Support NeoGAF

[Commanche Raisin Toast]

http://www.youtube.com/watch?v=MFiU6iORGsc

I might be jumping ship with El Presodor, seriously how can you trust putting your CC info into psn now?

same way you trust opening a CC to begin with. banks have mass amounts of card numbers compromised all the time and they have to comp the losses and replace everyone's card.

nothing is 100% secure. you are always taking a risk dealing with technology. so with that said, it's not about if something is 100% secure, like your identity, but what a company can do to fix the situation if/when it happens. ie: why do banks have identity theft and debit/credit card protection? shouldn't they be 100% secure? why is there no outrage over all these other companies?

as i said before, it's not about how secure something is. it's just a matter of there being a hacker or a group of hackers that can defeat it. no system is fool proof. the hackers happened to focus on sony and attack them. had there been reason to do so to MS/360 or Nintendo it would have been done.

 

[FINALBOSS]

THAT ISN'T HACKING.

Social engineering some $10/hour idiot on the other end of a CS line isn't hacking Xbox Live.

I take it you didn't read my follow up post where I specifically stated social engineering, phishing, and legitimate hacking methods.

Dat's cool though.

 

[legend166]

This makes me happy I never bought anything off PSN. I came close quite a few times, but never pulled the trigger.

I guess I'll go change some passwords though.

 

[J-Rzez]

Do the PC and DS exist in your world?

Like I said, ALL platforms. So yes, those are included. It's been a rough gen, lot's of goods, but the bads are really starting to overwhelm them.

 

[Linkified]

Right I'm kinda nervous, so basically I'm safe if my psn password wasn't the same as that of my email address and I don't give out passwords like mini-eggs. Right?

 

[Mael]

Yup, no ill-will intended. Only to force a service that people use to be shut down for a week+.

NO ILL WILL GUYS!

On top of that they picked up some info on psn users, no ill will guys...

 

[TTP]

Yahoo going in hard on Sony... AND JAPAN IN GENERAL!



http://news.yahoo.com/s/nm/20110426/wr_nm/us_sony_stoldendata

And we don't yet know who killed JFK!

 

[Raider82]

So a couple questions.

I'm going to do a free credit report which company should I go with?

Is the fraud alert service free?

I've been lazy with passwords any suggestions for stronger passwords and a way for me to remember all of them?

 

[zychi]

So Sony advises to change your password right? How do you go about doing that if the network is down? You have to wait and see?

 

[FINALBOSS]

PSN comes up.

People log in: See a free game of their choice waiting for them.


WHAT HACKING? I LOVE FREE GAMES!

 

[Vestal]

Oh ffs, it's closer to locking your front door, someone breaks in and steals everything. You're responsible because you didnt get a safe to put your valuables in.
Seriously, Sony didnt leave a goddamn door unlocked, if they did anyone would access it. this shit wasnt just open for anyone. They had to break in.

I get it, people hate sony, but ffs quit with this shit. If you want to blame sony, go ahead. Fact is the hackers did this. Sony should have been more secure perhaps, but its not like they just left shit out.

No they just knew that everyone had access to the front door key(SSL).... Instead of changing the locks(Reworking the way SSL was implemented) they apparently just went about their business and didnt take any other precautions like puting a safe inside the house.

 

[Gritesh]

I'm curious.

If the PSN goes live within the week, and they make large security changes to the system, and there are no reports in the next 3-5 weeks of users data being used in fraudulent ways...will this be swept under the rug in most users minds?

 

[UberTag]

Yahoo going in hard on Sony... AND JAPAN IN GENERAL!
http://news.yahoo.com/s/nm/20110426/wr_nm/us_sony_stoldendata

That's a Reuters article being distroed by Yahoo; make sure you give credit where it's due.

 

[Persona7]

I should probably call my mom as well, I used her card a few years ago on PSN and it is probably stored somewhere on PSN.

 

[epmode]

PSN comes up.

People log in: See a free game of their choice waiting for them.


WHAT HACKING? I LOVE FREE GAMES!

What is wrong with you.

 

[Lakitu]

So Sony advises to change your password right? How do you go about doing that if the network is down? You have to wait and see?

That's the last one I'm supposed to change. I've no idea.

 

[FINALBOSS]

So a couple questions.

I'm going to do a free credit report which company should I go with?

Is the fraud alert service free?

I've been lazy with passwords any suggestions for stronger passwords and a way for me to remember all of them?

Don't overreact man. You're going to be fine.

As far as changing PW goes...substitute letters or numbers for symbols that look the same. That way it's easy to remember.

 

[Raoh]

This will be fun...

Out of curiousity.. would everyone accept a reboot from Sony like Microsoft did?

Just a brand new relaunch..

 

[MThanded]

No they just knew that everyone had access to the front door key(SSL).... Instead of changing the locks(Reworking the way SSL was implemented) they apparently just went about their business and didnt take any other precautions like puting a safe inside the house.

I know how ssl works . Not sure where you are going with this. Go ahead an explain how they got hacked. I'm listening.

 

[MoneyLaunderer]

Heh. I don't use my card on XBL since it's essentially MS doing the stealing with regards to auto renews. After this, I won't use my card on PSN either.

Yeah, I quit using my CC on XBL/PSN when it took me 25 minutes of talking to 3 different people to remove my CC from my Live account. And they weren't happy about me removing it, either. After that, I've only use prepaid cards. The experience was too much of a headache. At least removing CC info from PSN was easy to do and didn't require calling Sony to remove it.

 

[mysteriousmage09]

I should probably call my mom as well, I used her card a few years ago on PSN and it is probably stored somewhere on PSN.

It's probably expired by now.

 

[FINALBOSS]

What is wrong with you.

9/10 comments on Sony's Facebook revolve around getting a free game.

 

[rSpooky]

No they just knew that everyone had access to the front door key(SSL).... Instead of changing the locks(Reworking the way SSL was implemented) they apparently just went about their business and didnt take any other precautions like puting a safe inside the house.

Uuuh.. Where does it say this s how it went? That is what the issue is.. We dont know how this happened. And likely never will ..

 

[slider]

I'm curious.

If the PSN goes live within the week, and they make large security changes to the system, and there are no reports in the next 3-5 weeks of users data being used in fraudulent ways...will this be swept under the rug in most users minds?

I asked a similar question earlier. What happened with past incidents that were similar? I don't even remember the Live downtime people were bringing up earlier.

 

[malingenie]

I'm curious.

If the PSN goes live within the week, and they make large security changes to the system, and there are no reports in the next 3-5 weeks of users data being used in fraudulent ways...will this be swept under the rug in most users minds?

Yep. I have a low attention span.

 

[Risible]

Fixed.

Flawless victory.

 

[btkadams]

I should probably call my mom as well, I used her card a few years ago on PSN and it is probably stored somewhere on PSN.

why would a card you removed from psn still be a part of psn? that makes no sense. cards expire or get replaced so there's no need for sony to keep that data for any reason. if they did, it would be wrong and would also be pointless.

 

[Gritesh]

This will be fun...

Out of curiousity.. would everyone accept a reboot from Sony like Microsoft did?

Just a brand new relaunch..

That's what I'm wondering, if it comes back completely changed, will people be accepting of that?

 

[Jinfash]

So Sony advises to change your password right? How do you go about doing that if the network is down? You have to wait and see?

The official word is to wait until PSN is back up and then change the password, which is why they're already advising people to change any account's password matching PSN's. So yeah, no auto resetting system by email or otherwise of any is in place at the moment.

 

[Kaizer]

Well what a shitstorm this has turned into eh? Can't believe something this big has happened on PSN, what a disgrace. It'll definitely be a while before I trust buying anything on PSN again, regardless of prepaid cards or not.

I think this is the first time the "Sony just shot themselves in the foot" meme is appropriate.

 

[methos75]

http://ps3.ign.com/articles/116/1164282p1.html

PSN Down, U.S. Senator Responds
Connecticut's Richard Blumenthal takes Sony to task.
April 26, 2011

0digg

Level 8
by Colin Moriarty
Obviously, the breach of Sony's PlayStation Network by hackers is a pretty big deal. As we've already reported, everything from your personal details and login information to more sensitive data like credit card numbers could be in the hands of hackers, sending gamers around the world fumbling for their credit reports.

But I bet you didn't imagine it was so serious that officials from the U.S. government would pay attention.

Senator Richard Blumenthal, a Democratic Senator from Connecticut, issued a letter to Sony about the security breach and how it was handled. Addressed to SCEA's president and CEO Jack Tretton, the letter asks some tough questions.


Senator Blumenthal -- PS3 gamer?
As IGN has already noted, Sony's lack of communication with its customers is troubling. Senator Blumenthal agrees. "I am troubled by the failure of Sony to immediately notify affected customers of the breach [of the PSN] and to extend adequate financial data security protections." He goes on to note that "a breach of such a widely used service raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data... When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised."

You can read Senator Blumenthal's full letter at his website, including the details about how he thinks those affected by the breach should have access to "credit reporting services, for two years, the costs of which... borne by Sony."

Sounds good to us.

 

[Mael]

What is wrong with you.

He's right and you know it.
People ate up the BS MSFT pulled with the RRoD and they some paid for something like 5 systems because the Q&A was beyond lacklustre.
It'll be the same, Sony would be stupid to pass this up and not apologize and send a free game or 2

 

[GANGSTERKILLER]

This is the worst thing that could happen! Sony lost my trust completely! They can fuck themselves with their PS Move controllers!

Karma is a bitch...

 

[Shurs]

This will be fun...

Out of curiousity.. would everyone accept a reboot from Sony like Microsoft did?

Just a brand new relaunch..

What MS reboot are you referring to?

The transition from Xbox to Xbox 360?

 

[Agent X]

So Sony advises to change your password right? How do you go about doing that if the network is down? You have to wait and see?

You can't change it right now. What they mean is that once PSN/Qriocity is reactivated, that you log on and change your password as soon as possible.

Meanwhile, as I said earlier, if you use the same or similar password elsewhere (E-mail, shopping sites, etc.), then it would be a good idea to change your password on those sites as well.

 

[witness]

I really regret using my card on PSN now, goddamnit.

 

[Mailenstein]

Oh wow, I can't breathe anymore... DrForester killing it yet again - flawless.

I can't imagine this shit got more exciting than Nintendo's new console. Ridiculous times.

 

[TOAO_Cyrus]

I know how ssl works . Not sure where you are going with this. Go ahead an explain how they got hacked. I'm listening.

Yeah isn't SSL more about protecting the actual transaction from interception, not preventing unauthorized access?

 

[slider]

With work and personal stuff I already have, let me count... 15+ pawwords to remember!

I'm gonna have to write the new ones down somewhere. Good ol' paper and pen.

 

[daffy]

So a couple questions.

I'm going to do a free credit report which company should I go with?

Is the fraud alert service free?

I've been lazy with passwords any suggestions for stronger passwords and a way for me to remember all of them?

The blog has listed annual credit report. Go there. I use quizzle.com. EDIT: Misread, any company is fine.

Fraud Alert is free for awhile yes.

Use LastPass.com for a good way to remember your passwords. Be sure you understand how LastPass works as well.

 

[Abylim]

No they just knew that everyone had access to the front door key(SSL).... Instead of changing the locks(Reworking the way SSL was implemented) they apparently just went about their business and didnt take any other precautions like puting a safe inside the house.

Ofcourse its that simple, thats why this isnt the first time we've had this happen!
Oh, wait...

 

[Tron 2.0]

So a couple questions.

I'm going to do a free credit report which company should I go with?

Is the fraud alert service free?

I've been lazy with passwords any suggestions for stronger passwords and a way for me to remember all of them?

It doesn't really matter which credit reporting company you go with. Any changes would be reflected by all three.

Fraud alert service is free.

It's been mentioned a lot in this thread, but I really recommend LastPass for maintaining your passwords.

 

[Elfforkusu]

Uuuh.. Where does it say this s how it went? That is what the issue is.. We dont know how this happened. And likely never will ..

We'll know, we can already probably guess.

1) Server has vulnerability.
2) Hacker discovers vulnerability.
3) Hacker exploits vulnerability to run custom code.
4) Because Sony's internal security measures suck (though this isn't just Sony, it's the norm), they fail to recognize #3 until the hacker has everything.

The only question is in the details of the exploit. If these were Windows servers, odds are the bug is already known, and probably even patched. Alas, too late.

 

[EricHasNoPull]

"U.S. Senator Demands Answers From Sony Over PlayStation Network Data Breach"

latest from Gawker Media

 

[Absoludacrous]

PSN comes up.

People log in: See a free game of their choice waiting for them.


WHAT HACKING? I LOVE FREE GAMES!

Doubtful.

Outside of this PR nightmare that will most likely fade with time, the amount of real damage is proportional to the amount the info is used.

If CC numbers were taken, sold off, and eventually used en masse, the blowback could be huge. If not it will most likely be forgotten and only brought up in system wars. Though I'm sure a lot of people will be more cautious from now on.

 

[Dreamgazer]

With work and personal stuff I already have, let me count... 15+ pawwords to remember!

I'm gonna have to write the new ones down somewhere. Good ol' paper and pen.

Till I steal your piece of paper.

I mean till my sheep eat your piece of paper.

 

[Technosteve]

does this mean there will be cheap PS3's for sale soon? Could go with a cheap blu ray player and 1080p netflix.

 

[styl3s]

lol @ people in this thread.

yeah, sue them. Also sue preemptively every other company in the world, because there are no firewalls that couldn't be breached.

Last time i checked my bank account and every other service was never hacked and had 70 million accounts compromised.

sony is a incompetent company and i am done with them, im selling my ps3 and all my games on craigslist and ill just play infamous 2 and uncharted 3 at my friends, they will never get another penny from me and it isn't just the fact that this happened, it's the fact they waited almost a fucking week to tell us our shit is possibly stolen.. they don't have the right to hold that kind of information from us, it's my information, my bank card.. i have a right to know the second my shit is breached, not a goddamn week later.

fuck PS3, fuck NGP and fuck everything sony related.

 

[Linkified]

You can't change it right now. What they mean is that once PSN/Qriocity is reactivated, that you log on and change your password as soon as possible.

Meanwhile, as I said earlier, if you use the same or similar password elsewhere (E-mail, shopping sites, etc.), then it would be a good idea to change your password on those sites as well.

But only if those services are on the same email address right?

 

[Vestal]

I know how ssl works . Not sure where you are going with this. Go ahead an explain how they got hacked. I'm listening.

I don't know how they got hacked.. For the most part people defending sony on this thread have been using the excuse that since CFW the SSL was compromised, and thats how the hackers got through. I have been pointing to the fact that if this is true, its still no excuse, since sony has known about this for months now.