Stupid as well as evil

My antipathy towards Sony is well documented, and should come as no great surprise to regular readers of this blog.

My experience with their customer service was less than salutary. I ordered a $20 item online that was mis-priced at 1c. That they canceled the order doesn’t bother or surprise me, but they did so without taking the trouble to notify me, and they gave me the Customer service run-around for three months before finally coming out and telling me that they had no intention of honoring the price. They were willing to lose a customer for life over twenty dollars.

But that’s not all. Their hardware has a tendency to sport expensive proprietary interface that ignore established standards — insisting on Memory Stick while the rest of the world was happily using SD, for example.

In the past they have surreptitiously installed rootkits on their customers’ computers, removal of which could render the computer unbootable. That’s right; they believe that they have a right to fry your computer in order to protect their “content” is more important than your right to a working computer.

They have also paid graffiti artists to create fake graffiti of kids on skateboards playing with PSPs. Graffiti that municipalities had to remove at the taxpayers’ expense

Having established that Sony is Evil, it is now time to move onto the stupid part.

I got a chuckle when I heard that the PlayStation Network was hacked, and the miscreants gained access to names, e-mail addresses and passwords — and potentially credit-card details as well — for up to 75 million users.

The reason that this is particularly egregious is that the passwords were apparently stored as plain-text. In web security circles, this is a HUGE no-no. In the real world, passwords are put through a one-way function, and the resulting “hash” is stored. That is how passwords are stored in the real world, and how, for instance, Windows stores its passwords. A small-scale web application that I build went from plain-text passwords to hashes five years ago.

Sony will probably try to downplay this; to tell you that everything’s fine — to admit otherwise would be to open themselves to huge lawsuits. But I can think of at least two significant problems.

  1. Millions of Credit Cards on the loose — nuff said.
  2. Millions of e-mail address/password combinations. Let’s try those on the world’s major banks, shall we? Given the average user’s tendency to re-use the same password everywhere, there’s bound to be a few (thousands to millions) hits. And bank accounts will suddenly be emptied, their contents shifted overseas and untraceable, because while banks can turn off wire transfers for accounts, the default is ON.

But Sony couldn’t be bothered to do it right. And now heads should roll.

Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: