Tuesday, May 3, 2011

Lemming Tracks: Bad News From Sony; and Getting a Grip

Sony is in the news again. Maybe you remember the trouble with Sony Playstation's network service, where:
  • The network went down
  • And stayed down
  • Without explanation
    • Pretty much
Then, like the punchline in a campus coffee shop story, Sony mentioned that mailing address, credit card information, and other personal data for lots of Sony Playstation customers had been stolen - - -

- - - Wait for it - that wasn't the punch line - here it comes - and that Sony would get back to their customers if there was something to be concerned about.

Coming on top of the Toyota SNAFU(s), and the none-too-well-handled communication about TEPCO's Fukushima reactor problems: What happened to Sony might have had someone saying, 'how could it get worse?'

It got worse.

25,000,000 Users Compromised - That's a Lot of Zeroes

"Sony Hacked Again; 25 Million Entertainment Users' Info at Risk"
Game | Life, Wired (May 2, 2011)

"It's bad news piled on top of bad news for Sony.

"Hackers may have stolen the personal information of 24.6 million Sony Online Entertainment users, the company said on Monday. More than 20,000 credit card and bank account numbers were also put at risk. This is in addition to the recent leak of over 70 million accounts from Sony's PlayStation Network and Qriocity services.

" 'We are today advising you that the personal information you provided us in connection with your SOE account may have been stolen in a cyberattack,' Sony wrote in a statement on its website on Monday.

"Sony Online Entertainment is a division of the company that publishes online multiplayer games like the recently released DC Universe Online. Sony turned off all SOE game services Monday after it learned of the intrusion.

"Sony said that the compromised personal information includes customers' names, addresses, e-mail addresses, birth dates, gender, phone numbers, logins and hashed passwords.

"Also at risk are the credit card numbers and expiration dates of 12,700 non-U.S. customers, plus 10,700 direct debit records from customers in Austria, Germany, Netherlands and Spain, containing bank-account numbers, customers' names and addresses. This information was stored in what Sony said was an 'outdated database from 2007.'..."

The good news, from the Lemming's point of view, is that Sony seems to have realized that issues like this won't go away if they're ignored. Also, that folks who like using Sony products - also like to be told when there's trouble.

It's a 'trust' thing, in the Lemming's opinion. Also common sense.

Now, more about what Sony's doing:

"Sony Apologizes, Explains How Hackers Stole PlayStation Personal Data"
Associated Press, via FoxNews.com (May 2, 2011)

"Sony executives bowed in apology Sunday as they explained how hackers took personal data of 77 million accounts on the online PlayStation service, including 10 million credit card accounts that may have been compromised.

" 'We deeply apologize for the inconvenience we have caused,' said Kazuo Hirai, chief of Sony Corp.'s PlayStation video game unit, who was among the three executives who held their heads low for several seconds at the company's Tokyo headquarters in the traditional style of a Japanese apology.

"Hirai said parts of the service would be back this week and that the company would beef up security measures. But he and other executives acknowledged that not enough had been done in security precautions, and promised that the company's network services were under a basic review to prevent a recurrence.

"Hirai said the FBI and other authorities had been contacted to start an investigation into what the company called 'a criminal cyber attack' on Sony's data center in San Diego, Calif.

"Sony said account information, including names, birth dates, email addresses and log-in information, was compromised for players using its PlayStation Network. Hirai asked all users to change their passwords....

The Lemming will be back, later in this post, with someone's advice about online security. As usual, it's mostly just common sense. And the Lemming will get back to that.

Hirari, Sony Corp.'s PlayStation video game unit chief, is in an unenviable position, in the Lemming's opinion. He knows that something went seriously wrong - doesn't know how bad it is, yet - and has decided to open up about what he does, and does not, know. A prudent decision, in the Lemming's opinion.

Back to that article.

"...Hirai reiterated what the company said last week -- that even though it had no direct evidence the data were even taken, it cannot rule out the possibility.

"He said data from 10 million credit cards were believed to be involved, and that Sony still does not know whether information was stolen.

"Sony has added software monitoring and enhanced data protection and encryption as new security measures, he said. The company said it would offer "welcome back" freebies such as complimentary downloads and 30 days of free service around the world to show remorse and appreciation...."

The situation is bad - and the Lemming is glad that no member of the Lemming's household deals directly with Sony.

Still, it really could be worse. As far as the Lemming's heard, nobody's data has actually been used with criminal intent - or, rather, that we haven't heard about credit card fraud or identity theft coming from this SNAFU.

But, let's keep a happy thought. So far, Sony's started being fairly open about what's happening: and the really sensitive stolen data seems to be somewhat outdated.

Now, about what to do if when your data is stolen:

So Your Data's Stolen? You've Got Company

"You've Been Hacked, Now What?"
John R. Quain, Personal Tech, FoxNews.com (May 3, 2011)

"You're going to get hacked. And no matter how careful you think you are, the truth is there's nothing you can do to stop it.

"Recent events should make it clear to anyone who uses electricity that eventually some one will make off with your personal data -- not from your computer, but from someone else's. While two companies, Apple and Google, have been caught tracking customers and not being exactly forthcoming about it, other major companies, most notably Sony, have been deliberately hacked.

"Sony's network is so seriously compromised, in fact -- including possibly birth dates, credit card numbers, and passwords of customers -- that it's likely to be offline for at least two weeks. And just a few weeks ago, Epsilon, a company that sends out billions of e-mails for companies such as Target, Best Buy, Citigroup, and more admitted it too had been hacked.

"Other breeches are due to human error, lost laptops, and digital misadventures. Worse yet, many online businesses deliberately sell your personal data. Most claim it's for innocuous -- but extremely annoying -- marketing purposes. Others claim that the information is aggregated so they can't pin information to you personally.

"What harm could it do? Quite a bit, it turns out...."

The Lemming was somewhat unimpressed by the author's citing TomTom's 'admission' "that it had sold anonymous traffic and speed data from users to local governments, whose police departments used the information to set up speed traps." Possibly because the Lemming remembers old-school speed traps, where municipalities in effect hid traffic signs and shook down travelers.

Using demographic data to determine where folks beak the law, on average? Heavens, next thing you know, they'll be watching to see if you take stuff out of stores without paying for it.

Sorry about the sarcasm: the Lemming doesn't have much time for the 'I got caught and it's not fair' sort of 'privacy' concerns. And that's almost another topic.

Back to that article:

"...What can you do about it? The first step is acceptance.

" 'People should just assume their personal information is exposed everywhere,' said Tom Oscherwitz, chief privacy officer at ID Analytics, which assesses the fraud risk and creditworthiness of individuals.

"The second step is independence: Don't expect any one to tell you when information about you has been stolen. Businesses aren't always required to divulge a data breach, so to avoid embarrassment, they often don't. One expert told me that of nearly 100 data breeches at U.S. companies so far this year, less than 5 percent have been reported.

"The last step is to complain to companies whenever there's a leak. Business will take notice. Just witness how Facebook has had to backtrack on its privacy settings several times because of the uproar from users.

"Some analysts suggest that letting people opt out -- like those 'do not call' phone lists -- could help solve the problem. But you simply cannot opt out of everything: banks, phone companies, stores, which is where the trouble starts...."

That last point has a crucial phrase in it, in the Lemming's opinion: "could help." It's unlikely - putting it mildly - that any one approach will be the absolutely perfect solution to all online security issues.

On the other hand, the Lemming has been using the 'opt out' option whenever it's offered. Which, along with a pretty good email service (the Lemming uses GoDaddy's email that comes with website hosting packages), seems to have dramatically cut down spam in the inbox. Totally eliminated for all time? No. Cut down, yes.

The Lemming's Notions, For What They're Worth

The Lemming is not a security expert, and makes no claims about the practicality of these ideas. The Lemming accepts no responsibility if you read this. Do not play in traffic.

That should be enough of a disclaimer: but you never know.

Anyway, the Lemming doesn't do all that much when it comes to online security. Not in terms of ultra-sophisticated software and paranoid procedures.

On the other hand, the Lemming does:
  • Have one (1) credit card account
    • Compares the monthly bill with actual purchases
      • Investigates possible discrepancies
  • Does not respond to incoming solicitations
    • Not even that request from the Grand Poobah of Boogabooga
There's a little more to it: but the basic idea is 'KISS' (Keep It Simple, Stupid; or Keep It Stupidly Simple, if you prefer).

Also, the Lemming acts, whenever possible, as if any information left online is written on a postcard - available for anybody who's interested to read.

Blaming 'Them' - or Getting a Grip

Let's see if you can guess who the Lemming thinks is 'really' behind the Sony SNAFU:
  1. Japan
  2. Communists
  3. Big Oil
  4. Space-alien, shape-shifting, lizard-men
  5. Big Cheese
  6. The Jews
  7. Big Peanut
  8. Yankee Imperialism
  9. None of the above
If you guessed "#9, None of the above," you're a perceptive judge of the Lemming. If you guessed "#4 Space-alien, shape-shifting, lizard-men," "#5 Big Cheese," or "#7 Big Peanut," you may be spending more time reading the Lemming's blogs than you should. Or have an awfully good memory.

A little more seriously, the Lemming hasn't run into any of the 'it is the fault of' nonsense that followed Japan's March disaster, and Haiti's earthquake the year before. For which the Lemming is duly grateful.

Every culture, nation, whatever, seems to have a few folks who need to blame someone else for what they don't like. Just who 'they' are varies - a lot - but the basic pattern may be one of those 'universals.'

Finally, the Lemming didn't make up the lizard-men conspiracy theory: but Big Cheese and Big Peanut are, as far as the Lemming knows, originals.

So: if someone tells you that rising gas prices, the national debt, and acne, are all the fault of Big Cheese - you heard it first here.

Somewhat-related posts:
The Lemming, on Japan's earthquake/tsunami/aftermath experience:

No comments:

Unique, innovative candles

Visit us online:
Spiral Light CandleFind a Retailer
Spiral Light Candle online store

Pinterest: From the Man Behind the Lemming

Top 10 Most-Viewed Posts

Today's News! Some of it, anyway

Actually, some of yesterday's news may be here. Or maybe last week's.
The software and science stuff might still be interesting, though. Or not.
The Lemming thinks it's interesting: Your experience may vary.
("Following" list moved here, after Blogger changed formats)

Who Follows the Lemming?


Family Blogs - Blog Catalog Blog Directory