As you all might notice, earlier 2011, Sony is again in the highlight of news for getting attack from various hackers, exploiting their PlayStation network (PSN) which has roughly 55 millions of users and the music streaming network, QrioCity.
During the attack, Sony PlayStation network has been shutdown, following the forensic security testing. It could be one of the largest case of data theft about 77 millions users. The details of how the attack has been occurred has not yet been published.
However, in Dec 2010, during the Hackers Chaos Communications Conference, the hacking team known as "FailOverflow" has revealed in their presentation that they are now able to decipher the private key used in Play Station 3. Having the private key will allow the users to run any application on the device just like the Sony manufacturer. Sony responded by suing the FailOverflow group, the firmware creator "GeoHot" and others for revealing the root key details and cracks for PS3. Another hacker known as Mathieu Hervais has also discovered the walkaround to the PS3 Firmware 3.56 and announced it in his twitter account. However, he was afraid of Sony legal team, therefore chose not to release the information.
I truly convinced that there is no such thing called "absolute security". Any network that are exposed to public are vulnerable to attack given the skills, resources and time. While feeling sorry for Sony, I am also disappointed that Sony has overlooked the basic security requirement of data.
For instance, Lutz security said that the data stolen from Sony are completed unencrypted. Although I do not know if this information is true, I would think that all the companies and websites that keep the user login, password and important information such as credit cards details must be stored in encrypted format. I realized some programmers simply store the information on their database in plaintext!!!
And the latest series of attacks are in SQL injection according to the AppleRiver. And if these claims were true, I simply think this is a total negligence of Sony for allowing such kind of attacks. This SQL injection should simply not happen.
From this episode, we must be aware that no network is totally secured. All the companies and websites must be proactive in securing their information. By losing to attackers out there, it is not only the unexpected shutdown and expensive forensic analysis but also lose the confidence of customers. While using legal team to contain the damage, you should not forget about the prevention if your business has the nature of online activities.
As for the users, it is very important that your information has been stolen. If your credit cards details are leaked, your card might be misused by someone out there. Most users has the habit of keeping the username and password similar across all kinds of websites, it is likely that once your email password are exposed, your social account such as fackbook and twitter might be stolen too. If you are the one of the stolen customers, you may check with your credit card company on how to control the damage if your card were stolen.
With this unpleasant occasion, Is it a time for the data security to pass to the central authority instead of allowing any individual to keep your valuable information? After all, it is about trust between the service providers and the people.
During the attack, Sony PlayStation network has been shutdown, following the forensic security testing. It could be one of the largest case of data theft about 77 millions users. The details of how the attack has been occurred has not yet been published.
However, in Dec 2010, during the Hackers Chaos Communications Conference, the hacking team known as "FailOverflow" has revealed in their presentation that they are now able to decipher the private key used in Play Station 3. Having the private key will allow the users to run any application on the device just like the Sony manufacturer. Sony responded by suing the FailOverflow group, the firmware creator "GeoHot" and others for revealing the root key details and cracks for PS3. Another hacker known as Mathieu Hervais has also discovered the walkaround to the PS3 Firmware 3.56 and announced it in his twitter account. However, he was afraid of Sony legal team, therefore chose not to release the information.
I truly convinced that there is no such thing called "absolute security". Any network that are exposed to public are vulnerable to attack given the skills, resources and time. While feeling sorry for Sony, I am also disappointed that Sony has overlooked the basic security requirement of data.
For instance, Lutz security said that the data stolen from Sony are completed unencrypted. Although I do not know if this information is true, I would think that all the companies and websites that keep the user login, password and important information such as credit cards details must be stored in encrypted format. I realized some programmers simply store the information on their database in plaintext!!!
And the latest series of attacks are in SQL injection according to the AppleRiver. And if these claims were true, I simply think this is a total negligence of Sony for allowing such kind of attacks. This SQL injection should simply not happen.
From this episode, we must be aware that no network is totally secured. All the companies and websites must be proactive in securing their information. By losing to attackers out there, it is not only the unexpected shutdown and expensive forensic analysis but also lose the confidence of customers. While using legal team to contain the damage, you should not forget about the prevention if your business has the nature of online activities.
As for the users, it is very important that your information has been stolen. If your credit cards details are leaked, your card might be misused by someone out there. Most users has the habit of keeping the username and password similar across all kinds of websites, it is likely that once your email password are exposed, your social account such as fackbook and twitter might be stolen too. If you are the one of the stolen customers, you may check with your credit card company on how to control the damage if your card were stolen.
With this unpleasant occasion, Is it a time for the data security to pass to the central authority instead of allowing any individual to keep your valuable information? After all, it is about trust between the service providers and the people.
No comments:
Post a Comment