Is anyone else as confused as I am with what's happening with the Sony Playstation network hack?
It seemed to go something like this:
April 24 - Sony: the Playstation network has been breached. Passwords, addresses and other account information has been stolen. Your credit cards may be OK, though.
April 25 - Everybody else: Really? Didn't you encrypt this stuff? Because I've been noticing some charges on my bill...
April 28 - Sony: Your credit cards are safe. We encrypted the credit card database, so that's not possible, even if they did get the database.
April 28 - Everybody else: Well, that's a relief, but why were the passwords stored in cleartext rather than a hash?
April 30 - Hackers: Hey, who wants a credit card database? Slightly used.
May 2 - Sony: Also, we used hash browns for your passwords and triple ROT-26 and Caesar Romero filtering and... please come back. We totally did security right, and we want you to stay.
From what I see here, I'm left with three options:
- Sony hopes that their PR can travel back in time and change what security they actually had on their network.
- Sony is making shit up about their network in hopes that no one will notice when they actually perform the inevitable audit that everything they said was a complete lie.
- Sony, a Fortune global 100 company, has no clue what security they actually use on their network.
None of these are attractive options.
Also, Sony says that Anonymous is responsible for the attack. I'll start believing that Real Soon Now.
comments powered by