Sony makes the right call
The Playstation network has been down since about 20th April now. The full consequences of the attack may take some time to manifest, however the commitment to ensuring security since the attack has been foremost in Sony's agenda. The difficulty here is that although what has happened may be relatively clear, the how and who may be less obvious and because of this Sony need to take extra care when restoring the services as they cannot afford another similar incident. The fact that they may be offering a reward for information relating to the identity of the attackers proves that whoever did this were skilled enough to hide their tracks well. With enough digging, many clever breaches can be traced due to the smallest fragment of information in the logs or other data leading to clues. There is claim that information pertaining to the group Anonymous has been located on the systems, however Anonymous have denied the incident and apparently say they may have been framed. If the only information found to date is a so called calling card then it is likely that no other traces have been uncovered.
The thing to bear in mind is that almost every day we hand over our information to shops,petrol stations and other traders and think nothing of it. In theory our details could be accessed by many people but we assume it is always safe.
In the online world the best practice can be as simple as ensuring different passwords are used for all accounts. Unfortunately a practice which many people choose to ignore because it is inconvenient.
The first thing users should have done when the breach was announced would have been to change the password to the email account associated with the PSN. Although it seems simple it is a wise move as these email accounts are likely to be used for other services online and the "forgot password" option on many sites will send a password reset to the email account, which if accessed in time could be used to reset passwords then deleted.
The more worrying thing is the potential implications of access to credit card details and names,addresses etc. If this information was stored on encrypted volumes then there is little to worry about, unfortunately the exact details of which data was encrypted is still a little vague. All users can do here is to be vigilant and keep an eye on their accounts. Better still open a new account and cancel the other cards.
Sony's decision to delay the reinstatement of the PSN until further testing has taken place is a wise move. I can only guess that every server in the PSN has been cloned or removed whilst others have been implemented to take their place. This is the only real solution as the investigations into the attack will continue beyond the service going back online.
The thing to bear in mind is that almost every day we hand over our information to shops,petrol stations and other traders and think nothing of it. In theory our details could be accessed by many people but we assume it is always safe.
In the online world the best practice can be as simple as ensuring different passwords are used for all accounts. Unfortunately a practice which many people choose to ignore because it is inconvenient.
The first thing users should have done when the breach was announced would have been to change the password to the email account associated with the PSN. Although it seems simple it is a wise move as these email accounts are likely to be used for other services online and the "forgot password" option on many sites will send a password reset to the email account, which if accessed in time could be used to reset passwords then deleted.
The more worrying thing is the potential implications of access to credit card details and names,addresses etc. If this information was stored on encrypted volumes then there is little to worry about, unfortunately the exact details of which data was encrypted is still a little vague. All users can do here is to be vigilant and keep an eye on their accounts. Better still open a new account and cancel the other cards.
Sony's decision to delay the reinstatement of the PSN until further testing has taken place is a wise move. I can only guess that every server in the PSN has been cloned or removed whilst others have been implemented to take their place. This is the only real solution as the investigations into the attack will continue beyond the service going back online.
Comments
Post a Comment