PS3 News: Good News On SOE Front, Sony To Answer Congress - PS3 News

Members Login: Register | Why sign up? | Forgot Password?

Good News On SOE Front, Sony To Answer Congress

We learned earlier that Sony Online Entertainment suffered a security breach, which resulted in the exposure of 24.6 million accounts and 12,700 credit card numbers.

But in addition to the facts that the card info was taken from an out-of-date database circa 2007, and that no American card data appeared to have been stolen, there's another piece of good news: according to GamesIndustry.biz, only about 900 of those 12,700 cards were active at the time of the theft. That makes the breach significantly less damaging and allows most consumers to breathe easier. We should mention we've seen a lot of nightmare predictions and erroneous reports online concerning the SOE (and PSN) breach, and it has resulted in a lot of alarmist reactions. Perhaps it's best to stick to the facts; otherwise, we'll gain absolutely no respect from a journalistic standpoint. Now is the time to be professional.

On a side note, Sony has agreed to answer questions from Congress concerning the Network hack; those questions can be seen through that link and were listed in the New York Times. Congress imposed a May 6 deadline for responses and Sony will hit that deadline; they will offer answers to questions like, "When did you become aware of the illegal and unauthorized intrusion?" and "How did you become aware of the breach?"

And by the way, the Network isn't back up just yet.

Tags: soe, sonly online entertainment, psn, psn outage

5/3/2011 8:43:01 PM Ben Dutka

Put this on your webpage or blog:
Email this to a friend
Follow PSX Extreme on Twitter

Share on Twitter Share on Facebook Share on Google Share on MySpace Share on Delicious Share on Digg Share on Google Buzz Share via E-Mail Share via Tumblr Share via Posterous

Comments (97 posts)

Excelsior1
Tuesday, May 03, 2011 @ 9:24:56 PM
Reply

i read the questions that congress submitted to sony and they were resonable questions. the tone of letter congress sent to sony wasn't that bad, eitherr.

i thoght psn was coming up today. does anybody know anything?

Agree with this comment 6 up, 0 down Disagree with this comment

AcHiLLiA
Wednesday, May 04, 2011 @ 9:39:37 AM

Hopefully it will come back up later this week atleast that's what I heard.

Agree with this comment 1 up, 0 down Disagree with this comment

TheAgingHipster
Tuesday, May 03, 2011 @ 9:37:48 PM
Reply

Congress: "Sony, how could you not take more care to protect and respect the identity and privacy of those you represent?"
Sony: "I should ask you the same thing."

Last edited by TheAgingHipster on 5/3/2011 9:38:41 PM

Agree with this comment 20 up, 0 down Disagree with this comment

TheAgingHipster
Tuesday, May 03, 2011 @ 9:40:27 PM

Not a real question from Congress. Just something I thought of and found amusing. :)

Agree with this comment 10 up, 0 down Disagree with this comment

BikerSaint
Tuesday, May 03, 2011 @ 9:47:53 PM

TheAgingHipster,

Amusing....but true!

Agree with this comment 8 up, 0 down Disagree with this comment

Clamedeus
Tuesday, May 03, 2011 @ 11:03:14 PM

Indeed, that is very true.

Agree with this comment 7 up, 0 down Disagree with this comment

maxpontiac
Wednesday, May 04, 2011 @ 9:49:50 AM

It's to bad it seems that some are forgetting that very thing.

If anyone thinks that Sony is the first to lose YOUR information (or willingly let it go), you are only fooling yourself.

Agree with this comment 5 up, 0 down Disagree with this comment

BikerSaint
Wednesday, May 04, 2011 @ 4:32:54 PM

Both, our Senate & our Congress can't get their own houses in order, so how can we expect anything more than more totally grandstanding publicity stunts, & padding their own health benefits & retirement packages from them.

Plus look how many have been outed over the years, as thieves, adulterers, & scamming kick-back artists.

Agree with this comment 1 up, 0 down Disagree with this comment

Dreno
Tuesday, May 03, 2011 @ 9:43:28 PM
Reply

Well atleast only 900 out of the 12,7000 were active. That's. A lot less damage than what could have been, still I feel bad for those people.

And take that congress, thinking sony is gonna drop the ball. You got cha answers, what meow?

Agree with this comment 1 up, 0 down Disagree with this comment

NoOneSpecial
Tuesday, May 03, 2011 @ 9:51:02 PM
Reply

This is good news indeed, but if I had an associated account (from 2007 or not) I would still cancel it, just to be safe.


On a side note, I turned on my PS3 today to play some GT5 and was beyond excited when I saw it was actually attempting to log in, instead of the same error message....but it ended up being a false alarm :( sadface.

Last edited by NoOneSpecial on 5/3/2011 9:51:22 PM

Agree with this comment 1 up, 0 down Disagree with this comment

Zen_Zarab
Tuesday, May 03, 2011 @ 9:54:21 PM

Hopes up for tommorrow :D

Agree with this comment 2 up, 0 down Disagree with this comment

WorldEndsWithMe
Tuesday, May 03, 2011 @ 9:57:24 PM
Reply

Congress is funny, they know nothing and do nothing and yet demand answers from everybody from Sony to Elmo to Stephen Colbert.

Agree with this comment 8 up, 0 down Disagree with this comment

Jawknee
Tuesday, May 03, 2011 @ 10:01:16 PM

LOL! I can't believe they actually invited Colbert to testify in character. Such a wise use of our tax dollars.

Agree with this comment 7 up, 0 down Disagree with this comment

WorldEndsWithMe
Tuesday, May 03, 2011 @ 10:03:03 PM

I hope they call up a Weekend at Bernie's routine with Bin Laden's corpse answering questions in sunglasses.

Agree with this comment 5 up, 0 down Disagree with this comment

tes37
Tuesday, May 03, 2011 @ 10:21:03 PM

Colbert cracked me up when he said his ancestors came to this country, for the same reason many others did. To escape murder charges.



Last edited by tes37 on 5/3/2011 10:23:06 PM

Agree with this comment 8 up, 1 down Disagree with this comment

Highlander
Tuesday, May 03, 2011 @ 11:08:54 PM

Congress ticks me off so much with this side-show act of theirs. Summoning people to testify in hearings that don't matter at all. Congress can't get it's act together to put together meaningful legislation on the digital economy and matters pertaining to it's secure operation. And yet they can spare the time to rake a victim over the coals. Seriously, this hack is costing Sony millions and may cost billions in the end. What has Congress done to help? Nothing. Less than nothing in fact since they don't even want to stand firm on platform security as it is. It sure feels like Congress is adding additional difficulty to the pile on Sony already. I'd like to see Congress do something constructive instead of looking to punish Sony for somehow failing to do better than every other major company that's been hacked in the last decade.

Agree with this comment 6 up, 3 down Disagree with this comment

Qubex
Wednesday, May 04, 2011 @ 12:24:45 AM

Congress can't get their act together in reducing the US deficit which will hit its upper limits by August if they cannot agree to increase the debt ceiling.

Absolutely frightening...

Q!

"play.experience.enjoy"

Agree with this comment 5 up, 0 down Disagree with this comment

BIGRED15
Tuesday, May 03, 2011 @ 9:57:39 PM
Reply

im excited to hear how they address congress and then the laws congress puts in place to ensure better security. After that im ready to bury the hatchet on this.

Agree with this comment 0 up, 0 down Disagree with this comment

Jawknee
Tuesday, May 03, 2011 @ 10:04:11 PM

Yes because more government and laws written by politicians who know nothing about internet security will solve the problem.

/

Agree with this comment 6 up, 2 down Disagree with this comment

Highlander
Tuesday, May 03, 2011 @ 11:12:13 PM

Jawknee,

Sadly, lawmakers are the best we have. The FCC was supposed to make regulations in the communications sphere, and that should cover the Internet, but they have no teeth and no power to make it happen. The library of Congress and Copyright office have the power to help content providers protect their wares, but generally decline to get involved and instead defer to Congress.

You sure don't want the law made by judges setting precedent. The law as it stands doesn't apply well to the digital future, and court decisions based on that law will suffer the same problem.

Congress must step in and review the entire digital economy and how it needs to me regulated, because without regulation, it's essentially a virtual wild west, and the number of hacks will continue to climb.

Agree with this comment 4 up, 1 down Disagree with this comment

Jawknee
Tuesday, May 03, 2011 @ 11:40:04 PM

With all due respect, I and sincerely mean that, you and I aren't going to agree on this "Net Neutrality" issue. It's an issue that has to do with freedom for me and our ability as free people to create our business' and run them as we see fit as long as we are not hurting or stealing from anyone. The State doesn't have the right to essentially take over a private companies business and force ISP's to run it the way Congress wants them to. ISP's aren't hurting or stealing from anyone. If people don't like the service or the price they are paying they can go else where. That's the beauty of Capitalism. We get to vote with our wallets. Bandwidth isn't free and the more we use the more we pay for. If price controls are put in place, it's only going to hurt the business and cost us more money. I guess my only point is, internet is not a right as some of the net neutrality people want us to believe.

Last edited by Jawknee on 5/3/2011 11:41:07 PM

Agree with this comment 5 up, 2 down Disagree with this comment

Jawknee
Tuesday, May 03, 2011 @ 11:56:38 PM

Also just wanted to note that if there is a meaningful and affective way to come up with laws that help ISP's mitigate and control the hacking issue, I would be all for that, but I just don't trust our Congress, who is full of trial lawyers and career politicians, knows how to do that without hurting the ISP's themselves and costing them more money. I'd rather they work with the ISP's on a solution instead of dictating to them what they think they should do.

Last edited by Jawknee on 5/3/2011 11:57:50 PM

Agree with this comment 3 up, 2 down Disagree with this comment

Highlander
Wednesday, May 04, 2011 @ 1:44:09 AM

I wasn't referring to net neutrality, I was referring to the wider picture of trying to build a reliable and safe infrastructure for the digital economy.

Agree with this comment 1 up, 0 down Disagree with this comment

Highlander
Wednesday, May 04, 2011 @ 10:52:24 AM

BTW, may I just say my comment about Congress, the FCC, the Library of Congress and the Copyright office was not in any way about net neutrality, nor any partisan political concept. As much as some (including MaxPontiac apparently) believe that some of my comments are politically motivated, that is not the case. I don't even have a horse in the race. I can't vote in the US, and I wouldn't even if I did because I do not involve myself in party politics. I have my views on issues of the day, sometimes they align with the views of one or other political movement. That is all, I do not, and will not support one party over the other.

On specific issues, I will disagree completely with one or other (or both) parties in the US, and it would be true to say that in terms of the US political landscape I might be considered centerist. Funnily enough, in the UK, my views were considered somewhat right of center, and in the US the same views are considered by many to be left of center. I don't really care which they are, they are my views, and nothing else. I was excited when Obama got elected because it was/is a truly historic event. In some ways it says that this country has finally broken from it's past, but that does not make me a supporter of his party.

I want this to be clear because in a previous thread it was suggested that I make posts that are political in motivation. I do not, and will not. That doesn't mean I will never comment on a topical issue, nor does it mean that I support one or other political grouping even if my view happens to coincide with theirs. Before anyone jumps all over this post, consider this, stating one's personal opinion on an issue is *not* the same as making a political opinion, or offering support to a given political group.

Our society has become so politically charged and polarized that a person can't offer a simple opinion without being labelled with some politically charged name. Whatever happened to people being able to have and express their own personal views without that leading to a full scale debate over their voting preferences?

Agree with this comment 2 up, 0 down Disagree with this comment

Jawknee
Wednesday, May 04, 2011 @ 11:43:47 AM

I didn't think you were being partisan. I read your comment at first and it sounded like you were talking about net neutrality. I know where you stand on certain issues as you and I have had this converstaion before. So no worries. Thanks for clarifying. :)

Agree with this comment 1 up, 1 down Disagree with this comment

Highlander
Wednesday, May 04, 2011 @ 12:33:55 PM

No worries Jawknee. It's just important to me that people do not misunderstand me. I really do not support any political organization. I am as far as possible politically neutral.

The whole net neutrality thing is the horse that bolted and the stable door is swinging in the wind. There's no point worrying about it now. ;)

Agree with this comment 1 up, 0 down Disagree with this comment

Jawknee
Tuesday, May 03, 2011 @ 10:02:28 PM
Reply

You know with rising gas and food prices and the toll it's taking on lower income people, it sure is nice that Congress is focused on harassing another corporation about issues it knows nothing about instead of issuing drilling permits and putting a stop to ethanol subsidies. Our tax dollars at work people!

Agree with this comment 8 up, 2 down Disagree with this comment

WorldEndsWithMe
Tuesday, May 03, 2011 @ 10:04:12 PM

I'd rather they harass big oil.

Agree with this comment 8 up, 0 down Disagree with this comment

Jawknee
Tuesday, May 03, 2011 @ 10:06:09 PM

Then we would be paying more.

Agree with this comment 4 up, 1 down Disagree with this comment

WorldEndsWithMe
Tuesday, May 03, 2011 @ 10:15:37 PM

Not if I were in charge.

Agree with this comment 5 up, 0 down Disagree with this comment

NoOneSpecial
Tuesday, May 03, 2011 @ 10:32:19 PM

Well I guess that's how it works. I disregarded being heavily into politics a long time ago, after realizog that no matter what we say (or thy say) nothing realy changes. Hopefully the next generation can change that, but I'm not getting my hopes up.

Agree with this comment 1 up, 0 down Disagree with this comment

SayWord
Tuesday, May 03, 2011 @ 10:41:47 PM

@world hahah "not if I was incharge" please by any means necessary, make that happen!

Last edited by SayWord on 5/3/2011 10:42:32 PM

Agree with this comment 3 up, 0 down Disagree with this comment

WorldEndsWithMe
Tuesday, May 03, 2011 @ 10:47:13 PM

My avatar will be my campaign propaganda poster :)

Agree with this comment 9 up, 0 down Disagree with this comment

SayWord
Tuesday, May 03, 2011 @ 10:56:59 PM

I just noticed I didn't phrase your sentence right. :( haha and yes that would be an awesome poster.

Agree with this comment 2 up, 0 down Disagree with this comment

Highlander
Tuesday, May 03, 2011 @ 11:13:35 PM

So now would be a bad time to point out the obscene profits being booked by the Oil business right now?

Agree with this comment 2 up, 1 down Disagree with this comment

Jawknee
Tuesday, May 03, 2011 @ 11:22:40 PM

Who are you to say they are "obscene"? They take the risk, they get the oil out of the ground and ship it to market and refine it so that we can drive our cars to and from the places we need to go. Much rather have them do it than the state. And by the way, no one makes more on every dollar of gas we buy than the Federal government.

Agree with this comment 2 up, 2 down Disagree with this comment

Highlander
Tuesday, May 03, 2011 @ 11:26:26 PM

My wallet says it's obscene.

;)

Agree with this comment 5 up, 0 down Disagree with this comment

Highlander
Tuesday, May 03, 2011 @ 11:26:26 PM

My wallet says it's obscene. Well, it does after the exclamation of pain...

;)

Last edited by Highlander on 5/3/2011 11:27:00 PM

Agree with this comment 2 up, 1 down Disagree with this comment

Jawknee
Tuesday, May 03, 2011 @ 11:37:07 PM

Haha, I'm with you on that. My wallet is screaming too but instead of putting more restrictions on the oil and gas providers(which only translates into highers prices as they pass their extra costs onto the consumer) and burning corn for fuel, we need to figure safe and effective ways to to let big and small oil companies do what they do best.

Agree with this comment 2 up, 2 down Disagree with this comment

Jawknee
Tuesday, May 03, 2011 @ 11:59:59 PM

Your avatar is my favorite on this site World. I only wish I would have thought of it first. :)

Agree with this comment 2 up, 0 down Disagree with this comment

WorldEndsWithMe
Wednesday, May 04, 2011 @ 12:04:08 AM

Thanks Jawknee, I like to change my avatar a lot, but I am loath to part with this one even for a while.

Agree with this comment 2 up, 0 down Disagree with this comment

Qubex
Wednesday, May 04, 2011 @ 12:27:29 AM

World, keep that taaar... its superb.

I wish Congress keep harassing the gamblers on Wall street and the gambling bankers... what a farce, and what damage they have caused in the past few years...

Incredible!

Q!

"play.experience.enjoy"

Agree with this comment 8 up, 0 down Disagree with this comment

Highlander
Wednesday, May 04, 2011 @ 1:45:29 AM

A trillion thumbs up for you Qubex, my pension and 401K applaud you.

Agree with this comment 3 up, 0 down Disagree with this comment

Highlander
Wednesday, May 04, 2011 @ 1:45:29 AM

A trillion thumbs up for you Qubex, my pension and 401K applaud you.

Agree with this comment 2 up, 0 down Disagree with this comment

tes37
Tuesday, May 03, 2011 @ 10:12:19 PM
Reply

Hopefully this is being done with the sole purpose of helping Sony procure an effective solution. If not, I hope they don't waste Sony's time.

Has anyone received their playstation shirt yet? Mine showed up Monday. The shirt is better quality than some that I spent money on, like the Red Dead Redemption shirt I bought.

Last edited by tes37 on 5/3/2011 10:17:21 PM

Agree with this comment 1 up, 0 down Disagree with this comment

Jawknee
Tuesday, May 03, 2011 @ 10:26:21 PM

Are they those Sony Rewards T-shirts? I haven't gotten one but I never got into the Rewards beta.

Agree with this comment 0 up, 1 down Disagree with this comment

tes37
Tuesday, May 03, 2011 @ 10:30:33 PM

Yeah. They say playstation in Japanese. At least, that's what I think it says. A card was with it that has the same writing with playstation in parenthesis below it.

Agree with this comment 1 up, 0 down Disagree with this comment

SayWord
Tuesday, May 03, 2011 @ 10:59:16 PM

Awesome! :0

Agree with this comment 1 up, 0 down Disagree with this comment

johnld
Tuesday, May 03, 2011 @ 11:01:22 PM

i never got mine and i worked on mine like crazy to get to pro. i played like 5+ games and a bunch of quests and so far my bar increased by 1/4.

Agree with this comment 1 up, 0 down Disagree with this comment

tes37
Tuesday, May 03, 2011 @ 11:43:15 PM

johnld, as long as they have your current address, you should be getting one. The card says they're being sent to beta testers who reached one of the tiers.

Last edited by tes37 on 5/3/2011 11:44:20 PM

Agree with this comment 0 up, 0 down Disagree with this comment

frylock25
Wednesday, May 04, 2011 @ 1:50:17 AM

oh man i cant wait to get my shirt. i only made it to the first tier but i was close to the second.

Agree with this comment 1 up, 0 down Disagree with this comment

Killa Tequilla
Wednesday, May 04, 2011 @ 3:02:24 AM

Only reason I went from a fake address to a legit address just before PSN went down!

I still haven't gotten mine...
I guess they're coming across the globe slowly.

Agree with this comment 1 up, 1 down Disagree with this comment

Ultimate_Balla
Tuesday, May 03, 2011 @ 10:42:14 PM
Reply

Only 900 active of the 12,700? Wowee. I don't know how that's good news FOR SONY. Lol. Ah, but whatever yo.

Agree with this comment 0 up, 1 down Disagree with this comment

WorldEndsWithMe
Tuesday, May 03, 2011 @ 10:47:51 PM

well its less BAD news I guess.

Agree with this comment 2 up, 0 down Disagree with this comment

Qubex
Wednesday, May 04, 2011 @ 8:23:59 AM

Really? I just read today that the Canadians have just launched a country wide suite against Sony for 1 Billion dollars in damages... I think that bad news is just beginning for Sony!

Q!

"play.experience.enjoy"

Agree with this comment 0 up, 0 down Disagree with this comment

JSwayze
Tuesday, May 03, 2011 @ 10:47:58 PM
Reply

The only question that should be asked by congress is..."When will the PSN be up and working"

Agree with this comment 3 up, 0 down Disagree with this comment

SayWord
Tuesday, May 03, 2011 @ 11:04:30 PM

Hah I bought anime that I really wanted but didn't buy because I already have a backlog. Time well spent :)

Agree with this comment 0 up, 0 down Disagree with this comment

BIGRED15
Tuesday, May 03, 2011 @ 11:03:50 PM
Reply

congress will likely put a much tighter hold on internet security. Im pretty sure the laws they come up with will seem pretty ignorant, but i think once Sony address congress, and the lawsuits become water under the bridge, we can all just get back to what matters most. I hope. On another tangent, appearantly some lady is suing sony 1 billion dollars on behalf of all canadien users who were "exposed" to fraud. They arent basing the lawsuit on compensation because according to the article, the canadien law firm has yet to muster up the proof that fraudulent charges occured on sony's watch. therefore, they seem to be sueing more or less because of the exposure and not because of actual fraud occuring. To me it seemed kind of funny and pretty illegitimate.

Agree with this comment 2 up, 0 down Disagree with this comment

Jawknee
Tuesday, May 03, 2011 @ 11:45:22 PM

I am hoping they are asking these questions in order to aid Sony in finding who did this and how it was done so they can come up with more affective ways in catching and prosecuting these goons. But I just don't have that level of faith in Congress. Usually these hearings and demands are nothing more than grandstanding and an excuse to pass more regulations on industries that don't need more burdensome regulations. I just get the feeling from the questions and the tone of these questions that they are going to treat Sony like the criminal instead of the victim.

Last edited by Jawknee on 5/3/2011 11:46:58 PM

Agree with this comment 2 up, 2 down Disagree with this comment

kraygen
Wednesday, May 04, 2011 @ 12:03:48 AM
Reply

Why exactly is congress asking these questions? Don't they have more important things to worry about? Never knew it was congress' job to ask how business' are being run.

Agree with this comment 2 up, 1 down Disagree with this comment

PharaohJR
Wednesday, May 04, 2011 @ 12:37:17 AM
Reply

no matter the magnitude of ones success u always will have that one or group that opposes ya progress.

i jus dont get it if one is capable of stuff like this why not work with a company & show them there weak spot dont they know how much they can get paid legally rather than taking these chances & when caught be in prison with some real evil konvicts.... i jus wanna know why in they world would 1 choose a corporation like sony rather then a bank or another field that generates more money than sony.

i dunno man alotta of things in life lately just dont add up no more.

Agree with this comment 0 up, 0 down Disagree with this comment

Excelsior1
Wednesday, May 04, 2011 @ 2:56:54 AM
Reply

it is pretty crazy how things spiraled out of control. the hackers aren't going anywhere and sony has a big bullseye on them now. i remember reading that the hackers told sony the worst was yet to come after their initial attacks kind of fizzled out. hell, i thought it was over and they failed. i could not have been more wrong.

i just hope the new psn rollout goes smoothly becuase there are a lot of upset people out there. not everyone is hardcore sony fans like us. many are just hardcore online gaming addicts. they seem to be the group who have been complaining the loudest. if psn goes up smoothly they might move on. i just hope that's what happens, but i'm a little nervous about it. sony is vulnerable now.

hell, i just noticed an advertisement at the top of this page for a class action lawsuit against soe.

Last edited by Excelsior1 on 5/4/2011 3:03:09 AM

Agree with this comment 1 up, 0 down Disagree with this comment

YashaZz
Wednesday, May 04, 2011 @ 2:57:32 AM
Reply

I'm really terrified that my card number has been taken...

Agree with this comment 0 up, 0 down Disagree with this comment

frylock25
Wednesday, May 04, 2011 @ 3:33:14 AM

so contact your bank or credit company and ask for a new card with new numbers for fear of fraud. they will never tell you no.

Agree with this comment 2 up, 0 down Disagree with this comment

___________
Wednesday, May 04, 2011 @ 4:58:11 AM
Reply

hopefully this will shed some light on the matter.
why the @%$# $onys using apache is beyond me!
i mean come on!
sony have become so phucking tight a$$ed this gen, cutting corners everywhere they can and its come back to haunt them!
$onys the new Mercedes Benz!
both use to be names for fastidious quality, now there as reliable as a 20 year old alfa!


Last edited by ___________ on 5/4/2011 4:59:01 AM

Agree with this comment 1 up, 4 down Disagree with this comment

Beamboom
Wednesday, May 04, 2011 @ 5:04:33 AM

*Everybody* use Apache. It's the industry standard. What alternative is there, really? A Microsoft server? Riiiighty...

Agree with this comment 3 up, 0 down Disagree with this comment

___________
Wednesday, May 04, 2011 @ 9:58:46 AM

M$ server 2010 has far lest reported vulnerabilities then apache!
the accounting company i work for have been using windows server for years now, never had a single problem with it!
using apache for servers is like using norton 360 for antivirus security!
a pain in the ass, and more holes then swiss cheese!

Agree with this comment 0 up, 1 down Disagree with this comment

Beamboom
Wednesday, May 04, 2011 @ 10:31:15 AM

You sir has a rather skewed image of the reality here. Apache has been the most used web server since 1996, 70% of todays servers run Apache, while 17% run MS IIS. Obviously that means that the chances of an Apache server being hacked is overwhelming, from the sheer fact of the market dominance. Especially considering all the Linux newbies who typically want to install these "big boy" servers without knowing how to configure them, or bypassing all security "in order to get them to work".
Add to this the fact that most skilled "hackers" (hate that word) are Linux users that will find every single potential hole, and you got an environment who will expose, *and fix* holes extremely fast.

But, I'm willing to buy a claim that the MS server, out of the box and in the hands of non professionals, may prove a safer solution. Maybe.

Regarding the number of reported vulnerabilities, in addition to the market dominance that also come into effect here, keep in mind that Apache is an open system with no secrecy. All discovered holes *will* get exposed.

Last edited by Beamboom on 5/4/2011 10:37:23 AM

Agree with this comment 1 up, 0 down Disagree with this comment

Highlander
Wednesday, May 04, 2011 @ 10:32:08 AM

BeamBoom,

When I looked at the Apache vulnerability lists, it looked like thy take a good 9 months to fix vulnerabilities, and it wasn't entirely clear whether said fixes re backported to earlier versions that share the issue. I'm not saying MS is much better, but I am wondering whether the existence of a known vulnerability does more than raise a neon sign over the versions of Apache with that vulnerability for several months before a patch even becomes available. I mean, from what I could see, the process would be something like, vulnerability reported and published, 6-9 months pass, affected system run and run, patch created to fix vulnerability in current version(s), over the next 1-3 months responsible users of Apache upgrade, vulnerability patched - except for users running older versions not patched, or users who don't give a fig.

Microsoft is not a great deal better considering the number of vulnerabilities that have existed for a long time before being patched in their software. But that discovery/reporting/fix/patch cycle for vulnerabilities does appear to be lengthy for Apache. I'm not a user of Apache so I'm not really in a good position to know if what I'm seeing is the case in practice. Would you care to comment?

Regarding Anon Cowherd, his views are generally somewhat skewed. In all honesty I laughed at his claims of having used Windows server for years without a problem. That certainly runs counter to my own experience, but hey, depending on the environment it could be correct - for him. He could be among the lucky minority...

Last edited by Highlander on 5/4/2011 10:35:12 AM

Agree with this comment 0 up, 0 down Disagree with this comment

Beamboom
Wednesday, May 04, 2011 @ 10:44:07 AM

Your source there High, is that on apache org? Cause nine months sounds unlikely if this was a *critical* bug. If however it was a noncritical, or config-dependent hole (ergo can be fixed with current version) then the patch may go live with other updates.
Note that a lot of the reported issues are purely performance related, ie not "errors" to the degree that MS would call errors.
But again, if it was a serious hole directly related to the apache core (as opposed to vulnerabilities related to eg. ssh or perl), then I gotta say I will be very surprised, disappointed even.

Regarding mr underscore here, I think he's got some good posts, agree with a lotta stuff he say. He just got a... Uhm... Exotic way of expressing himself. But I dig that.


Last edited by Beamboom on 5/4/2011 10:48:42 AM

Agree with this comment 0 up, 0 down Disagree with this comment

Highlander
Wednesday, May 04, 2011 @ 10:57:11 AM

Yeah, I see what you're saying. Do you know how far back they (Apache) will backport critical fixes? I think you could be right about the critical fixes happening faster, but looking at the time gap on some of the less critical (lower than 10 on their scale) there does seem to be a longish gap.

Mr Underline/Anonymous Cowherd does have good things to say, but he also goes off the deep end on a regular basis, and more than occasionally contradicts himself. That said, I've agreed with him on more than one occasion and even posted in agreement with him, it probably shocks the living daylights out of him when I do, but I believe in giving credit were it is due.

Agree with this comment 1 up, 0 down Disagree with this comment

Beamboom
Wednesday, May 04, 2011 @ 11:33:31 AM

I'd dare say that a basic install of a "stand alone" Apache server is pretty much bulletproof today.
Very typical of reported issues is that they are related to Apache in relation to other software, and as such affect only a very small segment of the Apache servers. If you are a system admin for an advanced server park you will join several security related mailing lists that will flag issues also related to your servers *immediately* when discovered, along with workarounds until patch. Many of them are extremely well moderated with low noise ratio.

Regarding backports: No, I do not really know. Not even sure if it applies, I mean it's at version 2 now after all these years...
Also, I can't really see any reason not to upgrade if still running Apache 1. It's *amazingly* easy on the system. If you got a really old box collecting dust, say a 75mhz pentium or even a 486, try installing the server version of Ubuntu (if you are unfamiliar with linux that's an easy distro to set up), minimal install + Apache and see how it performs. You'll be surprised.

Regarding mr underline, he's a specie of his own in this jungle we call PSXE :)


Last edited by Beamboom on 5/4/2011 11:40:11 AM

Agree with this comment 0 up, 0 down Disagree with this comment

Highlander
Wednesday, May 04, 2011 @ 12:36:35 PM

I'm sure that a lot of the reason Sony use Apache is exactly what you've written.

The one and only real explanation I want from Sony in all of this is why their network team permitted known vulnerabilities to persist, and which vulnerability it was that was used. Whoever was the decision maker that either permitted an exception to the patching of this vulnerability, or simply didn't direct that it bet patched, needs to be held accountable.

Agree with this comment 2 up, 0 down Disagree with this comment

Beamboom
Wednesday, May 04, 2011 @ 3:36:27 PM

"why their network team permitted known vulnerabilities to persist" - That, and I'd like to add "why was not *all* user info encrypted". Just, why?

It's also a tad strange with that old credit card backup(?) file on the soe server. a) Why was the file there at all, and b) Why was the content stored in a unencrypted format (how did it get unencrypted in the first place, since other cc data are encrypted on their servers?).

It's easy to be a clever SOB in hindsight, of course. Easiest in the world. And maybe all above has good, rational answers. It just would have been interesting to know.

Agree with this comment 0 up, 0 down Disagree with this comment

Highlander
Wednesday, May 04, 2011 @ 4:43:52 PM

The card data taken from SOE actually sounds like a development database, it's a small data set, and not as well protected as the live production data set. As soon as I read that report about it, I thought that they may have found an older development database that simply hadn't been cleared. I bet we'll never know, but if you've ever worked in a large IT organization you know that without very tight oversight, development and test instances of small sets of data are routinely created for short term use, but are not always deleted - as they should be.

Agree with this comment 0 up, 0 down Disagree with this comment

Beamboom
Wednesday, May 04, 2011 @ 5:18:59 PM

Good thinking. That would explain why only 900 of 27.000 numbers were still valid too. The actual data were much older than the age of the data file, who were used as a dummy file for development purposes. Yeah, sounds plausible indeed.

Agree with this comment 0 up, 0 down Disagree with this comment

animefan
Wednesday, May 04, 2011 @ 6:36:46 AM
Reply

sigh 900 is still bad even tho its not all sony it was the hackers aswell and psn is still down no joke i forgot how it feel's like playin online on ps3 but aslong they fixin it and makein it better psn then i have no problem just can't wait to get my console back from fixin and hopefully bythen psn is back up i really wanna change my password etc be on the safeside

Agree with this comment 0 up, 0 down Disagree with this comment

Robochic
Wednesday, May 04, 2011 @ 7:02:35 AM
Reply

I think Sony did a great job keeping everyone as informed as possible.
On a side note we have a crazy Ontario lady trying to sue sony for 1 billion dollars for suffering and pain, she needs to be booted permantely off the server and told to get a life, what a dumb person!

Agree with this comment 2 up, 0 down Disagree with this comment

the P-O-B
Wednesday, May 04, 2011 @ 7:30:40 AM
Reply

SO IF IT TAKES A ACT OF CONGRESS , to get sony to turn it back on .... SO, BE IT!!!!!! CONGRESS would never hassle the oil companies ... they or in congress back pockets......
ANOTHER THING - you do drill for ethylol ( CORN DONT GROW IN CAVES ) you drill for OIL.... if u dont think the oil companies , or not running the show ..... who gets 40 billion in tax breaks, oil companies or is it sony ..... oh , another point gas is allmost $5 a gallon , right !!!! you dont see them coming to congress to explain it ethier ..... l knew gas was going to go up alot last summer , when the gulf oil disaster .... NOW WHO IS PAYING FOR CLEAN UP?

Agree with this comment 0 up, 5 down Disagree with this comment

Highlander
Wednesday, May 04, 2011 @ 9:35:01 AM

You know, the "Ticked Off Bugger" act got old over the weekend. Apart from posing and posturing, are you capable of anything else?

Agree with this comment 2 up, 0 down Disagree with this comment

Underdog15
Wednesday, May 04, 2011 @ 10:19:22 AM

Agreed Highlander.

P-O-B, can't you come up with something clever? Like the N-O-B? Nice optimistic bloke?

Agree with this comment 1 up, 0 down Disagree with this comment

Beamboom
Wednesday, May 04, 2011 @ 10:39:00 AM

Did you guys really understand *anything* of that? :D

Agree with this comment 2 up, 0 down Disagree with this comment

Highlander
Wednesday, May 04, 2011 @ 10:57:50 AM

LOL BB, I gave up after the second line of mixed case gibberish...

Agree with this comment 1 up, 0 down Disagree with this comment

Jawknee
Wednesday, May 04, 2011 @ 11:57:52 AM

Oh P-O-OB, where, you begin. You are obviously not paying attention.

1) Congress does hassle "big oil". Maxine Waters (D) Congresswoman from California, in a totalitarianesque tone threaten to nationalize the oil industry and take away their companies. You want to talk about "4Billion" dollar tax breaks? The big oil companies have already said they will be fine without them and have told congress to go ahead and take them away. Its the smaller oil companies, just starting up oil companies that will be hurt most by the loss of those so called "tax breaks." Learn something about the oil industry before commenting on it please.

2) The reason gas is going up is because of A) A weak dollar which is a result of the Fed printing green backs on a daily basis, B) Ever since the BP oil spill, there has been a ban on drilling in the Golf despite numerous court orders to lift the ban. Oil companies are packing up and leaving. So we are producing less oil. Less oil on the market with a higher demand forces prices to go up. It's econ 101. and C) Turmoil in Lybia is causing less production over there. Again econ 101. Simple supply and demand.

3) Food price are going up because A) its costing more to transport because Gas is up and B) Instead of using corn and corn based products to feed people, they are burning it and trying to convert it into ethanol fuel which has now been proven to damage internal combustion engines. i.e. gasoline powered cars.

You want oil companies to explained why gas has gone up to congress, these are the reasons and it's all a result of misguided and irresponsible policies put in place BY government.

Please do yourself a favor, educate yourself and think about what and how your going post it so we can A) read what you're saying without getting a headache and B) so you don't make a fool of yourself talking about subjects you obviously know nothing about.

Agree with this comment 1 up, 2 down Disagree with this comment

Underdog15
Wednesday, May 04, 2011 @ 12:51:54 PM

Nice Jawk, one thing I don't get though. Why do prices go up when Crude Oil per barrel hasn't really changed at all?

We are feeling insane gas prices up here in Canada too... $1.38 per liter up here right now... (Which equates to about $5.22 per gallon... and our dollar is stronger than the US dollar, too!)

Agree with this comment 2 up, 0 down Disagree with this comment

Jawknee
Wednesday, May 04, 2011 @ 1:29:31 PM

Price per barrel has gone up. It was a $111 a barrel as of April 20th 2011. It was $86 a barrel April 2010. Today, crude traded for $109 a barrel while bent crude traded for $120.97. So we have been seeing a slow but steady rise in crude per barrel prices. It takes time for those rises or falls to hit the pumps. I can't speak to much about Canada, as I am not fully aware of your refining capacity and how strong your currency is. I think I read that Canada imports a lot of gasoline. In otherwords, you guys aren't doing much of your own refining which will cost more money because you have to import already refined gas. So you guys are producing some oil but not refining enough of it into gasoline. We have the same problem here. Also have to think about how much of that $1.38 per liter is being taxed. I know here the Fed Government makes more on every gallon of gas we buy than the oil companies do. Taxes have a lot to do with the price per gallon/liter as well. Here in the States our currency is weak and is getting weaker by the day as a result of all the money printing and we haven't built a refinery in over 30 years. We aren't refining enough of our own oil into gas and are spending far too much money on trying to turn corn into ethanol which has not only had detrimental affects on food prices at the food markets, it's causing people in developing nations to go hungry as there is less corn and corn based products to feed them with. Trying to turn food into fuel when there are people who are still starving around the world was the dumbest idea I have ever seen come out of the environmental movement. It's right up there with their banning DDT in Africa to save a mosquito which has resulted in millions of dead Africans because that same mosquito transmits malaria.

I wish people would stop demonizing the oil companies and really look at all the real causes as to why were are paying so much for our food and energy resources. These politicians can bark all they want about "obscene" profits and how the oil companies are ripping us off, doesn't change the fact much of what we're paying for is a result of these politicians misguided policies that shackle these companies from getting the oil out of the ground and getting it to market. There is plenty of oil out there and there will be risks getting to it but it must be done. Battery powered cars and public transit systems are not good enough. Especially in larger nations like Canada and the US. Plus its not practical. People are struggling paying for gas and our Presidents solution is "go buy a new car". He's a joke! Paying higher prices is a mere inconvenience to people of a modest living but it greatly hurts the poor and lower income people as well as developing nations.

Last edited by Jawknee on 5/4/2011 1:34:18 PM

Agree with this comment 0 up, 1 down Disagree with this comment

Jawknee
Wednesday, May 04, 2011 @ 1:46:34 PM

Also have to remember, gas stations routinely have to play a guessing game. They have to try and guess what their next drop off or refill is going to cost them. It's kind of hard to gauge exactly how much it's going to cost them to refill their station so they sometimes have to inflate their prices a bit to ensure they can cover their next shipment. That's why you will sometimes see some stations raise or drop their prices rapidly. And them having to do that is based on the instability of the overall market. Once thing that could help stabilize the market almost over night, is if the US government declared they were going to open up previously blocked oil fields for drilling and exploration and if we started building more refineries. It would put some confidence in the market and let the world know there will be more supply coming. Give people who are trading more confidence. But I don't see that happening any time soon.

Agree with this comment 0 up, 1 down Disagree with this comment

BikerSaint
Wednesday, May 04, 2011 @ 4:51:00 PM

POB,

Try blaming some of the speculators who have helped to push up oil prices

Last edited by BikerSaint on 5/4/2011 4:51:50 PM

Agree with this comment 1 up, 0 down Disagree with this comment

maxpontiac
Wednesday, May 04, 2011 @ 9:53:05 AM
Reply

It's the "One World System" taking foot.

Agree with this comment 1 up, 0 down Disagree with this comment

BIGRED15
Wednesday, May 04, 2011 @ 10:38:29 AM
Reply

@ highlander... im gonna go with no. he probably cant do anything else. Just because you write in angry caps doesn't mean we want to listen to your unstructured rants. If you're gonna rant at least proofread.

@Jawknee... You would think that if (and that is a BIG if) Congress is asking these types of questions that it would warrant the common sense to understand the severity of the issue and who is truely at fault. You would like to think that. I too have reviewed the questions and in my opinion a lot of them have been answered and a lot of them demand an answer. The question is will they be the RIGHT answer? I agree with you that regulations will be more of a burden than being helpful. What I would propose to congress in this situation is how would you have wanted Sony to handle this? Because i feel sony is going to answer those questions the way they have been the whole time and congress will dismiss them becuase they didn't get the response from sony that they wanted to hear. I am fairly educated in politics and business... enough to know what it looks like when a company's ethics are compromised, and from what i have reviewed, sony did everything as "by the book" as possible. I think when sony sends congress it's responses, that congress simply must regulate in a way that makes it easier for sony to keep us safe, not in a manner that blames sony. If congress doesn't come to their aid, then their no better than fanboy journalists or Xbots who chastize sony for this so called incompetance. If the outcome becomes less than ideal, then it is clear that the people elected into those positions should have no say on the matter of network security.

Agree with this comment 1 up, 0 down Disagree with this comment

Highlander
Wednesday, May 04, 2011 @ 11:08:07 AM

Sony did pretty much do everything right, including coming forward pretty quickly (relatively) Many large data breaches go undetected for a long time, and many that are detected are unreported for a long time. Sony came clean quite quickly in actuality.

But, as even Kotaku had to admit today in a piece reporting comments by a leading system security expert; Sony is not to blame, hacks are going to happen. The point being that networks are going to be hacked, they are hacked every day. Sony's security really wasn't worse than the norm, and apparently was sufficient to fend off a sustained attack on their credit card information. That's not been the case even for financial institutions in the past.

The point though is that attacks of this nature, hacks of networks, cyber-crime, data leaks and breaches are all going to continue to happen for the foreseeable future. Sony is not the first and will *not* be the last major network to be hacked. So people need to be aware of the security of their information. People need to act more wisely with their credit card information. However in the day and age of Facebook and other social networking sites, I don't see much of that happening.

Still, the future is likely to go with a digital economy of sorts. For that to happen, service providers, network operators, content providers and regulators have to come up with a coherent approach that works and mitigates the effects of cyber crime. They also need to put in place regulatory and legal structures that make it possible to define cyber-crime in that future, and to combat it.

At this point though, I'm not confident that will happen, and instead Ill continue being careful about my details. One thing that would be great is for my card provider to offer me one time use card numbers that I can use to charge my PSN wallet...I need to investigate that option.

Agree with this comment 1 up, 0 down Disagree with this comment

Jawknee
Wednesday, May 04, 2011 @ 12:26:08 PM

"warrant the common sense"

There's your first mistake. You're assuming Congress has commonsense. By their actions of the last 6 years, it is obvious they do not. Otherwise we wouldn't be staring the threat of default and bankruptcy in the face now.

@Highlander, oh how that must of pained Kotaku to post that article.

Last edited by Jawknee on 5/4/2011 12:27:32 PM

Agree with this comment 2 up, 1 down Disagree with this comment

Phoelix
Wednesday, May 04, 2011 @ 1:37:51 PM
Reply

So... who thinks the "Anonymous" file is bogus? AnonOps doesn't say anything about hacking into SOE.

Agree with this comment 1 up, 1 down Disagree with this comment

BIGRED15
Wednesday, May 04, 2011 @ 6:40:03 PM
Reply

what jawk i can dream cant I?

Agree with this comment 0 up, 0 down Disagree with this comment

Jawknee
Wednesday, May 04, 2011 @ 7:10:49 PM

Ha, of course, but dreaming isn't going to get the bills paid. :)

Last edited by Jawknee on 5/4/2011 7:11:06 PM

Agree with this comment 1 up, 1 down Disagree with this comment

Lairfan
Wednesday, May 04, 2011 @ 9:25:39 PM
Reply

Hey Congress? What about that 14 trillion dollar debt our country has right now? Or is that less important than grilling a company to get answers that you will never utilize properly nor put into effective or useful legislation to protect the digital economy in the future?

Agree with this comment 0 up, 0 down Disagree with this comment

BIGRED15
Wednesday, May 04, 2011 @ 10:26:40 PM
Reply

i'll once again mention my BIG IF. really should have been applied to my whole comment in the first place, but yea. The american govt is the opposite of common sense

Agree with this comment 0 up, 0 down Disagree with this comment

Leave a Comment

Please login or register to leave a comment.

Our Poll

The PS4 exclusive(s) reveal in December will be...
MEGATON! Biggest thing evah!
Pretty great, but not mind-blowing.
Something decent but that's it.
A waste of hype.

Previous Poll Results