Skip to content
Join our Newsletter

Security is no laughing matter

System down since April 19

The bitter joke in the tech world last week was the irony that Sony spends so much time and effort shoving digital rights management software down its paying customer's throats, but provided almost no security for their paying PS3 customers' personal information. Most of the information that was stolen by hackers, representing 77 million Sony customers, wasn't even encrypted.

The suspicion immediately fell on PS3 hacker George Hotz, who came to a legal agreement with Sony recently after he successfully figured out how to hack into the machine to allow for things like alternative operating systems and homebrew emulators to play PS2 games.

He denied any involvement in the data theft, and issued a statement that lays the blame at Sony's feet for declaring war on hackers in the first place by going after people like Hotz - "benevolent" hackers for the most part who just want the ability to run the software of their choice on the hardware that they purchased, all of them advocates for open source technology.

"The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy and kept hiring more lawyers when they needed to hire good security experts. Alienating the hacker community is not a good idea," wrote Hotz.

This is not Sony's first time getting in trouble for this kind of thing. Sony got into major difficulties a few years ago when they included digital rights management on CDs without warning their customers, implanting spyware on computers that customers couldn't remove and that opened those computers to outside attacks.

Hotz's list of credits also includes hacking the iPhone - once again arguing that users should have free reign to use or modify their hardware any way they choose.

To his credit, Hotz also called on the hacker(s) that raided Sony's database not to use the information. "Don't be a dick," he said, "and sell people's information."

Information that was stolen includes names, addresses, phone numbers, email addresses, PSN passwords and other personal information that may include credit card information in cases where Sony had that information on file. Sony did encrypt the credit card information, but hackers have claimed they have 2.2 million numbers from PSN and a few cases of fraud have been reported (though it could be coincidence). Making matters worse, Sony also revealed that Sony Online Entertainment - completely separate from PSN - had been hacked, including possibly over 12 million credit card numbers originating outside of the U.S.

People are still angry that it took Sony seven days to publicly acknowledge the break-in and warn people to monitor their accounts for any sign of illegal activity. Sony shut down the Playstation Network on April 19 after they became aware of the data theft, but didn't share the real reason why until April 26. Sony Online Entertainment went down the next week.

Unfortunately, Sony is not the only company to fall victim to hackers. In December, it was revealed that the Gawker Network had been hacked, which resulted in the theft of 1.5 million user names, email addresses and passwords. While that may not seem like a big deal (who cares if someone uses your identity to log into a blog?), the fact is that most people still use their email address as their user name and the same password for most of their online accounts. Information stolen from one place unlocks doors in another, and pretty soon you have the potential for fraud, identity theft and then outright theft.

If you have a PS3 and you're on the network - it's been down since April 19 was - you'll be prompted to change your password the next time you go online. If you use a common password for other accounts then you should go back and change those passwords as well; that includes email accounts, Facebook accounts, banks, gadgets, website logins, etc. You should also be hyper-aware - depending on who stole your data, you may be a candidate for fraud. Question the source of phone calls, emails and letters, and check your bank and credit card statements regularly.

While this might seem like a pain in the ass, it's a pretty good idea to change your passwords from time-to-time anyway, especially if you're in the habit of using the same numbers and letters for all of your accounts.

So far no real damage has been reported, which is a good thing. Consider this a wake-up call. (For you too, Sony.)

 

iPad competitors flying off the shelves

Apple's hold on the tablet market is still secure at this point, but there are signs that the competition is gaining steam. For example, the RIM Blackberry Playbook sold 50,000 units on launch day, way higher than estimates, and demand is still high a few weeks later. The Asus Eee Pad Transformer - which runs Android 3.0 and can be purchased with an optional keyboard (and second battery to extend the life to 16 hours) completely sold out online in the U.S. the day they were made available. Sony also announced two tablet models last week, including a unique folding two-screen model.