Friday, May 06, 2011

Apple and Sony: A Tale of Two Companies

For my first post on the blog, I thought I'd post about something that's gotten a lot of coverage in the press over the last week or two. In this case, the perceived security issues affecting both Apple and Sony. What's interesting is that the two incidents started opposite ends of the spectrum, then wound up at opposite ends again (although reversed) as more information became available.

The first issue relates to Apple and what has become known in tech circles as “Locationgate”. Basically, researchers discovered that iPhones running iOS 4.x had a file that stored location information. When this information was backed up to a computer, it was left unprotected. Some other enthusiasts then created a program that allows you to decode the location information and display it over a Google Maps layout. (They did intentionally skew the accuracy a bit). Upon the initial report, a lot of people were up in arms, but as more information was put forth, the anger began to subside.

First of all, when you turn on your iOS device for the first time, you are explicitly asked if you want to share location data with Apple. If you click yes, then you had consented to this practice. There is also language in the EULA outlining this, but most people never read more than the first and last paragraphs. Also, the data in the location file was based off the Assisted GPS (utilizing cell towers and wifi hotspot info), not the regular GPS service. This means that at best, it would provide an approximation of your location. To give you an idea of the vague nature of this data as I’m writing this post, the location data could show me at my house, the hospital, the university, or even the police station depending on which direction the data skews due to using aGPS instead of regular GPS. Finally, a lot of people have signed up for the “Find My iPhone” service through Apple’s website. So there should at least be some vague understanding that this data is being traced.

To Apple’s credit, they addressed these concerns in a FAQ they posted on their website last week. They admitted that they should have provided more clear and concise information about the location caching, and that the file was actually caching more data than intended. They promised to address this in a future update of the iOS software, which was released last night. I strongly urge anyone using iOS devices to upgrade to iOS 4.3.3 as soon as possible. So at this point, the issue has largely been resolved, and the majority of users have returned to their normal day-to-day affairs.

On the other hand, Sony’s issues relating to the Playstation Network (PSN) started out as simple downtime, but have grown progressively worse and worse. At first, users were just miffed because they couldn’t play Modern Warfare 2 or some other multiplayer game on their Playstation 3s. As time went on, Sony then notified its user base that the service was being rebuilt from scratch, and that there had been some sort of intrusion into the system. Then it started getting worse. Sony sent out an email to all PSN users notifying them that their usernames, email addresses, password and (possibly) credit card information may have been obtained by these hackers. But it gets worse from there.

This past Sunday (May 1), Sony officials had a big press conference in Japan to address these issues, complete with the deep bowing that is a customary sign of apology in the Japanese culture. The officials stated that they were working to restore services as quickly as possible, and that they would work to compensate its users in some fashion. Fast forward to Monday, when it was revealed that not only had the Playstation Network and Qriocity been hacked, but Sony Online Entertainment (SOE) as well. This means that anyone playing its online games (including Everquest and Everquest 2) on the PC side of things were affected as well. At this point, stories began to circulate that some of these hackers tried to sell back a list of 2.5 million credit card numbers they lifted from Sony’s servers. Sony executives were called before the US House of Representatives on May 4 to answer some serious questions pertaining to this breach. Sony did not personally attend the hearing, instead submitting a written response to the questions. In the press release Sony put out about this issue, they summarized what they told the Congressional committee about the intrusion.

Just today (May 5), it was revealed that the servers that Sony was using to run PAN/Qriocity/SOE were not only running outdated server software, but lacked even a basic firewall to prevent intrusion on their systems. Dr. Gene Spafford of Purdue testified before the House Subcommittee on Commerce, Manufacturing, and Trade that independent security experts had been monitoring Sony’s systems and reporting security threats to Sony in an open forum available to all Sony employees. These expert reported these major security issues to Sony about three months BEFORE their systems were hacked. This means that Sony knew full and well that they had a security concern on their hands, but did nothing about it until it was too late. It’s literally as if Sony’s engineers decided that the system worked fine, so there was no need to make changes.

There’s a difference between making an oversight that leads to a security vulnerability (such as we’ve often seen with Windows and to a lesser extent OS X) over the years, and just choosing to ignore a known issue. The former could be considered careless, the latter outright ignorant, even dangerous. For a company that was under hot water once before for installing rootkits on customer’s computers with any notification if they inserted music CDs into their machines, this is just another example of Sony placing an emphasis on profit over security.

Links to more information are below:

Apple FAQ on the Location caching issue:

Sony response to US House:

Sony using insecure servers for PSN:

Thursday, May 05, 2011

Sony PlayStation Outagee

This Outage has beeing going on for three week now and they just want to give us a free 30 day of PlayStation Plus. This is not a good think Sony being as most of you games have DRM on them so without PlayStation Network you can not lock the DRM and so you can not play. Like Portal 2 it has DRM and you can not play it. what about our credit card number were they stole or were they not take just tell us so we can fix thing up.

Please Comment Your Feeling On PlayStation Network Outage

Welcome To Our Three New Writer

Tonight We Found Someone that is just as much into tech as i am and i like to welcome a new blogger to the blog tntoak. His first blog post is coming soon watch out for that.

you can follow them @tntoak 

Please Feel Free To Contact Them E-mail
Please Feel Free To Contact Them E-mail
 Please Feel Free To Contact Them E-mail                                                                                 

Monday, May 02, 2011

Vote Canada 2011

Now We Have Vote today and poll will be close at 9:30 PM and want make sure canadian are getting out there and voting tonight.

Poll Result

Canada Vote 2011

Today is the vote for Canada and with today being may 2 and the vote is hear so show up and vote