-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
CNET Rumor: Hackers Planning Third Attack Against Sony, Publicizing Data
- Thread starter Wario64
- Start date
Hanmik said:
It says it all quite clearly on the websites and there is a picture of him at the hearing. And the link you provided is for written testimony not a transcript.
Your PDF does not have anything that was said at that meeting. It was broadcast on C-SPAN on the 5th. Unless we can dig up the transcript from the meeting or find the actual footage then we only have the article to go on.
Vagabundo said:
on the websites with the news it is stated that he said that stuff, yes.. And I cannot find a written transcript or a video or anything of the actual hearing.
But the fact that he writes in his written Testimony, that he has no knowledge of Sony´s security. And then, supposedly, at the hearing suddenly knows a lot more about it, just sounds strange.. cannot se why he would write one thing and say another..
test_account
XP-39C²
Is Spafford's statement only based on something that he heard on an internet forum?
NEOPARADIGM
Banned
Well I'm about ready to start referring to "hackers" as "cyber terrorists" now. WTF is this shit? Idiots.
get2sammyb
Member
test_account said:
Virtually every piece of news since the story started has been from "something seen on an Internet forum" or "read in an IRC chatroom". It really is ridiculous. It's damaging, in fact.
test_account
XP-39C²
xapnder said:
Ok, i see. Then i dont think that this statement is very creditable indeed. Just because he is a security expert doesnt change anything if it is only based on something that he heard. Who knows if what was said on the internet forum is actually true or not, but i dont think that something like this should be mentioned in a hearing when they cant prove what was said on the forum is true or not (no offence to Spafford).get2sammyb said:
EDIT: Well, maybe it could be mentioned, but i dont think that it should be given much weight if they cant prove if what was said on the forum is true or false.
get2sammyb
Member
Vagabundo said:
Link?
EDIT: Beaten.
get2sammyb said:
Well then, Sony should release details from their security audit and be honest.
I've a funny feeling that the information there would be pretty damning, but maybe when PSN is back up we might get an arstechnica article on what went down.
get2sammyb said:
http://www.c-spanvideo.org/program/DataT
It is a the data protection meeting on the 4th.
get2sammyb
Member
Vagabundo said:
Because ArsTechnica has been the most reliable source during this story...
Combichristoffersen
Combovers don't work when there is no hair
French said:
Fighting for people's right to party
test_account
XP-39C²
Although that it wasnt very detailed, Sony did publish a picture on the press conferenace on May 1st showing that there was a firewall between each of the servers. If this is true, then it debunks what was said on the internet forum about Sony not using a firewall.Vagabundo said:
Hanmik said:
It is a great website, there is a transcript and it will jump to that part of the video.
Amazing.
Another quote from a different researcher(paraphrase): "95% of network breaches could be avoided by security updates (due diligence)" and the FTC guy agrees.
Interesting meeting.
Clear
CliffyB's Cock Holster
The only solid evidence is that coming from Sony themselves. And I'm only giving that credibility because as a federal criminal case is ongoing, Sony would really be shooting themselves in the face by blatantly lying in their statements.
The most damaging allegations are all from anecdotal internet sources, and as with this CNET piece, individuals are never named.
The way Spafford's comments have been misreported is an example of how twisted things have gotten. His actual written testimony contains none of this specific detail, because it being an anecdote from one or more second hand sources its inconclusive.
Essentially an allegation from an unnamed source mentioned by Prof. Spafford in his oral testimony has been presented not only as *his* conclusive opinion, but absolute fact.
Check out his tweets (therealspaf) for his somewhat bemused response.
The most damaging allegations are all from anecdotal internet sources, and as with this CNET piece, individuals are never named.
The way Spafford's comments have been misreported is an example of how twisted things have gotten. His actual written testimony contains none of this specific detail, because it being an anecdote from one or more second hand sources its inconclusive.
Essentially an allegation from an unnamed source mentioned by Prof. Spafford in his oral testimony has been presented not only as *his* conclusive opinion, but absolute fact.
Check out his tweets (therealspaf) for his somewhat bemused response.
http://www.c-spanvideo.org/program/DataT
At 56.34 Spafford says all the stuff that the news are reporting.. but he is talking about some security protocols and the woman asking, is saying that (at 55.54) this is the first time she is hearing about it, and aks if he can elaborate on the subject..
But what is he saying his sources are again..? the woman just said the he wrote he did not know anymore about Sony´s situation other then stuff taken from blogs and news reports.. so what protocols is he talking about..? does he suddenly have solid evidence or is he just talking about the news reports..?
At 56.34 Spafford says all the stuff that the news are reporting.. but he is talking about some security protocols and the woman asking, is saying that (at 55.54) this is the first time she is hearing about it, and aks if he can elaborate on the subject..
But what is he saying his sources are again..? the woman just said the he wrote he did not know anymore about Sony´s situation other then stuff taken from blogs and news reports.. so what protocols is he talking about..? does he suddenly have solid evidence or is he just talking about the news reports..?
Dedication Through Light
Member
itxaka said:
Technically, I see three firewalls...
Where are they getting "NO FIREWALLS"?
get2sammyb
Member
Gene Spafford's Twitter account:
https://twitter.com/TheRealSpaf/status/65982352219848704
https://twitter.com/TheRealSpaf/status/65982629815656448
get2sammyb
Member
Goldmund said:
You should probably write a story about it for a major publication. "Sony Diagram Demonstrates Network Insecurities".
test_account
XP-39C²
I dont think that the first paragraph in the consumerist is bang on. It says this:Vagabundo said:
In congressional testimony this morning, Dr. Gene Spafford of Purdue University said that Sony was using outdated software on its servers and knew about it months in advance of the recent security breaches that allowed hackers to get private information from over 100 million user accounts
He didnt exactly say this. The way this paragraph is written, it can seem that Spafford had proof of these things. In the 2nd paragraph of the article, they do at least clearify his statement better though.
Thanks for the link to that hearing by the way. Was some interesting stuff there
test_account said:I dont think that the first paragraph in the consumerist is bang on. It says this:
In congressional testimony this morning, Dr. Gene Spafford of Purdue University said that Sony was using outdated software on its servers and knew about it months in advance of the recent security breaches that allowed hackers to get private information from over 100 million user accounts
He didnt exactly say this. The way this paragraph is written, it can seem that Spafford had proof of these things. In the 2nd paragraph of the article, they do at least clearify his statement better though.
Thanks for the link to that hearing by the way. Was some interesting stuff there
yes you are right.. this is the second paragraph form the article..
so it is not a thing he knows from reliable sources but from Internet Protocols (as he himself calls them) monitored by Sony Employees.. and the answer is in regards to the congresswomans question about "whether he could elaborate on his statements in his Testimony regarding the rumours about Sony´s servers being unpatched and old"..
he is just elaborating on the words from his Written Testimony. So again, he never states anything about Sony´s servers.
fabricated backlash
Member
In the most unprofessional and idiotic way possible. Regardless of those idiots motivation to hack PSN, Sonys legal handling of the PS3 hack was beyond amateurish and reactionary.BoilersFan23 said:
Given that they forgot about basic encryption procedures, the reported bit about them running their online Plattform on outdated servers with lack of security isn't really that hard to believe.
And again, if there really is going to be another Hack Attempt, then I'd say there is no better time than now. If the new Security measures and structure are worth anything, they can use it as a first stress test.
Mizzou Gaming
Member
I know SONY called down the thunder but not this much thunder. This has got me thinking this could go on for a long time because clearly these guys are out for blood. What's scary is these hackers could inflict unbelieveable damage on SONY if they start strategically planning attacks around key product launches like NGP, I would say the tablet but its already doomed, or even around key software launches like Uncharted or even a CoD game. Wont be too long until the entire industry feels the thunder.
get2sammyb
Member
boris feinbrand said:
They did? Let's not get into "my home address should have been encrypted" because I guarantee it's very uncommon practice to do that.
As I understand it credit card information was correctly encrypted and password data was hashed. The only thing that remains a question mark is the security question.
Mizzou Gaming said:
While I think that's probably a little bit melodramatic, what's awesome about the whole situation is that we lose; the legitimate players that are excited to play on our new NGP, or have had Uncharted 3 on pre-order for a couple of months. That's just not fair, whether Sony's incompetent or not.
gutter_trash
Banned
cyber-terrorism
as an employee of the gaming industry; I find this extremely damaging for big publishers and small indy devs who are losing sales during these weeks of shut-down.
Everyone thinks that companies are big and evil but at the receiving end; it will be the game developers who will get the most hurt
this is crazy bad
as an employee of the gaming industry; I find this extremely damaging for big publishers and small indy devs who are losing sales during these weeks of shut-down.
Everyone thinks that companies are big and evil but at the receiving end; it will be the game developers who will get the most hurt
this is crazy bad
LiquidMetal14
hide your water-based mammals
Sweet, where do I donate to these beacons of hope /sarcasmMizzou Gaming said:
Not liking Sony or thinking they deserve some ill will over stupid other OS and such is one thing. But to cost them so much money and harm in this way thus far is much worse. I don't know how someone can rationalize how far things have gone and hopefully idiot hackers will get their due.
Once more, this is a pity too. I was talking to a friend about this. The system wars banter only goes so far but at some point you have to come back to earth. This is very damaging to everyone, not just 1 company.gutter_trash said:
staticneuron
Member
Diablos said:
It was only to find out evidence to support their push for jurisdiction. It was granted by the court BTW and it wasn't a free pass for them to do "anything" with the information.
People are going overboard with that. If it was "really" an invasion of privacy then people shouldn't be upset with sony for asking, they should be upset with the courts for allowing it. At least that is what I would imagine how proper logic would work. Being upset at a company for requesting something self serving is silly. Getting upset at the organization that is supposed to define and protect the line between discovery and invasion of privacy would make more sense, but I don't hear any one ranting about the court in this situation.
I just see this as a very long line of hate against Sony that has been going on for years. People will evoke the rootkit scandal when talking about SCE or any event then. People tried to draw parallels between blu ray and betamax. Long line of FUD, ranging from game rentals, lowered specs, incorrect cost analysis, that were all actually reported by site and blogs on the internet. Things blown out of proportion such as the failed viral marketing attempt (oh so evil!) or the supposed racist PSP adverts.
OtherOS gets removed and then it becomes the biggest knew ever. The buzz about that was far more disproportionate then those who actually talked about using it on a daily basis. Whats even worse people acted as if they couldn't "live" without it. The fumbling and inept reporting of the geohot case, in which people still seem to come away with the impression that the government allowed sony to take all sorts of data and keep it for themselves. And now the large amount of incorrect information and broken logic on display about the hackings.
It is mind boggling how much hate sony catches on the interwebs. One would think that sony sent out ninjas to kill peoples family/ kung fu master/dog or something. This is some widespread deep seated grudges it looks like to me.
I wonder if me talking about this will get me labeled because sometimes people turn away from talking points and just choose to attack the person. I am really shocked and dismayed at what gamers have really evolved into this gen.
LiquidMetal14
hide your water-based mammals
You got many points there and it sucks that some will see you as a Sony apologist for it. That's what I hate about people who are either biased or irrational.
Wolves Evolve
Member
staticneuron said:
You shouldn't be labelled anything. You have a reasonable position and should be respected, I think. I just disagree with the narrative you present. Sony have - at several points - taken anti-consumer practices to some beautiful places last few years. I say that as someone who continues to use Sony products and am generally happy with the service they provide. But the rootkit case WAS a huge deal. Sure, its years ago now. The pursuit of Geohot and the use of Youtube user IPs - while enabled by a court - is way beyond the pale.
I actually agree with you about Linux. That's bullshit - but lets not pretend that Sony 'are just like every media corporation' or silly claims like that. They are special. They do special things.
GregLombardi
Member
This is turning into a pretty horrible story.
Good luck Sony.
Good luck Sony.
No they're not. They're just like any other company this is were it goes wrong really:Wolves Evolve said:
You probably missed the Amazon, AT&T, Vodafone, T-Mobile, Shell, BP, GreenPeace, Obama, Bush, Al Gore, Nintendo, Square Enix, Sega, Lady Gaga, Superman etc. hate. Everything gets hated on even more so if companies like Sony fuck up then the hate grows even stronger. But there's a certain balance in the force because for every couple of guys that say that PlayStation sux and Saturn rules there's a bunch of fans thanking Sony for a lack of status updates. Also something that has been popular for decades can be the most hated thing/person in the world in mere months, see Tony Blair. Likewise something that was hated before can turn into something great in the eyes of many like Samsung.
test_account
XP-39C²
About the YouTube IPs, did Sony get these personally or was it a 3rd party who got them?
[QUOTE='[Nintex]]there's a bunch of fans thanking Sony for a lack of status updates.[/QUOTE]
Who is doing that?
Indeed.Hanmik said:
[QUOTE='[Nintex]]there's a bunch of fans thanking Sony for a lack of status updates.[/QUOTE]
Who is doing that?
Mailenstein
Member
I'm calling bullshit on this one, but Sony was literally asking for it by demanding access info on a single YouTube video and some other bullshit.
Mailenstein
Member
It really doesn't matter what it was for to be honest. That was a dick move par excellence and made them instantly the "evil corporation". You can't fuck up big time and expect or hope that people will forgive. Obviously, some didn't.TheBranca18 said:
VisanidethDM
Banned
Mailenstein said:
The internets, the place where you only need 3 lines of ambiguous text based on an excerpt of a transcription of what some guy typed (reporting third hand info) on an unofficial forum to turn every gullible teenager into this:
Go read WHY and HOW Sony asked for those Youtube info. Apply critical thinking and don't believe everything you're told by interested parties.