Sweet zombie Jesus! Has Sony learned nothing from the past two months? Seriously, what kind of IT morons have they got working there, one guy with a "Computer Servers for Dummies" book? My kid could set a more secure infrastructure than these dumbasses have.

Very good point. Sony is so sprawled out and separated that the foot doesn't really care what is happening to the hand. Which is dumb, since it's the same patch of poison ivy infecting both.

I bought a PS3 for one game, Twisted Metal. It's like a chore to have the console now. Changing credit card information. I don't think I'll ever trust Sony's security ever again. Luckily, I have a PC, 360, and Wii to keep me covered.

SONY apologist ITT.

Uh? No.

Even if it's not easy, that's no reason to stock informations like password or credit card informations in plain text.
At least encrypt that stuff.

The NSA assumes they are compromised, they are a high value target, they try to minimize any damage a compromise can do. That's probably the most effective security a big juicy target can have.

Network and server security is actually really hard and even if you do everything correctly some doofus package maintainer upstream can make a mistake that allows some sort of attack through no fault of your own. Big targets like Sony have made mistakes and here's what they really are:
1) Didn't always follow their own best practices or industry best practices (95% is good in most things but in security that will get you owned). They probably need more people and to pay them more.
2) They made themselves a bigger target by pissing on people for years. Earlier this year Extra Credits said, "Sony, you do not want to tangle with the kinds of people who install Linux on their PS3s, you will lose." No, it wasn't the same crowd responsible for these attacks, the point is, know who you're tangling with, it's best not to bully anyone, but if you're going to bully someone best not to bully people who have little to lose or the ability to fight back.

Angry Sony apologist itt.

Oh well. You know what? Fuck you.

I am in engineering school, more precisely I'm learning informatics, that includes making websites, and excuse me, but using MD5 to encrypt data before storing it in a database IS FUCKING EASY.
So shut the fuck up please.

So why did the hackers hack. Just to say: Your security sucks?
That's pretty weird.

Now you may mean with salts, but that's just it, a lot of people think using a MD5 hash is good enough and call it a day.

Oops.

Also, you can't hash a credit card number since you need to use it again, better make sure the criminals can't get the decryption key, that your programs must have access to, after they've owned your servers.

Like I said, good security is hard, people think it's easy.

And like I said, you may or may not know this stuff, however I see comments like yours a lot and the commenters in many cases turn out to not know it.

The thing is, they weren't even using a MD5 hash.
I'm certainly not saying a MD5 would have been enough. But they weren't even using a MD5 hash.

And what the hell with the "security is not easy" talk.
They are a fucking huge company. Don't they have the funds to afford good security?

Did you read what I said about the NSA? Big targets will get owned, period.

Also, even if you're perfect: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=281595 or the bug where the openssh maintainer forgot to salt the keys from ssh-keygen, oopsie, now timing attacks become possible.

I already said what mistakes I felt Sony made in addition to what steps they needed to take to correct them, feel free to refer to my previous posts. I haven't bothered to read this article, but the previous stories covering the previous attacks certainly didn't manage to agree on whether Sony had hashed or encrypted DB contents or not, so I'm taking claims with a grain of salt.

This is just the latest of several other Sony systems and sites that have also gotten owned over the past month. Basically it's open season on Sony right now, and it looks like their security wasn't even close to being up to the task of minimizing the damage (as if there was any doubt of that after the PSN hack).