In case you haven’t been paying attention, Sony is having some serious problems lately. Ever since the GeoHotz incident a year ago, hackers have made Sony enemy numero uno, and the fact that PSN is just now getting back up is an indication of how far they’re taking things. A few days ago, the supposed perpetrator of the hacks, a Twitter account user by the name of LulzSec, said that there would be another attack soon – and he delivered.
According to LulzSec, they (allegedly) successfully hacked into SonyPictures.com and made off with over a million users’ personal information, such as passwords, e-mail addresses, names and such. They claimed that they could’ve got more, but lacked the resources to do so.
LulzSec justified the attack, saying that they were trying to prove a point in regards to Sony’s ineffectiveness at keeping information safe. They said that all the information that they gathered, which they posted online, was gained through a simple SQL injection, and that the information was not encrypted, making it incredibly easy for them to get it. They wanted to prove that people shouldn’t trust Sony with their information, and finished by saying “they were asking for it”.
While their beliefs certainly don’t justify their actions, they seem to have a point. Sony has proved time and again that they’re having problems with keeping information safe, and the number of gamers losing faith in Sony seems to show for it. How can Sony come back from this?
One possible idea is to get help from someone who knows the hacker mindset inside and out. In other words, another hacker. Former hacker Gregory Evans said that Sony’s security would constantly be at risk so long as they hired people who didn’t know what they were doing. He said that hiring IT graduates who had no experience was just asking for trouble, and compared the company’s fight against hackers to an army infantry versus the Navy SEALS.
Evans said that by hiring hackers, who had experience with getting past security systems, the systems could be fortified properly against other attacks – recommending that Sony, as well as a number of other high-profile companies employ the approach. Evans also claims that many company hacks don’t even get reported – to prevent any bad publicity (which is just adding to the problem).
What do you think? Does Evans have a point with regards to bringing in hackers to fight hackers? Is LulzSec right in that Sony is ineffective at keeping information safe?
Leave any thoughts you may have in the comments below.
Source: LulzSec & Industry Gamers