Security Expert: PSN Relaunch Should Have Had Government Approval

May 16, 2011 -

In an article in The Australian Queensland University of Technology professor Bill Caelli says that Sony should keep the PlayStation Network and other services that were compromised by hackers in April offline until governments around the world are satisfied that the company has put enough security in place to protect customers.

Caelli, who the publication calls a "security expert," thinks the Japanese government has the right idea in putting Sony's services on hold while it verifies the strength and depth of new security measures.

"Why is it that in the IT industry enterprises certify themselves?" he said, adding that the general public has "no way of assessing the assurances given by the owners of the system themselves."

Of course, it is too late to unring that bell; over the weekend Sony relaunched most of its PlayStation Network and other PS3 related services in North America and Europe.

Source: C&VG


Comments

Re: Security Expert: PSN Relaunch Should Have Had ...

The Playstation Store is not open. The only services being offered are home, trophy syncing, friends lists, and multi-player capabilities. In otherwords, there is no credt card info currently being used on PSN. I see no problem with allowing services that don't involve credit cards to run while the playstation's store's security is checked.

Maybe I'm being selfish because I want to play Portal 2 co-op :) Still, I have always used points cards with PSN, XBL, and iTunes. My e-mail and an old address and phone number are out there though, No big deal.

Re: Security Expert: PSN Relaunch Should Have Had ...

I'm of two minds on this.

I think a competent government body capable of granting security certifications is a good idea.

But on the other hand, while I can't speak for Australia, I believe all three branches of government in the States have repeatedly proven themselves to be utterly incompetent at understanding modern technology, and I'm not inclined to trust them on principle.

Now, if we're talking about using the same security standards used for US intelligence agencies, I'm all for that, but there's still the matter of recruiting security experts to audit.  Right now there are a lot more of those in private industry than in government, but there are also plenty of out-of-work engineers and IT guys who'd love an opportunity to do this kind of work.

Hell, I'd be happy to apply myself -- not that I'd claim to be an expert, but I know what salting is, which would tend to indicate I'm more competent than the guys Sony's been hiring.

Re: Security Expert: PSN Relaunch Should Have Had ...

This may be a good idea if there was such a thing as perfect protection, so the government could disallow it until one was established.

But, the reality is that there is no such thing as a perfect system, so we just have to go with the best that we can. Which is hopefully better than what we had before.

It just happens that sometimes the best isn't good enough.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Security Expert: PSN Relaunch Should Have Had ...

Is anybody actually saying Sony should have PERFECT protection?  Or even "the best"?  I think if they set the bar at "adequate" it would be a marked improvement.

There are best-practices rules agreed to throughout the security industry.  And maybe Sony was following them -- but given their track record over the past few years (music CD DRM that installs rootkits and can be circumvented by turning off Autoplay, Blu-Ray encryption cracked because keys are stored in RAM, PS3 security cracked because signatures weren't salted) I'm not inclined to give them the benefit of the doubt.

I'm not entirely sure I trust the idea of a government standards body for security at this stage, for the reasons outlined in my post below, but I think it's abundantly clear at this point that Sony shouldn't be auditing its own security.

Re: Security Expert: PSN Relaunch Should Have Had ...

Considering the remarkable number of times our own government's security has been compromised, I doubt they have any room to cast judgment.

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

Re: Security Expert: PSN Relaunch Should Have Had ...

I agree that government agencies are very poor judge of security (having worked as a consultant for one, I can guarantee it), however, SONY is also a very bad judge of security (or at least, was up to now, maybe this was the wake-up call they needed). Either way, there really should be government recognized agencies that certify whether or not a business meets at least the minimum requirements. I'm no white hat, but I'm afraid if I tried my best to find a way into SONY's system, I would succeed, and I'm far from being the best at this game...

Re: Security Expert: PSN Relaunch Should Have Had ...

We agree on something. I'll be damned. Maybe the apocalypse IS coming. :3

_____________________________________________________________________________

"Power means nothing without honor and pride."

http://grifsgamereviews.blogspot.com My video game review site.

Atlanta Video Games Examiner for examiner.com

 
Forgot your password?
Username :
Password :

Poll

Will the FCC preempt state laws that limit municipal broadband services?:

Shout box

You're not permitted to post shouts.
MaskedPixelantehttp://www.mcvuk.com/news/read/special-report-retail-revolt-over-pc-code-strippers/013614007/31/2014 - 8:27am
ZippyDSMleeWouldn't they be able to afford and get done in a timely manner a general gba emluator for the 3DS? It seems to me if they want to make money off sales they need to do it.07/31/2014 - 7:25am
Sora-ChanAmbassador program, that's what I was looking for. Anyway the other games that have been made no longer exclusive to the early adopters got updates in their software. It'll only be a matter of time more than likely for the GBA to get the same treatment.07/31/2014 - 5:35am
Sora-ChanI might be naming it incorrectly when I say "founder" i mean the program for earlier adopters.07/31/2014 - 5:34am
Sora-Chanthe 3DS's GBA emulator was a rush job due to the founder program. No other GBA titles have been released on the 3DS yet. If/When they do get around to it, they'll more than likely update the emulation software.07/31/2014 - 5:32am
Zenemulator...it's not just a slap job that makes "some" work..they do it for each which is why they work so well. I would rather have the quality over just a slap job.07/30/2014 - 5:48pm
ZenMatthew there is a difference between "worked" and "accurate". You play the Nintendo VC titles they play as damn close to the original as possible. The PSP would just run them as best they could, issues and all. And Masked...EACH VC title has their own07/30/2014 - 5:48pm
MaskedPixelanteOnce again, the 3DS already HAS a GBA emulator, it just can't run at the same time as the 3DS OS.07/30/2014 - 4:54pm
Matthew Wilsonyou cant street pass in ds mode ether, and if moders can make a gba emulator that runs very well on the psp as I understand it. you are telling me that Nintendo devs are not as good as moders?07/30/2014 - 4:49pm
Zenperformance. Halo 1 and 2 worked great because they actually did custom work on each of them...just like Nintendo does now lol07/30/2014 - 4:08pm
Zenexisting hardware while the GBA has to be emulated completely. Same reason the 360 couldn't run most Original Xbox games correctly, or had issues because they just did "blanket approach" for their emulation which led to game killing bugs or horrible07/30/2014 - 4:07pm
ZenSora/Matthew: It's not just Miiverse, but the whole idea of streetpass and things like that would be affected if the OS is not running. And just because a 3DS game can be downloaded and run does not mean that GBA can as easily. Those 3DS games use the07/30/2014 - 4:06pm
E. Zachary KnightSleaker, How is that different from every other credit card company targeting high school and college students?07/30/2014 - 1:40pm
Sleaker@EZK - I think some people are concerned beacuse it's a predatory technique targetted toward younger people that don't understand on top of offering the worst interest rates of any retailer around.07/30/2014 - 11:33am
MaskedPixelantehttp://www.joystiq.com/2014/07/30/europe-gets-long-detained-shin-megami-tensei-4-at-cut-price/ "Sorry you had to wait a year for SMT4, would a price cut make it sting less?"07/30/2014 - 10:29am
NeenekoI would hope not. Though it is not unheard of for store specific cards to be pretty good.07/30/2014 - 8:17am
E. Zachary KnightDoes anyone, or at least any intelligent person, expect a retail branded credit card to be anything close to resembling a "good deal" on interest rates?07/30/2014 - 7:13am
SleakerGamestop articles popping up everywhere about their ludicrous new Credit card offerings at a whopping pre-approval for 26.9% APR07/29/2014 - 10:19pm
Matthew Wilsonhttp://arstechnica.com/tech-policy/2014/07/podcasting-patent-troll-we-tried-to-drop-lawsuit-against-adam-carolla/ the podcasting patent troll scum is trying to turn tail and run.07/29/2014 - 9:50pm
MaskedPixelanteOf course it's improved. At launch, Origin was scanning your entire hard drive, but now it's just scanning your browsing history. If that's not an improvement, I dunno what is!07/29/2014 - 8:59pm
 

Be Heard - Contact Your Politician