The article, and even the sources, seems to get the issues backwards, when arguing that the availability of the PSN vs. an online banking site makes it more vulnerable, and then goes on to talk about authentication measures.
If your password is "pwnd" on PSN, you expect no sympathy if your account is compromised, also it very likely matters quite little (also, you can very rarely read your credit card details back from a compromised account). No so for your bank account, so the bank enforces obnoxious security on you.
But this isn't what happened, this attack didn't go through the front end. PSN could have required fingerprints on every login, and they would have been no more safe for it.
Ah well, the same thing all over again. The hacker/cracker distinction is sadly never going to be mitigated, and the press doesn't know/care enough to change the way they report these things. The words hacker and cyber criminal are used interchangeably in this article (and just about any article on this topic). Sad, particularly for those of us who happen to be reading Hacker News.
Everyone really needs to get over this point. No news organization was ever going to use the word cracker. I could see the headline now, "Two Crackers Attack Bank." That wouldn't go over well.
A problem is that "hacker" is a good, short word. Descriptive competing phrases like "cyber criminal" are clumsy by comparison, and "cracker" is just equally good and short.
At least the French, by refusing to use English words, have found a much more interesting phrase for it: pirate informatique
To be fair, the people who the media call hackers also call themselves hackers. Language is defined by how we use it, not necessarily the way the person who originally coined the terms wanted.
Also, to me, crackers are people who break copy protection and other DRM systems.
This problem started in the 80s, if not earlier. The original MIT "hacker" definition morphed into a definition used by the medial and the public to refer to the cyber criminals of the time. And along with this evolution in the definition came people lamenting the change and railing against the media.
Flash forward three decades and hackers are still using a term to mean one thing while the media and the public are still firmly entrenched in the cyber criminal definition.
Now, which definition was in use by the media when Hacker News was born?
I kind of disagree. I think PSN actually was attacked by "hackers" (this term still works, even in context of how it's used in this community). They had to be good at what they do to figure out how to get into PSN and steal that data. However, what I agree is wrong is that the media makes all "hackers" out to be folks with similar intentions. Just because you are a "hacker" doesn't mean you want to steal everyone's data -- even if you are able.
> "Your online banking site is much more sophisticated."
> A bank would usually use two-factor authentication, where you've not just got a password.
Your bank is secure because they keep their network patched and do secure coding, not because they use 2 factor authentication. PSN would get hacked even if they were using 234 factor authentication.
> The hack, which has led to the network being unavailable for over a week, has left observers wondering if a company as vast and seemingly advanced as Sony can get hit, who out there is safe?
Thank you, Dave Lee, for revealing early on in the article that you don't understand the subject matter and that the article won't be worth reading.
I think we've seen enough to conclude that it's hopeless to think that all the entities that possess personal information are going to succeed in keeping it secure. Either through negligence or simple error, disclosures are going to happen and are going to continue to happen.
What we need to do is change our systems so that mere information is not enough to successfully "steal" an identity. I should be able to disclose my name, birthdate, SSN, mother's maiden name, and anything else to anyone without worry that it can be used to steal my identity. Now, I'm not sure how or if that can be done, but it seems to me that the current approach of trying to store the water in a sieve is never going to work.
This is a problem, too many unqualified tech journalist working for notable newspaper, writing in ignorance about technology and tech culture. And these newspaper don't hire a tech editor to fact check, the fact being (old news) Sony ran unpatched/obsolete Apache with a notorious security flaw.
Most comments seem to miss the point of the article that "data minimisation" or data avoidance is the most efficient security measure. What do you think of that?
[+] [-] mseebach|15 years ago|reply
If your password is "pwnd" on PSN, you expect no sympathy if your account is compromised, also it very likely matters quite little (also, you can very rarely read your credit card details back from a compromised account). No so for your bank account, so the bank enforces obnoxious security on you.
But this isn't what happened, this attack didn't go through the front end. PSN could have required fingerprints on every login, and they would have been no more safe for it.
[+] [-] fredoliveira|15 years ago|reply
[+] [-] adestefan|15 years ago|reply
[+] [-] Deestan|15 years ago|reply
At least the French, by refusing to use English words, have found a much more interesting phrase for it: pirate informatique
http://www.proz.com/kudoz/english_to_french/medical_general/...
[+] [-] zith|15 years ago|reply
Also, to me, crackers are people who break copy protection and other DRM systems.
[+] [-] JacobAldridge|15 years ago|reply
(Note - not an otherwise Hacker related link)
[+] [-] kovar|15 years ago|reply
Flash forward three decades and hackers are still using a term to mean one thing while the media and the public are still firmly entrenched in the cyber criminal definition.
Now, which definition was in use by the media when Hacker News was born?
[+] [-] buckwild|15 years ago|reply
[+] [-] fmavituna|15 years ago|reply
Your bank is secure because they keep their network patched and do secure coding, not because they use 2 factor authentication. PSN would get hacked even if they were using 234 factor authentication.
[+] [-] mseebach|15 years ago|reply
Probably not, but mostly because nobody would be using them then, so there'd be no data to steal :)
[+] [-] kovar|15 years ago|reply
[+] [-] ropers|15 years ago|reply
Thank you, Dave Lee, for revealing early on in the article that you don't understand the subject matter and that the article won't be worth reading.
[+] [-] ams6110|15 years ago|reply
What we need to do is change our systems so that mere information is not enough to successfully "steal" an identity. I should be able to disclose my name, birthdate, SSN, mother's maiden name, and anything else to anyone without worry that it can be used to steal my identity. Now, I'm not sure how or if that can be done, but it seems to me that the current approach of trying to store the water in a sieve is never going to work.
[+] [-] inkaudio|15 years ago|reply
[+] [-] naner|15 years ago|reply
[+] [-] codeup|15 years ago|reply