Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
July 31, 2014
arrowPress Releases
July 31, 2014
PR Newswire
View All





If you enjoy reading this site, you might also want to check out these UBM Tech sites:


Hotz: Sony Should Have Hired Security Experts Instead Of Lawyers
Hotz: Sony Should Have Hired Security Experts Instead Of Lawyers
April 28, 2011 | By Mike Rose

April 28, 2011 | By Mike Rose
Comments
    79 comments
More:



George "Geohot" Hotz, the hacker who publicly released details on an exploit that circumvents PS3 security protections and enables system owners to run unauthorized code, has stated that he is not involved in the recent compromise of Sony's PlayStation Network.

Earlier in the week, Sony revealed that an illegal intrusion into its network had compromised its database of user account information.

In a blog post, Hotz noted that he has nothing to do with the intrusions, and he "would prefer to not have the FBI knocking on my door." Hotz said he was "one of the good guys... I used to play games online on PC, I hated cheaters then and I hate them now."

He also launched an attack on Sony executives, saying, "Let's not fault the Sony engineers for this, the same way I do not fault the engineers who designed the BMG rootkit."

"The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts."

At the start of the month, the hack group Anonymous announced its intention to attack Sony websites in retaliation for the company's legal actions against PlayStation 3 hackers, as a result of Sony's lawsuits with Hotz and hacker Alexander "Graf_Chokolo" Egorenkov.

The group noted, "In light of this assault on both rights and free expression, Anonymous, the notoriously handsome rulers of the internet, would like to inform you that you have only been 'renting' your web domains. Having trodden upon Anonymous' rights, you must now be trodden on."

However, in light of the recent intrusion, the hacker collective denied any involvement with the current outage. Sony's latest updates have not named Anonymous specifically as the group behind the attacks on PlayStation Network.


Related Jobs

Raven Software / Activision
Raven Software / Activision — Madison, Wisconsin, United States
[07.31.14]

Senior UI Engineer
Treyarch / Activision
Treyarch / Activision — Santa Monica, California, United States
[07.31.14]

Senior Gameplay Engineer - Treyarch
Treyarch / Activision
Treyarch / Activision — Santa Monica, California, United States
[07.31.14]

Level Designer - Treyarch
Vicarious Visions / Activision
Vicarious Visions / Activision — Albany, New York, United States
[07.31.14]

Human Resources Manager










Comments


Fabio Macedo
profile image
This is so much bullshit that I can't even decide where to begin.



When people will understand they have no right over companies' intellectual properties, no matter how much they disagree with those companies' policies?



This is all GeoHot's fault. Don't try to shift the blame to someone that actually produces something millions of people were willing to pay for/use. People like GeoHot are the real looters, liars and moochers in this whole thing. I wish the press and that moronic US senator would realize that for once and for all.

David Campbell
profile image
"Oh when will people realize big business has them totally #$%^@# and they should just shut up like good little slaves and deal with it".



Your mindset destroys nations. You're already quicker to blame a single fellow citizen for one of the biggest security flubs in history then a corporation with one of the most extensive track records of not giving a crap about it's customers around.



And despite not having any real clues as to the perpetrators, you've declared him guilty of all related matters. It could have been the Russian mob for all we know, and have no connection to him whatsoever. That's not even "guilty until proven innocent", that's "just guilty because I don't like you".

Fabio Macedo
profile image
No, it's YOUR mindset that destroy nations by shifting the blame from the perpretator to the victim.



There's no dancing around the issue. Someone hacked Sony. Someone stole the information. If this isn't countered no company has any incentive to produce and sell services.



You're not a slave to companies unless you want to. No one pointed a gun and forced millions of people to use PSN. No one pointed a gun and prevented anyone from leaving the PS3 and PSN behind once features such as OtherOS were removed. Even if you see it as a stripped service or product, it doesn't give you the right to steal from them. End of story. Deal with it.

Dustin Mellen
profile image
You completely ignore the fact that consumers have rights and Sony violated them, but your attitude makes it quite plain that you think IP law trumps consumer rights. David Campbell is correct, your line of thinking is dangerous to the basic freedoms of everyone and you're passing out blame without the slightest amount of evidence to support it. You can't just blame GeoHot for every malady that ails Sony from now on because you don't like what he did.

Arnaud Clermonté
profile image
"destroys nations"... haha

yes, that's totally credible..



"consumer rights"? Nobody's forcing you to be a Sony consumer.

Sony gave you the option to be their consumer provided you play by their rules.

You don't like it? Fine, just don't buy their stuff then, and you'll regain all that freedom that "evil" Sony took away from you.

Ben Pitseleh
profile image
Well that would be fine and dandy as long as Sony was willing to refund me my purchase price of my PS3 when they removed the Other OS.

"Stopping" being a customer and switching to Xbox or PC only for my entertainment needs means I am at a loss of my current purchases.

Continuing to use their system and receiving updates means I am out a loss of a feature that came with my system.

Not updating the system to retain the Other OS functionality removes the ability to play online, and games that require a certain firmware level.

So no matter which way you slice it, Sony "cost" the customer something. People purchased the console and were customers who played by Sony's rules, but then they changed the rules after the fact. That is the issue at hand.



Now, I am not complaining that they "owe" anybody anything but they can't say anybody owes them accepting their changes and not hack their system (just like jailbreaking an iPhone is NOT illegal). Of course I don't support any piracy or hacking their network either, but there is more to the picture than Sony is acknowledging.

Mickey Mullasan
profile image
Been reading "Atlas Shrugged" recently? Should Sony should start a utopian community and leave these looters, liars, and moochers to their own deprived machinations?

Arnaud Clermonté
profile image
Are we still wasting time pretending that the "OtherOS" functionality is missed by more than 0.1% or PS3 users?

Dorica Prostel
profile image
Hey 0.1%, fuck you...







And the whole point of consumer rights is that being able not to buy something isn't enough.

Eric McVinney
profile image
Is this really news worthy? Blame games are for kids and petty lawyers.

Fabio Macedo
profile image
The gaming press needs to understand that this isn't 'covering both sides', but giving voice to the criminal. They do this at their own peril.

Dustin Mellen
profile image
Wow, you just made Eric's point and made yourself look ignorant.

Martin Crownover
profile image
Wow, Fabio. Did Hotz run over your dog or something? Why such vitriol?



What the hackers did was obviously illegally, and morally questionable. But it wasn't Hotz's fault. Sony isn't without fault here either.



Nobody is "blaming the victim" here.



Sony acted stupidly, and it blew up in their faces. That's all there is to it. Consumers have a voice in this too, you know.

Dorica Prostel
profile image
Yeah gaming press, how dare you give a voice to someone that was never convicted of anything.

Alessandro Martin
profile image
Hackers said about two months ago that PSN stored customers data into plain text or XML files. I agree with GeoHot: Sony should have hired security experts, not waste time with a lawsuit that ended up making them look bad and solved nothing. The PS3 was born with PS2 backwards compatibility and OtherOS capabilities: both are gone now, they screwed their paying customers and now they are being punished for it.

Brian ODonnell
profile image
You can't possibly put the blame on GeoHot. If PSN is something that millions of people use and pay for then Sony should be smart enough to build a secure environment. Data theft, especially personal data of the people that use your service is never under any circumstances acceptable.



Sony should be dragged through the streets for this. And with the way they have handled the "hackers" they have brought this upon themselves.

Fabio Macedo
profile image
Sony has a responsibility. But let me put it like this. If you leave your possessions unguarded on the street you shouldn't be surprised if they're taken away. But it's still robbery and it's the government's duty to investigate it and punish the robbers.



This is exactly how the case should be seen.

Brian ODonnell
profile image
You have a point but this isn't me putting my information on the internet just because. If thats the case, then I am at fault. But if I give my information to a third party with the notion that information will remain secure, and am compromised then it is the fault of the third party.



Your example would be more relevant if it was...If I give my money to a bank with the notion that it is secure there, and the bank puts my money out on the curb in a plastic bag...I AM NOT at fault, the bank is.



I would be at fault if the bank had a really bad reputation, which Sony now has and will have to do a lot to repair that.

Martin Crownover
profile image
You're ignoring the fact that it was Sony who left the door unlocked, not the consumer. When you accept and store data from your customers, you have a huge responsibility to keep it in a safe place. Sony failed at this, and they are paying a high price for it.

Tom Baird
profile image
@Martin

Sony did not leave the door unlocked, that is a gross exaggeration.



They may not have had it properly bolt locked, but leaving it unlocked implies 0 security or defenses.



Just because someone managed to break into the house, doesn't mean you can assume the door was unlocked.

Camilo R
profile image
@Fabio, so basically buying stuff from Sony is as good as throwing your stuff out on the street to be stolen?! I thought Sony would be more secure than that, silly me.

Tim Carter
profile image
@Brian: That is like saying to a woman that she deserved to get raped because the way she dressed she was asking for it.

Fabio Macedo
profile image
Bingo.

Andrew Grapsas
profile image
@Tim: this is in no way saying that. Twisting analogies for your purpose doesn't make them correct. Maybe if you had any idea of the engineering involved you've have a better perspective of this.

Brian ODonnell
profile image
@Tim Sony is a huge multi-national corporation. They have a responsibility to their users to keep their information secure. People PAY THEM FOR THAT!



Your comment makes absolutely no sense what so ever and we are all now dumber for having read it

Carlos Fraga
profile image
@Tim - Thats quite a poor analogy because:

1 - We are talking about a data theft. Not physical integrity threat or material theft. These are VERY distinct things

2 - SCEA is not an individual. It is a corporation, responsible for the data it stores from its users, as opposed to your analogy to the individual.

3 - No harm was directly done at the company. The data was not erased. The victims were actually the costumers.



Even an analogy like "its like saying a bank deserved to get stolen because they left a vault open" is not correct, but it would certainly be more accurate.



EDIT: hadn't seen the bank comment before, my bad for repeating it ^^

Fabio Macedo
profile image
Your bank example is actually better than mine indeed. But keeping this analogy, the point I'm making is that it seems everyone is pointing at the bank while the robbers are running away and spending the money, so to speak.



Also, I don't agree it is your 'fault' if the bank has 'a bad reputation'. It isn't a matter of fault but of recklessness. Both are quite different. No matter how bad the reputation the bank had, it's still the law's and the governmnent's concern to see to it that your money is returned (if possible) to the bank and then to you. The bank should also be investigated, of course, and maybe even be fined and punished due to breach of banking regulations or whatever - but just because it's the bigger fish it doesn't mean the case is not about someone stealing what isn't his or hers.



And GeoHot is the guy who pointed at the plastic bag and said 'look, the bank left all this money on the curb.' He's got way more responsability in this than the customer unaware of the bank's reputation.

Ardney Carter
profile image
Please, keep attempting to blame this all on Hotz. I'm laughing so hard right now.



"And GeoHot is the guy who pointed at the plastic bag and said 'look, the bank left all this money on the curb.' "



Dubious as the analogy is, lets use it for lulz. How was Hotz saying this? He said it loud and in the open and the 'bank employees' response was "shut up man! you can't speak about our practices" as opposed to, you know focusing on picking the bag up off the street.



But it's all Hotz's fault, naturally.

Dan Edward
profile image
Tim Carter said: "That is like saying to a woman that she deserved to get raped because the way she dressed she was asking for it. "





Oh my... Brain hurts so much right now...



What can even be said in response to this?

Martin Crownover
profile image
@Tom - Indeed, you are right. But if someone offers to keep your stuff in their house, they're responsible if it gets stolen. Not entirely responsible, but responsible.



Fabio likens creating a PSN account and purchasing content to setting it out on the street for anyone to take, and that is a view that is wrong, because it ignores the important responsibility Sony has to protect you and your data.

Dorica Prostel
profile image
@Fabio Macedo



If i give my stuff to s friend under the understanding that he'd take care of it and then he leaves it on the middle of the street unguarded you bet your ass that i'd be blaming him...



Also, the only reason why i wouldn't be critical of a woman that i had warned not to walk in Rape Alley dressed like a hooker that was raped is because i'd feel sorry for her as a person with feelings (well that and the fact that some idiots would interpret that as saying rape is ok instead of me questioning her disregard for clear warnings)... Sony, as a corporation, only has a bottom line.

Timothy Barton
profile image
I agree with Alessandro. While I don't support stealing information or hacking in general, Sony has really had it coming for a long time. And they really should have spent less time posturing and more time reviewing standard security practices. Now they have been made fools of publicly, and angered many of their customers. The confidence in them will be the hardest thing to recover.

Fabio Macedo
profile image
What you both fail to understand is that since Sony is already paying for their recklessness, the point is that there's a crime to be solved and it wasn't commited by Sony - to the contrary, it is the victim of the crime.



At the end of the day, what you or anyone else thinks of them doesn't matter. What matters is the crime to be solved and prevented.

Tim Carter
profile image
Fabio, I agree with you wholeheartedly.



It seems like people today have learned tons about technology, but have forgotten basic principles of right and wrong.

Fabio Macedo
profile image
Most probably that happens because the victim #onoesitsacorporationandcorporationsareEVIL!



I DO simpathyze with the idea that we shouldn't simply watch companies do everything they want and fail to respond. But the key is HOW we respond. Once we resort to crimes such as theft (and MASSIVE theft in this case), we're doing worse than most things companies do - and the fact that we're "the little guys" isn't an excuse.

Martin Crownover
profile image
Why are you blaming consumers for this? The people who perpetrated this crime are not representatives for everyone using PSN or consumers at large, nor have they released any information about why they did what they did. You're applying your own rationale to their actions, and you're making too many assumptions about what happened here.

Jan Kubiczek
profile image
youre very right timothy. even non-gamers and people that dont own sony products get that they deserved this. nothing more to say about that. motorstorm will blast onto our screens in 1080p on launch day, right? buhahaha.

Andrew Grapsas
profile image
Actually, Sony IS RESPONSIBLE. They guaranteed that our data would be secure. As soon as our personal information is transmitted to their servers, they have a legal responsibility to protect it, especially if it's sensitive.



Sony clearly did not take adequate measures to protect our data.



Who cares about the hackers? Sure, go and prosecute them. That's fine. But, realize that in order for an intrusion to happen, there has to be an exploitable hole within a security network first, one that is there for a reason -- not enough oversight, incorrect testing, lack of experienced developers, etc.



Comparing this to rape, car theft, etc. is stupid. Stop trying to apply analogies. This is a well known technological phenomenon that has occurred outside of games for decades.



If you really want an analogy, it goes this way:



If you leave your credit card on the street, someone can find it. Will they use it for good or evil? Who knows.



If you put your credit card in your wallet, you're less inclined to have it stolen. Sure, you might lose it somewhere, or someone might pick your pocket; but, it's a bit more protected.



If you place your credit card in a safe and only use it when you absolutely need to, well, it's far less likely to be stolen.



If you only digitally utilize your credit card with expiring temporary numbers that are "correct fit" for each transaction, you can never have your card stolen, since it doesn't physically exist. That's pretty damn protected.



Where do you think Sony was on that scale?

Brian ODonnell
profile image
amen!

Fabio Macedo
profile image
I don't think anyone is saying that Sony has no responsibility at all.



The point is that Sony's security failures still don't give anyone the right to steal from them, and this side of the case should be investigated and dealt with too. End of story.



If you don't care about the hackers, it's your problem. I do. I don't want services that I find to be useful to compromise usability because some people think they have a right to things that are not theirs just because they don't like the service or it isn't foolproof. I'm not doing anything wrong. Sony may have been reckless with the data but it didn't stole anything from me or forced me to use their services. The only side in this that robbed anything from anyone were the hackers. Therefore they're the top priority in any society that cares about protecting people's properties. Dance around this however you want.

Dorica Prostel
profile image
How do you people go from "maybe instead of wasting resources on suing me (unsuccessfully) they should have used them to better protect their servers" to "the hackers did good"?

Tim Carter
profile image
They went there from the implication by Hotz that the victim was to be blamed for the crime.



It's not such a far leap. Victim-blaming has a long storied place in history.

Arnaud Clermonté
profile image
What Geohot did is completely irresponsible,

so he is in no position to say who is at fault in this story or what has to be done.

I don't see the point of publishing his opinion.

Ardney Carter
profile image
The point in publishing his remarks is that they are included in his denial of involvement with the attacks. Just as there was a point in publishing anonymous' denial of involvement. Just as there was a point in publishing Sony's speculations on what was and wasn't taken and when services will be up. It's information related to the central event "PSN Hack". This is how reporting/blogging works.

Arnaud Clermonté
profile image
If I get mugged, the attacker is to blame.

If a Sony executive gets mugged, it's his fault for not hiring better bodyguards!



Remember, kids: whatever happens, blame Sony.

Ardney Carter
profile image
If someone mugs Arnaud, the attacker is to blame. Not Hotz

If someone hacks Sony, Hotz is to blame because...well, we don't like that dude!



Remember kids: Whatever happens to Sony, blame Hotz.



Works both ways.

[User Banned]
profile image
This user violated Gamasutra’s Comment Guidelines and has been banned.

Arnaud Clermonté
profile image
Did Sony blame Hotz for this attack ??

Ardney Carter
profile image
When did I say it was Sony accusing Hotz? I'm pretty darn sure I made it obvious I was parodying Arnaud's remarks.



But for the sake of clarification: I'm not mocking Sony here. They've done a good job of that themselves. I'm mocking the blind vitriol that's being directed at Hotz by many in this thread.

[User Banned]
profile image
This user violated Gamasutra’s Comment Guidelines and has been banned.

Dorica Prostel
profile image
Actually a better analogy is you getting mugged after sending all your bodyguards after some guy to rough him up instead of using them for protecting your stuff.



Oh, and the stuff that get stolen doesn't belong to you in the first place, so you where leaving it unguarded because you wanted your guards to rough up that guy.



Pretty sure that i can at least partly blame you for losing my stuff then...

Eric Kwan
profile image
Stay classy, Geohot.

JB Vorderkunz
profile image
Yes!

Adam Bishop
profile image
If there is evidence that Sony was negligent in the way they secured or stored this information then I think it's totally fair to blame them for their negligence. I think people are jumping to conclusions here since there doesn't seem to be any evidence that that's actually the case, but maybe in the future we'll find out that it was.



But the idea that Sony *deserved* for this to happen is petty and childish, and ignores the fact that the primary victims here are Sony's *customers*, the people that Sony's loudest critics claim they're trying to protect.

Martin Crownover
profile image
They are trying to protect them from Sony, haha.

Ben Cowcher
profile image
The fact that this data was stolen at all and the downtime that ensued is proof enough that Sony was negligent.



Did they deserve it? Of course not and Sony's customers certainly didn't deserve it. Keep in mind, that a hacker, once inside the system, could take the data and a) slink away quietly or b) destroy everything on the way out. What kind of a hacker(s) do you think we are dealing with?

Jan Kubiczek
profile image
itll be interesting to see if the updated psn is still free for everyone.

Camilo R
profile image
The guy makes a good point. Especially since it took Sony more than 5 days after contacting a third-party to access what had happened to PSN. They should have people capable of doing that in-house.

Tim Carter
profile image
Right. And if you don't have a super security system on your house, and someone breaks into it, it's your fault that it got broken into.

Andrew Grapsas
profile image
@Tim: stop using faulty analogies!



This isn't a house. This isn't Chernobyl. This isn't friggin' Disney Land.



This is a data facility or collection of data facilities exposed to one of the most wild and hostile environments human-kind has created: the internet. Private, extremely sensitive data was housed on these machines.



That is the reality of it.



The additional reality is that a hacker or collection of hackers managed to bypass this "secure center" and the various systems Sony had engineered and retrieve critical information.



That is the reality of it. No analogies needed. Draw your conclusions from there.

Christopher Enderle
profile image
Sony doesn't want to be dragged over the nails in court by doing an "internal" investigation that may or may not destroy evidence and/or produce whatever results best help their stock price. This makes them appear much more confident in their security, by saying "We'll let another, independent company assess the incident and our security" because they believe it will show they had adequate security and the hackers couldn't have been stopped by reasonable industry standard measures alone.



Of course, there's still a conflict of interest when a company pays another to "review" its security, just like when a company pays a credit rating firm to "rate" their credit.

Tim Carter
profile image
Andrew, stop trying to turn this into an engineering issue.



Hotz is saying that it's their fault because they didn't stop him.



That's an excuse of criminals.



Crime is not a condition of nature - as you imply it is. An act of crime isn't like the weather or something - like a snowstorm - which is what you seem to be depicting it as. It is a choice made by people.



To look at it through those engineers eyes and utterly miss the moral culpability dimension is very very scary.

Andrew Grapsas
profile image
That's not at all what he said. He said there were security issues, that Sony had been made aware there were security issues, and that Sony should have spent money on security experts instead of lawyers. That's it, man.



You read what you want with those subjective eyes of yours.

Tim Carter
profile image
He implied that they deserved it because they didn't have better security.



Exactly the same as a bike thief who says the owner deserved to have his bike stolen because he didn't lock it up.

Alex Prach
profile image
Basically Sony's acting like a company who is trying to protect their products.



What anyone does in their personal time is fine as long as you don't distribute information which could make it easier for other people to break the system. Because of the attention Geohot has, the way Sony dealt with this case seems heavy handed (it may have, it may not have been but who am I to judge).



Because of the way the case has been handled, hackers like the ones in anonymous feel that there is a large injustice as one of their own has been treated thus. During the fuss over hacking the network, other hackers now know the network can be broken down(whether the protection was massive steel gate but someone found a small leak, or whether as some say the door was open doesn't matter as all hackers know that ANY system can be hacked with enough resources).



Either way these hackers stole the PSN's information which was not all encrypted/hashed.



So Sony is responsible for the delay (maybe they thought it was a bug but either way) which made them look like they were not organised to deal with such breaches in security. This caused lots of anger among the customers, further anger was created by not being transparent about the problem.



At the end of the day, all we know is some hackers stole this data which is due to all the hacking activity around the system. Sony has been a target of these groups as they seemed to make Geohot a scapegoat, but if they did all this within the confines of the law, then it is the laws fault for being so heavy handed.



If Sony were to allow people to keep hacking the system without fear of being prosecuted, people would lose faith in the security of the system, and all sorts of hackers would take pleasure in taking people's details.



Alternatively if Sony allows hackers to install games developed to be sold on the system without any monetary costs, then people who read this magazine and all people in gaming would decide there is no reason to develop for this system if it is not possible to make money(or god forbid "break even").



The pirates reasoning for stealing games is because the demo does not give them enough of taste of the game, they want to try half the pie not just one spoon to make up their mind. This mentality would drive many games companies to ruin as there have been some reports which show that many players often do not finish the game.



The other excuse for stealing games is because the cost of games are so high, the problem is many of these pirates believe that all games cost nothing to produce. Even with an existing library of content and game engines, people who need to make a living are needed to put them together, often these libraries and game engines cost money often enough to put them into debt, so future games will have to make use of these resources until the company goes into the next cycle. Gamers expect new content and new libraries with each new iteration, due to cost this just may not be possible without making the game cost more. This may not be the best way to make games but this is the way some games are made, as with any industry the money and time are in limited supply.



There is always the option of just waiting for the game to get cheaper, prices of games are too volatile, and consumers expect the price of games to be high on release. So they have become used to the price dropping significantly.



Even really cheap games like "World of Goo" which was released without drm was widely pirated. Some pirates believe all games should be free, as they do not produce a physical product but a virtual product that we could have imagined in a dream (same goes for films). This unfortunately is the mentality of the pirates who believes there is no value in non-physical products. They believe the time and energy spent products producing data has no intrinsic value only the physical product which they cannot procure without over the net (for now, until the 3D printer).



Pirates in unsupported countries often cite that they cannot play the game in their own country, due to DRM or server lag, etc. This maybe the only reason where I would agree with these pirates, software being held down by DRM/network requirements often halt the gaming culture being spread to these other countries who desire to play the games. This is an unfortunate problem, and I can see that some companies just cannot support so many countries, games themselves if left with weaker DRM will be hacked and distributed more quicker, so larger companies are loath to produce such a product.



Pirates of course use the excuse of insufficient resouces taken up by drm, this is a problem that occurs all the time, how can drm work if it works part of the time. And it has been proven that drm-less software get more pirated than software which is drm regardless of the price.



Some developers are happy that their product has been pirated as it gives them more status and publicity. There are some pirates who have a threshold of their value of a product who will buy it afterwards if they believe the value is of such greatness, these pirates at least contribute something, but usually only to the large games companies who make higher quality games, thus causing the game studios of the rich, getting richer and the poor ones getting poorer. Of course we feel dissatisfied when we paid money for a game which isn't very fun, but would you expect a refund for a well cooked but lack-luster meal that has been half eaten at a reasonable price? some of us i'm sure would have the courage and rudeness to do such a thing, but had we done it we'd feel guilty.



There is so much content on the internet about every game these days from video, demos, reviews faqs, forums that if you do your homework right you won't get burnt but that's the same with anything people buy, if they fear of spending money on a new product which may be faulty(looking at you apple), then don't buy it straight away, i'm sure there's many other games that could be played in the mean time.



God, i've gone off on one of my long rants again, hope I deterred you from pirating so much or going against the majority of pirates and hackers they spawn. If not, then you can keep your own counsel or tell me here

R G
profile image
I only pirate games I've already owned, such as Age Of Empires II. Bought it, lost the disc I've already told my player base that if for some reason my game cannot be played on the next gen consoles, I'll make it free.

Jose Talbott
profile image
@ Bill Boggess you make great point



@ Fabio Macedo thank you for fighting the good fight and having the patience to

deal with the so much of the BS people are saying on this thread.



Being a student developer we have this conversation all the time at the Guildhall (SMU) and I've never met a professor or guest speaker who was or is the industry that thinks Piracy or IP theft is correct or just. ed(this is anecdotal but they are thoughts of industry vets)



Bottom line if you don't agree with Sony Business strategy don't buy Sony products. Why is it correct to attack Sony info structure that ruins consumer enjoyment and takes dollars away from developers.



People think Piracy helps by Punishing publishers but ultimately dev's feel it the worst because their the entity that is unstable the most unstable Activsion, EA, MS, Sony there gonna be alright.



PSN dev uh not so much.....

Jon Simantov
profile image
If you're really looking for an analogy to help illustrate who is at fault here, try this one:



It's like if you left your child at a day care center, and then your child was kidnapped while at the day care center.



Is the kidnapper at fault? Yep.

Is the day care center at fault for letting it happen? Yes.

Is it even your own fault for trusting the day care center without a thorough knowledge of their security procedures for keeping your child safe? You bet!

Joseph Walters
profile image
You can not blame the consumer. Because: what happens when I review the security system for the day care center and the day care center doesn't actually have security cameras but has plastic cameras instead? I am left with the idea that they actually have security when in fact they don't. Yes, the hackers should be sued by sony. Yes, Sony should be sued on multiple levels by their customers for not securing their information in the way they say they are.



According to Sony's online privacy statement:

"Personal information is stored in secure operating environments that are not available to the public and that are only accessible to authorized employees. In addition, Sony Online Services use industry-standard encryption to prevent unauthorized electronic access to sensitive financial information such as your credit card number."



This was not the case. Sony stored personal information in a format that was not encrypted and it was hackable.



My own analogy:

Sony was foolish for taunting the hacker community (Don't poke a sleeping tiger)

Hotz was foolish for pointing it out (Don't put on a sausage necklace when someone is poking a tiger).

The Hackers are foolish since they will eventually get caught for doing stupid things (As a tiger, you should know that the man with a stick has a bunch of men behind him with large weapons.)

Tim Carter
profile image
Jon, your analogy is ridiculous.



You are confusing fault with stupidity.



Let me spell this out. People have the right to be stupid. Being stupid is not wrong.



However, stealing is not a right.



When you are stupid, and you get stolen from, it is base and regressive for someone to say you somehow deserve to have been stolen from.



If a person is stupid in taking care of their stuff they're stupid. But that does not mean they have any culpability in committing a crime.

R G
profile image
Thanks Anon. Keep fighting the good fight.

Tim Carter
profile image
To everyone claiming that Sony, if it is the victim of a crime, shouldn't be protected because it's so big and rich I say this...



If you have a law you must enforce it in all cases. Rich or poor, whether you like it or not.



If you decide you'll only enforce it when "you feel like it", that is a slippery slope. If we can't steal, except in the case of big multinational companies, then soon someone will steal from a smaller company. Then a smaller one. Finally they will be stealing from individuals.



Because the precedent has been set.



The rape comment is really just a way of saying that Hotz is blaming the victim. Like a thug who says, "If they didn't want me to steal their car, they shouldn't have left it unlocked", thus totally evading their own responsibility in committing a crime.

A W
profile image
Sony doesn't deserve what has happen to their security.



Hotz doesn't deserve to be directly blamed for it either unless there is some evidence to prove he is.



Anonymous hackers have pulled off a crime and hopefully they will be brought to the surface to face judgment whether or not they used Geohotz written techniques.



Sony is not a bank. Sony should not have stored credit card information if it could not properly secure it like the majority of banks can. If there is evidence of damage that can harm the consumer now or in the future you can expect Sony to be sued.



Hacker(s) some are thieves or employed by seedy people. Some are hobbyist and do it to see what they can achieve. Hacker(s) can be and are employed by many security firms to prevent such events as the current one that happened to Sony.



The problem is how the story has played out...



If Sony removed "other OS" because it foresaw an event happening just like this then they knew it was coming. The suit Sony brought upon Geohotz might just suggest that they saw this coming and tried to find a person to blame. Instead of issuing a consumer alert that this could happen they went for the suit. Neither the suit nor the security panned out in the end.



I'm a Sony PS3 consumer. My information may have been compromised. Two institutions are at fault here. One that has hacker(s) that can pull this sort of thing off, and the other that foresaw the security threat and did not warn consumers before hand to remove sensitive information. Both should be held accountable to the full extent of the law.



Once again this is BIG and to try to make it something other than that is to be blind. This is going to change how online business is done between business and consumers. Do not try to place meaningless analogies around the situation to make a counterproductive point. Take what you see and piece it together to get the picture of what is happening. This is an ordinary crime that may have extraordinary measures.

Daniel Gooding
profile image
Lol, I love when people start making random analogies.

I'm not trying to insult those that did in this post, it's just always strange comparing something to something completely random.





If I Stick my genitals in the light socket, the attacker is to blame.





wait...........what?





Seriously though, this was bound to happen sooner or later to some major company working with credit card information. I'm assuming Microsoft, and Amazon, and others are breathing a massive sigh of relief it wasn't them, and are now taking far better measure to protect their users information.



In the end this means better security for everyone buying things on-line in the future. Because no company wants to be the next Sony after this.

Tim Carter
profile image
It didn't just "happen". Like a rainstorm or something.



Someone chose to do it.

Daniel Gooding
profile image
Exactly correct sir

That's why it was going to happen, people are very persistent. Especially when driven by something they don't like for one reason or another.

Tiago Costa
profile image
Like someone said previously XBox Live, Amazon and many other networks/companies (even FBI and CIA) have been hacked before so stop making PSN sound so bad. The only big difference between PSN and other networks being hacked is that Sony turned off PSN to prevent further hacks, "no one knows" if other networks arent being hacked everyday and the network owners dont make it public.

On the other hand, I agree that Sony communication skills are not the best!

Also, I haven't read anyway that users information has been downloaded, I only know that someone had access to it...



P.S: In case your wondering... YES I'AM A PROUD PS3 OWNER.

Michael K
profile image
everything gets hacked, but what makes Sony different is that those hacks usually uncover a lot of security issues that are even for not security experts mind raping or shortly: "How could they do that????"



I think the CCC's presentation, that showed how the xbox was hacked, showed their hard fight at every stage of the security system to find a workaround to run linux, while on Sony's side, once the first wall of obscurity fall, it uncovered a clearly wrong/flawed implementation at it's fundamental stage.



storing private data of million of costumers in plain readable way is bad, no matter if it was stolen or no.

I think it's clear for everyone, that nobody here says that those hackers are any good or better than sony, but those security holes on sony's side could be just as good uncovered by some random system failures or if they sale old HW and someone does an unformat or... and everybody would read plain text credit card informations of million of ppl.



so, Hotz has a good point, they should really spend more money on engineers.

Clay Cowgill
profile image
Just out of curiosity, I wonder why we don't ever hear about the 'victims' of a security breach (like Sony in this case) being sued by the banks/credit card issuers?



It seems to me that the card issuers are the ones that have to reissue millions and millions of credit cards on their dime and deal with write-offs from the resulting fraud-- and it seems like they wouldn't like that.



Even small businesses have to show that their credit card processing software/systems meet security standards (even if supplied by a 3rd party) in order to be allowed to process payments... It would makes sense (to me) that VISA/Mastercard should have a minimum standard for security for institutions that *store* the data too.



(I mean, c'mon... Cleartext? *sigh*)


none
 
Comment: