It's saddening to hear that your little brother's Christmas was ruined, but I'd argue that it's more of the fault of Microsoft designing a closed and centralized system with extensive DRM than the Lizard Squad's fault for taking down Xbox Live.
MS might have many flaws, and you might ideologically disagree with many of their practices (hey, I do too), but if you want to pin blame, it's squarely on the attackers who chose to stage an attack to deliberately break people's Xboxes on Christmas. They chose to act in a way that kept that little brother from being able to use the system as a way to try to grab some marketing to advertise their DDoS as a service scheme.
This. Seriously: a company makes a product which has the ability to be broken by hackers using a method (ddos), which is widely known and extensively used for over 20 years. And the product is closed source so no one can fix it. So... hackers break it on christmas. Oh no, it's not the companies fault! downvote! downvote! I'm tired of hacker news proprietary loving bullshit (except when the open source can somehow help them build proprietary products).
The Xbox can also be damaged by hammers, but could be designed with a more ruggedized case that could withstand that attack. If someone smashed a kid's Xbox on Christmas with a hammer I wouldn't blame the design of the console, I'd blame the creep with the hammer.
Seriously, you might not like MS, proprietary software, their business models, or lots of other things about them, but don't go blaming them for some cretins attacking their systems in a failed ploy to make a buck.
The Lizard script kiddies had a pretty horrible business model too, FWIW, break into a bunch of systems across the internet to DDoS Xbox/PSN servers, ruin a bunch of people's Christmas, and use the media coverage to sell their DDoS as a service scheme.
Yes, I will blame them. You make no compelling case otherwise. This is how the internet works. If you run a server with security vunls that are well known and patches available: it gets owned. It's your fault. Same type of situation here.
"If you run a server with security vunls that are well known and patches available: it gets owned. It's your fault."
It's not that MS was being lax about properly hardening their boxes, though. You could DDoS the most hardened server out there, or a rack of them, it's really an inherent design issue with TCP/IP that you can DDoS systems. It's completely ignorant to blame MS, they didn't have a single point of failure, they had blocks of auth servers nailed.
