[RPGCrazied]

Well, the Dues Ex site is fixed now. That didn't take long, wish Sony could be that fast.

[scy]

Originally Posted by boris feinbrand:

I am not talking about putting the blame entirely on corporations, the malign intent and the punishment for the actual breach lies squarely on the hacker(s) that carried out the attack, but the idea that corporations can simply get away with clear violations of securing private user data is proposterous.

While I agree to a point, I don't think you'll see me ever thanking these hackers for championing the cause when they're still stealing data in the process. If they left a note of "chippy1337 was here, fix your shit bro" then alright, whatever. But not if it also has a "ps, thx 4 teh inf0z," to go with it.

[fabricated backlash]

Originally Posted by stuminus3:

There's a big difference between "Dear Eidos, we have breached your security, please get your house in order or we'll take this public" and "lol we stole all ur usernames and passwords wouldn't it be funny to break ppl's computers".

Yet people lump every hacker together, using anonymous as a convenient scapegoat to put every stereotype about the no-life, basement dwelling, obese, pale nerd together, and then call that an informed oppinion.

Originally Posted by scy:

While I agree to a point, I don't think you'll see me ever thanking these hackers for championing the cause when they're still stealing data in the process. If they left a note of "chippy1337 was here, fix your shit bro" then alright, whatever. But not if it also has a "ps, thx 4 teh inf0z," to go with it.

Absolutely agreed. Don't think that my statement means anything else. I'm actually quite cynical about this, as I am convinced that a lot of corporations won't actually gear up on their IT security unless they are facing legal consequences due to their lack of security.

Originally Posted by GavinGT:

How do you call hackers that give explicit aliases "anonymous"? Fucking stupid.

It's a convenient scapegoat, that generates a lot of traffic as the term anonymous is a synonym for "evil" to a lot of forum dwellers now. Blame something on anonymous and watch your site traffic go up considerably.

[GavinGT]

How do you call hackers that give explicit aliases "anonymous"? Fucking stupid.

[webrunner]

Originally Posted by boris feinbrand:

Yet people lump every hacker together, using anonymous as a convenient scapegoat to put every stereotype about the no-life, basement dwelling, obese, pale nerd together, and then call that an informed oppinion.

Didn't you hear? There is only one hacker in the world, Anonymous P. Hacksworth. He looks out for people's rights against corporations and then steals their credit card numbers. He writes a virus that kills people's computers and then cracks no-cd on abandonware games. Then he goes home and in his off-hours takes over military satellites and installs linux on his toaster which he then posts on reddit.

[V_Arnold]

Originally Posted by boris feinbrand:

Yet people lump every hacker together, using anonymous as a convenient scapegoat to put every stereotype about the no-life, basement dwelling, obese, pale nerd together, and then call that an informed oppinion.

I think a pretty strong distinction should be needed to differentiate between
-people who go around like blind elephants in a room full of old porcelaine, hacking and destroying everything they can "just cause they have bad security"
-people who do this as a part of their job, and they try to build better security for the firm they work for, and only works on hacking methods to try and second guess his own defenses, in a way
-people who have fun with "breaking" defenses, but they wont do it to any property that is not theirs, but simply think of this as a mind puzzle.

I feel no remorse for group 1. Group 2 does their jobs, and I support to get a playground laid down to everyone in group 3. Just gotta make sure that they dont and wont turn into someone from group 1 "just cause".

[fabricated backlash]

Originally Posted by webrunner:

Didn't you hear? There is only one hacker in the world, Anonymous P. Hacksworth. He looks out for people's rights against corporations and then steals their credit card numbers. He writes a virus that kills people's computers and then cracks no-cd on abandonware games. Then he goes home and in his off-hours takes over military satellites and installs linux on his toaster which he then posts on reddit.

Oh boy, I literally laughed out loud at that. Would make an awesome Gamertag: Anonymous P Hacksworth.

Thanks for cheering me up, I was getting quite worked up over this.

[RPGCrazied]

They even give out their IRC server, why not go after them? They are basically laughing in front of their faces now.

[fabricated backlash]

Originally Posted by V_Arnold:

I think a pretty strong distinction should be needed to differentiate between -people who go around like blind elephants in a room full of old porcelaine, hacking and destroying everything they can "just cause they have bad security" -people who do this as a part of their job, and they try to build better security for the firm they work for, and only works on hacking methods to try and second guess his own defenses, in a way -people who have fun with "breaking" defenses, but they wont do it to any property that is not theirs, but simply think of this as a mind puzzle. I feel no remorse for group 1. Group 2 does their jobs, and I support to get a playground laid down to everyone in group 3. Just gotta make sure that they dont and wont turn into someone from group 1 "just cause".

Group 1 is the absolute minority of the people you can call hackers. And analogue to other collectives, a radical minority too often defines the collectives public image thanks to unprofessional journalism, and peoples worrying tendency to take journalists accounts as absolute truth, throwing away critical thinking and thus denying themselves from having informed opinions (mind you, I am aware that I myself am guilty of that on various occasions, but I constantly try to adress this most human shortcoming)

[gl0w]

makes no sense.....
More to come i suppose...

[Joseph Merrick]

Originally Posted by RPGCrazied:

They even give out their IRC server, why not go after them? They are basically laughing in front of their faces now.

http://www.youtube.com/watch?v=O2rGTXHvPCQ

[fabricated backlash]

Originally Posted by Joseph Merrick:

http://www.youtube.com/watch?v=O2rGTXHvPCQ

Oh dear... lol, it's the modern version of the 80s talkshow hosts explaining Black and Death Metal^^

[Seraphinianus]

Originally Posted by RPGCrazied:

They even give out their IRC server, why not go after them? They are basically laughing in front of their faces now.

just cause you know their nickname on IRC, doesn't mean you can get anything else.

[VisanidethDM]

Originally Posted by Steve Youngblood:

I know you kind of address this, but I really, really wish people would stop making the disingenuous comparison between companies with tons of user data/money/possessions and the expectations therein to protect that, and random citizens' with their personal belongings and the expectations therein to protect those.

The core problem is that there's a ridicolous statement flying around that sounds more or less like "If you're storing my data, then you WILL be responsible if your security is breached".

Which equals to saying that companies that use personal and CC data are required to be 100% safe. Makes as much sense as saying "every post office should be robbery-proof".

It doesn't work like that. It's insane to even expect it works like that.

The only situation where Sony is responsible for the data it lost is the one where it's proven their security wasn't adequate. Being breached DOESN'T equal to not having adequate security. Being robbed DOESN'T equal to being careless.

In order to make such statements we should know it's positively possible to be 100% safe from any form of attack. If that isn't possible, than any judgement should be suspended until guilt is proven.

Instead we got this hysteria going on that internet databases should be magically safe and if they aren't, the companies who took the data are the culprit. Such a nice world we live in then, because I can imagine a small company wanting to start a business making indie projects without going through the official distribution channels and being unable to do so because they can't afford a multimillion worth online security deparment.

Let's have our priorities straight. IF tomorrow Sony is proven guilty, let's have them pay their dues. MEANWHILE, we have real criminals to pursue, eradicate and punish in an exemplar enough way to discourage any other lowlife to go and try to compromise our lifestyle again. Yet apparently that's a secondary issue.

[Ranger X]

So, what's the goal of this pressure from hackkers lately and their menace of releasing people's info?

[VisanidethDM]

Originally Posted by boris feinbrand:

Group 1 is the absolute minority of the people you can call hackers.

Making an example, here.

Sebastian Vettel could probably drive his car safely on the highway at an average speed of 200 K/h. However, since most people isn't Vettel, and can't be trusted to be able to do so, the limit is 130 K/h, for everyone, including Vettel.

There's hackers who could and would be hacking responsibly, but if the choice is making life worse for them or everyone else, you take the least desistance route. The minority fucked up things for them, and potentially for us all, and as a result, the only answer is a loss of freedom. The "good" hackers have the tools to go back and exact revenge on the bad ones, I guess, but we're past the part in which we let hackers do their thing and see how responsible they are.

[Steve Youngblood]

Originally Posted by VisanidethDM:

The core problem is that there's a ridicolous statement flying around that sounds more or less like "If you're storing my data, then you WILL be responsible if your security is breached".

I understand that point, but by drawing the "blaming ordinary citizens who are victims for their own crimes" comparison, it just makes me immediately think that anyone making the comparison doesn't know what they're talking about. Meaning, if somebody on my street gets robbed, I don't care about the details. Did he/she have state of the art security, or was the front door wide open? I don't need an answer. The reason why is because this person has no obligation to me to try to keep his/her house safe. I have no expectations of them.

I do, however, have expectations of companies that have sensitive data and or belongings of their consumers as part of their business model. There's a trust there, wherein the company is expected to do everything they can to keep this information/physical property safe. Now, that doesn't mean that if there's a theft or breach, they're automatically to blame. However, I now care about the details. Whereas I didn't care before about whether the neighbors had adequately attempted to prevent their stuff from being stolen, I care a great deal about the company's security.

[Kagari]

This shit needs to stop.

[JDS 1977]

These douches need to have an example made of them to deter this crap. They all think they are sticking it to "the man" but all they do is screw the gaming community who just want to play some games.

It's like them thinking they are fucking over big business by taking the ball away from some kids in the park.

[VisanidethDM]

Originally Posted by Steve Youngblood:

Did he/she have state of the art security, or was the front door wide open? I don't need an answer.

But why should I be forced to have state of the art security to run my business? Why should I take ALL the burden of a government who's too lazy to pursue criminals and a userbase who's ready to be at my throat if I don't dump millions I could spend in like, the stuff I make instead of defending myself from criminals nobody even blames on message boards?

We can't just put all the onus of fighting the digital wars to companies, letting criminals do as they will and just calling it a day.

To make a fitting analogy, for once, it's like at some point the government said "well, bank robbery is a crime, but we ain't gonna pursue robbers anymore". And when banks get robbed, people get angry at the banks and not the robbers. I hate corporations as much as any other first world spoiled citizen, but seriously.

[SPEA]

Originally Posted by Kagari:

This shit needs to stop.

This. Seriously. It's becoming pretty messed up now.

[Malio]

Originally Posted by Wario64:

Good! That will teach them to make better games from now on. Right?

We can only hope.

[aeolist]

Originally Posted by VisanidethDM:

But why should I be forced to have state of the art security to run my business? Why should I take ALL the burden of a government who's too lazy to pursue criminals and a userbase who's ready to be at my throat if I don't dump millions I could spend in like, the stuff I make instead of defending myself from criminals nobody even blames on message boards? We can't just put all the onus of fighting the digital wars to companies, letting criminals do as they will and just calling it a day. To make a fitting analogy, for once, it's like at some point the government said "well, bank robbery is a crime, but we ain't gonna pursue robbers anymore". And when banks get robbed, people get angry at the banks and not the robbers. I hate corporations as much as any other first world spoiled citizen, but seriously.

http://arstechnica.com/tech-policy/n...k-response.ars

Quote:

Dr. Gene Spafford of Purdue testified that Sony's system was weak, and that those weaknesses had been revealed on security mailing lists months before the breach. According to Spafford, key parts of Sony's PlayStation Network ran on Apache servers that "were unpatched and had no firewall installed." This was reported in a forum known to be frequented by Sony employees, he said, though no changes were made in the months leading up to the attack.

[Zabka]

Originally Posted by VisanidethDM:

To make a fitting analogy, for once, it's like at some point the government said "well, bank robbery is a crime, but we ain't gonna pursue robbers anymore". And when banks get robbed, people get angry at the banks and not the robbers. I hate corporations as much as any other first world spoiled citizen, but seriously.

The whole purpose of a bank is to secure your money and property. If a bank was robbed and someone's safe deposit box was stolen then it's the bank's responsibility to compensate the victim. Police don't exist to prevent all possible crimes, that's why banks hire their own security guards.

[Joseph Merrick]

Originally Posted by VisanidethDM:

But why should I be forced to have state of the art security to run my business?

what the hell are you writing? because you're handling peoples' private data.

how about this, stop coming up with worthless analogies.

[Steve Youngblood]

Originally Posted by VisanidethDM:

But why should I be forced to have state of the art security to run my business? Why should I take ALL the burden of a government who's too lazy to pursue criminals and a userbase who's ready to be at my throat if I don't dump millions I could spend in like, the stuff I make instead of defending myself from criminals nobody even blames on message boards?

I don't think you and I are on the same page, here. Without talking about any specific recent security examples, in general, companies have an expectation to try and keep information/physical property safe. It's part of the trust that's demanded when consumers hand over this valuable information/property, otherwise they wouldn't do it at all. Am I saying that they have all the burden? No. But they have more than ordinary citizens do when it comes to expectations from others to keep their own stuff secure. And that was my point. Deflecting security concerns levied against companies with disingenuous "you're blaming the victim" comparisons don't help get a point across. In fact, the comparison is lazy and detracts from what you're attempting to elucidate.

[HocusPocus]

I think I'm done putting my information out there on the net.

[Averon]

Originally Posted by aeolist:

http://arstechnica.com/tech-policy/n...k-response.ars

I believe that was later reported to be false.

[webrunner]

Originally Posted by HocusPocus:

I think I'm done putting my information out there on the net.

Hah! I've hacked you and I already know that you enjoy magic tricks and are looking forward to Diablo 3! You are also concerned about internet security of personal information!

[Dreamgazer]

Originally Posted by aeolist:

http://arstechnica.com/tech-policy/n...k-response.ars

Sorry to go off topic, but can we stop quoting the Spafford response which himself has stated -that it's been taken out of context?

[grap3fruitman]

I don't understand why the title mentions Anon when the article states that a particular person was claiming credit for the attack. So do you guys consider anyone that labels themselves a "hacker" as part of Anonymous? That seems misguided. Also, if you've even once posted on 4chan you're probably considered Anon too. Another note: most of Anons "attacks" tend to be denial of service attacks, which consists of pinging a server as many times and from as many computers at once so that the server can't respond to the requests timely and stuff starts loading slower and slower. It's basically like how Neogaf is whenever something's announced. They typically don't do actual harmful attacks, especially where large-scale sensitive information is up in the air, they just tend to perform denial of service attacks to annoy.

[fabricated backlash]

Originally Posted by HocusPocus:

I think I'm done putting my information out there on the net.

That's an over reaction. Just be aware of where you are putting that information, and hold those places accountable for securing your information. If you feel that you can't trust a service or company to handle security of your information, don't give it out.

that much is every persons own responsability.

[Jintor]

Originally Posted by StuBurns:

Anon are a collective with a unified mindset. Why did they say Anon didn't do the PSN hack? If anyone can be Anon, then they can't say Anon aren't responsible for the hack, but they did. They said Anon don't support personal detail theft, that means no one who does steal personal data can possibly be a member of Anon etc. The whole 'no one is a member' thing is bullshit.

You're talking about AnonOps, the faction within Anonymous that likes to make press statements and is currently suffering a hacker civil war

[fabricated backlash]

Originally Posted by VisanidethDM:

But why should I be forced to have state of the art security to run my business?

Tell me you're not serious.

Why should BP be responsible for the Oil Spill. I mean we can't expect them to prevent all oil spills or being prepared for a disaster like that by employing state of the art technology.

Why should Tepco be responsible for handling the aftermath of the tsunami taking out the auxilliary power generator at their Fukushima Plant. We can't expect them to have state of the art security to run their business.

Hell, why should a bank have to secure their online transactions.

Originally Posted by Jintor:

You're talking about AnonOps, the faction within Anonymous that likes to make press statements and is currently suffering a hacker civil war

Which makes the idea of a shared mindset even more ridiculous.

[Sho_Nuff82]

Originally Posted by Dambrosi:

Goodbye.

Wishing death on hackers is a bannable offense now? Surely this is a gaming side only rule?

[aeolist]

Originally Posted by Averon:

I believe that was later reported to be false.

Where? Google is only bringing up the same quote

[Grisby]

:/

Why Eidos?

[BY2K]

I'm just happy nobody pulled a Half-Life 2 and stole an Alpha build of Deus Ex 3 or something like that.

[Ploid 3.0]

I wish hackers were more interested in hacking book companies and movie companies than gaming companies.

[Wazzim]

You know back in the day articles would say: "Hackers attacked -insert company-"
These days it's like 'Anonymous' are the only hackers around and getting all the blame even though the IRC channel clearly states that they did it if they actually did it.

[Dreamgazer]

Originally Posted by aeolist:

Where? Google is only bringing up the same quote

http://twitter.com/#!/therealspaf

Quote:

TheRealSpaf Gene Spafford I never said it was proof. I responded that I had no personal knowledge but read in a security list ... others have spun it. 6 May Gene Spafford TheRealSpaf Gene Spafford Meanwhile, the press has widely taken only a portion of my quote, out of context, from the hearing this morning and broadcast that widely. 4 May

http://www.cerias.purdue.edu/site/blog/author/spaf/

Quote:

In my written testimony I indicated that "...some news reports indicate that Sony was running software that was badly out of date, and had been warned about that risk." During questioning, I stated that I had read this on security lists that I normally read. The fun begins My comment that I had seen accounts about the server software being out of date and no firewalls was reported accurately by a few media outlets. However, a few others widely misquoted as me stating, authoritatively, that Sony was running outdated, unpatched software and implied that this was somehow the cause of the breach. Other news sources, blogs, and aggregators then picked up this version of the story and repeated it as their own, often with some other embellishment. In only a few cases did a responsible journalist contact me to fact-check the story and determine what I had actually said, and what I actually knew. I tried to correct one or two of the incorrect reports, but most occurred in places where there was no contact address for corrections, and they soon were spreading faster than I could possibly respond. I gave up.

[Lonewolf_92]

Originally Posted by Londa:

What do they have to gain by hacking the site? Steal some games? 9000 peoples information is now stolen for god know what they will do with it. Are people really this far gone to support these low lifes?

These guys are not Anonymous, hell, it's likely these guys are not really "Chippy1337". No one is supporting this or the PSN hack. Don't be a fanboy, there are many different hacker groups out there (have been since computers with valuable information could be dialed into and the info stolen), not all of them do this type of shit. In fact, the type who are of the "bored teenagers" archetype are less likely to do this type of job (they're more likely to just leave obscene material on the homepage or a "Hacked by" tag to prove that they were the one who did it). when you've got stolen information though, you're looking at a more hardened group of criminals, and no one on NeoGAF supports the actions of these types.

Break down for you:

The 9,000 resumes will be sold through a shell company to one that makes mailing lists. Each of those resumes will bring between .25 to 1.00 US depending on how much information those resumes contain.

The user infomation from the forums and from Eidos' private server sections will be used as keys to attempt to get in other places. While many of us know enough not to use the same names and passwords we use to log into forums on sites like paypal or our banks, many average users don't see the danger. It wouldn't surprise me at all if these hackers got into Eidos because some middle management type used his login information elsewhere that got compromised (heck, this hack just might be related to the PSN one).

Then you have stuff like credit card info, which will be sold on the blackmarket, and anything else (if they stole source code like that one claimed, it could end up on the web for bragging rights). They might even leave themselves a "backdoor", so they can get in again whenever they want.

[User33]

Originally Posted by Lonewolf_92:

These guys are not Anonymous, hell, it's likely these guys are not really "Chippy1337". No one is supporting this or the PSN hack. Don't be a fanboy, there are many different hacker groups out there (have been since computers with valuable information could be dialed into and the info stolen), not all of them do this type of shit. In fact, the type who are of the "bored teenagers" archetype are less likely to do this type of job (they're more likely to just leave obscene material on the homepage or a "Hacked by" tag to prove that they were the one who did it). when you've got stolen information though, you're looking at a more hardened group of criminals, and no one on NeoGAF supports the actions of these types. Break down for you: The 9,000 resumes will be sold through a shell company to one that makes mailing lists. Each of those resumes will bring between .25 to 1.00 US depending on how much information those resumes contain. The user infomation from the forums and from Eidos' private server sections will be used as keys to attempt to get in other places. While many of us know enough not to use the same names and passwords we use to log into forums on sites like paypal or our banks, many average users don't see the danger. It wouldn't surprise me at all if these hackers got into Eidos because some middle management type used his login information elsewhere that got compromised (heck, this hack just might be related to the PSN one). Then you have stuff like credit card info, which will be sold on the blackmarket, and anything else (if they stole source code like that one claimed, it could end up on the web for bragging rights). They might even leave themselves a "backdoor", so they can get in again whenever they want.

You do realize that Square-Enix released a statement saying only 350 resumes were compromised in addition to 25,000 email addresses with no attatched personal information (no passwords, usernames, etc making those email addresses on their own useless)? I mean it sucks for those 350 people but you're blowing this way out of proportion.

[jim-jam bongs]

The tendency of many gamers to feel empathy with corporations over their peers is remarkable.

[AndyMoogle]

The part about 9000 resumes is obviously "over 9000" related, which means that they did not get 9000 resumes.

[Lonewolf_92]

Originally Posted by User33:

You do realize that Square-Enix released a statement saying only 350 resumes were compromised in addition to 25,000 email addresses with no attatched personal information (no passwords, usernames, etc making those email addresses on their own useless)? I mean it sucks for those 350 people but you're blowing this way out of proportion.

You do realize that the hackers themselves said they scrubbed the logs? There's no way to tell exactly what they got into beyond what has been changed before and after the hack took place, there's no real way to tell what's been copied. Also, if they had deep enough access to get the E-mail addresses, they were deep enough to get account names and passwords, which is much more valuable to these types. You should never take a companies statement to the press at face value on these things, because of course they want to make it seem like less damage was done than what might have actually took place.

[User33]

Originally Posted by Lonewolf_92:

You do realize that the hackers themselves said they scrubbed the logs? There's no way to tell exactly what they got into beyond what has been changed before and after the hack took place, there's no real way to tell what's been copied. Also, if they had deep enough access to get the E-mail addresses, they were deep enough to get account names and passwords, which is much more valuable to these types. You should never take a companies statement to the press at face value on these things, because of course they want to make it seem like less damage was done than what might have actually took place.

Um...no. That's not how it works. Sites don't store ASCII passwords. They create hashes of them using a unique key for each site. These keys are usually 128bit and pretty hardcore (makes cracking them basically impossible).

Also, these "hackers" uploaded a torrent with all the information they gathered. Its been verified by people who downloaded it, all that was there were the 350 resumes and email addresses (oh, and their IRC chat log)

Your posts in this topic are just theorycrafting that frankly don't make a whole lot of sense. Give it a rest.

[Corto]

Some one should take care of this... anonymously.

[Ether_Snake]

Sounds suspicious. Reminds me of how that HB Gary security firm made plans on ways to attack anonymous in similar fashion.

How did some security firm so quickly end up finding and releasing such information publicly? Since when would a company immediately not only hire some security firm to find out what is happening, but said security firm would also post to the whole world what it found, in an obviously ongoing investigation? This stuff is supposed to be rather secret and private.

I smell something. I wouldn't trust the report so quickly.

[TunaLover]

Originally Posted by Plasmid:

Batman is about to fuck your shit up Anonymous.

You wrong, Anonymous is Batman.