

'Steal everything' era of hacking - codeup
http://www.bbc.co.uk/news/technology-13213632

======
mseebach
The article, and even the sources, seems to get the issues backwards, when
arguing that the availability of the PSN vs. an online banking site makes it
more vulnerable, and then goes on to talk about authentication measures.

If your password is "pwnd" on PSN, you expect no sympathy if your account is
compromised, also it very likely matters quite little (also, you can very
rarely read your credit card details back from a compromised account). No so
for your bank account, so the bank enforces obnoxious security on you.

But this isn't what happened, this attack didn't go through the front end. PSN
could have required fingerprints on every login, and they would have been no
more safe for it.

------
fredoliveira
Ah well, the same thing all over again. The hacker/cracker distinction is
sadly never going to be mitigated, and the press doesn't know/care enough to
change the way they report these things. The words hacker and cyber criminal
are used interchangeably in this article (and just about any article on this
topic). Sad, particularly for those of us who happen to be reading _Hacker
News_.

~~~
adestefan
Everyone really needs to get over this point. No news organization was ever
going to use the word cracker. I could see the headline now, "Two Crackers
Attack Bank." That wouldn't go over well.

------
fmavituna
> "Your online banking site is much more sophisticated." > A bank would
> usually use two-factor authentication, where you've not just got a password.

Your bank is secure because they keep their network patched and do secure
coding, not because they use 2 factor authentication. PSN would get hacked
even if they were using 234 factor authentication.

~~~
mseebach
> even if they were using 234 factor authentication

Probably not, but mostly because nobody would be using them then, so there'd
be no data to steal :)

------
ropers
> The hack, which has led to the network being unavailable for over a week,
> has left observers wondering if a company as vast and seemingly advanced as
> Sony can get hit, who out there is safe?

Thank you, Dave Lee, for revealing early on in the article that you don't
understand the subject matter and that the article won't be worth reading.

------
ams6110
I think we've seen enough to conclude that it's hopeless to think that all the
entities that possess personal information are going to succeed in keeping it
secure. Either through negligence or simple error, disclosures are going to
happen and are going to continue to happen.

What we need to do is change our systems so that mere information is not
enough to successfully "steal" an identity. I should be able to disclose my
name, birthdate, SSN, mother's maiden name, and anything else to anyone
without worry that it can be used to steal my identity. Now, I'm not sure how
or if that can be done, but it seems to me that the current approach of trying
to store the water in a sieve is never going to work.

------
inkaudio
This is a problem, too many unqualified tech journalist working for notable
newspaper, writing in ignorance about technology and tech culture. And these
newspaper don't hire a tech editor to fact check, the fact being (old news)
Sony ran unpatched/obsolete Apache with a notorious security flaw.

------
naner
Is the PSN network breach really about savvy criminals or more about corner-
cutting businesses?

------
codeup
Most comments seem to miss the point of the article that "data minimisation"
or data avoidance is the most efficient security measure. What do you think of
that?

