Security Expert: PSN Relaunch Should Have Had Government Approval

May 16, 2011 -

In an article in The Australian Queensland University of Technology professor Bill Caelli says that Sony should keep the PlayStation Network and other services that were compromised by hackers in April offline until governments around the world are satisfied that the company has put enough security in place to protect customers.

Caelli, who the publication calls a "security expert," thinks the Japanese government has the right idea in putting Sony's services on hold while it verifies the strength and depth of new security measures.

"Why is it that in the IT industry enterprises certify themselves?" he said, adding that the general public has "no way of assessing the assurances given by the owners of the system themselves."

Of course, it is too late to unring that bell; over the weekend Sony relaunched most of its PlayStation Network and other PS3 related services in North America and Europe.

Source: C&VG


Comments

Re: Security Expert: PSN Relaunch Should Have Had ...

The Playstation Store is not open. The only services being offered are home, trophy syncing, friends lists, and multi-player capabilities. In otherwords, there is no credt card info currently being used on PSN. I see no problem with allowing services that don't involve credit cards to run while the playstation's store's security is checked.

Maybe I'm being selfish because I want to play Portal 2 co-op :) Still, I have always used points cards with PSN, XBL, and iTunes. My e-mail and an old address and phone number are out there though, No big deal.

Re: Security Expert: PSN Relaunch Should Have Had ...

I'm of two minds on this.

I think a competent government body capable of granting security certifications is a good idea.

But on the other hand, while I can't speak for Australia, I believe all three branches of government in the States have repeatedly proven themselves to be utterly incompetent at understanding modern technology, and I'm not inclined to trust them on principle.

Now, if we're talking about using the same security standards used for US intelligence agencies, I'm all for that, but there's still the matter of recruiting security experts to audit.  Right now there are a lot more of those in private industry than in government, but there are also plenty of out-of-work engineers and IT guys who'd love an opportunity to do this kind of work.

Hell, I'd be happy to apply myself -- not that I'd claim to be an expert, but I know what salting is, which would tend to indicate I'm more competent than the guys Sony's been hiring.

Re: Security Expert: PSN Relaunch Should Have Had ...

This may be a good idea if there was such a thing as perfect protection, so the government could disallow it until one was established.

But, the reality is that there is no such thing as a perfect system, so we just have to go with the best that we can. Which is hopefully better than what we had before.

It just happens that sometimes the best isn't good enough.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Security Expert: PSN Relaunch Should Have Had ...

Is anybody actually saying Sony should have PERFECT protection?  Or even "the best"?  I think if they set the bar at "adequate" it would be a marked improvement.

There are best-practices rules agreed to throughout the security industry.  And maybe Sony was following them -- but given their track record over the past few years (music CD DRM that installs rootkits and can be circumvented by turning off Autoplay, Blu-Ray encryption cracked because keys are stored in RAM, PS3 security cracked because signatures weren't salted) I'm not inclined to give them the benefit of the doubt.

I'm not entirely sure I trust the idea of a government standards body for security at this stage, for the reasons outlined in my post below, but I think it's abundantly clear at this point that Sony shouldn't be auditing its own security.

Re: Security Expert: PSN Relaunch Should Have Had ...

Considering the remarkable number of times our own government's security has been compromised, I doubt they have any room to cast judgment.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Security Expert: PSN Relaunch Should Have Had ...

I agree that government agencies are very poor judge of security (having worked as a consultant for one, I can guarantee it), however, SONY is also a very bad judge of security (or at least, was up to now, maybe this was the wake-up call they needed). Either way, there really should be government recognized agencies that certify whether or not a business meets at least the minimum requirements. I'm no white hat, but I'm afraid if I tried my best to find a way into SONY's system, I would succeed, and I'm far from being the best at this game...

Re: Security Expert: PSN Relaunch Should Have Had ...

We agree on something. I'll be damned. Maybe the apocalypse IS coming. :3

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

 
Forgot your password?
Username :
Password :

Shout box

You're not permitted to post shouts.
MattsworknameWilson: how? Im still waiting for my upgrade notice07/29/2015 - 3:44am
Matthew WilsonI updated to a clean instill of windows 10.07/29/2015 - 2:36am
Mattsworknameargue that it's wrong, but then please admit it's wrong on ALL Fronts07/29/2015 - 2:06am
MattsworknameTechnoGeek: It's actually NOT, but it is a method used all across the specturm. See Rush limbaugh, MSNBC, Shawn hannity, etc etc, how many compagns have been brought up to try and shut them down by going after there advertisers. It's fine if you wanna07/29/2015 - 2:05am
Mattsworknamediscussed, while not what I liked and not the methods I wanted to see used, were , in a sense, the effort of thsoe game consuming masses to hold what they felt was supposed to be there press accountable for what many of them felt was Betrayal07/29/2015 - 2:03am
MattsworknameAs we say, the gamers are dead article set of a firestorm among the game consuming populace, who, ideally, were the intended audiance for sites like Kotaku, Polygon, Et all. As such, the turn about on them and the attacking of them, via the metods07/29/2015 - 2:03am
MattsworknameAndrew: Thats kind fo the issue at hand, Accountable is a matter of context. For a media group, it means accountable to its reader. to a goverment, to it's voters and tax payer, to a company, to it's share holders.07/29/2015 - 2:02am
Andrew EisenAnd again, you keep saying "accountable." What exactly does that mean? How is Gamasutra not accounting for the editorial it published?07/28/2015 - 11:47pm
Andrew EisenMatt - I disagree with your 9:12 and 9:16 comment. There are myriad ways to address content you don't like. And they're far easier to execute in the online space.07/28/2015 - 11:47pm
Andrew EisenMatt - Banning in the legal sense? Not that I'm aware but there have certainly been groups of gamers who have worked towards getting content they don't like removed.07/28/2015 - 11:45pm
DanJAlexander's editorial was and continues to be grossly misrepresented by her opponents. And if you don't like a site, you stop reading it - same as not watching a tv show. They get your first click, but not your second.07/28/2015 - 11:40pm
TechnogeekYes, because actively trying to convince advertisers to influence the editorial content of media is a perfectly acceptable thing to do, especially for a movement that's ostensibly about journalistic ethics.07/28/2015 - 11:02pm
Mattsworknameanother07/28/2015 - 9:16pm
Mattsworknameyou HAVE TO click on it. So they get the click revenue weather you like what it says or not. as such, the targeting of advertisers most likely seemed like a good course of action to those who wanted to hold those media groups accountable for one reason07/28/2015 - 9:16pm
MattsworknameBut, when you look at online media, it's completely different, with far more options, but far few ways to address issues that the consumers may have. In tv, you don't like what they show, you don't watch. But in order to see if you like something online07/28/2015 - 9:12pm
MattsworknameIn tv, and radio, ratings are how it works. your ratings determine how well you do and how much money you an charge.07/28/2015 - 9:02pm
Mattsworknameexpect to do so without someone wanting to hold you to task for it07/28/2015 - 9:00pm
MattsworknameMecha: I don't think anyone was asking for Editoral changes, what they wanted was to show those media groups that if they were gonna bash there own audiance, the audiance was not gonna take it sitting down. you can write what you want, but you can't07/28/2015 - 8:56pm
MattsworknameAndrew, Im asking as a practical question, Have gamers, as a group, ever asked for a game, or other item, to be banned. Im trying to see if theres any cases anyone else remembers cause I cant find or remember any.07/28/2015 - 8:55pm
Andrew EisenAs mentioned, Gamasutra isn't a gaming site, it's a game industry site. I don't feel it's changed its focus at all. Also, I don't get the sense that the majority of the people who took issue with that one opinion piece were regular readers anyway.07/28/2015 - 8:43pm
 

Be Heard - Contact Your Politician