PlayStation Network hack launched from Amazon EC2 The hackers who breached the security of Sony's PlayStation Network and gained access to sensitive data for 77 million subscribers used Amazon's web services cloud to launch the attack, Bloomberg News reported. The attackers rented a server from Amazon's EC2 service and penetrated the popular network from there, the news outlet …
So, this occurred before the PSN takedown, and on...what was it, the 21st? Sony take PSN down themselves, and meanwhile Amazon's cloud services vanish. It takes Sony a week to fess up that they'd been hacked, and that - yes, they took PSN down voluntarily. At this point, Amazon is putting the pieces back together, 'some data lost irretrievably...?
Anyone here *really* believe in coincidence?
Smells like the work of Oponn.
Is this why Sony has kept so quiet about the attacks - apart from trying to blame it on this week's 'Enemy of the West(tm)'.
Thier silence raises more questions about the amout of data nicked and the depth of penetration
(oooh, err, missus). It also makes them look really shifty. Whatever hapened to world domination, Sony?
Cloud computing at its best, used to demonstrate how shite the root-kit pirates really are.
And the number of systems that have to be analyzed to determine the full extent of the attack. It is far from a simple task to know for sure if a system has had malware installed on it. And if data wasn't accessed through normal channels there may not be any logs of exactly what was grabbed.
This post has been deleted by its author
Time to add to the internet security playbook. If you run any kind of customer facing network, It's time that your firewalls and monitoring systems had rules for Cloud Computing sources. In fact I'd completely block their addresses on the firewalls and filters, set rules in the firewalls, filters and monitoring systems to check incoming packets for anything suggesting the packet claim from a cloud source, and once again block, quarantine and/or isolate such packets.
Last night PS firmware update 3.61 was published, along with a blog post telling us (what we already knew) that we will be required to change our PSN password when we first sign on to PSN after installing this update.
'twas a false dawn however... after applying the update I still couldn't sign-in to PSN ("down for maintenance") but it looks like things are starting to stir back to life.
YAY!
I see what you did there. Hilarious. Do you write your own material? 'Cos that was priceless.
You know, with this level of wit and incisive analysis of recent trends in technology, I'm surprised the Reg haven't already offered you a permanent position. The world really, truly needs more input from you.
Well done!
</sarcasm>
This post has been deleted by its author
It used to be the case that if you sold someone military grade encryption (DES) you had to do checks into who they were and verify them, and even have them obtain a license from the DoD. Considering that Amazon is selling what amounts to supercomputing for hire, one has to wonder why they are not required by law to more carefully check their clients. The same would be true of any cloud vendor offering cloud computing services. I mean, in this case they're saying that the people who did this used fake information and stolen card numbers. I don't know, but it sure seems like those are things that should have prevented the account from being opened in the first place.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
