Security is no laughing matter 

System down since April 19

The bitter joke in the tech world last week was the irony that Sony spends so much time and effort shoving digital rights management software down its paying customer's throats, but provided almost no security for their paying PS3 customers' personal information. Most of the information that was stolen by hackers, representing 77 million Sony customers, wasn't even encrypted.

The suspicion immediately fell on PS3 hacker George Hotz, who came to a legal agreement with Sony recently after he successfully figured out how to hack into the machine to allow for things like alternative operating systems and homebrew emulators to play PS2 games.

He denied any involvement in the data theft, and issued a statement that lays the blame at Sony's feet for declaring war on hackers in the first place by going after people like Hotz - "benevolent" hackers for the most part who just want the ability to run the software of their choice on the hardware that they purchased, all of them advocates for open source technology.

"The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy and kept hiring more lawyers when they needed to hire good security experts. Alienating the hacker community is not a good idea," wrote Hotz.

This is not Sony's first time getting in trouble for this kind of thing. Sony got into major difficulties a few years ago when they included digital rights management on CDs without warning their customers, implanting spyware on computers that customers couldn't remove and that opened those computers to outside attacks.

Hotz's list of credits also includes hacking the iPhone - once again arguing that users should have free reign to use or modify their hardware any way they choose.

To his credit, Hotz also called on the hacker(s) that raided Sony's database not to use the information. "Don't be a dick," he said, "and sell people's information."

Information that was stolen includes names, addresses, phone numbers, email addresses, PSN passwords and other personal information that may include credit card information in cases where Sony had that information on file. Sony did encrypt the credit card information, but hackers have claimed they have 2.2 million numbers from PSN and a few cases of fraud have been reported (though it could be coincidence). Making matters worse, Sony also revealed that Sony Online Entertainment - completely separate from PSN - had been hacked, including possibly over 12 million credit card numbers originating outside of the U.S.

People are still angry that it took Sony seven days to publicly acknowledge the break-in and warn people to monitor their accounts for any sign of illegal activity. Sony shut down the Playstation Network on April 19 after they became aware of the data theft, but didn't share the real reason why until April 26. Sony Online Entertainment went down the next week.

Latest in Cybernaut

More by Andrew Mitchell

© 1994-2019 Pique Publishing Inc., Glacier Community Media

- Website powered by Foundation