2011-05-19, 07:59 AM
Dark Link Wrote:http://blog.us.playstation.com/2011/05/1...t-process/
and you still believe sony? took sony 3 days to inform everyone their server were hacked lol.
and then, sony say that the hacker left a file in their server with the anonnymous thing like you said in a previous thread:
Quote:We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named Anonymous with the words We are Legion.
if you hack a big company like sony, will you leave a file there saying: hey I hacked you come here and get me? thats just an excuse for sony lack of security and thinking that they are god since no one never hacked PS3 for the past 5-6 years and they thought no one could hack them.
GeoHot Wrote:Also, let's not fault the Sony engineers for this, the same way I do not fault the engineers who designed the BMG rootkit. The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts. Alienating the hacker community is not a good idea.
Now until more information is revealed on the technicals, I can only speculate, but I bet Sony's arrogance and misunderstanding of ownership put them in this position. Sony execs probably haughtily chuckled at the idea of threat modeling. Traditionally the trust boundary for a web service exists between the server and the client. But Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client(can't trust those pesky consumers), everything is good. Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server? This arrogance undermines a basic security principle,[SIZE="3"] never trust the client.[/SIZE] It's the same reason MW2 was covered in cheaters, Infinity Ward even admitted to the mistake of trusting Sony's client. Sony needs to accept that they no longer own and control the PS3 when they sell it to you. Notice it's only PSN that gave away all your personal data, not Xbox Live when the 360 was hacked, not iTunes when the iPhone was jailbroken, and not GMail when Android was rooted. Because other companies aren't crazy.

