Kavachi:

Misho-:
Snip

ITT: People completely missing the point.
The reason why people are mad at Sony is NOT because they got hacked, but because Sony has taken a vow to protect your personal info that you gave them so you could buy their goods. However now that that information is with the hackers, Sony has broken that vow. This is why people are mad at Sony. Hackers are still bad and all, but Sony is also a bad guy here.

Serious question: ITT? Internet Troll... Trolling? or what is it? Can you please explain?

Also I guess I can understand your logic, they are the bad guys because they were robbed of the information they had to protect.

So a bank teller is the bad guy when robbed point-blank because he failed to protect the money that was under his/her care?

Ok I guess I can understand it. But not really. Look, I don't mean to sound rude and all but it's my point of view on the matter.
For me #1: GeoHotz was wrong... He had all the right to hack his PS3 but not post the system root key online because that's Sony's intellectual property.
#2: We (PSN users) are the victims of the PSN hack, not Sony. But they are not responsible. The hackers who perpetrated the robbery are.
#3: Sony has been doing a lot from my point of view as an outsider. We know next to nothing about the exact details about the hack that took place. And yet everyone is talking like they're experts.

Still this is the Internet, everyone blurts out their opinions as facts (Such as I'm doing now).

Misho-:

bojac6:

Misho-:
Snip

I don't understand what you're trying to argue here. If we replace Sony with any other company, everyone would react exactly the same? Yes, I think they would. I think we'd make fun of any company that react to a security breach the way Sony did. And, frankly, if Bank of America took a week to notify customers that credit card information had been stolen, they'd be in front of a Grand Jury by the end of the month, forget a silly class action suit.

Lol about that last bit. Yeah basically that was my point but I guess we should really look into the story with what we have instead of speculating... From what I read, it took around 6-7 days for Sony to understand first of all: "What had happened" second after learning that they had a breach: "What went wrong" and then learning that it was a information robbery: "What was stolen".

Maybe 6-7 days is too long but to be honest I'm not a security expert. I don't really know how long it would take me to know what exactly happened, if I ever find out what transpired.

A multimillion company has a lot more advantages but it doesn't make them the best... Maybe they had multiple layers of information to go through to see what was really compromised... Unless we have the... say... transcript hour per hour, day by day of their process learning exactly how long it took for them to know what had happened I'm willing to give them the benefit of the doubt.

Also before I forget. You have to confirm what truly happened... If you go 1 hour after shutting down the PSN and say (without any proof, clues or facts): "Hey, all your info is compromised. Cancel your CCs just to be safe" And then it turns out nothing really happened a lot of people would be pissed off. With good reason... But anyway that's my view.

While I agree with the gist, I think in execution, Sony did it poorly. Let's assume that Sony has the best security in the world, and let us assume that the fastest anyone can verify an intrusion of this magnitude is a week. Basically, we remove any technical fault of Sony's. So, they discover the breach in the fastest possible time, investigate the breach in the fastest and most thorough manner, and know exactly what was taken in the shortest amount of time. Once they collect all of this data, they announce it to their customers.

The question then becomes, is this method of security good enough? Technically, it's perfect, but is that enough? I would say no. And here's why. A lot can happen in a week. By the end of a week, your credit card could be maxed out. It could be used in a way that gets you into trouble (buying explosives, for instance). If I wanted to kill someone, having a stolen credit card would be a great way to get the weapon. And most people do not check their statement daily, or even weekly.

So Sony customers went a week without any official announcement that there was a possibility of credit card theft. Would an announcement "We have suffered a security breach and are investigating it. Please be aware of the following concerns until we fully investigate the issue and determine what was stolen" at the beginning have been that bad for Sony? It would have alerted the public of a possibility, maybe started some outcry, and then people would pay attention to their credit reports. Then, after the investigation is complete, the final verdict on keep or cancel your card can be made.

The only reason not to make this announcement is PR. Sony hopes to discover that there was no serious theft, so after a week they can say "We suffered a breach, but our security held" and everyone thinks "good for them." But instead its, "We didn't tell you a week ago, but your credit card has been compromised" and it's a disaster.

The better method would be mine. You make the early announcement, people get wary and there is some shaken confidence. Then, a week later, either A. you find out it is the worst case scenario and everyone goes "Yeah, I sorta figured this was coming. At least I was able to prepare for it" or B. you find out that nothing too bad happened and everyone thinks "Oh, that's awesome, good security there."

The point is, Sony once again showed that they don't trust their consumers. Sony left them in the dark about important issues in order to protect Sony's image, and it backfired. Sure, crackers are at fault for the incident. But Sony's mishandling of the situation and serious risk they put their customers in is their own fault. Even assuming that they had a perfect security system, which I rather doubt.

bojac6:

Misho-:

bojac6:

Snip

Snip

Snip

Sorry for cutting out all the other info, but yeah. Even tho we don't agree exactly in all the details I agree with you about what should have happened. Still I don't know personally if it took Sony 6-7 days to find out everything that happened or if they witheld the info. So I don't want to make assumptions and pass them off as facts. (As many do)

You sir (or ma'am) are correct in many points. Still Sony was screwed since it was hacked. It's a no win situation.