You said, the hackers "lowered people's trust in massive corporations [...] which is not good in any respect."
It seems pretty clear to me that Sony is most decidedly not deserving of consumer's trust - and without these public disclosures, we would have never known that.
Certainly - as I learned in the Gawker security breach - it sucks to have your login details broadcasted to the rest of the internets. But, after a few hours restting passwords across the internet, I was good to go. I expect the affected consumers in this case will have a similar experience.
And, that experience is a far better one than having your data stolen by a more malicious group of hackers, who use it for far more damaging means, without your knowledge.
So, I don't believe that this group of hackers are any kind of heroic. But even if their motivation is suspect, I do believe they're performing a type of public service. Teaching us all that it's the height of ludicrous to hand over your sensitive data to Sony, and expect them to keep it reasonably secure from basic script-kiddie tactics.
No, they might not be deserving of customers trust but that doesn't mean that throwing egg on their face is helping the situation any. If the hackers were doing it for the good of the community then it's counter productive. They should have informed Sony of the issue. They are kids who do not understand what effect the situation has on the economic climate.
Also, defacing the other music sites does nothing more than raise the profile of their hacking "skills".
As I mentioned, yes they are making people aware that there are security issues that companies need to iron out and Sony are having some serious bad media recently but who is this really helping? It's not helping the market and its not helping consumers?
You and I both know that they should not be storing stuff plain text or with some bad security practice and we understand what it takes to make it right but to the common person they are instantly put off all places where they have to put card details. The overall perception of the web is stepping back 15 years in the eyes of the general consumer, soon people will be afraid to put their details anywhere.
I agree completely with what you are saying but that's from my point of view, I'm thinking general consumer confidence.
> No, they might not be deserving of customers trust but that doesn't mean that throwing egg on their face is helping the situation any.
But not throwing egg on their face was helping less. As long as security bugs are mostly invisible they don't get fixed.
> They should have informed Sony of the issue.
If Sony needed to be told to lock their doors it's only because they didn't care. (At least in 2011. It might have been different in 1997...)
> It's not helping the market and its not helping consumers?
In the end, it helps the market and the consumers. If companies get away with broken security that penalizes, by comparison, other companies who spend more to develop a secure product, or who produce a less ambitious product because they know it's all that can be done securely.
Customers win because they get a more realistic view of what they're buying.
> You and I both know that they should not be storing stuff plain text or with some bad security practice and we understand what it takes to make it right but to the common person they are instantly put off all places where they have to put card details. The overall perception of the web is stepping back 15 years in the eyes of the general consumer, soon people will be afraid to put their details anywhere.
As they should be. You can see how well protected everything isn't.
> I agree completely with what you are saying but that's from my point of view, I'm thinking general consumer confidence.
Confidence through ignorance doesn't seem like a gift.
Why are you using the same password across the web in the first place. Worst case at least have a tiered system.
High - These are high security risk, such as email accounts, and anything that can gain access to or control something that relates to it (domain names, server access, stuff like that).
Medium - Passwords that give you access to very specific systems that if someone gained access would ruin your day but won't allow them to do anything really bad (personal home file server, the password to your FTP, web forums where you have a trust based relationship with people)
Low - If it gets hacked, who cares. Won't make a bit of difference (throwaway accounts on forums, news sites, stuff like that).
You're absolutely right, but, like (I suspect) many people, I knew better, but hadn't taken the time to implement unique passwords before the Gawker security breach. It basically forced me to act - and now I'm better for it.
You said, the hackers "lowered people's trust in massive corporations [...] which is not good in any respect."
It seems pretty clear to me that Sony is most decidedly not deserving of consumer's trust - and without these public disclosures, we would have never known that.
Certainly - as I learned in the Gawker security breach - it sucks to have your login details broadcasted to the rest of the internets. But, after a few hours restting passwords across the internet, I was good to go. I expect the affected consumers in this case will have a similar experience.
And, that experience is a far better one than having your data stolen by a more malicious group of hackers, who use it for far more damaging means, without your knowledge.
So, I don't believe that this group of hackers are any kind of heroic. But even if their motivation is suspect, I do believe they're performing a type of public service. Teaching us all that it's the height of ludicrous to hand over your sensitive data to Sony, and expect them to keep it reasonably secure from basic script-kiddie tactics.