Sony’s Troubles Could be Their Own Doing
Drinking my Caffé Nero Iced Latte this afternoon, an amusing piece of speculation floated through my mind. It’s possible Sony’s security haemorrhage is all due to them upsetting customers in the name of making “a more secure system”.
Back in January last year a scamp by the name of GeoHotz claimed to have hacked the PS3. Three months later, Sony removed the Other OS feature from the system in what many agree was a bit of a dick move.
Fast-forward to the start of this year and once again GeoHotz (and friends) are saying they’ve hacked the PS3 wide open, wider than previously though possible and are now running custom code on the device. This, they claim, is in direct response to the removal of the Other OS feature. They were promptly set upon by Sony’s lawyers.
Unlike the last time the team claimed they’d hacked the PS3, now they had the private keys needed to properly run unlicensed software on the device. Those keys soon became public and anyone with the skills necessary could run home-brew on the console.
If rumours are to be believed, this most recent hack of the PlayStation Network started when some nefarious ne’er-do-wells hacked their PS3s to upgrade their standard consumer models to appear to be developer units. Dev units are seen as more trustworthy by Sony’s network and as such, so the theory goes, the hackers could use their increased access to eventually steal your mother’s maiden name, among other things.
It amuses me (keep in mind I’m somebody who chuckles at despair in cartoons) to think there’s a possibility that this hack came about, or was in some way helped, by grey-hat hackers angered by Sony acting in their own (and not their customers’) best interest.
Obviously for a security breach this large to have occurred there must have been a whole lot wrong with the system regardless, and it was likely only a matter of time for something of this scale to happen, but still; it has a certain poetic and ironic ring to it that Sony shot themselves in the foot, all in the name of self preservation.
You can follow the story of Sony’s downtime as it develops over on our Live Report.
Eh. Interesting supposition, but considering Sony’s rationale that they removed other OS because “home brew enthusiasts” were using it to hack the PS3, I find it not all together unlikely that this would have happened regardless. But by they same token, Sony deserves all the hell they are catching now, for not having the basic sense to encrypt basic customer data. Is it a silver bullet? No, but it’s the difference of hacker filth having the data immediately versus potentially years from now if it was strong encryption.
Removing other OS was a dick move, but faced with removing a feature probably used by less than 3% of users at the time they killed it, but I can understand trying to head off PSP scale casual piracy.
While we are at it, let’s also put the blame on the girls getting raped for dressing like whores. Because that is the same logic.
@ParaParaKing: It isn’t. It’s not even close. I don’t want to pull any western sensibility bullshit like “oooh that’s offensive and I’m offended” but that’s callous.
Personally, I’m happy to see hackers taking on the PS3 after the reductive decisions Sony have been making. Karma is nice. I’m less happy at the thought of people’s details being compromised, though I don’t believe hackers are in this for money.
@Daniel Corrigan: Personally, I’m not happy with hackers (or cyber terrorists) making things worse for everyone involved.
Breaking the law seems like a fun pastime for people on the internet. It’s all fun if they are not in it for the money. And I guess there are also people out there, that are happy to see raped girls “getting what they deserved”.
@ParaParaKing: Do you care about how fucking stupid you sound by comparing hackers to rapists? Do you have any idea how callous it is to compare the massive emotional trauma and personal invasion caused by rape to a bunch of people who have discovered a security flaw in a gaming service?
This act may have effects. They may be positive effects or they may be negative effects. That is what I will respond to. Currently, the negative effects are:
1. that some people will have to order new cards, which is a minor inconvenience given that you have card in the first place.
2. that employees at Sony will have to go through some stress; while my heart goes out to them as they deal with this, they are being paid for their work, so this comes out of Sony’s pocket.
3. the drop in share prices, which I think of as karma for any rise they got in removing the extra OS feature.
Now you justify how any of those negative effects even come close to the personal destruction caused by rape. Or perhaps stop talking like an asshole.
@Daniel Corrigan: I am not saying whether rapists or hackers are worse, but I am saying that people saying it was Sony’s fault they got hacked are on the same level as people who claim girls get raped because of their clothing. At least for me.
Also this isn’t just a buch of people discovering a security flaw in a gaming service, this is identity and credit card theft. And I reserve my right to act like an asshole to people who think it is not a big deal (which it is!) or to people who always pull out the “think about the poor victims” card when it comes to rape.
@ParaParaKing: It is not like that at all. If you want to use the sex analogy, then it is more akin to a brothel that offered a membership, including blowjobs for free. Then, after a couple of years, the brothel decides to stop offering blowies as part of the service because the clientèle are using them as a cheap alternative to sex. Then the customers privately coerce the prostitutes into giving them blowies outside of business hours, so the brothel takes the customers to court for damages. Then the customers break into the brothel by using fabricated versions of the caretakers keys for reasons unknown. At which point the mistress of the brothel says to the customers “we’re going to need to shut down for a week while we change our locks. Oh and they may have had access to your details, so you might want to be careful they don’t tell your wives.”
Rape would be closer to someone breaking into a PS3-owners house and forcing them to play a copy of Lair on it. Then you could compare it to “well it’s their fault for buying a PS3 at launch”.
Also, we don’t yet have evidence to prove that this is identity theft. When it becomes identity theft, I will be appropriately outraged. Also also, I never mentioned the “poor victims” so you’re either arguing with a strawman or you’re just not paying attention. The problem is that you’re comparing a sensible and well thought out hypothesis to a state of borderline psychosis. You sound like a callous asshole.
@Daniel Corrigan: I’m still not comparing the severity of the crimes.
And you keep on the assumption, that this is clearly connected to the hacking of PS3s, which is unlikely. Hacking a console and hacking a security network are two different things. And even if they are connected removing other OS does not give anyone the right to steal and likley sell the private data of 70 million users.
Although you didn’t mention the “poor victims”, you do keep on mentioning the “emotional trauma” and “borderline psychosis” of them.
Also if you seriously want to tell me, that the Other OS function can be compared to blowjobs, I do not see any point in arguing with you anymore.
@ParaParaKing: Yeah, alright. If you’re not going to pay any attention then we’re done here.