Archive for April, 2011

SONY, the Census and insanity

Wednesday, April 27th, 2011

SONY has proved once again, that everything we said about ContactPoint and the doomed ID Card project was true.

Millions of internet users hit by massive Sony PlayStation data theft
Sensitive personal details of tens of millions of internet users have been stolen by hackers in one of the biggest ever cases of data theft, it has emerged.

And there you have it.

Is there anyone out there who thinks that the Census data is more secure than this SONY Playstation data is? If there is, I have some beachfront property in Siberia to sell you.

Fraudsters have obtained data on millions of online video gamers – including three million Britons – after targeting Sony’s PlayStation Network.
The electronics giant is contacting around 70 million customers warning that details including their names, addresses, dates of birth, passwords and security questions have been stolen.

Sony also admitted that the hackers may have gained access to people’s credit card details.

[…]

Telegraph

And of course, this data can never be put back in the bottle. The credit card details can be changed, but not the names and DOBs. The same of course is true of a database containing your fingerprints. As a commenter at the Telegraph points out:

Gerry1
Today 03:35 AM
Recommended by
31 people
What legitimate business do Sony have in asking for one’s Date of Birth?

The world and his wife seems to ask always for DoB, together with Mother’s Maiden Name. That’s effectively sharing passwords, but the first Golden Rule of security is NEVER to share passwords!

Any organisation that asks for this data for ID purposes isn’t fit for purpose and should never be trusted.

unclepeter
Today 05:54 AM
Recommended by
7 people
DoB is one of the most accurate ways of identifying someone. Law enforcement doesn’t care you are or where your from. They want your DoB. One of my family is a retired police officer who explained this to me one day. He used my DoB and showed me how quickly they can narrow down who I am. It is really scary and it is one of the pieces of information I absolutely never pass on.

Indeed.

No organisation that asks for your date of birth should ever be trusted. They simply do not need that information to do business with you. That is true, and the reply to that comment is very revealing is it not? If SONY has had the DOBs of millions of people copied from their servers….

You get the picture, because you read BLOGDIAL.

From El Reg, the inside dope…

The stolen information may also include payment-card data, purchase history, billing addresses, and security answers used to change passwords, Sony said on Tuesday. The company plans to keep the hacked system offline for the time being, and to restore services gradually. The advisory also applies to users of Sony’s related Qriocity network.

Sony’s stunning admission came six days after the PlayStation Network was taken down following what the company described as an “external intrusion”.

[…]

Sony had already come under fire for a copyright lawsuit targeting customers who published instructions for unlocking the game console so it could run games and applications not officially sanctioned by the company. The criticism only grew after Sony lawyers sought detailed records belonging to hacker George Hotz, including the IP addresses of everyone who visited his jailbreaking website over a span of 26 months.

Hackers howled with displeasure saying they should have a right to modify the hardware they legally own. Sony recently settled that case, but Hotz, whose hacker moniker is GeoHot, has remained highly critical of the company. Many have also objected to the removal of the so-called OtherOS, which allowed PlayStation 3 consoles to run Linux.

Sony’s advisory on Tuesday means that the company was likely storing passwords, credit card numbers, expiration dates, and other sensitive information unhashed and unencrypted on its servers. Sony didn’t say if its website complied with data-security standards established by the Payment Card Industry.

Sony reminded users located in the US that they’re entitled to receive one credit report per year from each of the three major credit bureaus. The company didn’t offer to pay for any sort of credit monitoring service to help ensure the information it lost isn’t used in identity-theft ruses against its users.

[…]

Sony’s advisory on Tuesday means that the company was likely storing passwords, credit card numbers, expiration dates, and other sensitive information unhashed and unencrypted on its servers. Sony didn’t say if its website complied with data-security standards established by the Payment Card Industry.

[…]

http://www.theregister.co.uk/2011/04/26/sony_playstation_network_security_breach/

And there you have it.

Even a giant company like SONY, with talented and highly skilled software developers can make mistakes that can lead to data being copied. Take a look at this video to see the following:

The type of people who are hacking the PlayStation
Their motivation
Their non criminal personalities
A small taste of their culture

Clearly these people are not evil. Its clear that these people are not the sort to copy the personal data of millions of people for profit.

Who knows what the motivations of the people who copied the SONY data were. Hopefully it was a benevolent person who just wants to hurt SONY in public for ruthlessly and pointlessly attacking GeoHot, and not an actual criminal who wants to help other criminals hurt people. Who knows?

What we do know is that all databases can be breached, and there is no such thing as a ‘secure database’. They can be breached either from the outside or from inside, and once its done its done forever, and cannot be undone.

Which brings us to the matter of the Census.

We were told a story of a family that received THREE census forms. This happened because they had moved house and had been on holiday during the time of Census. Since forms were sent to all three places that they had been staying, they collected THREE FORMS to fill out, and have been advised that they must fill them ALL out.

Astonishing and stupid in equal measure, but quite apart from that, who in their right mind would fill out a Census form, in the light of everything people must know not only about databases, but about the State and its inability to keep anything safe? Add to this, the insult of the nasty company who got the contract to run the data collection, and you have an undoable proposition.

I gives me great pleasure to see that in fact, seven million of them according to one person, have the right idea:

Only a complete, walking dead, pure sheeple imbecile fills out a census form, especially this particular one, which by all accounts will be the last one.

In spite of all of this, the missing DVDRs full of personal data, this SONY breach, and all the other data losses, we STILL have mentally retarded people calling for ‘Son of ContactPoint’ as a cure to some problem. It beggars belief.

Finally, back to the SONY breach.

If SONY and the other companies that made telephones and consoles respected the property rights of the people who buy their products, breaches like this would be less likely.

If you buy something, you own it. You have the right to destroy it, sell it or modify it. This is an absolute right that is not negotiable, and the people who jailbreak their iPhones and who modify their consoles are doing nothing immoral. The people who sell mod chips and who write jailbreaking software are exercising their own property rights, and no one has the right to stop them from sharing or selling their work.

The sooner these companies cease their ‘one rule for us and another for everyone else’ behaviour the better. Property rights exist for everyone, not just SONY and Apple. If their business models cannot work in the real world, then its the business model that has to change, and it is entirely wrong of them to try and change the world through the state and its violent coercion so that their business models can succeed.

Automatic Touch

Sunday, April 10th, 2011