I broke the dam.
PlayStation 3
Platform »
The PlayStation 3 (often abbreviated PS3) is the third home video game console created and released by Sony Computer Entertainment Inc.
Sony Publishes Q&A to Address More PSN Concerns, Still Unanswered Questions
I never said is was extortion, the word doesn't even appear in my text. Also, I don't understand the rest of your comment. Assume I'm still on 3.15 with OtherOS and want to change my PSN password due to the intrusion. If there isn't a way to do that which doesn't require me to upgrade the FW, then Sony (in my IANAL opinion) are undermining one of the arguments they're using in court, where they say users are perfectly fine sticking to the old FW if they want to.This isn't extortion. This is an update keyed to the new security measures of PSN. If you've been keeping your firmware up to date through legitimate means at all, then you already lost OtherOS functionality a long time ago. "
Maybe they stored the key(s) on the same systems? There's really no reason to blankly assume a best case scenario here. Encryption is only useful insofar it's applied correctly. You can encrypt data without adding to the overall security of the system." @vividnova: Well of course. I am just saying that if the credit card data on Sony's servers is encrypted how could it be used like this Norwegian guy claims. "
Fortunately there are typically laws and regulations re: CC information storage specifically. Perhaps one can assume Sony at the very least followed those.
" @Vodun said:The inclusion of the word "admitted", to me, appears to put focus on admitting guilt being the bad thing rather than the actual fuckup." @Hailinel said:What? No. Don't go out of your way to defend companies that fucked up like Sony did. I don't know how you interpreted what I said the way you apparently did. "" @boylie: Word of advice: Don't accuse others of wearing tinfoil hats when you're the one defending the actions of a company that has all but admitted to fucking up. "Wait, so companies shouldn't admit to fucking up? Cover ups are better? "
Would just like to point out... the longer this continues to be down, the PSN I mean, the more it will hurt Sony in the long run.
Working in the video game store, I've already noticed and influx in people trading-in PS3's for 360's claiming if they can't play online then the machine is dead to them.
The sad but true story of how console gaming is all online now, single player offline would seem to be dead in the water.
Man this is some fucked up shit, can't believe how inept Sony are. How could they not encrypt personal data
ALWAYS encrypt. For the love of god. I sure hope they bring back the service with the option to wipe all of the data you've given them and delete your account. The worst part for me is that the only reason I even used the service (not being a PS3 owner but being a PSP owner) was to download demos for games I couldn't even run on my PSP.
Good job sony, get all this mess sorted out so we can get back online. PS. CATCH THOSE MOTHER @^@^%@
" @Vodun said:Do you think Sony is the only company to have suffered a breach of security? Do you think it's even possible for any company to completely avoid a security breach if they are the target of a dedicated attack?" @Hailinel said:What? No. Don't go out of your way to defend companies that fucked up like Sony did. I don't know how you interpreted what I said the way you apparently did. "" @boylie: Word of advice: Don't accuse others of wearing tinfoil hats when you're the one defending the actions of a company that has all but admitted to fucking up. "Wait, so companies shouldn't admit to fucking up? Cover ups are better? "
You better get your ass off the Internet then because it's not common practice to encrypt stuff like names and adresses. If they encrypted everything (Iike people are expecting) it would kill performance of the network. Then people would be sitting here complaining about how "slow PlayStation Network is" and why "XBOX Live is better". You know it's true." Man this is some fucked up shit, can't believe how inept Sony are. How could they not encrypt personal data "
But hey, it's cool when we can just look for every negative and spout bullshit about how "shit" Sony is, right? I understand people are angry (and you have every right to be!), but it sounds like they've done everything by the book to me. Taking the entire Network offline when they detected an intrusion was -- for a start -- an enormously bold move.
I'm not defending anyone here. Clearly this sucks, and Sony's communication about it has been questionable at best. But I'm really bored with people spewing rubbish about things they don't understand.
"..., including moving our network infrastructure and data center to a new, more secure location,..."
" @evanomeara said:Sony Defence Force much?You better get your ass off the Internet then because it's not common practice to encrypt stuff like names and adresses. If they encrypted everything (Iike people are expecting) it would kill performance of the network. Then people would be sitting here complaining about how "slow PlayStation Network is" and why "XBOX Live is better". You know it's true.But hey, it's cool when we can just look for every negative and spout bullshit about how "shit" Sony is, right? I understand people are angry (and you have every right to be!), but it sounds like they've done everything by the book to me. Taking the entire Network offline when they detected an intrusion was -- for a start -- an enormously bold move.I'm not defending anyone here. Clearly this sucks, and Sony's communication about it has been questionable at best. But I'm really bored with people spewing rubbish about things they don't understand. "" Man this is some fucked up shit, can't believe how inept Sony are. How could they not encrypt personal data "
I know the importance of sounding formal and how it in most cases help bigger companies,
but in some cases it gets a little frustrating and we want to see necks getting wringed!
As for law enforcement in this case, it's a little ironic considering how Sony illegally
pulled the otherOS function from the PS3 without any repercuss.. oh wait here we are.
Probably not related of course, but it's a fun thought. Some noble, fat super hero hacker
out there somewhere with an outdated meme tshirt keeping the internet justice aflow.
Of couse this hurts 77 million consumers as well, so it's not much.. justicy, I guess.
Darn.
Sorry to interfere in your "heated" argument, but the same discussion happens for days on IGN.
Apparently, the people that don't know jack shit about basic law are also the most fanatic and brainwashed corporate ass-kissers I ever seen.
These fucking idiots can't understand the simple fact that all PSN users had to accept an "user agreement" with Sony when they registered, and NOT WITH SOME HACKERS.
In that "user agreement", Sony took it upon itself to protect the user's personal data. For some reason, Sony failed protect that info, thus failing to respect its part from the "user agreement", therefore being responsible for that mess.
The hackers are not OUR problem-it's Sony's, because we (the PSN users) trusted Sony with our data, not anybody else.
And those are hackers, that's what they do-they hack systems (duh!), so ironically, they did their job, while Sony didn't. (If the police fails to protect me when criminals attack, then I blame the police, because they are paid from my taxes)
It's not our fault that Sony is apparently so cheap that they can't hire some serious no-life jerk-off nerds and pay them to watch anime porn and to protect the servers and the PSN against those hackers.
And another thing: if you, a big corporation, still can't give us one, at least ONE hacker name, after a whole week of stupid, unexplainable hush-hush secrecy mixed with a PR mess, then get the fuck out of this industry and do something else.
I like playing on my PS3, I like its games and exclusives, but not to that point of being a raging stupid fanboy, oblivious to any reason and even to the simple fact that Sony handled my info and this whole situation less than amateurish, which is odd, now, in 2011, Sony being also one of the biggest electronics companies and not some newcomers on this market.
End of rant.
I feel bad for Sony. As for me...it took me about ten minutes to scoot around the web changing a few passwords, truth be told I took this oppurtunity to chnge even ones taht were not the same as my PSN...call it Spring Cleaning. I popped into my credit card too just to look at transactions, and i changed some of my contact e-mails to newer ones....something I should have done a year ago.
Over all I feel the same way about Sony as I would if he were my teenager and he dented the car. I'm glad he's safe and I glad nobody got hurt (nobody I care about), but I'm gonna tell him he has to be more careful.
Xbox Live's user data is entirely encrypted. It is also not accessible from a single console / user account / dev console. The access is specifically restricted to prevent breaches like this." @evanomeara said:
You better get your ass off the Internet then because it's not common practice to encrypt stuff like names and adresses. If they encrypted everything (Iike people are expecting) it would kill performance of the network." Man this is some fucked up shit, can't believe how inept Sony are. How could they not encrypt personal data "
Microsoft talks about their attack profile work here:
http://blogs.msdn.com/b/larryosterman/archive/2007/09/21/threat-modeling-again-threat-modeling-rules-of-thumb.aspx
There's a much larger and better article out there, but shacknews is down so I cannot find it.
I guess you took it on yourself to remove the quotes around "heated" by calling people who think maybe Sony handled this fairly alright, all things considered, "fanatic and brainwashed corporate ass-kissers" and "fucking idiots"." @hckling: Sorry to interfere in your "heated" argument, but the same discussion happens for days on IGN.Apparently, the people that don't know jack shit about basic law are also the most fanatic and brainwashed corporate ass-kissers I ever seen.These fucking idiots can't understand the simple fact that all PSN users had to accept an "user agreement" with Sony when they registered, and NOT WITH SOME HACKERS. In that "user agreement", Sony took it upon itself to protect the user's personal data. For some reason, Sony failed protect that info, thus failing to respect its part from the "user agreement", therefore being responsible for that mess.The hackers are not OUR problem-it's Sony's, because we (the PSN users) trusted Sony with our data, not anybody else. And those are hackers, that's what they do-they hack systems (duh!), so ironically, they did their job, while Sony didn't. (If the police fails to protect me when criminals attack, then I blame the police, because they are paid from my taxes)It's not our fault that Sony is apparently so cheap that they can't hire some serious no-life jerk-off nerds and pay them to watch anime porn and to protect the servers and the PSN against those hackers.And another thing: if you, a big corporation, still can't give us one, at least ONE hacker name, after a whole week of stupid, unexplainable hush-hush secrecy mixed with a PR mess, then get the fuck out of this industry and do something else. I like playing on my PS3, I like its games and exclusives, but not to that point of being a raging stupid fanboy, oblivious to any reason and even to the simple fact that Sony handled my info and this whole situation less than amateurish, which is odd, now, in 2011, Sony being also one of the biggest electronics companies and not some newcomers on this market.End of rant. "
I'd also like to see where in this "user agreement" you mention Sony guarantees all your information will be protected from ever being exposed in case their systems get hacked. I'm not saying it doesn't exist. I will say, however, that if the user agreement does state any such thing, Sony should fire the lawyer who approved such an obvious pitfall. That would indeed be a fuck-up of epic proportions. Anyone in the tech-industry knows that is not something you can guarantee, ever. Also, user agreements tend to be rather one directional and it would be rare indeed for a company to promise anything like what you seem to believe.
In a strange way I hope the hackers were some nerd boys, thinking there such rebels and teaching Sony a lesson for suing over the security PSN thing. Because I can imagine them now, shitting themselves, completely out of their depth not realising that what they were doing would become international news and have the FBI breathing down their necks. I've noticed a shift in the focus of non gaming news that has started to put Sony in the victim position, gaming sites just seem to enjoy the controversy and slaming sony for being useless. whereas non gaming sites have put a much more criminal slant on it, i.e. Sony has been attacked and is doing the best it can to cope with it. I prefer the non gaming slant. At the end of the day we dont know anything about whats really happened, so how can we judge sony for not acting the way we'd want?
I remember this great article from a while ago:
http://www.eurogamer.net/articles/2011-02-21-the-boy-who-stole-half-life-2-article
"Rot in hell sony. "This is also aimed towards the london police after the Jack the Ripper-murders, the investigators of the JFK assassination and every person who ever disliked the Jesse James gang.
What is up with people hating on the victims of crime while ignoring the actual problem; the criminals.
I guess I'll be the first to say it: rot in hell hackers, or get a job like honest people.
"Don't be ridiculous, THIS is where they will be moving their infrastructure."..., including moving our network infrastructure and data center to a new, more secure location,..."
This is the first thing that popped into my head. I can see them renting some office space between the Stargate and the W.O.P.R."
Sorry Sony not good enough. Unless you make a statement confirming that going forward ALL personal data is going to be encrypted then you wont get another penny from me. Your response
"
We’ve taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly."
what fucking good is that going to do. so basically you are moving to a new house and installing more sophisticated locks?? that is completely redundant if the information contained within is still going to be stored as plain text.
PCI compliance is required for ANYONE who stores credit card data and its enforced and you must be certified for it. There are different standards of PCI compliance for those who use CC information and those who actually store it...it amuses me that people think the cc data wasn't encrypted.
Someone just tried to access my Steam account. Luckily I have the 2 factor auth. I have been changing passwords but did not get to this yet - I'm pretty fucking pissed at Sony right now.
" @Mechabolic: They're saying that your login and other personal info may have have been unencrypted, but your credit card number was.I totally agree; I'm cancelling my card today because I have no faith in Sony protecting my CC info. Although my card's expiration date and security number on the back of the card changed last month, it doesn't make a difference unfortunately. From now on if (and that's a big "if") I decide to buy any DLC from the PlayStation Store I will be purchasing a Sony PSN card first.But fuck all that noise. If you're security is bad enough to be storing passwords, then I have no faith that my CC info isn't long gone. Canceling the card I was using on PSN tomorrow."
...and to think that there are idiots out there saying "oh well, I'd rather have my identity stolen than pay for a Microsoft Gold account!"
" @Norusdog said:Well if you had even a 2nd grade comprehension and reading level you'd see that I SAID I didn't blame them for the attack but for how they've handled things after it with us. It took them a fucking week to start talking about it and we STILL just got some hair-brained "duuuuh herrr...we don't know" in response to CC info."Rot in hell sony. "This is also aimed towards the london police after the Jack the Ripper-murders, the investigators of the JFK assassination and every person who ever disliked the Jesse James gang.What is up with people hating on the victims of crime while ignoring the actual problem; the criminals.I guess I'll be the first to say it: rot in hell hackers, or get a job like honest people. "
Fact is this statement should have been posted within a day or two of the outtage...not this long after.
But again if you had any fucking intelligence you'd of understood my simple response. Let me know if you need help understanding this one. I know multiple syllables gives ya problems
Well at least the credit card info was encrypted even if the personal info was not.
That's something, I guess.
I think some of you people are going way to far. As anyone anywhere come forth yet and said their card info or other info was used somewhere by hackers. Unless you bank with a shady bank it's pretty easy to watch your account to moniter use of the card, plus I have faith in my bank that if card was used against my will I would be able to funds back. If you plan on living under a rock than you should probably stop shopping anywhere on the internet and at the same time you should probably never log into your whiskey media account either.
So far, other than the delay in telling the consumer base about the issue, it seems Sony's security was up to par with most other companies. But the amount of people forgetting that it's really the Hackers/Criminals fault here and just blaming Sony is crazy. It still is their fault in the end, cause they lost the data but that'd be like people just blaming a bank/police/security for a robbery and just forgetting about the people getting away with it. :S.
" @twillfast: Here, Here!So far, other than the delay in telling the consumer base about the issue, it seems Sony's security was up to par with most other companies. But the amount of people forgetting that it's really the Hackers/Criminals fault here and just blaming Sony is crazy. It still is their fault in the end, cause they lost the data but that'd be like people just blaming a bank/police/security for a robbery and just forgetting about the people getting away with it. :S. "I'm sorry, but it certainy does NOT look like they were up on par with how IT security should be handled post the 1990's. They still kept all the personal data (seemingly including the passwords) unencrypted. We shouldn't be thankful for that they at least had the credit card stuff encrypted, that's a god damned basic requirement. We're not talking a small newspaper store in the suburbs of a minor city in a third world country here, Sony is one of the largest corporations in the world, and was for many years pretty much the industry leader in several of it's fields, and should be expected to have at least some basic knowledge of network security.
Hackers have been a reality since before the Internet even existed, and to a huge extent built the Internet as we know it today - IT systems should be built acknowledging that, and should always assume that the security can be breached and thus that all data should be protected so that any damage resulting from an intrusion is minimized. It sounds like Sony actually believed their "our machine is unhackable" bullshit and only had a security layer for normal users, but anything identifying itself as a debug unit was given a free pass to do anything it wanted.
Please Log In to post.
This edit will also create new pages on Giant Bomb for:
Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.Comment and Save
Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.
Log in to comment