Sometimes you just gotta sit back and say...............WTF?...Nah...that don't work. Duh maybe....nope. That's a given. Maybe......oh well...seems about right but what it really comes down to is this. 

Wake The F*** up Sony...what's wrong with you...sheesh!

It's about time Governments put in place robust penalties for not looking after personal information. Maybe then they will start taking it serious.

"It turns out that these accounts weren’t even encrypted!"  DOH!!! 

Maybe they went the Apple way...Oh no...we're not vulnerable. BAM!

There's a very good article about what you should do if you're the victim of a data breach:

http://www.pcworld.com/businesscenter/article/229301/are_you_a_data_breach_victim_heres_what_to_do.html#tk.fv_rel

1. Change your passwords.

2. Be on the alert for Phishing attempts, malicious e-mail, and snail mail.

3. Keep a close eye on your financial statements.

4. Put a fraud alert on your credit report (very important).

Punish the victim, is what you mean.

That's just brilliant.

By the way, Islam follows a similar philosophy when its in regards to rape of the female.

Much needs to be defined and clarified should we wish to punish the victims.

-.-

hang him up by the short and curly's using a brick and then dangle him from a bridge and let the priahna's  have a nibble or 2

No, you just don't get it. The penalties would actually help, because core of these problems are managers who think security is an afterthought and waste of money and resources. I am a sysadmin, I know what I talk about. Only when you show these suits that data security of their customer is their problem, that will cost them dearly if neglected, only then they will allocate sufficient resources that will actually allow improvement. Banks are the same crap, when I wanted to discuss authentication schemes with my bank, they could not even get me anyone half competent ("no, lady, password change actually does not help.... duh!")

Therefore, Sony should be punished for it, and hard. In the core of the problem, there is bound to be some overpaid clown suit who has great social, powerpoint and meeting skills, but who is clueless otherwise about priorities.

And please stop using stupid, irrelevant evil empire analogies, it invalidates every argument automatically - before it was "you are like Hitler", now Islam.

Yes.  Penalizing the victim does help tremendously.  We agree.  I did say it was brilliant (.....sigh!), didn't I?

My input referencing Islam was as an example I tried to make regarding their position on how there is a huge cost in neglecting the security/protection of 'private' female property.  In fact, part of the reason why Islamic females are required to wear a the burka is to do just that -- to keep their private property, well, private; only for their husband's eye/pleasure.  Of course the assaulting individual gets punished to some extent, but the female receives, in many cases, lashing and imprisonment or, depending on how you look at things...worse.  Fitting punishment for the careless female?  Well, if penalizing would help, then like what I had stated previously:  "much needs to be defined and clarified should we wish to punish the victims."

I agree with you there too.  Banks are crap-ish; their very existence is a threat to all humanity, not just the personal monetary debt we create for them.

I'm not sure what we're disagreeing on.  It seems we both are on the same page on many things you mentioned.....except with the Hitler/evil empire comment.  Hitler, though I've never mentioned him in my posts, was never "evil" and empires are never sovereign so they can not possibly determine their own outcomes, effects, etc.  Hitler, for example, was an "employee", which implies that there was/is an employer.....   got bank?

Well, look.  Just because you don't understand something, doesn't mean it's invalid.  Maybe just your actual understanding of the thing is...well..., invalid.

Can I get an Amen (Ra)?

-.-

Let's keep religion out of this.

Who's the victim? The people whose info was stole. Not SONY. SONY was negligent.

*sigh* ... its been a long night

Yes, let's.

What is needed is appropriate penalties for the criminal, not the inept OR the victim.

The hackers need to be dissuaded from repetition...if that means execution then I'll pay for the bullet/s gladly.

Don't blame Sony OR their hapless customers.

There is only ONE arsehole in this picture.

JB,

Your primary identity is not the same as the identity assigned to you by the state.

The identity given to you by the state is the identity that replaces your primary identity.  It is this 2nd identity that the state uses to log your production of debt.  THAT is the primary and single function of that 2nd identity.

If your Social Security Number is stolen and used, then if we follow the same logic with Sony, then it is the federal government that is negligent because that number is their property to begin with, and if that stolen identity is used without the state's knowledge, then how can we place blame on the primary representative of that identity (e.g. you) or the third parties who logs this state identity (e.g. Sony)?

It is property of the state, therefore the state is negligent.

-.-

What we're seeing happen here with Sony is something technology companies - particuarly game companies - assume wasn't going to happen: large scale backlash.

Sony let loose its legal hounds on the PS3 cracker Geo-hotz, and attempted to make a well documented example of him for allowing people to modify the PS3.  Instead, Sony is being made the example of by people who treat freedom of information quite seriously.  Companies are quite literally removing people's rights to their own property, and are laughing all the way to the bank - while screaming they're the victims of piracy!

I have little sympathy for Sony to be quite frank.  They'll learn from this mistake, however as the multi-level breaches of their multi-sever global networks continue to show, Sony thought it could do whatever it wanted.  Spend zero money on security and spend quite literally hundreds of millions on lawyers, and you'll laugh all the way to bank.
When Sony launched the PS3, they boldly claimed they could sell it at US$1,000.00 with no games and it would still sell a million units in it's first month.  They were made the laughing stock of the industry when the PS3 and all it's powerhouse glory were left in the dust by Nintendo's Waggle machine.  They've gone back on their "open OS" promise, and have been vocal in their attempts to prevent any and all attempts to modify their consoles.

Sony are arrogant, and now they're paying the price for thinking they could do whatever they wanted with no repercussions.  The cost of these multiple breaches is approaching the US$250,000,000.00 mark for Sony.  The PR damage is intense, and has already cost them quite significantly thanks to the PSN's blackout.

I don't usually agree with these types of actions, however I can't say I'm against what's happening here.  Customers are being pushed into a corner and being left with little to no rights, no protection and yet expected to pay more than top dollar for the things we enjoy.  It's about time someone pushed back.

How long before we see these types of attacks elsewhere?

The way I understand it is that certain/various groups are incensed and targeting Sony due to its method of doing business and forcing users to constantly update their PS3's so they lose control over what content they can play on their machines. The forced updates take away a users ability to play burnt games/movies/music, and many users are up in arms about it, saying that their burnt copies are merely to protect the original media and are taken from legitimate purchases they made.

I don't know about any of that and I don't care, but I know that my son is totally pissed off with Sony right now. His very first PS3 was backwards compatible with PS1 and PS2 games, but it was returned as faulty and when his replacement arrived it was NOT backwards compatible, meaning all his earlier games were now useless.

Okay, so he sucked it up and bought some PS3 games, but that did not end his woes.  Despite not connecting his unit to the internet in over 12 months Sony still got him with forced updates anyway.  That's right, he bought and inserted a very recent game, it performed the forced updates and now  he cannot connect his Laser MP3 player as before to play [perfectly legit] music or transfer it to the PS3's internal HDD.  The PS3 no longer recognises his MP3 device, suggesting that Sony is now limiting users to connecting only Sony products to PS3's.

For me, Sony lost my custom when they came up with that rootkit idea and compromised millions of PC's worldwide.  Besides, Sony products lost that quality of its yesteryear and I much prefer LG or Samsung these days anyhow.  No, they don't do game consoles, but I don't want or need one.  Got a PC if and when I want to play games...

You outta be in Healthcare IT in the US.

The healthcare providers are responsible for the security of patient health information and there are SERVERE penalties involved if data is comprimised.

As a matter of fact, by 2013 patients will have the right to see exactly who has accessed their information and for what purpose. Similar to a free credit report.

This is putting one hell of a burden on we in I.T.