This spring, Sony’s Playstation Network got thoroughly hacked, it lost the personal information of millions of people. It took multiple weeks to fix the system, during which Sony’s security practices, or lack thereof appeared: many servers were left unpatched and there was no standard channel to report security issues. This did not really come as a surprise, as Sony’s understanding of security was to install root-kits on audio-CDs.
So what initiatives has Sony taken since this spring to fix security issues on the PSN? It did what any large and stupid corporation would do: hire somebody that sounds important and put more lawyers on the problem.
Sony hired some executive from the Departement of Homeland Security, probably one of the few organisations worldwide that treat their users worse than Sony, and with basically a zero track record in actual computer security (forcing people to give out their password at border checks does not count). The lawyer based solution to the problem was to rewrite the end-user agreement to prevent class-action lawsuits.
But at least there are no more security issues on the PS3, right? I doubt it, there is a least one issue that I know off: the gallery program that runs on the playstation cannot access your pictures on Facebook if
https is enabled. Facebook enabled
https support more than a year ago but Sony still has not fixed the issue: the gallery cannot display any picture, just some blank icons. This shows that either the Sony people do not run regression tests with
https enabled, or that they don’t have any regression tests at all.
So what else are the Sony engineers doing? Basically here is the sum of all functionalities that have been added to my PS3’s firmware during this year:
- Blueray 3D support
- Mubi client
That’s it. No HTML5 web browser, no Skype (available on the PSP), no Facebook client, no Youtube client. Nothing. Pathetic.