Metalmurphy said:
http://www.joystiq.com/2007/03/23/pre-texting-the-cause-of-xbox-live-account-issues/
It's not the same case. That was social engineering.
Metalmurphy said:
But ZDNet said a Microsoft Tech said "Hackers have control of Xbox live and there is nothing we can do about it." so who do we really believe?keit4 said:http://www.joystiq.com/2007/03/23/pre-texting-the-cause-of-xbox-live-account-issues/
It's not the same case. That was social engineering.
keit4 said:http://www.joystiq.com/2007/03/23/pre-texting-the-cause-of-xbox-live-account-issues/
It's not the same case. That was social engineering.
This thread is full of twists and turns. It's a hell of a toboggan ride, though!Mama Robotnik said:About a hundred pages ago, a Sony enthusiast compared the company to a rape victim. I was speechless.
It was also an unfortunate reminder of one of the Geohot threads, in which another enthusiast described the rape they'd want George Hotz to endure as punishment for his disrespect towards the corporation.
Its shocking sometimes.
Metalmurphy said:I need a clearer English. And you missed my edit.
I gave several examples how any system could be compromised, if one of them is wrong it doesn't disprove my point.
Metalmurphy said:Once again...
"I gave several examples how any system could be compromised, if one of them is wrong it doesn't disprove my point."
chris0701 said:To be simple, the XBOX live thing you provided is something jackpot from desperating id/pw combination.
You can use this trick on google account,twitter or something. Such case happens everyday on every network system, so it would never be an news.
The PSN case looks lke some security breach on data center,hacker can access considerable pseronal data bypass the normal identity authentication. This is what we could call epic fail on network infrastructure.
A.R.K said:dude stop talking sense...you'll be accused of being paid by Sony like I was...
I just wish PSN is up soon and this carnival of stupids gets locked
Also the hackers get caught so the real culprit get punished in this whole scenario
Mama Robotnik said:About a hundred pages ago, a Sony enthusiast compared the company to a rape victim. I was speechless.
It was also an unfortunate reminder of one of the Geohot threads, in which another enthusiast described the rape they'd want George Hotz to endure as punishment for his disrespect towards the corporation.
Its shocking sometimes.
Chrange said:But ZDNet said a Microsoft Tech said "Hackers have control of Xbox live and there is nothing we can do about it." so who do we really believe?
chris0701 said:For some system or organization,we usually have faith that we believe they should't be broken.
Kyoufu said:Almost as shocking as donating to Hotz.
For someone who can't let the subject drop you don't seem to understand very well how it was done...chris0701 said:How could you prevent social engineering hack through id/pw combination?
captcha on consoles ?
Mama Robotnik said:If my miniscule contribution to try and prevent the eradication of (future) region-free gaming.
Mama Robotnik said:If my miniscule contribution to try and prevent the eradication of region-free gaming and homebrew, offends you more than those wishing sex-crimes towards a hacker who exposed a fundementally-flawed security structure, then I don't see how we're going to see eye to eye on this.
Metalmurphy said:huh?
Kyoufu said:Hey my PS3 is region-free I don't know what you're talking about!
I don't think that's what the case was about. It was about sharing the keys and hacks online.Mama Robotnik said:Future region free, as in the right to hack future consoles (or existing ones) to run homebrew and software without region restrictions. Had Sony won then this (among any other modifications) would have been cemented as illegal.
Metalmurphy said:It's amazing how I keep hearing "Sony fucked up" "Sony fucked up" "Sony fucked up" yet no one can say how exactly they fucked up. Sony being hacked = them fucking up?
What kind of fucked up logic is that?
Bank gets robbed, bankers fucked up?
NASA gets hacked, NASA fucked up?
Pentagon gets hacked, Pentagon fucked up?
Mastercard gets hacked, Mastercard fucked up?
oO
I can understand being mad at Sony cause it's their responsibility, and if we have to complain to someone, it's obviously to them and not the Hacker. But your anger seems to be missplaced. Saying they fucked up is like saying they just gave the data away or something.
Mama Robotnik said:Future region free, as in the right to hack future consoles (or existing ones) to run homebrew and software without region restrictions. Had Sony won then this (among any other modifications) would have been cemented as illegal.
Yes but will the next wave of consoles be? Not to mention handhelds and existing hardware.
There's no such thing.Combichristoffersen said:Obviously the hackers are at fault for breaching Sony's network and stealing the PSN account information (hackers gonna hack), but I'm not letting Sony off the hook for their debatable security. If you're storing information about 77 million user accounts, you damn well better be sure it's stored somewhere that's as good as impenetrable. So, yeah, Sony kinda fucked up, but they shouldn't be taking all of the blame.
Fuck Sony.
Combichristoffersen said:Obviously the hackers are at fault for breaching Sony's network and stealing the PSN account information (hackers gonna hack), but I'm not letting Sony off the hook for their debatable security. If you're storing information about 77 million user accounts, you damn well better be sure it's stored somewhere that's as good as impenetrable. So, yeah, Sony kinda fucked up, but they shouldn't be taking all of the blame.
Fuck Sony.
Metalmurphy said:There's no such thing.
TTP said:This is what I don't understand. The assumption that being hacked means you have "debatable security". Considering shit like this happens all the time, do we have any proof that Sony security was more lacking compared to those adopted by the likes of Amazon, Google, Play.com etc? I guess this is for the authorities investigating the issue to decide no?
And you know this how?Combichristoffersen said:No. But they should do their best to make it as close to impenetrable as possible. And apparently they didn't.
Combichristoffersen said:It's Sony. Considering how bad they've been this gen it wouldn't surprise me if they considered the free version of Avast to be acceptable security
Combichristoffersen said:No. But they should do their best to make it as close to impenetrable as possible. And apparently they didn't.
It's Sony. Considering how bad they've been this gen it wouldn't surprise me if they considered the free version of Avast to be acceptable security
iNvidious01 said:wow this thread still going strong
1. hacker(s) are to blame mostly as they're the scum who did this
2. sony must share the blame because it seems their security was not up to par
3. the way sony dealt with this thing is truly abysmal
4. everyone on PSN should be compensated in some way, mainly because of the way sony dealt with this situation, not because they were hacked.
5. my bet still stands for 4th may
Combichristoffersen said:It's Sony. Considering how bad they've been this gen it wouldn't surprise me if they considered the free version of Avast to be acceptable security
Metalmurphy said:And you know this how?
TTP said:Besides, aren't there regulations about how this server stuff is supposed to be set up? Aren't there 3rd party organizations periodically checking if companies dealing with personal info adhere to some security guidelines?
I think I read it somewhere you can't simply set up your server and go business without some sort of seal of approval. This is not to protect Company X, but the whole online business thing.
Lothars said:Yeah ok, Sony has been as bad as any other company but you don't know if the security was actually really bad or not, There's alot we don't know but to say they automatically have bad security really doesn't make sense until we know exactly what kind of security they had.
I agree with some of your points but we don't know if there security was up to par, it wasn't abysmal, it could have been handled better but wasn't horrible,
I agree as well, We should be compensated because of PSN being down for so long.
Combichristoffersen said:Obviously I don't know it, but if they rumours of Sony storing information in plain text are true, it's unacceptable.
TTP said:How is that unacceptable? I'm not expert by any means, but you seem to be sure such info (not the CC one, but just the personal data one) is encrypted everywhere else. Is it so?
Mr Pockets said:So we now know exactly what type of security system Sony had and how good/bad it was?
And we also know exactly how it was hacked?
I missed that, can someone link?
Mr Pockets said:So we now know exactly what type of security system Sony had and how good/bad it was?
And we also know exactly how it was hacked?
I missed that, can someone link?
Encrypting just passwords means encrypting an entire column of 77 million rows. We don't know how many rows of CC info were there in the CC table, but all indicators point to being about 2.2 million so it's more manageable to encrypt that. Besides, companies are under extra scrutiny to make CC info and SSN info as secure as possible especially e-businesses.mrkgoo said:An encrypted password would be nice. Yes, we don't know it wasn't, but if it was, we assume they would've mentioned it.
TTP said:How is that unacceptable? I'm not expert by any means, but you seem to be sure such info (not the CC one, but just the personal data one) is encrypted everywhere else. Is it so?
And how is it a problem to encrypt 77 million passwords (not rows, since the row would probably include the username and other info as well).RustyNails said:Encrypting just passwords means encrypting an entire column of 77 million rows. We don't know how many rows of CC info were there in the CC table, but all indicators point to being about 2.2 million so it's more manageable to encrypt that. Besides, companies are under extra scrutiny to make CC info and SSN info as secure as possible especially e-businesses.
Most systems only encrypt passwords. The other info can easily be gotten anywhere or isn't private anyway. Encrypting a username for example is just useless.Combichristoffersen said:Depends. I think someone earlier ITT mentioned at least birthdates and passwords were usually encrypted, while postal addresses and names were not necessarily encrypted (due to.. storage concerns or CPU use or something). Names, postal addresses and e-mails are more or less freely available on the web separately, but when you've stored most of that information (barring CC information), especially passwords, at the same place, you really should have some sort of encryption on it.
ClosingADoor said:But do we even know if passwords were saved unencrypted? Since that would be very illogical to do.
Kyoufu said:Hey my PS3 is region-free I don't know what you're talking about!
Mama Robotnik said:Yes but will the next wave of consoles be? Not to mention handhelds and existing hardware.
ClosingADoor said:But do we even know if passwords were saved unencrypted? Since that would be very illogical to do.
What points to that? I haven't seen anything that would point to Sony not encrypting the passwords.RuGalz said:All things point to they didn't encrypt password. While I think a company that handles user base as big as this probably should have done it, you are kidding yourself if you think most of the sites have updated their security to have password encrypted.
Depends. You can just as easily have a username + password table and a user info table, since the user info would be called on more often than the password would.TTP said:They said "the personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack".
I guess passwords are part of the personal data table.
I agree with your last sentence, but Sony are working to make the security of PSN stronger and they're aiming to have done that within 2 weeks. Why not make it that strong to begin with? Why didn't they salt and hash passwords? Why did they have a bunch of user data completely unencrypted? Other companies may do the same things, but that doesn't get Sony off the hook - it only makes those other companies as bad as Sony.CcrooK said:Ya know, if the hacker/s are capable of doing what they did to Sony, I'm pretty sure they are capable of doing this kind of damage to other companies easily. There's no such thing as a perfect security system.
ClosingADoor said:Depends. You can just as easily have a username + password table and a user info table, since the user info would be called on more often than the password would.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.
No one is going to encrypt stuff like names and locations, what would be the use? That stuff can be found everywhere and if you want that info you can just buy a database filled with that info from legal sources.surly said:Why did they have a bunch of user data completely unencrypted?
I'm not saying it is impossible that they did that. I just wouldn't understand why on earth someone would save passwords unencrypted. If someone does that, they deserve to be fired immadiatly.TTP said:I see. Well, I dunno. In the first detailed update they said:
Lets say that if your account was robbed and the bank simply didn't inform you and haven't compensated you and told you its the thieves fault not ours.Metalmurphy said:Bank gets robbed, bankers fucked up?
GodofWine said:...Im about to plug in my ps2 to play GTA3, and remember the good old days.
ClosingADoor said:Depends. You can just as easily have a username + password table and a user info table, since the user info would be called on more often than the password would.