Found this post in my unpublished list just now:
I just read a story at PC World that revealed the obvious fact that the breaches by LulzSec and Anonymous were avoidable. The groups used SQL Injection, XSS, social engineering, and took advantage of the misstep by their victims of not encrypting their data at rest. All of these security practices were and have been avoidable – it’s up to the data maintainer to know about these vulnerabilities before and to keep up with the latest security threats.
Anonymous also used a really old, published exploit (for which a patch was available but never applied) in a Linux system at HB Gary during their playtime with that company and its schmuck CEO.
Security should always be a paramount issue at any organization that handles data for any type of computer users. Sony failed to keep its users’ data secure, as did the other companies LulzSec and Anonymous has hammered in the past months. And while releasing all the usernames, e-mails, and passswords was probably not a good idea and caused a lot of grief for millions of people, the companies themselves should be held responsible. After all, if they had done what is right they wouldn’t be going through this misery right now.