Jafo, if "law" were that easy, there would be no need for attorneys or judges.  I don't know how things are in Australia, but in the US, a person CAN break into an unlocked building, and if they slip on a wet floor while in the unlocked building, they can sue the building owner for negligence (in civil court).  The same can be said if the building was locked.  And as far as things being OK to rape...well, there are some states in the US where it's OK to do that, if the victim is dressed inappropriately.

I know you would LIKE the world to be black and white, and all people to perceive things the way you see them, but it's simply not that way, and what The_Monk said is 100% spot on!  Sony made themselves a target.  It's not against the law to make yourself a target, but it doesn't make a lot of business sense to do it, and that's what Sony is finding out.  Being hit, when you make yourself a target, doesn't mean that you're a criminal, and the person/persons who hit you ARE criminals, but you still, as a business interest, need to take care of your customers and by not putting as much concern into your customers as you do about your product means you may be hit with law suits because you were negligent with their data.

Now this I have a problem with. I don't know of any state that would condone 'rape' whether or not the person is dressed inappropriately. Rape is an offense against the individual. A serious violation of that person's civil liberties not to mention a heinous crime. Please tell me where such a thing is allowed.

Colorado http://www.huffingtonpost.com/2010/10/12/ken-buck-refused-rape-victim-case-audio_n_758890.html

Toronto: http://www.msnbc.msn.com/id/42927752/ns/us_news-life/t/cops-rape-comment-sparks-wave-slutwalks/

Yes, same here....but in BOTH places the act of trespass is still a crime.   The ability to sue needs to be revoked, however if/when it can be demonstrated reasonable effort was made on the part of the property owner to exclude a person from potential injury...ie the actual LOCKS in place.

Ah....the US is such an enlightened country. ...

Your example is a story about a Ken Buck? No, dear. He was put to ridicule because of his refusal to prosecute. It is NOT ok to rape in that state.

That's another example of case law? What are you talking about??? A Canadian cop's remark?

OK.. doc says the world is flat.

Now you can go murder someone. Use that sentence as your excuse.

In the USA, you can sue for any reason. You won't win, though. In fact, if someone is negligent, and that CAUSES damage, then a suit is justified. That's a far cry from what you're asserting: "A guy pushes someone under a bus. Therefore, he can sue the bus driver." WRONG. He will have it tossed out.

Your examples, and the_Monk's are off, because if a company cannot guard the data, they have no business keeping it. If a person is hurt as a result:

1. The one CAUSING the damage is directly responsible criminally and civilly. (the hacker)

2. The one holding the data insecurely has cotributory negligence (the degree of which is set CIVILLY by a jury and a Judge can negate, affirm or change it). 

That crap works in Sweden as well!

Do you really mean rape as in normal peoples version of it or the courts technical version?   Cause in Sweden those terms are changing (being corrupted) so you can't be sure.

Got that right!   They piss off people and are now paying the price for it!   It's good in the way that people will go back to PCs since they can't pirate anymore on consoles and I believe they'll buy atleast SOME games on the PC.

But....there's ONE thing wrong with the statement that it doesn't do much business sense to make yourselves a target.

How do you explain bobby kotick???

What example of mine?  Maybe try quoting me next time so you can accurately address something/anything I say instead of lumping my point (totally different) together with someone else?

I stated that if someone wants in (badly enough)........they're going to get in.  My point was refuting the "horror expressed" at the fact that things weren't even encrypted!  Oh my.....so there was no encryption......you think encryption would have changed anything in this TARGETED ATTACK other than making the whole thing take longer?  Seriously, encrypted things always need to be able to be decrypted.......through that nature alone they will never be "safe".

The point of my entire post revolved around "if you become a target (for whatever reason) then you're screwed".

Not necessary to have an example for such a statement.  We all know it's true/fact.

Yeah, the rootkit debacle did it for me, but my son has done nothing illegal with regard to piracy - his tunes were purchased via emusic - yet Sony treat him as one by making his MP3 player non-compatible via an update he didn't want.  That, to me, is no better than home invasion because Sony used covert means to invade his PS3 console... they entered without consent.

I agree 100%  If a hacker is dead set determined to get in, I guess it's going to be near impossible to keep him out at the end of the day, but Sony still has an obligation to its customers to make their information as safe as it possibly can be.  Failing to apply encryption is negligent to say the least... criminal, even.

That's just it, my son never plays online and does not have an account with Sony for anything.  The forced update that changed his user experience was encoded into the disc of a new game he'd purchased.  I won't repeat his reaction to it for fear of Jafo sitting me in the corner for a while for the extreme use of expletives.  Anyway his PS3 is never, ever connected to the net so his details being hacked should not be of concern.

                          .......................................................................................................................................................

Um, I only repeated what I had heard, orright?   Regardless of Sony's actions  I do not advocate what these hackers have done and it is not gleefully delightful in any way shape or form.  Let's just say the hackers got hacked [and don't say it can't happen] by more malevolent hackers who are just out to get rich quick off others credit card details, then the victims of Sony's inept, inadequate security measures are hit with a double whammy, aren't they?  Not only are their personal details in the hands of unauthorised persons, their hard earned is also in the hands of others who were not intended to receive it.  Tell me how that is gleefully delightful!

Right on, Doc!  Strangely enough... and despite my Cap'n starkers alter ego, I don't advocate piracy even on the high seas.   One only has to look at what the Somali pirates are doing to see that Long John Silver [played by Jack Hawkins] and Jack Sparrow {Johnny Depp] are just romanticised characters and bear absolutely no resemblance to real life pirates whatsoever.  Aaarrrggghhhh!!!!

                          .................................................................................................................................................................

Nope, not at all.  As far as I'm concerned most big business is slimy and far too greedy to snaffle your hard earned dollar at any cost, so no, PC games would not be immune to such manipulation.  Thing is, I don't have any modern games that have all this DRM crap and other stuff encoded into them. All my games are old school [Riven and Myst, stuff from that bygone era] so I am not affected by any of it, really.... being I'm never ever tempted to go for the latest and greatest in high-end games. 

I have absolutely no patience for any DRM that interferes with the user experience, so I leave that to those gluttons for punishment who choose to negotiate it.

Sony should be to blame here too..

cause here in Kansas and Missouri

if you go outside of your house (Home) and start your car to let it warm up and go back inside and some ass hole steals it YOU ARE liable if the A-Hole runs someone over, use your car to rob a bank, etc.  So yes SONY should be just as guilty as the Hackers.

oh and it don't have to be at your home.. Ex if you leave your car running at a convenient store. etc. 

so if you do it (at home) have your spouse hit you over the head with something then call the cops to report it stolen .. ha ha

There is encryption that would require a super-cray months to decrypt, if at all. Fact - self encoding HDD's when 'violated' render themselves impervious to decryption by simply erasing their key.

You should have gone on to "2.", DisturbedComputer.... btw, it's also in the block of text quoted by starkers above.

You're wrong. Passwords should be hashed so that when you get them, they're not usable. This isn't some kind of esoteric super-bizzare requirement that only the NSA uses. It's standard industry best practice that even open-source forum software does. Second year CS students know it. There is never a valid excuse for not doing it.

And SQL Injection? Really? Again, that attack is completely preventable simply by following what has been best practice for a decade (at least!). It doesn't require fancy tools or advanced training.  Do they not have a senior developer looking over what the new guy is doing over there?

No it's not, and claiming it is doesn't make it so. While it is bordering on impossible to stop the most professional and advanced criminal operations (see Syria, or Operation Aurora against Google), these guys aren't that. You CAN stop random script kiddies who only know how to do what is #1 on the top 10 vulnerability list. These guys could have been thwarted if somebody at Sony wasn't dangerously incompetent.

What you're saying is the online equivalent of "the CIA can get into my house if they really want to, so locks on the doors are a waste of time." And that's what happened here. Sony left the front door open and a pile of gold sitting in it, and is now upset that someone stole it. That doesn't justify the criminals, but they didn't exactly put much effort into protecting themselves. If a bank left themselves open like this and lost peoples money, you wouldn't hear people going "oh that poor bank!" You'd have an army of lawyers suing for negligence to get peoples money back.

Hell, the only way this thing could have been easier to attack is if it was setup as a honeypot.

Well, hackers are useful... without them, you will not have the "Internet"... by the way, these guys are not Hackers but Crackers who is something very different...

Please, read the section "What is a hacker" at http://catb.org/~esr/faqs/hacker-howto.html#what_is ( and read more if you have time )

Well, a 40 bit key will need 0.015 millisecond ( using a cracking computer with 1800 custom processor )... a 56 bit key will take 1 second... a 64 bit key will take 4 min 16 sec... a 128 bit key will take 149745 billion years ( age of the earth is 4.54 billion years, age of the universe is 13.75 billion years )...

Now, in the case of the 128 bit key, let say that we have no limit in the processing speed... in order to simply flip through the possible values for a 128-bit symmetric key (ignoring doing the actual computing to check it) would theoretically require 2¹²⁸ − 1 bit flips on a conventional processor. If it is assumed that the calculation occurs near room temperature (~300 K) the Von Neumann-Landauer Limit ( http://en.wikipedia.org/wiki/Landauer%27s_Principle ) can be applied to estimate the energy required as  ~10¹⁸ joules, which is equivalent to consuming 30 gigawatts of power for one year... so, be sure to install your own personal nuclear power unit...

Actual computer ( Intel/AMD processor made after 2008 ) have processor who allow the use of AES 256 bit key in real time, cracking these will need 50,955,671,114,250,100,000,000,000,000,000,000,000,000,000,000,000,000 years...

So, yes, encryption can make thing more longer, a lot more longer... legit computer have the key, who make the encryption/decryption process to be real time... Cracker need to find the key, it is these process who take a lot of time... and without key, the data collected is useless...

"...that which we call a rose

By any other name would smell as sweet;..." - Romeo, Romeo and Juliet, W. Shakespeare

They are criminals. Period...

I should thank the Axis powers for WWII... it gave us Penicillin. 

What a poor way of argumenting....using possible examples and being dramatic about it....

I said that Sony getting hacked (and thus getting into trouble) is gleefully delighting because they mess with their users.