The Sony Horror Hacker Show
May 7, 2011 5:00 AM PT
Sony's great big data leak could go down in history as the company's messiest mess of all time -- even worse than the CD rootkit disaster.
Last week, we learned that hackers had broken into Sony's PlayStation Network and made off with a bunch of user data. Names, passwords and birth dates were definitely leaked, and Sony wasn't able to guarantee people's credit card numbers were safe either.
That's what we were told a week after the break-in, and in the meantime, lots of customers' credit card numbers may have been in the hands of crooks. Since then, the plot has thickened further.
Even though Sony initially said users' credit card data had been encrypted, security researchers have reported hearing chatter about a list of PSN users' credit card numbers being shopped around through criminal underground channels for somewhere in the neighborhood of US$100,000. Sounds like someone's trying to cash in on a raid.
Sony's recommended that users keep a close eye on their card statements and credit reports. But for users who really want to be safe, you might want to also treat it like you know the card's been stolen. Call it in and ask for a new card with a new number, then shred the old one. Banks probably don't like that advice -- if everyone on PSN was to take that step, it's estimated the collective costs to issuers of replacing all those cards could be upwards of $300 million. Then again, what does it cost to deal with a massive influx of fraudulent transaction complaints?
Later, it was announced that, counter to the company's initial assessment, another part of Sony's system -- Sony Online Entertainment -- had also been broken into as part of the original hack attack. Same kind of info was stolen: name, full address, email, gender, birth date, phone number, user name, etc. In all, we could be looking at a breach of more than 100 million accounts, and nobody at Sony seems to be sure exactly what's missing from where.
The company even snubbed an invitation to explain itself in person at a U.S. House subcommittee hearing on data theft Wednesday. Granted, it probably wouldn't have been a very pleasant exchange if Sony had shown up, but its absence apparently didn't prevent congresspeople and other witnesses from unloading on the company. The chair, California Rep. Mary Bono Mack, burned Sony for not notifying customers about the intrusion immediately. When it did break the news, it did so on a company blog, which she said put the burden of finding out about the problem on the customers themselves. "Not gonna fly" is how she put it.
On top of that, an expert witness said Sony's security system was weak and that the company was well aware of that fact for months.
Sony hasn't completely ignored the dirty looks it's been getting from Washington. It wrote a letter to Congress explaining its side of the story and defending the way in which it disclosed information to users. It said it didn't want to cause confusion by dribbling out a bunch of unconfirmed or incomplete info hour by hour. So instead, it waited until it had a full and verified story to tell before going public.
Sony also explained that one of the reasons its security system was off the ball at the time of the attack was because it had recently been targeted by the hacktivist group Anonymous in retaliation for the company's lawsuit against hacker George Hotz. According to Sony, Anonymous' denial-of-service attack was so distracting that malicious hackers were able to sneak in through the back door. Sony didn't directly implicate Anonymous for the theft itself, but it did note that it found a file left by the thieves on one of its servers that contained the text "We are legion," which is an Anonymous battle cry.
Anonymous has denied having any part in the theft, and usually the group very proudly claims responsibility for the activities it does engage in, so at this point it doesn't smell like an Anonymous stunt. On the other hand, Anonymous is by nature very decentralized, so it's hard to say that any proclamation attributed to the group is the official party line. And who knows, maybe the people that really stole the data actually consider themselves part of Anonymous, regardless of whether the rest of Anonymous likes that or not.
Listen to the podcast (13:49 minutes).
Back on the Market?
VoIP provider Skype has been passed around a lot in recent years. It had something going on with eBay for a while, but that mostly fizzled out. It was a strange match anyway -- made it look like eBay intended to make Skype this system for strangers to chat each other up while buying each other's crap, instead of a more general worldwide communication system.
Skype seems to have gotten over that one, though, and now it's back in the dating scene with a vengeance. Suddenly it has two very serious buyers knocking at its door, according to Reuters: Google and Facebook. Or it could strike on on its own with a big IPO -- somewhere in the $1 billion neighborhood. Or both.
That possible Facebook buyout could be very interesting. An anonymous source said that if that deal goes through, it could be worth $3-$4 billion. The big question is what Facebook would do with Skype once it has it. It's a sensible pairing -- Facebook is all about communicating with friends; Skype let's you do exactly that. They could put a Skype button somewhere on everyone's profile; instead of instant text chat, you could do instant Skype chat.
But Facebook is kind of its own little fiefdom within the Web. If you want to use a Facebook feature, you have to be a Facebook member, and even though the network's huge and still growing, some people really don't want any part of that. If the deal happens, will Facebook refuseniks be ineligible for Skype? The VoIP and video-chat service right now has more than 600 million users, so that's a lot of people Facebook could potentially alienate by requiring them to join its network. Then again, fewer than 10 million of those users actually pay for services, so maybe they can take a walk.
But if the report is true, Facebook will have to battle Google if it wants Skype. Google's still trying to get its act together as a social network, and snapping up a communication service like this could be a big win in that direction. Mix it in with Google Talk and Android and see how it comes out.
There's lots at stake, so the battle could turn into a real heavyweight fight. As the biggest Web company in the world, Google has a lot of power in its corner, but Facebook has a ton of momentum, not to mention a friend in Redmond who would love to see Google fail.
Moore's Law is a principle that always seems to be on the brink of extinction until one company or another saves it with its ingenious new breakthrough invention that'll surely keep the dream alive, at least for another six months or so.
The law holds that the number of transistors that can be crammed into an inexpensive integrated circuit doubles about every two years. It's held true for longer than the term's been around, which was about 1970, and the progression it describes is one of the reasons you can buy a laptop for $400 today that can do more than the million-dollar machines that were around a few decades ago.
The problem with keeping Moore's law intact is that making transistors smaller and smaller becomes increasingly tricky, so chip makers have to be more creative in their design processes. It's rare that one single innovation turns out to be THE thing that makes the trend continue. There are lots of different ways to solve the problem, and chipmaker Intel just came up with one.
Intel says its latest transistor breakthrough is the creation of the first 3D transistor. That's not to say previous transistors existed only in two spacial dimensions. But they would typically just lie flat on the wafer. Intel got them to stand up straight, allowing more of them to be crammed onto the same surface area. Perhaps that sounds a little obvious, and actually the idea has been around for years. But the really big step forward that Intel's made involves the creation of a process for turning the idea into an actual commercial product rather than a sketch on a bar napkin.
Mobile devices may see the biggest early boost from Intel's innovation. One of the benefits of the 3D transistors is that they use less power than their 2D counterparts, and power consumption is a big issue when the device you're talking about lives off a battery. For Intel, getting a foot in the door in mobile would be a big win -- at the moment it's barely visible in the smartphone scene.
Friends With Search Benefits
Microsoft was one of the first players in the smartphone world, but it's still fair to call it a late bloomer. While iPhone and Android were out there making smartphones fun and interesting for buyers other than belt-holster-toting uber-geeks, Microsoft was stuck for a long time with Windows Mobile. Windows Phone 7 came along only recently, and now it's uncertain how much of a foothold it's ever going to get.
For a company like Microsoft, though, the mobile world has a lot of different angles to play, besides just putting a mobile OS out there and hoping phone makers and buyers will all fall in love with it. That's no doubt a big angle, of course, and Microsoft isn't too proud to buy some love for WinPho7 by doing things like stuffing Nokia's pockets full of cash.
But Microsoft is also a player in search, and its relatively new Bing engine is making gains on Google. It's still far, far behind, and there's no way it's going to actually overtake Google any time soon. But whenever Bing can score a key block against Google, Microsoft can consider that a good day.
One of those blocks happened this week as Microsoft CEO Steve Ballmer announced that Bing will be the default search and map utilities on upcoming Research In Motion BlackBerry devices. When you do a quick Web or map search on a BlackBerry, Bing will be the one providing you with the answers. It's not like Google services will be completely blocked from appearing on BlackBerries, but Bing will be the default provider.
RIM hasn't exactly been a media favorite lately. Its PlayBook launch was ham-handed, analysts gave it a painful downgrade last week, and critics often accuse it of putting out unexciting devices. But the fact is, there are tons and tons of BlackBerries out there, and even if some of their users only carry them because the boss says so, Microsoft's deal could still turn into a lot of lucrative mobile search traffic.
In shacking up with both RIM and Nokia, it's beginning to look like Microsoft is putting together an army of faltering giants to battle Android and iPhone. Android -- more specifically, Google -- is absolutely in Microsoft's cross-hairs on this deal, but it's not out of the question that Microsoft could eventually get Apple on its side too, if only to the extent of making Bing the default search engine on iPhones. They definitely seem to have a common enemy.
Good for What Ails Ye?
Here's a great way to waste a perfectly good afternoon: Pick a fight about PC and Mac security. It's especially fun if both you and the person you're arguing with know a few things about computer security but lack complete and total understanding of the subject.
Suffice it to say general OS security is a very touchy subject in some circles. But sometimes a security problem comes up that has very little to do with how secure or insecure an OS is by design. For instance, if a user who's in control of the OS can be tricked into actively installing a shady application, that doesn't mean the OS is insecure, does it?
I'm talking about scareware. It's an online ripoff tactic in which the bad guys make users think their computers are full of viruses, usually by performing a so-called free scan over a Web page -- which is fake, of course, but it'll tell you your machine's insides are covered in warts.
"Oh my God, your machine is totally infected! Look at all those porn pop-ups all over your screen! Your credit cards and Social Security number and address are going straight to Al Quaida right now, so you're pretty much screwed ... unless you buy our antivirus product. What's your credit card number?"
And from there, the bad guys have your credit card info. They might just charge you the price of the bogus software, or they might use it to defraud you further. Or they might take it up a notch -- they'll actually let you download the software and install it into your computer, and from there it acts as a constant spy.
The situation is one that Windows users encounter from time to time, and now it's also reached the Mac platform through a scheme called "MAC Defender." It catches potential victims from search result pages using SEO techniques, then it gets around all those Mac security walls by tricking them into giving its so-called security app tip-top, admin-level permission to come inside.
Experts who've looked at MAC Defender -- the shady, scammy MAC Defender -- say it's an odd mix of sophistication and idiocy. Whoever built it did a good job of making parts of it actually look legit. Its setup screens looks nice and polished, kind of like what a Mac user would expect from a genuine made-for-Mac application. But before that, when it does that fake scan, the animation that it uses looks like it was lifted from an old version of Windows. Sloppy!
Moral of the story: If you don't feel sick but some random person on the street tells you you're sick and gives you a pill to take, do you take the pill?
I don't think you should take the pill.