Ronnie05's Blog

Sony Data breach: User backlash and lessons in security

Posted in Industry updates by Manas Ganguly on May 4, 2011

The data breach at Sony obviously has left the corporation a bit shaken and stirred and on its part Sony has been trying to make good on the losses both on credibility and services. While, Customers will get complimentary downloads and 30 days of free premium services as a make good, it raises fundamental questions on user-data security. A few questions to be answered in transparency by Sony are

1. Even though, the initial analyses saw that Credit card data wasn’t stolen, what kept Sony waiting for 7 days before they made this event public. The ensuing 7 days did not record any fraudulent activities but then the possibility of frauds in these 7 days were the maximum. All that Sony did was to shut down its Playstation network on learning of the crime which stopped further leaks but did not address lost information adequately.
2. Sony probably did not pay enough attention to security when it was developing the software that runs its network. In the rush to get out innovative new products, security can sometimes take a back seat. Also, New software has errors in it. So they expose code with errors in it to large numbers of people, which is a catastrophe in the making. Sony would have to do with explaining the lack of adequate security in guarding sensitive information.
3. Data storage is categorized into sensitive credit card information which is given higher class of access security versus other details such as name, password, age, gender, family details etc. These layers in security may cause larger ripples in terms of individual email based phishing scams and attacks. ALL USER DATA NEEDS TO BE ACCORDED FORTRESS SECURITY SET UP.
4. The second data breach has reportedly happened from a 2007 out-dated database. If that be the case, the question arises how is out-dated data treated and accorded security. Shouldn’t that be well secured as well?

Sony has been more forthcoming on the security breaches given that bulk of attacks on corporate and governmental computer networks go unreported because victims want to avoid the embarrassment and public scrutiny that come with acknowledging that their systems have been hacked. In many cases companies seek to keep the matter quiet by telling individual customers of the problem without issuing a public statement like the one from Sony this week. For example, 85 percent of some 200 companies in electricity-producing industries said that their networks had been hacked, according to a survey released this month by security software maker McAfee Inc and the non-profit Center for Strategic and International Studies. Yet utilities rarely disclose such attacks. In many cases, intrusions go undetected by the victim company, leaving the firm and its customers completely unaware that criminals have access to their sensitive data.

The hacking of Sony Corp’s PlayStation Network,Sony Online entertainment, Qriosity and has earned a place in the annals of Internet crime. It is one of the biggest online data infiltrations ever and is a sign that the industry may face new threats. It also serves a reminder that as we move into the digital world, we put more and more of our digital identity into the cloud, or digital devices … Security is going to be a tremendously important part of what we do. Payments security is evolving along with intelligent devices, like smartphones and contactless cards, and technologies such as NFC. Security standards and their up gradation is a key component to maintaining data privacy and data integrity.

How safe is user data online? (The Sony episode)

Posted in Industry updates by Manas Ganguly on May 3, 2011

Julian Assange in an interview some time back alleged Facebook to be the “most appalling spying machine” which exposes private information of over 600 million subscribers to law makers and other national security agencies in a breach of fair rules of user privacy. Inside days of Assange’s interview, we heard from Sony Corp, a leading Durable and Gaming brand about 2 counts of security breaches of its online networks. The first attack on Sony’s play-station video game network and Qriosity online music and film service which happened between 17th-19th April exposed names, addresses, passwords and possibly credit card numbers of its 77 million customers. The second attack (which preceded the first one but was discovered later possibly 16th-17th April) had drilled a hole through Sony Online entertainment network and had compromised credit card data relating to 24.6 million of its consumers and debit card data of around 10,700 more customers in Austria, Germany, the Netherlands and Spain. Sony in a statement has said that the main credit card database had not been compromised as it is housed in a safe and secure environment.

What saves the day for Sony corp is that second level security data – The three- and four- digit codes are used as a second source of authentication for many online vendors. The network passwords were also protected by a level of security called hash algorithm in which the word users type in is converted on Sony’s servers to a string of characters entirely unrelated to the original password. With passage of time, the value of this stolen information diminishes greatly as banks and users increase security precautions around such credit card data or altogether cancel it. However, hackers may be trying to hijack e-mail accounts by attempting to access ones provided to Sony, and plugging in PSN passwords to see if they were re-used for both, and spear fishing for data through fraudulent emails that contain enough personal information to persuade the victim to let down their defenses, which can be enough to get them to click on a link that downloads malicious software onto their personal computer.

The financial impact of this security incident for Sony depends on how well the company convinces customers it “will make things right”. The outflow for Sony in terms of credit card fraud, network repair and marketing costs is $50 million. The cost of legal suites would add to that figure in some measure. The impact for Credit card majors could be around $500 million. How about user faith and confidence on Sony? The loss of that (in Mastercards’ tag line) is priceless.

Cloud Gaming: When Gaming meets the cloud

Posted in Gaming, The cloud and the open source by Manas Ganguly on June 17, 2010

Content Streaming, Music Streaming and if the trend at E3 is to be believed, the world is now headed to Game Streaming. We would call it “Cloud Gaming”

The Gigahertz Microprocessors and the iPads of the world along with Cloud computing could be unveiling the age of “cloud gaming”. Several companies hope using cloud computing to store games will be the real shift by letting gamers play high-end titles anywhere, on almost any machine. A view to “cloud gaming” is that If fully realized, they say, cloud gaming could be a console killer. The need and the idea is to make video game content increasingly free from the restrictions of device and location, while showcasing the ability to instantly play the latest, most advanced games at the touch of a button. Cloud gaming uses rapid data compression to let users store their games “in the cloud” — on Web servers — and then pull them down and play them using a regular Web browser. It’s the same concept as storing photos on a site such as Flickr or music videos on a MySpace page. The user doesn’t actually have those files on any one particular computer but can access them from anywhere. The only thing the user needs is a capable device, a decent browser and an a fast internet connection. The iPAD seems to be a good answer in terms of a capable device.

The Assasins Creed II finds a new home in the cloud

There are a few companies which are making early inroads into the area of “cloud gaming” and some interesting game titles such as Assassins Creed II, “Batman Arkhalam Asylum” and “Mass Effect II” have found new homes in the crowd and more are to follow. Revenues are to be made from subscription services, or pay per play or even in terms of trail gaming before buying the real monty from a store. Microsoft with its Xbox Live network, Sony with its Play Stationplus, Virgin, aggregators like Onlive and Gaikal are early entrants into this new gaming construct.

Batman: Arkhalam Asylum is another blockbuster to go to the cloud

However, not everyone in the tech community is sold just yet on the concept of “cloud gaming”. Some question whether gamers, who presumably already have at least one gaming console, will pony up again for the ability to play their favorite titles from the cloud.Even if it costs less to rent or play a game — and it probably will … Game streaming will have a tough time competing with actual hardware for all but the most dedicated gamers.

Interesting piece and we would be keeping an eye on that.

Microsoft Natal: Coming this June13th.

Posted in Gaming by Manas Ganguly on March 29, 2010

June 13th 2010:Will Microsoft Unveil the Natal on this day?

Of the three technologies that Microsoft is aggressively pursuing, Natal is intended to be the “Future of Gaming”. The others include Surface (The Future of Touch) and Microsoft’s Cloud computing efforts.

Microsoft is now readying for Xbox 360 Experience press conference at the E3 show in Los Angeles on June 13. I expect it to be the unveiling of the Natal powered new series of Xbox360. However, whether it’s a formal announcement or just another explanation of the technology won’t be known until then.

Natal, is Microsoft’s camera-based motion controller. In early demontrations, the technology has been extremely impressive, although no one quite knows how Natal will hold up in real-world gameplay in millions of different home gaming setups. At this year’s Consumer Electronics Show, Microsoft said that the Natal technology would ship by the 2010 holiday season.

In The mean time, Rival Sony is decking the PlayStation Move, a combination of a Nintendo Wii-like nunchuk and the PlayStation Eye camera. I would have liked to see Sony integrate the FOLED technology on this one, but it looks like Sony has conserved that one as the next big story, the next big release.

%d bloggers like this: