Board logo

标题: [新闻] 美国国会对PSN被黑听证会初步结论:处理无诚意,技术不过关,玩忽职守,要承担责任 [打印本页]

作者: tntforbrain    时间: 2011-5-5 16:56     标题: 美国国会对PSN被黑听证会初步结论:处理无诚意,技术不过关,玩忽职守,要承担责任

原帖地址(国会听证会谴责索尼):

http://www.vg247.com/2011/05/04/ ... he-psn-breach-live/

另一贴地址(国会听证会怀疑索尼在关键位置没装防火墙):

http://www.industrygamers.com/ne ... firewall-installed/

以上两条新闻现在满世界都是了,自己google一下就好了。

Sony’s efforts on PSN breach called “half-hearted, half-baked,” at US Congressional hearing
Today, the US House Subcommittee on Commerce, Manufacturing and Trade held a hearing regarding the PSN breach, which was broadcasted live via C-SPAN., like most meet-ups between government officials. During the hearing, Representative and Chairman of the committee, Mary Bono-Mack, called Sony’s response to the matter “half-hearted,” and “half-baked.”




“In Sony’s case, company officials first revealed information about the data breach on their blog,” said Bono-Mack during the hearing (via Industry Gamers). “That’s right. A blog. I hate to pile on, but—in essence—Sony put the burden on consumers to ‘search’ for information, instead of accepting the burden of notifying them. If I have anything to do with it, that kind of half-hearted, half-baked response is not going to fly in the future.

“For me, the single most important question is simply this: Why weren’t Sony’s customers notified sooner of the cyberattack? I fundamentally believe that all consumers have a right to know when their personal information has been compromised, and Sony – as well as all other companies—have an overriding responsibility to alert them… immediately.”

The hearing was set to discuss the risk to consumers over the PSN data breaches, how the current investigation was going, what the current industry data security practices are comprised of along with how they can be changed, and what, if anything, can be used technologically to stop beaches like this in the future.

Not only was Sony being discussed, but also recent data breaches from Epsilon and ChoicePoint were pondered during the hearing as well.

Sony was not involved with the hearing, as it stated yesterday it was currently still involved in the investigation, but planned to comply with the deadline set by the hearing committee in answering all questions posed to it. This response, was posted earlier by Sony via its official PS Blog, and in it the firm blamed hacker group Anonymous for the recent security breach.

According to Sony, it found a file called Anonymous in its system files with the phrase “We Are Legion” attached to it.

“[Sony and Epsilon] must shoulder some of the blame for these stunning thefts, which shake the confidence of everyone who types in a credit card number and hits ‘enter’,” said Bono-Mack. “As Chairman of this Subcommittee, I am deeply troubled by these latest data breaches, and the decision by both Epsilon and Sony not to testify today. This is unacceptable.


“According to Epsilon, the company did not have time to prepare for our hearing—even though its data breach occurred more than a month ago. Sony, meanwhile, says it’s too busy with its ongoing investigation to appear. Well, what about the millions of American consumers who are still twisting in the wind because of these breaches? They deserve some straight answers, and I am determined to get them.”

The need to protect consumers via federal notification laws was also discussed, and if drafted and passed, it would make it a federal law for companies to notify consumers immediately should such a security breach occur again. Currently, laws such as this vary from state to state, with some not having a law on the matter present on the books at all.

Witnesses participating the hearing included: David Vladeck, director of the Federal Trade Commission’s Bureau of Consumer Protection along with Pablo Martinez, deputy special agent in charge of criminal investigations at the United States Secret Service.

Consumer advocate Justin Broookman and Technology and information security expert Eugene Spafford of Purdue University also participated.

PlayStation Network breach details are continuing to come out thanks to the congressional hearing today, in which Rep. Mary Bono Mack and others on the subcommittee ripped into both Sony and data firm Epsilon for their poor handling of the situation. One of the most startling revelations to come from the hearing is that several key parts of Sony's network didn't even have firewall protection.

Dr. Gene Spafford, a professor of computer science at Perdue University since 1987 and an expert in information security (he's the editor of the oldest journal in the field of information security), was part of a panel that provided testimony on just how terribly weak Sony's system was. Spafford pointed out that numerous weaknesses in Sony's system actually became evident via security mailing lists a considerable time (read: months) before the breach occurred.

Worse yet, Spafford noted that key parts of PSN actually ran on Apache servers that "were unpatched and had no firewall installed." He said that this was known because of comments in a forum frequently visited by Sony employees.

Bottom line: if the severe network weaknesses were known months in advance and Sony made no attempts to enhance the security of their systems, even as major threats were being made publicly by Anonymous, then Sony looks highly culpable for negligence in this fiasco.

----------------------------------------------------------------------------------------------------------------------------------------------------


因为索尼说自己最近太忙,不能参加听证会,但是美国国会要求他们必须在5月3号前回答他们的问题,所以索尼就回答了国会的问题,但没有出场。

然后以代表宇宙正义为己任的美国爸爸就索尼的做出的文字回答,自己开跟自己玩弄听证会,也不管索尼在不在场,听证会照开,而且自顾自的就开始做初步结论了:

结论一:索尼无诚意.

原因是被黑了后,第一时间是在博客上发布被破信息,居然不是第一时间通知到每个用户,还得让用户自己知道自己信息被盗,后来虽然通知太晚了,连这点责任都不想承担,太无诚意。

因此国会目前正在讨论制定第一条法律,今后如果被黑必须立刻主动通知用户。


大家要知道,国会不能直接惩罚索尼,但是可以立法,虽然法律不能直接针对索尼但是执行起来可以紧盯着你来做,对索尼的影响更大方面是在之后国会批斗完索尼造成的舆论影响,随之可能而来诉讼潮和对品牌口碑的影响,国会倒是不可能对索尼直接做什么,因为法律不允许。

结论二:索尼技术不给力,需要对自己的玩忽职守负责。

因为听证会上索尼不来,所以国会的专家就索尼原来回答他们的问题,自行给索尼下定义了,目前经“砖家”分析说索尼系统关键位置上根本没装防火墙,服务器也不打补丁,而判断的"依据"为“砖家”上某论坛,看到号称索尼员工说咱们的PSN服务器不打补丁关键位置没防火墙,因此美国爸爸经过“砖家”严谨科学,一丝不苟的研究得出初步结论,索尼防护技术不给力,玩忽职守,需要承担责任。我不是在黑国会砖家,他的结论就是这么的出来的,不信看我英文红字的部分,老实说我看过索尼内部泄露出来的关于PSN被黑的原理资料,也在这里发过,在那泄露资料来看,系统是有防火墙的,但不知道“砖家”这个关键位置没防火墙是啥意思。

结论三:索尼不当面来解释,不可接受,说早晚你要给我们直接答案。

索尼给的国会解释这次作案很可能是匿名团体黑客做的,因为索尼经过周密调查,最后终于在PSN系统里发现有文件写着“我们是匿名团体”的字样的决定性证据!ORZ!(匿名黑客团体做事向来高调,要黑哪里向来承认,且往往先发通知,这次匿名团体一开始就承认攻击了索尼服务器但是没黑PSN)。

这里要说明下,虽然这个解释显得很那啥很让人ORZ,但这真的是索尼给国会的解释,自己去看英文红字部分好了。

国会上做了句发言“你说你索尼忙,你就让我们美国消费者就在这里因为你的破解在这干瞪眼?我们必须要从索尼那里得到直接的答案。"

[ 本帖最后由 tntforbrain 于 2011-5-5 21:02 编辑 ]
作者: austin17    时间: 2011-5-5 16:58

国会不是你想瞒  想瞒就能瞒 :D
作者: 小黑屋专用    时间: 2011-5-5 17:00

half-hearted, half-baked

:D :D :D
作者: 3派聚义    时间: 2011-5-5 17:53

都是道听途说,谣言,假的,我不信!
作者: xxxdddhhh    时间: 2011-5-5 18:00

反正这回是显眼了。。。
作者: 玛丽医生    时间: 2011-5-5 18:18

posted by wap, platform: Nokia (E63)

sony太丢人了、
作者: tianshicon    时间: 2011-5-5 18:30

技术的索尼真成了缩泥了
作者: 神之右手    时间: 2011-5-5 18:33

一切都是幻觉,骗不到我的!!!
作者: cc0128    时间: 2011-5-5 18:40

美帝就是渣。
完全不懂得sony的良苦用心!!
天师快来抽美帝。
作者: 十年后海啸    时间: 2011-5-5 18:41

TG的各位技术帝,天师之流,给骚泥支支招吧……
作者: 十年后海啸    时间: 2011-5-5 18:45

给你机会说清楚,你不要这个机会,那自然人家说什么就是什么了
作者: 心月之蚀    时间: 2011-5-5 18:54

先扣帽子再批斗,谁让你自己不去说清楚的
作者: 比卡丘    时间: 2011-5-5 19:03

posted by wap, platform: SonyEricsson (Xperia Arc)

对psn plus用户要有所交代啊
作者: 烟蒂末梢    时间: 2011-5-5 19:52

天师呢?
快来救场啊!
作者: 江南馄饨    时间: 2011-5-5 19:54

说清楚有个屁用,怎么整丰田的索尼又不是不知道
作者: OOGIK    时间: 2011-5-5 20:47

没想到事态会演变到这么严重……
作者: qazwsxqwerq    时间: 2011-5-5 20:48

引用:
原帖由 江南馄饨 于 2011-5-5 19:54 发表
说清楚有个屁用,怎么整丰田的索尼又不是不知道
那还把自己往死里整
作者: survivorcn    时间: 2011-5-5 20:58

posted by wap, platform: Nokia (E66)

如果美国真打算借机整一下索尼,索尼真的完蛋了,无论他怎么解释,都可以判定没有使用足够的防护措施
作者: asdqwe    时间: 2011-5-5 21:31

sony接着装傻
作者: tntforbrain    时间: 2011-5-5 21:38

其实吧,如果国会是这个结论,索尼还真是去了不去都要被扣帽子的。

而且去了的话人家问题更多,可能会更窘....
作者: 教师随笔    时间: 2011-5-5 23:01

躲得了初一,躲得过十五?态度好点儿说不定还能争取主动,丰田章男当初就差下跪了,声泪俱下啊。
作者: 战甲威龙    时间: 2011-5-5 23:30

没闹到人命的话索尼是无压力的
作者: gxy1301    时间: 2011-5-5 23:31


作者: leon2236    时间: 2011-5-6 09:09

呵呵,现在想想丰田本来一点问题都没有都能被整成那样,SONY又算得了什么?
作者: survivorcn    时间: 2011-5-6 09:59

引用:
原帖由 leon2236 于 2011-5-6 09:09 发表
呵呵,现在想想丰田本来一点问题都没有都能被整成那样,SONY又算得了什么?
是啊,等于当着全世界的面平白的弓虽女干了一回,还无处申冤。更不用说索尼的确出了问题,估计会往死里整。
作者: 舒宁咸    时间: 2011-5-6 12:12

楼主在A9都被删了
深表同情
A9众一方面不面对事实
另一方面筹划如何捐款拯救索尼
太有爱了~




欢迎光临 TGFC Lifestyle (http://club.tgfcer.com/) Powered by Discuz! 6.0.0