Support NeoGAF

[Mael]

This thread is like when you wipe your ass and you accidentally end up touching shit.

You know it smells like shit, but you smell it anyway.

No you don't, you sicko!

 

[Jinfash]

Wow what a condescending...uhm whatever...

Somebody's feelings are still a little hurt

 

[chubigans]

He's been called on it multiple times, no evidence provided at all.

Something about social engineering, but that's not hacking nor is it even remotely comparable to Sony's security implosion.

Can't find the article, but basically people are targeted on Xbox Live by con artists. They ask people via voice chat, oh hey, what's your name, and act friendly, and then ask casual questions like what high school they went to- which are actually your security questions that the con artist can use against your account to hack in.

No, it's nothing like what happened to PSN, but I believe that's the article he's talking about.

 

[staticneuron]

Why must people act so silly an blow things out of proportion. Given the wording of the statement, it seems they never caught the compromise in data till after they inspected what went down. Working on a large network myself and knowing others IT techs that do the same, it is entirely possible to receive an attack and not know the extent of the damage till afterwards.

This is a horrible turn of events, but I doubt sony could have done much to prevent something like this. If a person or a group of people are intent on taking down your security, eventually they will.

 

[Neuromancer]

Somebody's feelings are still a little hurt

I thought it was funny.

 

[slider]

Seriously? This is unacceptable. Has a major company ever leaked credit card details like this in recent memory? Surely they can be held accountable, somehow?

Not a company and not credit card details but I remember the loss of information scandals in the UK...

http://www.theregister.co.uk/2007/11/05/standard_life_lost_cd_security_flap/

EDIT: Beaten by a more comprehensive poster above.

 

[EricHasNoPull]

Somebody's feelings are still a little hurt

yes yes they are, and what are you gonna do about it?

No you don't, you sicko!

You're telling me you never smelled your own shit?

 

[Gritesh]

Seriously? This is unacceptable. Has a major company ever leaked credit card details like this in recent memory? Surely they can be held accountable, somehow?

No proof credit card details have been leaked, Sony even said themselves they cannot confirm that yet.

 

[Deleted member 30609]

hmmm. They have found no evidence that CC info was leaked.

In that they've had no one claim that their credit card has been used maliciously. Yet. It's twisted, very careful PLEASE DON'T SUE US wording.

But, you know, I could be wrong. I guess we'll just have to wait and see.

 

[MalboroRed]

Last time i checked my bank account and every other service was never hacked and had 70 million accounts compromised.

sony is a incompetent company and i am done with them, im selling my ps3 and all my games on craigslist and ill just play infamous 2 and uncharted 3 at my friends, they will never get another penny from me and it isn't just the fact that this happened, it's the fact they waited almost a fucking week to tell us our shit is possibly stolen.. they don't have the right to hold that kind of information from us, it's my information, my bank card.. i have a right to know the second my shit is breached, not a goddamn week later.

fuck PS3, fuck NGP and fuck everything sony related.

It sounds like you need to repeatedly do falling elbow drops on your PS3 to get rid of your rage, mix in some headbutts while you're at it.

 

[STG]

torrent up yet?

 

[-viper-]

Seriously? This is unacceptable. Has a major company ever leaked credit card details like this in recent memory? Surely they can be held accountable, somehow?

The UK Government.

Her Majesty's Revenue and Customs.

25 million individuals (out of about 60 million people in the UK) including

7.25 million families
names of all Child Benefit recipients i.e. the parents
names of their Children
dates of birth
addresses
Child Benefit Numbers
National Insurance Numbers (NINOs)
Bank or Building Society account details

This was in 2007.

Just about everyone in the UK has forgotten about it now.

 

[dreamer3kx]

the more I read the more I get upset about this, this is some bs, how about all the parents that entered their personal info into their kids systems, they have no idea this is even a story!! BS!

 

[Kagari]

You really think it's a "meltdown" to be upset over compromised credit card details.

Except there is no proof that said credit cards have been compromised.

 

[MThanded]

I can't believe someone is telling me that sony got hacked because they used SSL. You gotta be kidding me. SSL is still a widely supported internet standard and it has not been deprecated.

 

[Trike]

Guys, guys, guys, stop all the Sony bashing. That is what the hackers want you to do. Besides, it is obvious that Nintendo hacked them because of their coffee spill comment. I know you must be thinking "But wait, that happened after the hack!" The answer is obviously Time Wizards.

 

[IchigoSharingan]

Actually he got a point,
the situation MSFT was when they willingly sold ticking time bomb was unacceptable on so many level and that people still bit is really laughable on so many level.
I expect the same to happen here.

I've said it before I'll say it again anyone blaming Sony over the hackers is fucking retarded

If you're in the IT security profession, and you actually say "it's the hacker's fault, he's too good." you will not survive very long. It is your JOB to keep hackers out and minimize the impact. These kinds of fiascos are what you are fucking paid to prevent.

 

[spindashing]

Can somebody please think of the children?!

 

[Y2Kev]

You really think it's a "meltdown" to be upset over compromised credit card details.

But Sony says there's no evidence at current time that credit card details were actually leaked...

I mean, I could scream about them leaking my blood type and naked photos of me, but they haven't. Yet. But I bet they will.

 

[ShortBus]

Good god what a shitshow.

All of the hacker-friendly GAF are out in force embarrassing the rest of us!

 

[LProtag]

Bank of America itself got some of its data stolen, and I was recently given a new card by them because of that.

So I mean, yeah, anyone can get compromised, even the place where you store your money.

 

[Zizbuka]

And the NGP has no drive, right? Only way to get games is via PSN? If so, oops.

 

[styl3s]

You should pick up a PC. I bet those are more secure.

What does PC have to do with anything? I don't play PC games other than Starcraft 2 and the only other 2 places that have my bankcard is amazon.com and my online banking site, neither in the years i have used them got my info stolen.

If you wanna continue to support an incompetent company like sony go for it, i draw the line when a company withholds information they have no right to, what if someone drained my bank account? if that happened i could of prevented it if i got the information the day this happened and i don't wanna hear the bullshit oh but it didn't happen, that isn't the point.. someone out there knows everything but my social which is easy to phish, you know how big of a pain in the ass it is to fix identity theft?

I can't support a company that would withhold this information for this long, and yes i know other companies are awful blah blah i have never had a problem with any other company but sony.

 

[PsychoJecht]

Seriously? This is unacceptable. Has a major company ever leaked credit card details like this in recent memory? Surely they can be held accountable, somehow?

They didn't leak credit card info, it was (potentially) stolen from them. And why would you hold them accountable when there was nothing they could have done about it?

 

[Mama Robotnik]

This is a horrible turn of events, but I doubt sony could have done much to prevent something like this. If a person or a group of people are intent on taking down your security, eventually they will.

How has Steam, a far far more tempting target with larger customer base and such, managed to resist then?

If even one company can competently defend themselves, there is no excuse for the rest not to follow suit.

 

[Dreamgazer]

Bank of America itself got some of its data stolen, and I was recently given a new card by them because of that.

So I mean, yeah, anyone can get compromised, even the place where you store your money.

Trust only in Gold and Bullets.

 

[D4Danger]

here is what happened in the UK a few years ago, it probably still happens we just dont know yet.

every single one of those things happened because somebody lost something (a cd, laptop, hdd etc)

that's not what happened here.

Somebody at Sony didn't leave a CD with 77 million accounts on it on the bus.

I don't know if your post was trying to defend them as a "look, it happens all the time" kinda thing or what but it's not the same.

 

[MalboroRed]

What does PC have to do with anything? I don't play PC games other than Starcraft 2 and the only other 2 places that have my bankcard is amazon.com and my online banking site, neither in the years i have used them got my info stolen.

If you wanna continue to support an incompetent company like sony go for it, i draw the line when a company withholds information they have no right to, what if someone drained my bank account? if that happened i could of prevented it if i got the information the day this happened and i don't wanna hear the bullshit oh but it didn't happen, that isn't the point.. someone out there knows everything but my social which is easy to phish, you know how big of a pain in the ass it is to fix identity theft?

I can't support a company that would withhold this information for this long, and yes i know other companies are awful blah blah i have never had a problem with any other company but sony.

Get a box, write "Sony" on it, keep throwing it against your wall.

 

[iNvid02]

Bank of America itself got some of its data stolen, and I was recently given a new card by them because of that.

So I mean, yeah, anyone can get compromised, even the place where you store your money.

its true, but its not an excuse to have a piece of shit security system in place

 

[Abylim]

But obviously sony should have known INSTANTLY that this shit was compromised... right?

Sony couldnt have known, thats why they investigated it. Why would you make a statement to the public when you dont know the extent of the issue?

I am NOT happy with how this was handled, but I'm not going to make out like this is Sony's fault.
I'm sure security could have been better, but dont fucking hack my info. Thats the main thing. People that create viruses and hack are pathetic.

 

[witness]

Whelp debit card canceled, new one on the way.

 

[Vestal]

Quit your BSing please. Are you saying sony should not be using SSL. Tell that to a large majority of the internet SSL is still a supported and relied upon standard.

Not saying they shouldn't use SSL, but rework the way they implemented it. If it was really compromised, which is what others have said.. If that was truly the catalyst to the intrusion.

Change the SSL encryption, or change the methodology for the client/server handshake among other things.


But most importantly beef up server side sec.

 

[NullPointer]

Never trust the client. Hell, you can't even trust most of your own employees when it comes to billing details and passwords.

I hope we find out more details on what measures Sony was using to protect sensitive data.

What a clusterfuck.

 

[styl3s]

It sounds like you need to repeatedly do falling elbow drops on your PS3 to get rid of your rage, mix in some headbutts while you're at it.

im far too busy changing passwords, canceling credit cards and my bank cards

i don't have the pleasure to set my ps3 on fire yet.. besides i would rather sell it on craigslist and use that money to buy a console from a company that isn't completely fucking ignorant. and yes i know the hackers are part blame, but it takes 2 to tangle, it's also sonys fault for having quite possibly one of the worst security systems in the entire history of worst security systems, i wouldn't be as mad if sony was upfront about the entire situation from the get go, it's the bullshit lies that makes me mad.. acting like oh its just maintenance.. i hope the hackers drain sony dry now just out of pure spite.

 

[UberTag]

And the NGP has no drive, right? Only way to get games is via PSN? If so, oops.

Games are going to be sold on carts. NGP isn't the PSP Go. Physical media will still exist.
(I really like my Go, btw. Shame I won't be able to buy anything more for it.)

 

[slider]

How has Steam, a far far more tempting target with larger customer base and such, managed to resist then?

If even one company can do it, there is no excuse for the rest.

Steam has a larger customer base? Wow! Go Valve.

 

[GillianSeed79]

The thing that makes me mad, like a lot of posters have said, is not that Sony's network security apparently wasn't up to snuff, it's that they waited so long to tell people that their personal information had been possibly comprimised. I'm honestly not worried, because I think my debit card info on my PSN account is expired. Still, even if they didn't know the full extent of the security breach, they should have released a statement the first day they pulled the plug that they couldn't confirm if cc info was compromised. That way they could dismiss speculation that they knew this all along, and people could have taken precautionary measures if they wanted to. If they did know for six days, that's a good case for negligence. If they didn't, a full statement day one would have saved them from or at least minimized the PR nightmare and possible hit to their stock and shareholders that they are left with now.

 

[PsychoJecht]

How has Steam, a far far more tempting target with larger customer base and such, managed to resist then?

If even one company can do it, there is no excuse for the rest.

Umm...

http://www.bit-tech.net/news/bits/2007/04/19/STEAM_hacked_credit_card_info_stolen/1

 

[Jinfash]

yes yes they are, and what are you gonna do about it?

Uh, kiss and make up?

 

[Majine]

And the NGP has no drive, right? Only way to get games is via PSN? If so, oops.

 

[Speevy]

If you're in the IT security profession, and you actually say "it's the hacker's fault, he's too good." you will not survive very long. It is your JOB to keep hackers out and minimize the impact. These kinds of fiascos are what you are fucking paid to prevent.

I think we can give a little leeway when some jackass like Geohot gets martyred and the "hacker elite" monkeys go out of their way to break in.

Frankly I would be in support of someone going back and purging the forum of anyone who thought these guys were fighting the good fight. I use PSN everyday. Screw these guys.

 

[FINALBOSS]

Last time i checked my bank account and every other service was never hacked and had 70 million accounts compromised.

sony is a incompetent company and i am done with them, im selling my ps3 and all my games on craigslist and ill just play infamous 2 and uncharted 3 at my friends, they will never get another penny from me and it isn't just the fact that this happened, it's the fact they waited almost a fucking week to tell us our shit is possibly stolen.. they don't have the right to hold that kind of information from us, it's my information, my bank card.. i have a right to know the second my shit is breached, not a goddamn week later.

fuck PS3, fuck NGP and fuck everything sony related.

LOLZ

 

[ClosingADoor]

its true, but its not an excuse to have a piece of shit security system in place

How would we know if their security was a "piece of shit"?

We have no way to compare it to other companies. We don't have details, we don't have any info about their security as far as I know.

 

[MThanded]

Multiple banks have gotten large databases of user information stolen. Just a heads up. I know because my parents and I have had a few cards reissued on behest of the bank. They don't publicize it but they send letters to the affected users.

 

[Fersis]

torrent up yet?

Dunno.

But sure as hell im gonna download it to check my password.
I forgot my PSN ID password. ;__;

 

[btkadams]

And the NGP has no drive, right? Only way to get games is via PSN? If so, oops.

they are also sold on flash carts you buy in a store like the ds.

 

[Mael]

You're telling me you never smelled your own shit?

I'll do it when I'll shit roses, until then I know that's not a smell I want to even remember.

here is what happened in the UK a few years ago, it probably still happens we just dont know yet.

November 20 2007: Two computer discs holding personal information on 25 million people including 7.25 million families receiving child benefit are lost. The discs were sent via unrecorded internal mail. The information is unencrypted, prompting fears it could be used for fraud.

December 11 2007: Loss of two non-encrypted computer discs containing the names and addresses of 7,658 Northern Ireland motorists.

December 17 2007: The transport secretary, Ruth Kelly, announces that details of 3 million candidates for the driving theory test were lost in transit in Iowa. No financial information was included.

December 23 2007: Nine English NHS trusts admit to losing patient records. One case is thought to involve City and Hackney Primary Care losing the names and addresses of 160,000 children.

January 18 2008: Hundreds of documents containing sensitive personal data are found on a roundabout in Devon. They include details of benefit claims, mortgage payments and photocopies of passports. Confidential data had previously been found at the same location on November 6 2007.

January 19 2008: A laptop belonging to a Royal Navy officer is stolen in Birmingham. It contains details of 600,000 potential armed forces recruits. For those who submitted an application, this includes bank and passport details, National Insurance numbers, doctors' addresses and family information.

July 18 2008: Ministry of Defence says 658 laptops have been stolen and 89 lost in four years, with 32 recovered; and 26 portable memory sticks have been lost since January 2007, with 19 containing restricted information and three classified as secret.

August 22 2008: A memory stick containing details of 127,000 criminals in England and Wales is lost by an external contractor. It contains sensitve information about 33,000 persistent offenders including their names, addresses and dates of birth.

August 26 2008: Banking information on 1 million people held by the archiving firm Graphic Data is found on the hard drive of a laptop sold on eBay for £35.88. The information includes bank account numbers, phone numbers, mothers' maiden names and signatures of customers of American Express, NatWest and the Royal Bank of Scotland.

Dear god, they're bad at this.
I know people are for open government but come on.

If you're in the IT security profession, and you actually say "it's the hacker's fault, he's too good." you will not survive very long. It is your JOB to keep hackers out and minimize the impact. These kinds of fiascos are what you are fucking paid to prevent.

And I fully expect the IT security team at Sony to be updating their profiles if they didn't already did.
It also doesn't mean that hackers shouldn't shoulder most of the blame.

 

[Kusagari]

They didn't leak credit card info, it was (potentially) stolen from them. And why would you hold them accountable when there was nothing they could have done about it?

Considering the way Sony has handled PSN as a whole I doubt their security matches up anywhere near XBL's for example. And if that's true then Sony is definitely held accountable for jeopardizing our info with crappy security.

 

[EricHasNoPull]

Uh, kiss and make up?

Only if lip to lip

 

[robotzombie]

If you're in the IT security profession, and you actually say "it's the hacker's fault, he's too good." you will not survive very long. It is your JOB to keep hackers out and minimize the impact. These kinds of fiascos are what you are fucking paid to prevent.

Do you understand what you actually bolded? The person said not to blame Sony OVER the hackers. How in the world is that not a reasonable statement? How could it possibly exist that the person who was attacked maliciously, no matter how negligent they were to defend themselves, should be blamed over the people who ATTACKED them in the first place? I honestly can't understand what is wrong with you people.