Last Updated: 2011-06-03 19:51:37 UTC
by Guy Bruneau (Version: 1)
We have written diaries on Sony’s security woes over the past few months, first one was a DDoS against its infrastructure  followed by the hacking of the Sony PlayStation network that took their network offline for several weeks, affecting all its PlayStation customers . This week, SonyPictures was compromised by a group of individuals calling themselves LulzSec who took over 1,000,000 unencrypted plaintext customer password. Last week, another attack took place, this time against Sony Music Entertainment Greece website  who took usernames, passwords, email addresses and phone numbers.
One question comes to mind. With all of this data lost, if a PCI compliant corporation can be this easily targeted and compromised, is PCI a good standard to measure security posture?
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu