Support NeoGAF

[Griffin]

Ive started a PSN user FAQ here: http://www.neogaf.com/forum/showthread.php?t=428578

http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593

Sony made one

 

[NEOPARADIGM]

The name on my PSN account is "your mom."

True story.

 

[pantyhelmet]

Of course they're related because...

...

i just told you, who are anonymous and why are they targeting sony?
its by no means the logical lep you suggest.

 

[donkey show]

 

[LiK]

CBS news just talked about it on TV, boom.

 

[CadetMahoney]

amazing work dude.

http://www.bbc.co.uk/news/technology-13192359 (BBC)

"
In the following days, Sony issued three brief statements asking users to be patient while it investigated an "external intrusion", or hack.

However, the fact that it took almost seven days for the company to reveal that data had been taken has angered some gamers.

Commenting on the Sony blog, Tacotaskforce wrote: "You waited a week to tell us our personal information was compromised? That should have been said last Thursday."

Another user Sid4peeps wrote: "This update is about 6 days late. I think it is time to move to the other network, no regard for customers here."

But some PlayStation users appeared to be happy with Sony's handling of the matter. Ejsponge61 commented: "Wow, this is alot of info. Thanks, this is very much appreciated by all of us PlayStation fans."
"

I don't even. . . I can't smh hard enough.

 

[Paches]

I think this really is going to be a punishing blow to Sony though.

It's a shame, because I have enjoyed using their services. Free PSN has been fantastic. PS3 has been the best console I have ever used. Most importantly... WHAT WILL HAPPEN TO THE FIRST PARTY TITLES?

DOOOOOM.

Holy shit, i wouldn't be surprised if Sony file for bankruptcy over the PSN hack.

My credit card details are completely safe thankfully as my email. I've got a completely random password so it's all cool.

Are you a real person? Or one of those created personalities made by software?

 

[Psychotext]

Jesus fucking Christ Sony. What the fuck?

 

[faceless007]

I'm astounded that the actual passwords might have been stored in plaintext. That's just mind-bogglingly incompetent.

 

[No45]

People who are blaming the hackers for opening up the hardware and defending Sony's actions - a question:

If opening up hardware leads to hacks like this, then why hasn't Steam been hacked a billion times by now and its personal customer data plastered all over the net?

Spoiler

The answer is because Valve is competent.

People assumed the same of Sony, until someone had a REAL try. As with most I'm not entirely defending their actions here (because they've made some ridiculous mistakes, both on the security and PR front), but with the right amount of motivation I think you'd be surprised who/what can be compromised.

 

[IchigoSharingan]

If true, anyone still want to defend Sony?

if true, you don't even need CFW. =/

 

[jim-jam bongs]

What is your current OS? What about your browser?

Yes, Microsoft's extensively documented security fuck ups from a decade ago are absolutely in the same realm as every PSN user's account being compromised.

 

[Zutroy]

I don't know what the big fuss is, nothing but good has come from this. So far there are no reports of cards actually being used, and now some gaffer is giving $400 to charity. A good day overall I'd say =P

 

[chubigans]

http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593

Sony made one

Ah, I guess that explains that then. Thanks.

 

[A.R.K]

lol...thread keeps giving


at least we got some of the best gifs ever from this whole incident lol

 

[Wario64]

I'm astounded that the actual passwords might have been stored in plaintext. That's just mind-bogglingly incompetent.

Will we ever know if they did or not?

 

[DenogginizerOS]

The story made the CBS Evening News.

 

[DR3AM]

cant they just enable online play without the psn store?

 

[pantyhelmet]

Would you trust a man who wears underwear on his head?

they're not underwear..they're panties O__o

 

[Dr. Malik]

amazing work dude.



I don't even. . . I can't smh hard enough.

It's probably just a kid that doesn't understand the scope of the matter.

 

[borghe]

I don't think that's the 'hack log'. Someone was trying to access their webserver, but that's not news. You can see a bunch of invalid requests, but it doesn't seem like any of them worked. In fact, it kind of looks like someone who didn't know what they were doing were just tossing out random exploits, unless I'm missing something.

no, you are correct. someone tried accessing the system and tried doing directory recursion and such that all failed. Nothing in that log actually shows any access of sensitive information, or success of any access besides standard pages with 200 status.

fwiw, when I was running my store those logs don't look much different. I was accessed all the time by would=be hackers. It becomes even more fun because I was running on an open platform (oscommerce) so you would see them accessing the site with long since patched vulnerability flaws. I'm not saying there aren't logs floating around of the hack... I'm just saying that sure isn't that log.

edit - for more info on reading web logs, every 404 you see on there means page not served. Every 200 you see means page served. Nothing with a 200 message shows a single interesting thing.

 

[RustyNails]

I'm not really sure how the two are connected.

You purport, in your post, that other companies are also subject to cyber attacks that result in data theft. Who cause those attacks? Basement dwellers? Chinese cyber-terrorists? Eastern european mafia types? Sleek, experienced western black market types?

With a DDoS you can be relatively sure that the person doing it has a specific beef with you, and in the case of modern tools like LOIC you can be reasonably sure that it's a group of many non-technical people who are pissed at you for whatever reason. But with an account breach, I'm not sure why parsimony would suggest that option over full time, for-profit fraudsters?

Of course, these attacks are definitely not random and require careful planning and a good motivator for the hackers (or maybe just the lulz coefficient should be high). GeoHot battle gave the hackers a pretty good enough reason to go after Sony. The fact that it happened so immediately after the GeoHot settlement and Anonymous led attacks on PSN is important clue on why it came to pass in the first place. Who knows when Valve may piss them off and they go after Steam? My point about hackers is that they are not a force of nature, unlike storms or tornados. They shouldn't be treated as an entity lacking moral predisposition, like for example a tornado rips through a data center and no one would blame the tornado. It's not the case here and I want the hackers to receive just the same if not more scorn than Sony.

That basement-dwelling phrase is just there to express my disgust with all forms of hacking, didn't mean any disrespect to basement-dwelling non-hackers out there

 

[Snuggles]

It's pretty much everywhere now. It came up on CNBC earlier today (I'm at work) and some old ass dude even knew about it. There definitely isn't a lack of exposure.

 

[Mama Robotnik]

I don't know what the big fuss is, nothing but good has come from this.

I don't understand your words. I'm sorry if my sarcasm detector isn't pinging with wild abandon like it should, but I really don't understand your words.

 

[chubigans]

Will we ever know if they did or not?

I thought it was stored on plaintext within the PS3?

 

[notworksafe]

I'm astounded that the actual passwords might have been stored in plaintext. That's just mind-bogglingly incompetent.

You're astounded at something that you don't even know is true?

 

[Knoxcore]

I'm really shocked. Over the last few months we have seen the unraveling the PlayStation 3's security. What was once an unhackable console is now susceptible to easy intrusion to the point where we now have the possibility that millions of consumers personal information may have been exposed or stolen. It really is amazing how things have turned around in such a short period of time. Hopefully Sony can get back on track.

 

[Paches]

The story made the CBS Evening News.

Last night Bryan Williams was reporting on the reappearance of Puppy Cam, so I would hope this story would be of more relevance to the general public.

Yes I know Bryan Williams is on NBC, but you get my point.

 

[The Lamp]

Fuck their incompetent network engineers. Fuck their security team. Fire them all. Every last one of them. No wonder they're bringing in a 3rd party security firm.

With a free network I'm sure they wanted to cut costs somewhere...maybe that included security measures or quality network engineer employees...lol...

 

[user friendly]

This information should have posted very soon after they shut down PSN, not 5 days later. I just wanna game though.

 

[Kalnos]

If the system was implemented by cretins.

Man, some of the places I have worked at have had next to 0 security with their databases. All it would take is one disgruntled employee who halfway knew what they were doing and they would be fucked.

 

[lifa-cobex]

Will we ever know if they did or not?

Don't think that's the sort of information that will EVER be admitted.

 

[Kolgar]

And I still can't get in to change my password and delete CC info?

Goddamnit, Sony.

 

[MoonsaultSlayer]

MS is going to capitalize off of this

Shouldn't they be defending Sony? Afterall, it's their industry being attacked.

This should be a big detriment to a DD only future.

Hackers/CFWers are such fucking scum. "WAH I bought the machine, I can do what I want with." That's what your PC is for. It's an open box capable of accessing a vast amount software, hardware, programs, and networks. A console is a closed little box with functions the developers give you access to. YOU DON'T NEED ANOTHER MACHINE TO CONTAIN YOUR DOWNLOADED SNES ROMS YOU POCK MARKED REJECT! lmao.

 

[farco1212]

This is some bad ish. My condolences go out to you all who had your CC information tied to your accounts.

It's sad that we, the gamers, are bystanders in this war between Sony and the hackers.

 

[LiK]

And I still can't get in to change my password and delete CC info?

Goddamnit, Sony.

nope, gotta wait for it to be back up. SO STUPID. they better reset the pws for us.

 

[Stumpokapow]

Of course, these attacks are definitely not random and require careful planning and a good motivator for the hackers (or maybe just the lulz coefficient should be high). GeoHot battle gave the hackers a pretty good enough reason to go after Sony. The fact that it happened so immediately after the GeoHot settlement and Anonymous led attacks on PSN is important clue on why it came to pass in the first place. Who knows when Valve may piss them off and they go after Steam? My point about hackers is that they are not a force of nature, unlike storms or tornados. They shouldn't be treated as an entity lacking moral predisposition, like for example a tornado rips through a data center and no one would blame the tornado. It's not the case here and I want the hackers to receive just the same if not more scorn than Sony.

That basement-dwelling phrase is just there to express my disgust with all forms of hacking, didn't mean any disrespect to basement-dwelling non-hackers out there

Sure, I'm just saying I'm pretty sure these were Chinese or Eastern European professional credit card / account detail intruders, and that it's better to compare this attack to similar attacks against other eCommerce entities, rather than to a group known for DDoSing.

 

[faceless007]

Will we ever know if they did or not?

They sure as fuck should clarify if they did. If it was just hashes (like the Gawker leak) anyone who used an uncommon password should be OK (if I understand this correctly) but if it was plaintext we're all fucked. Someone who knows more about security correct me if I'm wrong.

 

[Zutroy]

I don't understand your words. I'm sorry if my sarcasm detector isn't pinging like it should, but I really don't understand your words.

Its a bit of sarcasm and a bit of lolling at the over reactions from some. However, the main point of the post is to remind everyone of the charitable gaffer. If only PSN came back online, it would have been $1000!

 

[MalboroRed]

I want the next Sony system to be completely air-tight, no mods, no CFW, I want them to set the system to auto-destruct in case of any kind of tempering.

 

[Vagabundo]

And I still can't get in to change my password and delete CC info?

Goddamnit, Sony.

Lol, it is a bit late now.

 

[rainking187]

Did they just get current information or what? I changed my PSN password to something completely different from any of my other passwords after the Gawker thing, and deleted my card info from the PSN a little while back as well. Are they able to see all the passwords I've used, or just the current one?

 

[J-Rzez]

I really hate people. Now I have to call up my bank, get a new card/number tomorrow. I'm not worried about them as much trying to open new credit lines because I already have it set up to take more steps in the process, and they don't have my social obviously. All I know is they, and other companies need to change their process that they have so much of your personal information, as no matter how secure you think your system is, there's always someone out there smarter than the people you had design it in the first place.

But man has Sony had a rough gen. I'd expect them to get something new out quicker than they would have liked to now to try and forget this gen all together.

I didn't agree with the people that said it before, but I do now. This gen, on all platforms, blows.

 

[chubigans]

And I still can't get in to change my password and delete CC info?

Goddamnit, Sony.

At this point that doesn't really matter at all. Hackers already have all that, and by the time PSN comes back up it's be a rebuilt system.

 

[teruterubozu]

Shouldn't they be defending Sony? Afterall, it's their industry being attacked.

I'm sure MS and the like are all busy amping up their security after this.

 

[Blimblim]

If the system was implemented by cretins.

Unless they are using prepared statements in every single SQL queries for PSN, forgetting about one single escaping in a query is enough to get a nice security issue like this one. People make mistakes, but what's not acceptable is that code handling 77 millions account (many of these bogus, but whatever) and credit card information doesn't seem to have been audited by a 3rd party company. Isn't PCI-DSS level 1 mandatory for such big payment processors? Level 1 means:

Validation for Level 1 PCI Merchants
Annual On-Site Security Audit and Quarterly Network Scans must be performed by an independent Qualified Security Assessor (QSA), independant Approved Scan Vendor or internal audit if signed by an Officer of the Company.

 

[Rhazer Fusion]

Sony's PR strategy

lol

So, far I haven't seen any activity on my credit card....

 

[herod]

That's fair enough, but I can more or less remove the stress for me by changing my payment method and removing my personal details. I'll be driven by my content wants and not a 'oh i couldn't deal with such an incompetent company' blanket approach to things. I'm not going to avoid - I dunno, say, Journey - because I won't switch to prepaid cards.

I'm not into rewarding incompetence fiscally, it's just a silly value of mine. There is more than enough content elsewhere anyway for me.

 

[Mrbob]

And I still can't get in to change my password and delete CC info?

Goddamnit, Sony.

Not like it matters at this point. Whatever info which was stolen is gone and the network is down so no one else can access it.

This whole ordeal is making me think twice about picking up a PSP2, if I'm willing to lock my account down to an unreliable network for digital content.

 

[Dr. Malik]

So if I tell my bank that I lost my debit card they will issue me a new one with a new #?
I was chatting with their customer service and they told me that I couldn't change the number.