Friday, 29 April 2011

Sony PSN Hack: Leave GeoHot out of it

So I wandered by Geohot's latest place of residence today. I thought his posting was very well written and very nicely defined his stance. His work on opening up homebrew software on the PS3 was not aimed at enabling piracy, and he does not support or condone the PSN hack in any way. Despite this, he is flooded by comments blaming him either directly or indirectly for the hack. The level of ignorance in this matter is astounding. After two decades on the internet, you'd think I would not be surprised at this point, but I still am. I suppose i just can't shake this pesky hope in humanity.

I want to lay this out in terms that, hopefully, even the dumbest internet denizen can understand:

  1. George Hotz , Fail0verflow and any other Homebrewers did not support this attack. Their work was aimed to restore functionality that was stripped away from devices that they had bought specifically for that functionality. I wonder how many people would have bought a 360 instead of a PS3 if Sony hadn't advertised the OtherOS functionality. It was certainly one of the reasons I bought my first PS3. George hotz and these others did not perpetrate this attack
  2. There is no evidence that this attack even had anything to do with the homebrew console debate. Consider the following. 
  • If this was about revenge or embarrassing Sony, the attack would need to be public as quickly as possible to try and prevent Sony from sweeping it under the rug. 
  • Nobody has come forward to take responsibility for the breach. Instead the information leaked out from Sony inevitably as they shut down their own service to get a handle on the Incident.
  • The breach targeted customer data including PII(Personally Identifiable Information) and potentially Credit Card Data. These are high value targets monetarily
  • The above mentioned lack of disclosure/credit taking is more indicative of someone looking to steal this data and sell it for profit
  • Some will try to argue that the attacker could have expected Sony to disclose the breach but that has two huge gaping holes. First, if Sony's security was poor enough to let the breach happen in the first place, why should there be any expectation that they have proper safeguards in place to alert them to the breach. They obviously believed they had no reason to ever expect an attack like this. Secondly, why assume Sony would even admit to the breach. Plenty of companies suffer these kinds of breaches and do not report them. It happens a lot more than you might think.

The point is, that there is no evidence to support the idea that this has anything to do with the home brew console debate. In fact the little bit of evidence we have so far points to a common data theft. To all of you people who are jumping on anonymous or any other media buzz right now, do some reading. these sorts of breaches happen all the time. This breach was essentially inevitable as long as Sony failed to correct the security flaws in their system. If you want somebody to blame you have two parties to go after: Sony, and the people who actually stole your data. Plenty of blame to go around, you can leave GeoHot out of it.

No comments:

Post a comment