Sony: Security Fail Redux

By now, everyone knows that Sony’s Playstation Network got hacked earlier this year.  It’s a big mistake that shouldn’t have been made, but we all make mistakes.  The key to Sony’s viability as a player in the online world is that it be able to learn from its mistake.

Today, Sony is reporting a new intrusion:

In a warning to users issued on Thursday, So-net said an intruder tried 10,000 times to access the provider’s “So-net” point service […] from the same IP address.

There is absolutely no reason why any online service should allow an intruder to attempt 10 unsuccessful login attempts from the same address, much less 10,000.  This represents a complete failure to grasp the fundamentals of security, and any reasonable observer would have to conclude that Sony is completely security-blind and totally naive.  You can expect many, many more stories like this to emerge unless the company adopts a complete reinvention of its online presence.