Security Expert: PSN Relaunch Should Have Had Government Approval

May 16, 2011 -

In an article in The Australian Queensland University of Technology professor Bill Caelli says that Sony should keep the PlayStation Network and other services that were compromised by hackers in April offline until governments around the world are satisfied that the company has put enough security in place to protect customers.

Caelli, who the publication calls a "security expert," thinks the Japanese government has the right idea in putting Sony's services on hold while it verifies the strength and depth of new security measures.

"Why is it that in the IT industry enterprises certify themselves?" he said, adding that the general public has "no way of assessing the assurances given by the owners of the system themselves."

Of course, it is too late to unring that bell; over the weekend Sony relaunched most of its PlayStation Network and other PS3 related services in North America and Europe.

Source: C&VG


Comments

Re: Security Expert: PSN Relaunch Should Have Had ...

The Playstation Store is not open. The only services being offered are home, trophy syncing, friends lists, and multi-player capabilities. In otherwords, there is no credt card info currently being used on PSN. I see no problem with allowing services that don't involve credit cards to run while the playstation's store's security is checked.

Maybe I'm being selfish because I want to play Portal 2 co-op :) Still, I have always used points cards with PSN, XBL, and iTunes. My e-mail and an old address and phone number are out there though, No big deal.

Re: Security Expert: PSN Relaunch Should Have Had ...

I'm of two minds on this.

I think a competent government body capable of granting security certifications is a good idea.

But on the other hand, while I can't speak for Australia, I believe all three branches of government in the States have repeatedly proven themselves to be utterly incompetent at understanding modern technology, and I'm not inclined to trust them on principle.

Now, if we're talking about using the same security standards used for US intelligence agencies, I'm all for that, but there's still the matter of recruiting security experts to audit.  Right now there are a lot more of those in private industry than in government, but there are also plenty of out-of-work engineers and IT guys who'd love an opportunity to do this kind of work.

Hell, I'd be happy to apply myself -- not that I'd claim to be an expert, but I know what salting is, which would tend to indicate I'm more competent than the guys Sony's been hiring.

Re: Security Expert: PSN Relaunch Should Have Had ...

This may be a good idea if there was such a thing as perfect protection, so the government could disallow it until one was established.

But, the reality is that there is no such thing as a perfect system, so we just have to go with the best that we can. Which is hopefully better than what we had before.

It just happens that sometimes the best isn't good enough.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Security Expert: PSN Relaunch Should Have Had ...

Is anybody actually saying Sony should have PERFECT protection?  Or even "the best"?  I think if they set the bar at "adequate" it would be a marked improvement.

There are best-practices rules agreed to throughout the security industry.  And maybe Sony was following them -- but given their track record over the past few years (music CD DRM that installs rootkits and can be circumvented by turning off Autoplay, Blu-Ray encryption cracked because keys are stored in RAM, PS3 security cracked because signatures weren't salted) I'm not inclined to give them the benefit of the doubt.

I'm not entirely sure I trust the idea of a government standards body for security at this stage, for the reasons outlined in my post below, but I think it's abundantly clear at this point that Sony shouldn't be auditing its own security.

Re: Security Expert: PSN Relaunch Should Have Had ...

Considering the remarkable number of times our own government's security has been compromised, I doubt they have any room to cast judgment.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Security Expert: PSN Relaunch Should Have Had ...

I agree that government agencies are very poor judge of security (having worked as a consultant for one, I can guarantee it), however, SONY is also a very bad judge of security (or at least, was up to now, maybe this was the wake-up call they needed). Either way, there really should be government recognized agencies that certify whether or not a business meets at least the minimum requirements. I'm no white hat, but I'm afraid if I tried my best to find a way into SONY's system, I would succeed, and I'm far from being the best at this game...

Re: Security Expert: PSN Relaunch Should Have Had ...

We agree on something. I'll be damned. Maybe the apocalypse IS coming. :3

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

 
Forgot your password?
Username :
Password :

Poll

Did Microsoft pay too much ($2.5 billion) for Minecraft developer Mojang?:

Shout box

You're not permitted to post shouts.
NeenekoAh, that old straw man. That is one of the ironies about the discussion, the whole point is showing how good people can still have problems with sexism and not realize it.09/17/2014 - 9:11pm
Andrew EisenYes, there have been a handful of op-eds suggesting that the term “gamer” has become tainted (two that I know of) but that’s the opinion of only a few. I've seen an equal number from those who disagree.09/17/2014 - 8:55pm
Andrew EisenExcept, you haven't provided a single example of a site that’s actually calling gamers a "collective of Sexist White Bigoted Basement Dwelling Manchildren."09/17/2014 - 8:55pm
TechnogeekIf you want to make the stereotype of gamers less painful, try calling people out when they do bad shit rather than handwave it away as "not all gamers". Even if it is a few bad apples, that'll still more than enough to spoil the barrel.09/17/2014 - 8:53pm
quiknkoldI'm not going to Sell Gamergate anymore. It can sell itself. But I will sell the integrity of the Gamer. That we are still good people, who create and donate to charitys, Who engage with those around us and just want to have a good time.09/17/2014 - 7:35pm
quiknkoldpeople should not be harrassed and punished for the actions of a few. I've always welcomed and accepted everybody who wanted to join in. Who wanted to make them, or play them. I love good strong female protagonists, and want more.09/17/2014 - 7:35pm
quiknkoldOne of the tennants of Gamergate is to stand up against Harrassment. That Gamers arent like those assholes. We can argue for days if the Sexism or Antifeminism or corruption is there or not, But the one thing I believe in and wear on my sleave is that09/17/2014 - 7:35pm
quiknkoldBut there were these websites, attacking me and people like me, for the actions of a few. and then others joined in on Twitter and other places. there was a hashtag that said "explain in 4 words a gamer" and it made me sick.09/17/2014 - 7:35pm
quiknkoldManchildren who are awful people and that the Identity of the Gamer should die. This hurt me personally. I've always identified as a Gamer. Even in my childhood years, I was a Gamer. All my friends are Gamers. Its one of the core parts of my identity.09/17/2014 - 7:34pm
quiknkoldUltimately, With the whole Gamergate thing, I jumped on it due to the harassment. A small number of assholes harrass Anita and Zoe, and then all the publications lumped together Gamers as this collective of Sexist White Bigoted Basement Dwelling09/17/2014 - 7:34pm
quiknkoldEZacharyKnight : Lemme ask you a question. We have people who cling to walls, people who fire lasers from their eyes, people who can shapeshift....and yet fabric needs to be upheld to RL physics?09/17/2014 - 6:54pm
james_fudgebody paint?09/17/2014 - 5:33pm
E. Zachary Knightquiknkold, I stand corrected on the buttcrack thing. Still, I know of no fabric that actually does that.09/17/2014 - 5:05pm
Andrew EisenSo... it's unethical to discuss the ethics surrounding public interest vs. personal privacy?09/17/2014 - 4:45pm
prh99The source for the game was just released not long ago, it's at https://github.com/keendreams/keen09/17/2014 - 4:43pm
prh99An Indiegogo champagin bought the rights to the early 90's game Keen Dreams to make it open source and release it on GOG etc. https://www.indiegogo.com/projects/let-s-get-keen-dreams-re-released-legally09/17/2014 - 4:42pm
james_fudgeAlso http://www.breitbart.com/Breitbart-London/2014/09/17/Exposed-the-secret-mailing-list-of-the-gaming-journalism-elite09/17/2014 - 4:29pm
Andrew EisenI read the Kotaku story. Nowhere does it say anything close to "Gamers are white bigoted sexist losers." It's commenting specifically on the crap being slung at people discussing gender issues in games. So, what's the problem?09/17/2014 - 4:06pm
Andrew EisenYeah, I can imagine Spiderwoman posed like in your second link.09/17/2014 - 4:00pm
Andrew EisenThat's not the same pose. Spiderman (who is wearing an actual outfit rather than body paint) is crouched low to the ground. Kinda like a spider! Spiderwoman has her butt up in the air like she's waiting to be mounted.09/17/2014 - 3:59pm
 

Be Heard - Contact Your Politician