Support NeoGAF

[Steve Youngblood]

who can i talk to about selling this information. I have an updated version of thousands of records that i just got the other day. All the telephone numbers, addresses and names someone could want!

Nothing personal, here, as I think you're a good poster, but I think this comparison is getting a little silly. People keep bringing up how this is apparently nothing that can't be obtained via a simple White Pages search, but if that's the case, then what's the big deal? You might suggest "why, Youngblood, that's precisely my point: it isn't a big deal!" To which I say: "Well, then that's fantastic! Nothing to worry about. Why, then, is the network still down while Sony completely rebuilds it to enhance security to protect apparently meaningless data anyone with a phone book could acquire?"

That question is rhetorical. I don't actually want an answer.

 

[Arkham]

I used my parent's credit card for a few psn purchases... .Should I tell them about this, and have them cancel their card or what? They're already extremely paranoid about using credit on the internet, and this will probably make things worse...

Buy yourself some cool shit first, and then tell them about the breach.

 

[The_Darkest_Red]

I'm pretty sure credit card companies know what they're doing...especially when it comes to fraud.

You still didn't answer his question. I'd like to know the answer to this as well.

 

[larvi]

I should probably start answering security questions in a more esoteric manner, like...

Q: What is your mother's maiden name?

A: The United States of Sexy

This is the best way. Security questions should not be taken literally, but used as a call/response. Only YOU would know your response; anyone could inquire about who your mother was...

That's a good idea, but the problem I run into is that 10 years from now I have no idea what my sense of humor was when I originally input that response. I called Microsoft a few months ago about a billing question and they asked for my security question answer for my Live ID that was setup in 2001. I had no idea what the nickname for my favorite pet was back then and they refused to talk to me without that answer. Luckily I was able to log onto my ID and change my answer so they would but that kind of defeats the purpose of having a security answer in the first place. Personally I wish it would be optional to provide a security question/answer but more and more places are asking for one now.

 

[Gary Whitta]

Does the whole security question (mothers maiden name, etc) issue actually matter if u already changed ur passwords and stuff

Well yeah, because the whole point of those security questions is to recover a password when you don't have it.

 

[plagiarize]

Argh, I've had it. I love kittens, but for the love-of-all-that's-holy please change it. Whenever I catch it in my peripheral vision it looks like a cock-and-balls.

cannotunsee

i'm not going to fix my avatar because your brain is broken

 

[meppi]

Hmm, I am probably wrong, but Sony does have our CC information still. Is it possible they gave these CC numbers to those companies and they've been monitoring them?

Well it would make sense to flag our numbers in a case like this, so it certainly wouldn't surprise me.

It would actually surprise me if the didn't do anything with them.

 

[BeeDog]

Well yeah, because the whole point of those security questions is to recover a password when you don't have it.

Yes, but any sane password recovery system bounces its messages back to the registered mail address, so if the user secured his e-mail, it shouldn't be a problem.

 

[Arkham]

i'm not going to fix my avatar because your brain is broken

Heh. Well that's okay, the av reminds me of my kitten anyway. (The fact that it's an orange kitten, not the fact that it looks like a dick.)

 

[lupinko]

I know I'm responding like 6 pages late to Metal but 2006 was hilarious. There were people that GENUINELY thought that Sony would go bankrupt and be doomed foreverzz. Even media outlets, lol.

Mass hysteria is hysterical.

Quiet you, the $ony empire is DONE FOR GOOD!!!!!!
GOOD I SAY!!!!

 

[Professor Beef]

i'm not going to fix my avatar because your brain is broken

Don't blame him, blame Sony.

Fuck Sony.

 

[Wario64]

Yes, but any sane password recovery system bounces its messages back to the registered mail address, so if the user secured his e-mail, it shouldn't be a problem.

Guess what? PSN doesn't have a sane password recovery system. IIRC, when you do password recovery on PSN, it lets you change the password immediately. It doesn't email you to click a link or change PW or anything. It just notifies you that the password has been changed and if you need help, to contact customer service. I'm not fucking joking.

So in this case, changing passwords won't do jack shit when PSN goes back up. I hope they revised the recovery system during this down time or else this is just pointless.

 

[Hex]

You still didn't answer his question. I'd like to know the answer to this as well.

The answer is that people would be calling them, not writing on gaming blogs and message boards.
If people have legitimate fraud issues they report to the bank and the bank investigates them.
THAT is how they would know if they are related or not.
If they either A) have not received calls or B) have ruled out fraud claims or C) been able to find other explanations for charges that people have called about then it fits.

 

[robotzombie]

Well yeah, because the whole point of those security questions is to recover a password when you don't have it.

Yes, but don't most places actually send ur email a web address to make a new password, thus if you changed the pass to ur email, only you would be able to complete the new password set up?

 

[Dizzy]

Just got an email saying this person wants to be my friend on windows live :lol: - http://cid-66e6d7365a5058d7.profile.live.com/

Never had that before, though I stopped using that email address a while ago because it started getting hit with those scam bank emails where they ask for your password. Used to be fine until I was out of work and started applying for jobs and I assume I contacted a compromised account.

 

[rSpooky]

I should probably start answering security questions in a more esoteric manner, like...

Q: What is your mother's maiden name?

A: The United States of Sexy

This is the best way. Security questions should not be taken literally, but used as a call/response. Only YOU would know your response; anyone could inquire about who your mother was...

correct. even better if you have different responses based on the site you are on. Using the same question/response everywhere still defeats the purpose.

Spoiler

United states of sexy eh??? Pics?

Spoiler

in case someone doesnt know ..that was a joke!

Edit: they could also put a system in place where you create your own security question (s) that will be mixed in with randoms. you then indicate which question if the valid one to answer.(for instance you get presented 4 out of 8000 questions , but only one is valid. you pick that one and answer it.)

 

[Vamphuntr]

Sup guys. Any new outrageous posts or extreme Sony knights in the threads?

 

[Captain Tuttle]

You still didn't answer his question. I'd like to know the answer to this as well.

He said that he's pretty sure.
Jeez!

 

[-Pyromaniac-]

Just got an email saying this person wants to be my friend on windows live :lol: - http://cid-66e6d7365a5058d7.profile.live.com/

Never had that before, though I stopped using that email address a while ago because it started getting hit with those scam bank emails where they ask for your password. Used to be fine until I was out of work and started applying for jobs and I assume I contacted a compromised account.

I've been getting weird ass emails like that for years, lol.

 

[BeeDog]

Guess what? PSN doesn't have a sane password recovery system. IIRC, when you do password recovery on PSN, it lets you change the password immediately. It doesn't email you to click a link or change PW or anything. It just notifies you that the password has been changed and if you need help, to contact customer service. I'm not fucking joking.

So in this case, changing passwords won't do jack shit when PSN goes back up. I hope they revised the recovery system during this down time or else this is just pointless.

Seriously? That's even dumber than the worst case scenario I pictured. Sony really needs to figure out this shit pronto.

 

[FINALBOSS]

You still didn't answer his question. I'd like to know the answer to this as well.

Because NO ONE needs to answer is question.

First--because no one knows....because they didn't say.
Secondly--why would 3 major companies put their reputations on the line and make a statement like that if it was false?

 

[The_Darkest_Red]

The answer is that people would be calling them, not writing on gaming blogs and message boards.
If people have legitimate fraud issues they report to the bank and the bank investigates them.
THAT is how they would know if they are related or not.
If they either A) have not received calls or B) have ruled out fraud claims or C) been able to find other explanations for charges that people have called about then it fits.

That makes sense. Thanks.

Because NO ONE needs to answer is question.

First--because no one knows....because they didn't say.
Secondly--why would 3 major companies put their reputations on the line and make a statement like that if it was false?

I wasn't implying that they were making a false statement, I was just legitimately curious.

 

[Hex]

Damn it, I just got an email saying that they can give me more size and thickness.
NOBODY said anything about Playstation eye pictures being hacked.
NOW I am pissed!

 

[Vamphuntr]

Damn it, I just got an email saying that they can give me more size and thickness.
NOBODY said anything about Playstation eye pictures being hacked.
NOW I am pissed!

2/10 . Also you are doing it wrong. You're supposed to boast.

 

[Wario64]

Seriously? That's even dumber than the worst case scenario I pictured. Sony really needs to figure out this shit pronto.

Yeah, which is why I've been wondering all this time if WE CAN CHANGE OUR SECURITY QUESTIONS but Playstation Blog or anyone else hasn't given us an answer. To simply put it, PSN is a fucked up system.

 

[Shao Kahn Brewing a Stew]

Here's how credit card company security works:

They have your entire history of items that you have purchased, they know where you live and where you have travelled, what your shopping patterns are, which websites you use to buy which type of product and what services you pay for. They know what hours you use your card, what location you've used them in, and your average transaction amount.

The moment they see an unusual activity, they block the card and give you a call to confirm
If you are the purchaser.

Not only that, a police case is generated against the culprit, if any, and you get full refund for any transaction that was not declined by them when it was used by someone else.

Paranoia in this thread is extremely hilarious. If you are still worried at their lack of incompetence, then call your bank and have the card number replaced. It only takes less than five minute for the whole process and all you do is talk on the phone.

 

[FINALBOSS]

Does anyone actually know what kind of Security Questions PSN actually has?


It seems like every time I set these up, the questions are always extremely different.

 

[itxaka]

Anon's chatlog from before psn's hack :





When hackers like that are able to pinpoint Sony's security holes and Sony has to hire an external company today to explain to them their gaping holes..really shows how well Sony knows their own PSN.

Apache 2.2.15 only has DoS vulnerabilities.

Kernel 2.6.9 only has 3 remote vulnerabilities and those are also only DoS. The rest are local ones, which in the case of the kernel is the norm.

So no idea what they are talking about there, but doesn't sound like security experts to me if an idiot like me can know if the target they are talking about is not easily exploited.

 

[FINALBOSS]

That makes sense. Thanks.


I wasn't implying that they were making a false statement, I was just legitimately curious.

I'm curious too...but I'd imagine it's pretty simple.

Search records for previous PSN purchases.
Flag that account as a PSN user.
Check for fraud--set it up fraud alert monitoring.

 

[Wario64]

Does anyone actually know what kind of Security Questions PSN actually has?


It seems like every time I set these up, the questions are always extremely different.

When you signed up, I believe you choose one of the preset questions and you put an answer to it. So it asks for that plus your bday. If you can input those in correctly, you go to a screen that lets you change your password. It doesn't reset your password and send it to your email. So changing passwords alone when PSN goes back up is insufficient, unless Sony actually changed the recovery process OR lets us change our questions.

 

[BeeDog]

Yeah, which is why I've been wondering all this time if WE CAN CHANGE OUR SECURITY QUESTIONS but Playstation Blog or anyone else hasn't given us an answer. To simply put it, PSN is a fucked up system.

Definitely.

The only solution I see to this is that 1) Sony forces password resets on ALL PSN accounts, which means that they need to assume that everyone still has control over their e-mail addresses, 2) redirects any password reset systems to redirect mails to the registered e-mail address.

Essentially, all my fake PSN accounts for the other regions are fucked. :/

 

[marrec]

Name and address is not a big deal really... How is that any different than opening any phone book and looking up any of the names? Date of birth is potentially a problem. I never understood why PSN or many other services like forums etc even ask for DOB? What do they use it for? I always answer something like 1/1/1933 there and never had any issues with any of it.

Name and address and DoB and Username and Password and Security Questions/Answers Phone Number E-Mail Address. With all of that you really do have quite a bit of information on someone.

The problem is that most users trust this kind of information with companies like Sony and don't think that they need to fudge the Security Questions/Answers so that do don't inadvertenly make it easier to crack their accounts.

There are quite a few naive people in this thread with their heads buried in the sand, you may not be concerned of the level of information released but there are plenty of perfectly resonable people who are, people who understand the amount of damage someone could do, if they were so inclined, with Name, Address, DoB, Phone Number, E-Mail Address.

 

[fistwell_old]

Well obviously, since he's reciting the famous GAF meme.

I thought it was the other way around? *shrug*

 

[Zoe]

PSN didn't even have a web interface when it first launched. Hopefully this downtime will help make everything more current.

 

[Drone-Arms]

Did a seach but could not see and sorry if I am spewing already discussed stuff.

Have these hackers actually responded to Sony's claim that mass reams of personal data was stolen? I would have thought that any ethical hackers (there are many) would refute quickly and in public any claims of theft.

If they have not, then I fear this IS a case of malicious intent and not ethical hacking (i.e. someone trying to send a message to Sony to stop kicking kids in the balls for trying to free the hardware from the limitations of the hardware/software/API).

I fear for those on PSN (or not!) if this was truly malicious becuase that amount of information in malicious hands is up there with the banks in the world ranking of cuntish intent.

I agree with ethical hacking, but these guys need to refute Sony's claims or die painfully. I dislike Sony as a console manufacturer, but they don't deserve this, even if the hackers were making a point (and it seems not) the point was made long ago, they are just punishing innocents now.

Sorry for all affected man, it sucks.

 

[BoilersFan23]

Guess what? PSN doesn't have a sane password recovery system. IIRC, when you do password recovery on PSN, it lets you change the password immediately. It doesn't email you to click a link or change PW or anything. It just notifies you that the password has been changed and if you need help, to contact customer service. I'm not fucking joking.

So in this case, changing passwords won't do jack shit when PSN goes back up. I hope they revised the recovery system during this down time or else this is just pointless.

I could have sworn I got sent an email with one more recent PSN account. Old days that wasn't the situation.

 

[FINALBOSS]

When you signed up, I believe you choose one of the preset questions and you put an answer to it. So it asks for that plus your bday. If you can input those in correctly, you go to a screen that lets you change your password. It doesn't reset your password and send it to your email. So changing passwords alone when PSN goes back up is insufficient, unless Sony actually changed the recovery process OR lets us change our questions.

Well....ok, cool.


I was asking what the actual questions were though. Because every site that you set these up at, have extremely different questions. So even if hackers were able to get ahold of the answer you provided to Sony's questions, doesn't mean it will get them anywhere with your other more sensitive sites.

 

[Zoe]

Did a seach but could not see and sorry if I am spewing already discussed stuff.

Have these hackers actually responded to Sony's claim that mass reams of personal data was stolen? I would have thought that any ethical hackers (there are many) would refute quickly and in public any claims of theft.

If they have not, then I fear this IS a case of malicious intent and not ethical hacking (i.e. someone trying to send a message to Sony to stop kicking kids in the balls for trying to free the hardware from the limitations of the hardware/software/API).

Even if this were ethical hacking, considering the kind of data involved, it's way too dangerous for someone to come forward and claim credit.

 

[FINALBOSS]

At least it's good for Sony that the Mass Media turnover already began with those tornadoes in Alabama.

 

[Absolute Bastard]

But how does one know if something's related to the Sony leak or not?

They should have transaction history from their clients, just check for PSN payments from history data and see if there are unusually much fraud among cards used on PSN recently.

 

[Treefingers]

Did a seach but could not see and sorry if I am spewing already discussed stuff.

Have these hackers actually responded to Sony's claim that mass reams of personal data was stolen? I would have thought that any ethical hackers (there are many) would refute quickly and in public any claims of theft.

If they have not, then I fear this IS a case of malicious intent and not ethical hacking (i.e. someone trying to send a message to Sony to stop kicking kids in the balls for trying to free the hardware from the limitations of the hardware/software/API).

I fear for those on PSN (or not!) if this was truly malicious becuase that amount of information in malicious hands is up there with the banks in the world ranking of cuntish intent.

I agree with ethical hacking, but these guys need to refute Sony's claims or die painfully. I dislike Sony as a console manufacturer, but they don't deserve this, even if the hackers were making a point (and it seems not) the point was made long ago, they are just punishing innocents now.

Sorry for all affected man, it sucks.

First off obviously the hackers will not come forward whether it was malicious or not.

Second I don't think there is any chance at all of them not being malicious. Especially considering they have taken information like e-mails, passwords, etc etc.

 

[snack]

At least it's good for Sony that the Mass Media turnover already began with those tornadoes in Alabama.

And the Royal Wedding is tomorrow!

 

[Combichristoffersen]

And the Royal Wedding is tomorrow!

Eh, they'll probably divorce sooner or later anyway.

Spoiler

Fuck Sony.

 

[FINALBOSS]

And the Royal Wedding is tomorrow!

Oh god yes. With the tornadoes, this PSN shit is already at the bottom of the pile...add in the Royal Wedding and it's a goner.

 

[Wario64]

I could have sworn I got sent an email with one more recent PSN account. Old days that wasn't the situation.

Welp, I hope I'm wrong then. I'm not sure when's the last time I tested it

 

[StealthGoblin]

At least it's good for Sony that the Mass Media turnover already began with those tornadoes in Alabama.

BBC Watchdog have it on their show tonight. Watchdog loves taking a pop at Sony. I half expect them to tell everyone that CC details havebeen stolen. The last time they ran a report they didn't even check their facts.

 

[Dedication Through Light]

At least it's good for Sony that the Mass Media turnover already began with those tornadoes in Alabama.

Well apparently it was on peoples local news today...

 

[RustyNails]

Thread moving too fast, don't know if posted or not: SOE is gifting freebies in DCU and Free Realms (and other SOE games)

In the wake of Sony's PlayStation Network outage, Sony Online Entertainment is already gifting affected gamers some rewards, and they have more plans in the works. From a statement we received yesterday:

"We apologize for any inconvenience players may have experienced as a result of the recent service interruption. As a global leader in online gaming, SOE is committed to delivering stable and entertaining games for players of all ages. To thank players for their patience, we will be hosting special events this weekend across our game portfolio, including a Double Station Cash day on Saturday, April 30th. We are also working on a “make good” plan for players of the PS3 versions of DC Universe Online and Free Realms. Details will be available soon on the individual game websites and forums."

Double Station Cash days allow you to redeem purchased Station Cash credits for double their face value, which you can use in games like Free Realms, Everquest, and Everquest II. It's nice to know that they plan to make good for the PS3 users affected by this outage as well. It will probably be awhile until we find out what that plan is, but it's a nice gesture on SOE's behalf.

Read more: http://www.g4tv.com/thefeed/#ixzz1KqQgnlyk

 

[Vagabundo]

And the Royal Wedding is tomorrow!

I'm going to a wedding tomorrow.
A friend of my wife's.

 

[Loudninja]

Thread moving too fast, don't know if posted or not: SOE is gifting freebies in DCU and Free Realms



Read more: http://www.g4tv.com/thefeed/#ixzz1KqQgnlyk

Posted 2 times