in the US civil court. GeoHot was never in any danger of jail time (try telling that to the usual hot heads that bleat about Sony trying to put him away for good). Sony did not in any way act illegally, they use the civil law in the US just like everyone else can.
Oh, and by the way, regarding the user license agreement that people are so fond of virtually shredding; when you buy hardware, you buy only the hardware, nothing else. The firmware that comes installed on the hardware is *not* yours, it is not part of the hardware and is not part of the purchase price. the firmware is software that you use subject to license terms. that is how Sonftware is sold and distributed. All that free open source software is governed by the GPL, if you break the GPL, you will end up in court, it happens every day. Just because Sony is a large corporation and has their own specific license terms for their software does not alter the fact that the software is licensed to you under the terms of the license. just as access to PSN is granted under certain terms of service. Neither the software license nor the terms of service for PSN are invalidated because someone labels them an EULA and unenforceable. Software licenses have to be enforceable otherwise software will simply not continue to be be a profitable business. Terms of service on networks have to be enforceable to prevent rogue devices on proprietary networks and to prevent unauthorized access. It's their network, if they don't want modded PS3s on it, that's their right. the fact that you have modded your PS3 does not put Sony in the wrong when they perma ban your console and PSN ID.
Last, all the glee at Sony's discomfort comes not at the expense of some disembodied evil corporate entity. It comes at the expense of ordinary working people working for Sony in whatever capacity who no longer have a job thanks to the economic impacts of hacking or piracy. Yeah, that's right, people do lose their jobs when companies lose profits thanks to criminals. So all that 'dancing for joy' crap that people indulge in over the heroic hackers attacking the evil Sony, comes at the expense of ordinary people who have in no way done anyone any harm.
I guess it's easier to think of Sony as a disembodied Sith Lord though since looking at it in a realistic way means you have to recognize that real people can get hurt.
When you buy a PS3 you buy the whole thing. If Sony thought like you do they would sell you a box with no software on it (like a PC). You would then have to load up the firmware to it, thereby validating any crap in the EULA. What if you buy a console for a child and they begin to use it. What law anywhere is going to enforce said EULA on a minor? As minors cannot enter into contracts. So yes, EULA on the PS3 is hot air. The PSN is theirs and I have NEVER logged on to it, I have no interest in 'social gamming'. Sony do not have my details and never will. They have no right to examine MY PS3, it is MY property and if I choose to examine its inner workings then that is my business. Graf has never had anything to do with piracy. He has nothing to do with the PSN hacking. He is only interested in the Hypervisor. The German police didn't just decide to pick on Graf, Sony put them up to it. The world will be a sad place when you cannot examine your own purchases or in your world, OWN what you buy. Maybe Sony should rent their next console? I see Nintendo's EULA grant themselves the right to 'own' everything that is on the their new handheld. Yes they really believe that all your files are theirs to use in any way they see fit. Guess The BIG N is also on my no buy list. But feel free to welcome them into your life.
Utter bollocks? Yes, keep telling yourself that, one day you'll grow up and realize you buy the hardware to run the software. The software is a separate product, and even if you're allowed to use it for free, that comes under certain terms and conditions that restrict what you can, and cannot do with it.. Firmware is software that you are allowed to use for free, it is, for your convenience, installed on the PS3 you buy, but it is still considered a separate thing and governed by it's own license and terms.
Sony may not be the nicest company
but you have to be a serious nerd to think that criminal activity over AN OS ON A CONSOLE is justified or correct. I don't disagree with some hacktivism (or a fair bit of it to be fair), but this is a joke. Maybe there's more justification based on Sony Graff etc. but anyone claiming that this is a good thing because they took an OS off of their device seriously needs to get some sunshine.
My problem with this kind of Hacktivism is two-fold.
First is the pompous crap emanating from the hacking community and Anonymous. I mean, seriously, do they honestly believe the stuff they say? Secondly, there is a really simple problem with all of this. the law. The law exists to protect society, and provide a structure by which wrong doing is punished. You can't simply decide which laws you will respect and which you will ignore. Either you have law or you do not.. If we're supposed to accept that it's OK for hackers to ignore intellectual property laws or computer mis-use laws or privacy laws because they are inconvenient or because there is some higher purpose, then does that mean we accept that anyone can decide which laws they will pay attention to because in their mind it's convenient or has a higher purpose?
That's completely ridiculous as most people accept. As soon as you start allowing people to ignore laws they dislike you set a horrible precedent that can open up the possibility of people ignoring all kinds of laws. Does the world really need to give criminals that kind of a break?
The law is the law. Law varies from country to country, but in general most western nations have similar legal systems and laws governing intellectual property and computer mis-use. If you break the law, you pay the price, even if you claim your some kind of virtual freedom fighter trying to restore OtherOS.
"You can't simply decide which laws you will respect and which you will ignore"
Ummmm.. Yes I can.
I can't ignore the fact that I can be punished for it, but I can certainly ignore the law.
Am I to assume you've never gone over the speed limit?
If enough people ignore the law because they see it as being useless, and fight the case in court, then eventually that law will get reviewed and revised. (Like how the governments of some countries are now considering marijuana legalization)
The law is not some Holy Truth to which we must be supplicant.
You are not ignoring the law, you are electing to accept the consequence.
If I break a law, I am aware of that, and prepared to accept the consequence. that is the gist of what you are saying.
Well, OK then. That's nice. However the hacktivists here, and the hackers cracking the PS3 do not accept the consequence of their illegal acts. In fact they believe that they have done nothing wrong because they believe that the laws are wrong, and therefore do not apply.
Even if you decide to break a law, knowing what it is and what the consequences are, you are still paying attention to it, you are still respecting it because you are aware your actions carry consequences. If you were simply ignoring the law, you would not accept that there are consequences, and would do as many in this hacktivist scene have.
As for your example about marijuana, governments have been considering legalization for decades now, and not one has done it, nor are they likely to.
The law is that which separates civilization from anarchy.
I would hope that Sony realise they cant treat their customers like shite, or this will keep happening.
But they won't.
How many governments are going to hold Sony responsible for the huge data-loss that's occurred?
They had an obligation to protect the information of their users, so it should be a pretty landmark case if it (rightly) kicks off.
Why am I reminded of the Ariston adverts in the 90's ?
Ariston... and on... and on... and on...
Yes... it does a bit doesn't it?
Whilst I can, to a certain extent, agree with the comments regarding how sony deserve the treatment, this is still an illegal activity and should no be condoned.
Sony have lost my business due to their actions this year year, but I would never go smash their windows or anything like that. Also, even those these attacks have put a rather large amount of egg on the face of Sony, they have also caused widespread disruption for the poor souls who have spent money with them. Just because someone has spent some money on a PS3, or played some online games, they shouldn't be made to pay by exposing them to possible id theft. Not only is the attack on Sony illegal, but it could be classed as akin to theft from the users due to forced removal of a service.
I agree, but...
Better a hacktivist rather than someone who's going to rape your bank account (and that's not to say that hasn't happened in the main attack). During this whole saga, Sony have failed to keep a basic level of security for their customer's data while piling more restrictions on what people can do with stuff that they've paid for. Certainly didn't get what I paid for, told Sony what I thought, custom firmware'd my PS3 (may as well get something out of it until it YLODs) and am keeping well away in future.
Since anonymous has virtually no control of it's 'membership' it's impossible to know whether there is a large number of criminals who operate under the guise of Anonymous. I rather suspect that there are, after all, if some naive group of script kiddies is going to do as they do, why not take advantage of such a perfect smoke screen.
you forgot one important thing(S)
Sony (a now proven criminal corporation) never for punish for it's crimes. Now it got it's just deserve, The hacking of Sony is just JUSTICE BEEN SERVED. Hopefully Sony will be hacked out of business.....
Sony: 0, Hackers: 7
"7 Hackers Hacking,
and a partridge in a pear tree"
I know what Sony's top selling Xmas cd will sound like.
/flaming pear tree icon
Aren't there companies who you can pay to attack your site(s) to find out where they need shoring up, where the holes are, where others might find a way in?
Yep, loads of penetration testing consultancies.... Maybe sony will hire some better ones now?
Shouldn't be needed any more...
They've just had the most robust testing that money couldn't buy...
No to mention...
four separate security groups (that we know of) working with Sony's own in-house team.
What I find interesting is that URL exploit that was found on the password reset page last week. that looked to me like a day 1 kind of flaw, and yet it was not found until now. The odds are it was never even exploited in anger. But it has taken an unprecedented degree of scrutiny on their network security to find these things. I wonder how many other companies with big networks are aware of how insecure they really are?
This is the same Sony...
... which put rootkits on audio CDs a few years back.
You'd think they'd have learned from that little escapade.
In the absence of shareholder direction to the contrary, a company/corporation is required _by law_ to maximise profit for the shareholders.
The only way to do that is to behave in a way which in a human would be classed as "sociopathic". (Which does make you wonder, when corporations have "natural person" status in the USA). This in turn tends to attract sociopathic individuals into management positions. If they're not abusing people external to the company, then they're pulling a Ken Lay and maximising their own personal profit at the expense of the company.
I'm sure that Akio Morita and Masaru Ibuka are turning in their graves.
Same Sony that made Trinitron, Playstation and Walkman...yes?
Sony didn't place a rootkit on CDs, BMG did, yes they are owned by Sony. However, Sony, and SCE in particular had nothing to do with that at all. Not to mention the fact that they admitted the wrongdoing and had to make good. Never mind that the music CD fiasco affected a relatively small number of people in fact, let's all just trot it out as an excuse to hate years later shall we?
I don't even know how to begin to address the rest of your post since Sony as a Japanese company has little or nothing to do with politically motivated US Supreme court decisions relating to the insane topic of granting corporations rights as individuals. Personally, I think you are letting your own irrational hatred cloud your judgement with respect to Sony. Though I suspect that we agree on the utter folly of granting corporations individual rights in the US.
"It's likely that any corporation subjected to this level of intense scrutiny would prove similarly insecure."
Mmmmmmmmmm, no... Sony fundamentally designed their system to be accessible first and secure second. They paid the price.
There are lots of folks out there who do it right.
SOny MUST GO DOWN
Sony (who should have been shutdown after the Rootkit fiasco) MUST GO DOWN. Hopefully it will be hacked until it shutdown.
Sony IS A OPENLY CRIMINAL COMPANY, Since justice failed punish Sony for it's multiple crimes. soneone(s) have the right idea to humiliate Sony and force it to shutdown.
There is more evil company (beside the RIAA/MPAA mebership) more evil then Sony.
Openly criminal eh?
Care to explain, or are you too full of piss and vinegar about BMG's rootkit fiasco of 6 years ago?
Hackers 7, Sony 1, actually
Sony started this, did they not? At least that's how I prefer to interpret it. They were unfortunately successful with their SLAPP against the PS3 modder, but it's true that nothing has gone their way since.
"It would cost far less to perform thorough penetration tests than to suffer the loss of trust, fines, disclosure costs and loss of reputation these incidents have resulted in." - Chester Wisniewski at Sophos.
Since SQL injection is solely the result of failing to validate user input - which is the most elementary newbie programming error on Earth - maybe a better way to reduce incidents (and thus costs, loss of reputation &c. &c.) would be to employ people to write your web applications who are actually minimally competent.
While we allow inattentive fools to write bug-ridden code, relying exclusively on post-coding checks to find the foul-ups we'll never raise the abysmal quality of software development.
If you can bring down several Sony sites for long periods of time then you are somewhat above the level of scriptkiddy. Sony flexed their muscles too many times and p****d off too many people too many times. Sony got what they deserved.
Secure unique passwords...
One thing is for sure, secure unique password are becoming a must in this age of hacking and intrusion and compromised data! Attacks have changed and are shifting away from hitting one person at a time to hitting mass stores of data. What happens when thieves have your user and password information that you've used for other sites or banking or what have you? I'm as guilty as the next guy for using simple or the same password for everything but no longer. I use the techniques found near the end of this article on HiTechBrew.com http://wp.me/p1rE6R-4O and I use LastPass (info on recent possible breach http://wp.me/p1rE6R-dr )