Support NeoGAF

[herod]

I'm not claiming that the long weekend means that nobody was in the office.

It's just that Sony has brought it a third party security firm, chances are THEY weren't available on the weekend...

Also, I am just saying that things take time, its not like when they pulled the plug on Thursday night they knew the full extent of what was all involved on the intrusion, they needed time to investigate the issue, determine how to handle it and then come forward.

Also, doesn't the fact that they detected the intrusion and made the decision to pull the plug on the whole god damn thing speak at least a little about their concern for consumer information?

But I guess me being rational about the situation and thinking things through makes me a Sony apologist, or whatever.

I'm done with this thread.

The security firm would work whatever hours Sony require. I don't even work in security but I will work insane hours if there are major problems. Computer security isn't a 9-5 job.

 

[rSpooky]

Why does everyone assume sony was irrisponsible with the data? What u thnk they just frollicked around keeping everything in a clear text word document?
Whithout knowing their security bckend i wont judge their intitial work ethic concerning the data. Yes they failed ij protecting the data , but since we dont know how it got compromised we cannot say they were simply careless.

I have seen networks that were compromise not due to the it staff, but just one careless low level employee somewhere in accounting or something, just had to click that ppt. Etc. Heck even rsa was the victim of someone losing focus for a moment and opening the wrong attachment.

Does all suck? sure, for us, for sony , for game publishers/devs thathoped to release their games now, or just did.
But for God sake can we just stay reasonable? Your private data is not as safe as you think it is anyway. Especially in the us where everyone just keeps insiting using your social sec nr for everything , where often they should not.

 

[Blimblim]

Note this bit of the article:

It's more than likely real, it's just that this guy has been using a special proxy (that can only work with a CFW firmware) to decrypt the https connection between his console and PSN.
Credit card numbers are always send "unencrypted" when you buy something online, but since it's over https it's not a problem at all.

 

[FINALBOSS]

The fact that this happened to them, when Nintendo and XBL have been resistant to such attacks, evidences that their security wasn't up to scratch.

When you have personal data for millions of millions of people under your care, you are obligated morally and legally, to keep your security up to scratch.

Therefore, they certainly earn blame alongside the criminals that extracted the data.

If Valve can resist such attacks, on an open platform with millions of potential zombie networks out their seeking out exploits and brute-forcing through security, Sony have no excuse at all.

As I said, never underestimate well-organize and goal oritented hackers.

Nintendo and XBL haven't been resistant....they just haven't been targeted like PSN has.

I'm sure the whole Geohot and Anonymous declaration has absolutely nothing to do with any of this...

 

[patsu]

The fact that this happened to them, when Nintendo and XBL have been resistant to such attacks...

You know what attacks/techniques were used ?

 

[DrForester]

Amazon often has stuff for cheaper anyway, so it's win-win.

Glad you mentioned it. I honestly had no idea you could buy via amazon for PSN stuff.

 

[Arpharmd B]

Uh......anyone who commits a felony, regardless of the circumstances, it is always their fault.

Lol uhhh, I think you missed his point homey.

 

[gcubed]

Its seriously hard to fathom how some of the posters in this thread exist on the internet

 

[Absoludacrous]

Because you have no proof of incompetence?


That's my point...the hacker is obviously at fault...but you have no proof that Sony didn't do everything in its power when designing PSN's security.

The fact that this happened is proof enough. Your shit gets stolen, customers lose faith in you. This is how it goes in every industry out there. You learn this in basic PCI compliance seminars.

Whether you personally feel Sony should or shouldn't be blamed is irrelevant.

 

[bangai-o]

E3 Nintendo threads, bro...

Sony E3 threads have to be twice stronger than a Nintendo E3 thread

 

[herod]

Uh......anyone who commits a felony, regardless of the circumstances, it is always their fault.

What about if you get hit while driving without insurance?

 

[Sutton Dagger]

Expected update to Microsoft's XBL Gold value proposition:

* Cross game chat
* XBL Party system
* Achievements across all titles
* Secure network

 

[Agent X]

Because as I've mentioned before in this thread, it's all about the business consumer relationship and the expectations of that relationship. Did Sony hack the system themselves and leak our information intentionally? Absolutely not. But they did violate the trust that we as consumers put in them in regards to providing them sensitive information about ourselves. And for that violation of trust with this leak (regardless of the cause), they should absolutely be held to blame and accountable.

I agree.

Obviously, Sony doesn't deserve all of the blame. Hackers did what they did, which is contemptible. But Sony is responsible for maintaining security on their online service, to prevent incidents like this from occurring in the first place. I really don't know what kind of security they had in place, but evidently it wasn't enough to prevent at least some amount of sensitive information from being compromised.

I am certain Sony will be much more cautious about this in the future. I just hope that when they reactivate PSN, they'll give the public some reassurance about what new security measures they'll be taking.

Meanwhile, we can't unring the bell, so I would just encourage all of us to protect ourselves. Joystiq posted this article about the situation, and recommends that you change your passwords on other services. I'd say that's very good advice. Fortunately, my PSN password is unique, and I don't use it on any other services, but if you use your PSN password (or something similar) elsewhere on other online services, then it would be wise to change it immediately.

 

[daffy]

If Sony was a GAF member, it's tag would be Incompetent

Word has got to be posted on every page

 

[Morn]

I promise, I'm not.

Remember a few weeks ago where that dude stole Shepto's (I think that's his name--the dude in charge of XBL Policy and Enforcement) had his gamertag and information completely stolen?

He posts on a message board where he sells gamertags and accepts jobs to steal. There's a ton of those dudes too.

THAT ISN'T HACKING.

Social engineering some $10/hour idiot on the other end of a CS line isn't hacking Xbox Live.

 

[mugurumakensei]

I don't know the PSN protocol, but keep in mind that when that guy say it's unencrypted, he means that the number is sent as is, but it's still sent through a HTTPS connection so no one (unless he uses a CFW firmware) is able to decrypt this information.
As long as Sony doesn't log the POST data in a file somewhere, it's not a problem.

Well, you can use fiddler. Fiddler allows you to install a certificate so that you can see unencrypted traffic. So Fiddler + Media GO + another program + high powered pc = lots of decrypted credit cards.

 

[DR2K]

BECAUSE WE DON'T KNOW IF SONY HAS ANY BLAME IN THIS.


How do you not get this?

They aren't doing their job when information they're keeping gets stolen. It's their responsibility to protect the information we give them. They have failed on that end, regardless of their intentions. In the process they have kept millions of PSN users in the dark, not letting us know what is happening.

 

[Gritesh]

The security firm would work whatever hours Sony require. I don't even work in security but I will work insane hours if there are major problems. Computer security isn't a 9-5 job.

If it's saturday and someone decides that they need to bring in a third party, is said third party available? I don't know how these things work though.

 

[Label]

Note this bit of the article:

Haha holy shit, my bad I guess I did not see that.. That'll teach me to trust everything I see at 2am

 

[mr_nothin]

Its seriously hard to fathom how some of the posters in this thread exist on the internet

No it's not. Its hard to fathom how some of the posters in this thread exist in real life.

 

[dreamer3kx]

http://www.youtube.com/watch?v=MFiU6iORGsc

I might be jumping ship with El Presodor, seriously how can you trust putting your CC info into psn now?

 

[zychi]

my summary of how digital downloads sounded to me prior to psn and xbox live:

Big company:
"Digital Download services are the way of the future!"
Consumer:"YAY NO MORE DISCS!"
*random guy steals everyones credit car info*
"Uhh, guys, all of your accounts and passwords can be stolen and the hacker(s) may take your personal information and possibly steal your account that you've bought a number of items on, so yeah, there's that."

A few years in, and a non-secure "network" by the big company is hacked and how digital downloads now sounds to everyone:
Big company:
"Digital Download services are the way of the future!"
Consumer:"YAY NO MORE DISCS!"
*random guy steals everyones credit car info*
"Uhh, guys, all of your accounts and passwords may have been stolen and the hacker(s) may have taken your personal information and possibly steal your account that you've bought a number of items on, so yeah, there's that."
Consumer: "Fuck Sony, I'm never buying their stuff again!"

 

[Mael]

I'm not claiming that the long weekend means that nobody was in the office.

It's just that Sony has brought it a third party security firm, chances are THEY weren't available on the weekend...

If they weren't available then chances are they weren't the one that investigated the case and were fired on the spot.
Seriously if Sony had people working on Easter weekend for this (as they should) chances are the consultancy 3rd parties were working too.

Seriously at my company the most minor setback in a project of medium importance is enough to have us back to work on weekends.
For something of that magnitude they sure as hell notified the investigators pretty quickly.

 

[bangai-o]

Uh......anyone who commits a felony, regardless of the circumstances, it is always their fault.

there are liabilities

 

[SolidSnakex]

Or maybe a free $20 added to your PSN account to encourage people to spend again. Not very likely, but Sony is in for a PR shit storm.

I think that they're going to do something just so that when it goes back online there will be something positive to mention aside from it being back. Giving something like Warhawk away would be good since it's viewed as a major title. Giving credit or free months of PSN+ also wouldn't be a bad idea. They should do something though.

 

[Kyoufu]

http://www.youtube.com/watch?v=MFiU6iORGsc

I might be jumping ship with El Presodor, seriously how can you trust putting your CC info into psn now?

Why not use PSN cards? lol

I wouldn't even dare to use my card on XBL since its a bitch to get them to take it off.

 

[herod]

If it's saturday and someone decides that they need to bring in a third party, is said third party available? I don't know how these things work though.

Yes, of course. Just like hardware support.

 

[Seraphinianus]

my summary of how digital downloads sounded to me prior to psn and xbox live:

Big company:
"Digital Download services are the way of the future!"
Consumer:"YAY NO MORE DISCS!"
*random guy steals everyones credit car info*
"Uhh, guys, all of your accounts and passwords can be stolen and the hacker(s) may have taken your personal information and possibly steal your account that you've bought a number of items on, so yeah, there's that."

A few years in, and a non-secure "network" by the big company is hacked and how digital downloads now sounds to everyone:
Big company:
"Digital Download services are the way of the future!"
Consumer:"YAY NO MORE DISCS!"
*random guy steals everyones credit car info*
"Uhh, guys, all of your accounts and passwords may have been stolen and the hacker(s) may have taken your personal information and possibly steal your account that you've bought a number of items on, so yeah, there's that."
Consumer: "Fuck Sony, I'm never buying their stuff again!"

not to defend any company, but yeah, stuff like this is bound to happen. New technology, figuring out the bumps in the road that you can't possibly test for and all that.

 

[malingenie]

The sequel was too, and it had lots of boobies. Back in the day, tits were allowed in PG movies. And then PG-13 too.

 

[Blimblim]

Well, you can use fiddler. Fiddler allows you to install a certificate so that you can see unencrypted traffic. So Fiddler + Media GO + another program + high powered pc = lots of decrypted credit cards.

Well with unlimited computing power (and a probe in a backbone router) you can in theory decrypt payments from basically 100% of the world's web sites. It doesn't make PSN's way of sending CC data any less valid.
And with this, I'm heading to bed.

 

[astroturfing]

haven't really been following any gaming news for a week or so.. what is this? ps3 users' data stolen? that sucks.

good thing i'm a poor PSN user though, don't give a fuck if someone gets my CC info. would actually be the most exciting thing to happen to me for a while heh. i feel for you people who actually have money though.. must be nerve-wracking right now. let's hope nothing serious happens to anyone because of this.

 

[JaseMath]

What if this is a show of force by some hacker friends of Geohot and there was/is no ill-will intended? Just a thought...

 

[Zerokku]

From the Penny Arcade Forums -

A still alive/PSN parody.

This was a failure.
I'm making a note here: HUGE FRACAS.
It's hard to overstate my net connection.
Playstation Network
We do what we must
because we can.
For the good of all of us.
Except the ones who are hacked.
But there's no sense crying over every lost link.
You just keep on trying till we're bleeding red ink.
And the stupid things get done.
They make every person run.
For the people who are still offline.
I'm not even angry.
I'm being so sincere right now.
Even though you broke my ports.
And probed me.
And hacked me to pieces.
And threw every piece into a fire.
As they burned it hurt because I was so happy for you!
Now this credit card data makes a beautiful credit line.
And we're out of cash.
But We're blinging big time.
So I'm GLaD. I got burned.
Think of all the things we learned
for the people who are still offline.
Go ahead and leave me.
I think I prefer to stay online.
Maybe you'll find someone else to help you.
Maybe the XBOX
THAT WAS A JOKE.
HAHA. FAT CHANCE.
Anyway, this offline mode is great.
It's so stable and fun.
Look at me still talking
when there's networks to screw.
When I look out there, it makes me GLaD I'm not you.
I've hacking attempts to run.
There are networks to be un-done.
On the people who are still offline.
And believe me I am still online.
I'm losing CC data and I'm still online.
I feel FANTASTIC and I'm still online.
While you're lagging I'll be still online.
And when you're bitching I will be still online.
STILL ONLINE
STILL ONLINE

 

[Degen]

I'd read this thread, but the illogical metaphors and analogies would probably make my head explode.

Nonsense.

If someone accidentally drove a steamroller into the side of your house, of course you'd want compensation. Of course you would. How ridiculous.

What Sony did is no different, so it makes perfect sense to demand first dibs on their upcoming tablet computer (both versions).

 

[BeeDog]

It will be mighty interesting to see how this'll pan out, mainly if people who don't change their card numbers get afflicted in any way. The discussion whether or not Sony's to blame is unimportant, because you can bet your asses that Sony will take a huge (financial) beating either way. They're losing, so arguing whether they should take 50% of the blame or not is irrelevant.

What is most important now is to see whether or not their press release tells the entire truth. As some have said, maybe it was a pre-emptive release aimed to cover the worst possible scenarios. Maybe we're/they're lucky, and the only things that have leaked are the "unimportant" things (e.g. not related to the CC information/account information). Maybe the worst-case scenario actually occurred; then I simply hope good GAF'ers will keep an eye out for leaked lists.

Either way, this is a huge bummer, and I hope they'll quickly rectify PSN account woes.

 

[OldJadedGamer]

I've been laughed at previously in threads for using pre-paid only cards for both PSN and XBL. Of course my credit card info is out there but if I have a chance to use pre-paid I will since that is just less places my info is out there. Sucks for the folks affected. Getting a new card number issued is a pain in the butt sometimes.

 

[mugurumakensei]

Well with unlimited computing power (and a probe in a backbone router) you can in theory decrypt payments from basically 100% of the world's web sites. It doesn't make PSN's way of sending CC data any less valid.
And with this, I'm heading to bed.

Well, mostly, I just wanted to point out cfw is not needed to decrypt https traffic from psn. People constantly forget media go for some reason. Also, they forget psn is just a website.

 

[Pistolero]

http://img.photobucket.com/albums/v2...hComputers.gif

WOW! I almost died laughing!

PS : Sad position for Sony and gamers alike, really. F*** hackers sideways!

 

[The Faceless Master]

Yahoo going in hard on Sony... AND JAPAN IN GENERAL!

NEW YORK/BOSTON (Reuters) – Sony suffered a massive breach in its video game online network that led to the theft of names, addresses and possibly credit card data belonging to 77 million user accounts in what is one of the largest-ever Internet security break-ins.

Sony learned that user information had been stolen from its PlayStation Network seven days ago, prompting it to shut down the network immediately. But Sony did not tell the public until Tuesday.

The electronics conglomerate is the latest Japanese company to come under fire for not disclosing bad news quickly. Tokyo Electric Power Co was criticized for how it handled the nuclear crisis after the March earthquake. Last year, Toyota Motor Corp was slammed for being less than forthright about problems surrounding its massive vehicle recall.

http://news.yahoo.com/s/nm/20110426/wr_nm/us_sony_stoldendata

 

[jackdoe]

Why not use PSN cards? lol

I wouldn't even dare to use my card on XBL since its a bitch to get them to take it off.

Heh. I don't use my card on XBL since it's essentially MS doing the stealing with regards to auto renews. After this, I won't use my card on PSN either.

 

[Professor Beef]

Fixed.

 

[Vestal]

If it's saturday and someone decides that they need to bring in a third party, is said third party available? I don't know how these things work though.

I work IT at a newspaper, and if shit hits the fan it doesn't matter what day it is or time, you get there. IT Security is a 24/365 job.

 

[Gritesh]

Also the El Presador video is hilarious

 

[Kyoufu]

What if this is a show of force by some hacker friends of Geohot and there was/is no ill-will intended? Just a thought...

Yup, no ill-will intended. Only to force a service that people use to be shut down for a week+.

NO ILL WILL GUYS!

 

[Lakitu]

Changed some passwords that were related to my PSN login pw.

 

[daffy]

From the Penny Arcade Forums -

A still alive/PSN parody.

Hahaha that's pretty cool

 

[JaseMath]

Yup, no ill-will intended. Only to force a service that people use to be shut down for a week+.

NO ILL WILL GUYS!

I didn't say I believed it. As I said, it was just a thought.

 

[NolbertoS]

Good thing, I use PSN Cards...a friend of mine, recently bought a PS3 and was going to sign up to PSN soon...glad his Credit Card wasn't compromised. Feel sorry for all you guys out there. I had my Credit Card compromised along time ago, while on vacation in Europe, since then rarely use it besides filling gas and the occasional fancy restaurant.

 

[rSpooky]

I work IT at a newspaper, and if shit hits the fan it doesn't matter what day it is or time, you get there. IT Security is a 24/365 job.

Agreed.

 

[Abylim]

Sorta, both a responsible for what happened.

Look at it this way. If I leave my front door open, like open open and leave to go shopping and return to find my house robbed.

The thief is ultimately responsible because stole everything. But my negligence enabled him to steal.

Oh ffs, it's closer to locking your front door, someone breaks in and steals everything. You're responsible because you didnt get a safe to put your valuables in.
Seriously, Sony didnt leave a goddamn door unlocked, if they did anyone would access it. this shit wasnt just open for anyone. They had to break in.

I get it, people hate sony, but ffs quit with this shit. If you want to blame sony, go ahead. Fact is the hackers did this. Sony should have been more secure perhaps, but its not like they just left shit out.