» Two British dudes are facing trial over the alleged heist: You have to be a dedicated MJ fan to steal tens of thousands of Michael Jackson songs — including unreleased songs that Sony planned to milk by releasing over 10 albums in the next seven years. James Marks and James McCormick, the suspects in the musical heist, deny having done so, but that may not be enough to sway prosecutors. Sony, by the way, is basically a broken record when it comes to hacking, so this latest incident comes as no surprise.
» One computer, many hacks: Investigators say that the computer used in the Sony breach — located in a basement in Gijón, Spain — was responsible for hacks to two Spanish banks, an Italian energy company and numerous government Web sites, including Arab Spring hotspots Egypt and Libya. The main guy was actually arrested back in the middle of May, but his arrest wasn’t publicized until today. The other arrests took place in other parts of the country. So, is it surprising that the PlayStation Network hackers (not any of the other Sony hacks, by the way) appear to have been tied to Anonymous?
PSN hacked again…kind of. PlayStation Network was down again today, but not for the familiar reason of widespread hacks. A newly discovered exploit allows people to change account passwords armed with nothing but an email address associated with the account and the owner’s date of birth — both of which hackers obtained in the larger exploit earlier this month. Gaming Nyleveia.com discovered the newest flaw and contacted Sony about the problem. The network then went down again, apparently so Sony could fix it before it got out of hand. It’s important to know that the network wasn’t actually hacked again — hackers stole no new information, but instead discovered a new exploit that’s now being fixed. Sony is going to have a rough time recovering from all of this. source
» What’s the big problem? Without breaking into major details, Japanese Ministry of Economy official Kazushige Nobutani puts it like so: ”As of May 13, Sony was incomplete in exercising measures that they said they will do on the May 1 press conference.” So, in other words, Sony’s not proving they’ve actually fixed anything to Japan yet. As Sony is famously based in Japan, this is another pretty embarrassing turn of events.
producermatthew said: Suggesting companies should learn to “get hackers on their side” is like saying banks should learn to play nice with robbers. There’s a difference between telling someone their door is unlocked and blatantly breaking in to their house.
» We say: While it’s not necessarily an even match, here’s the reason why I stand behind my prior post. By keeping low-level hackers happy by encouraging homebrew solutions that respect the intentions of the device creators (such as what the article suggests Microsoft has done with their Kinect device), it encourages an environment where much more sinister hackers might give you a pass. The thing is, the PlayStation Network’s hackers should get punished. What Geohot and Alexander Egorenkov did pushed the edges a little but was something Sony could have responded to without lawsuits or raids. Neither of them were intending to do the type of wrong the PSN hackers were. But Sony’s heavy-handed response to Geohot and Egorenkov got their attention.
In the future, a blowback in the realm of cybersecurity might be known as the Sony Effect.Bloomberg’s Michael Riley and Ashlee Vance • In a piece called “The Company that Kicked the Hornet’s Nest.” Oh God, let’s hope it’s called “The Sony Effect,” because maybe it’ll remind other companies why not to actively antagonize their hacking-focused users. In Sony’s case, they were a combination of litigious (going after two well-known hobbyist hackers and threatening many others) and incompetent (they apparently ignore security researchers who find flaws and left their network wide open to an attack). The end result is that a company that needed to learn a lesson about getting hackers on their side learned a very expensive one — one that’s shut down their PlayStation Network for nearly a month now. source (via • follow)
» Somebody has a security problem: While Sony Online Entertainment isn’t the juggernaut that the PlayStation Network is (and Sony says the financial data they possibly stole was old), it nonetheless makes the company look incredibly bad. This hack, by the way, happened roughly two weeks ago, around the same time as the PSN hack. Who wants to bet that they got hacked because of the way they handled the Geohot mess? Raise your hand. (via @The_CopyEditor)
» A big number, but small potatoes: The credit card industry makes a lot of money each year, and a $300 million charge, while not insignificant, is a drop in the bucket. In 2010, banks that distributed Visa and MasterCard cards — excluding American Express and Discover — made $2.12 billion in after-tax profit. So even if the potential cost is high, they could handle it.
» Sony denies the claim: “To my knowledge there is no truth to the report that Sony was offered an opportunity to purchase the list,” said top Sony communications guy Patrick Seybold. Consultants for Trend Micro and iSEC Partners, along with other researchers who keep a close eye on these forums, suggest otherwise. So, who’s right? Hopefully it’s Sony.