in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Data Encryption Software: Sony Says Credit Cards Were Encrypted

Sony has released a Q&A regarding frequently asked questions of the PSN data breach.  Among other things, it revealed that their "credit card table" was protected with encryption software.  However, their "personal data table" was not.

It was not revealed whether passwords were hashed or protected in any other way, although one would imagine that passwords were grouped with the personal data table.

Regardless, Sony is "strongly recommending" that these be changed.  Like I noted two days ago, this is not necessarily a sign that passwords were stored in plaintext format, although the lack of denial (that they were saved in plaintext) the second time around is worrisome.  They hadn't mentioned the use of encryption previously, but cleared that up in this particular Q&A, and I was expecting the same for the passwords.  On the other hand, I'm not sure how many people have asked Sony whether passwords were encrypted or hashed (or if any did).

One thing that puzzles me is this:

Q: What steps is Sony taking to protect my personal data in the future?
A: We’ve taken several immediate steps to add protections for your personal data...including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly. [playstation.com, my emphasis]

Huh?  As I understand it, this breach was an on-line hack.  How's physically moving to another location going to improve security?  Do they expect a full-frontal assault one of these days, where servers are torn and stolen from racks upon racks that I imagine Sony must have deployed?

That's quite unlikely.  On the other hand, it wouldn't be the first time.  But then again, I don't think that a company like Sony would be one to use a questionable data center to begin with.


Related Articles and Sites:
http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/

 
<Previous Next>

Email Encryption: NY Yankees Breaches Info For 20,000 Season Ticket Holders

File Encryption: 2.2 Million PSN Credit Cards Up For Sale?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.