Despite Sir Howard's pretensions, Sony still doesn't really 'get it,' instead they just want to fight the old way, kind of like the English redcoats marching rank and file through Indian country.
Read Geohot's blog response to the hack, and you'll get a much better read on the problem:
Traditionally the trust boundary for a web service exists between the server and the client. But Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client(can't trust those pesky consumers), everything is good. Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server? This arrogance undermines a basic security principle, never trust the client.
This attack was the first of many. Sony has done the one thing tech companies should never do. They've given people much smarter and more technically skilled than them a cause. I don't want to perpetuate the "basement dweller" stereotype, but the fact is that the people who took the PSN down spend all their spare time at their computer. This wasn't a simple attack. It wasn't just for lulz. The PSN outage was the opening battle of a war.
Read Geohot's blog response to the hack, and you'll get a much better read on the problem:
Traditionally the trust boundary for a web service exists between the server and the client. But Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client(can't trust those pesky consumers), everything is good. Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server? This arrogance undermines a basic security principle, never trust the client.
http://geohotgotsued.blogspot.com/