Support NeoGAF

[phosphor112]

This will be used for future court cases that may involve hacking consoles, and judges will side with the companies. Being able to hack devices that access large networks is dangerous. If Geohot was being sued when this happened, they would have pushed even harder than before.

 

[CrushDance]

If PS3 gets priced dropped to $200(this year), everyone will jizz.

..................................................................

 

[stupei]

They can't open accounts in his name without an SSN.

That one article linked said they have enough info to take out a loan in someone's name. How little do they need to get a loan, or is that only in Australia?

If so, man, Australia sucks.

 

[Rebel Leader]

http://img.photobucket.com/albums/v247/DrForester/MeanwhileAtNintendo.gif[/I G][/QUOTE]

FAKE! Nintendo eats money.

--

Goodnight gaf...

 

[Replicant]

I'm currently away from my home where my PS3 is and won't be back for months.

Is there anyway to remove credit card info through Sony's site(when it's up again) and turning off PSN+ renewal?

Yes. But you have to do it from www.playstation.com site (or its country-specific site) which is also down at the moment. I should elaborate that playstation.com itself is not down but the PSN access through that site is still down. That's what frustrates me. I want to change my PSN password and wipe out my CC details but I can't even do that.

 

[Snuggles]

Honestly, I think the FFXIII going to the 360 situation is more impacting.

and a few months later, people cared even less about that

 

[gokieks]

With the benefit of hindsight and knowing what actually happened, it's easy to say they should have said something day one even if they weren't sure. But people should probably also consider what a disaster it also would have been if the situation was reversed, and their premature statements caused people to needlessly panic - it would have been two rounds of PR disasters instead of one, and they would've had to be dealing with the PR side of the issue at the same time as the technical instead of being able to determine extent of damage first. The two should be separate, but invariably there will be an impact.

It would obviously have been nice to have both, but when it comes down to speed vs accuracy in cases of data breach, I can't say that making the decision to go with the latter, if that's what they did as the last PS Blog post mentions, is the wrong one.

 

[Igor Antunov]

So I use the same debit card for my steam account.

If somebody tries to commit some fraud with my debit account, do I lose my $3,000 worth of steam games as a result? I heard the steam lock out horror stories.

FUCK SONY UP THE ARSE

 

[epmode]

God damn you have a raging hard-on for me.

I happened to catch one of your first posts in this thread and you've been on a roll ever since. It helps that you have such a distinctive avatar, not to mention that everyone quotes you.

It's kind of entertaining to watch someone so obviously unhinged by other people expressing outrage over identity theft. I'm just trying to understand why it bothers you so much!

 

[SapientWolf]

If PS3 gets priced dropped to $200(this year), everyone will jizz.

Even the women. No, especially the women.

 

[Seraphinianus]

To the bolded part: ahh HELL no

that would be funny if this was all a ploy to get rid of game sharing.

oh shit.

there are gonna be new security measures -- I bet no game sharing is one of them.

 

[Rebel Leader]

that would be funny if this was all a ploy to get rid of game sharing.

oh shit.

there are gonna be new security measures -- I bet no game sharing is one of them.

I only game share when I give away old games to my nefu and DL the DLC for him

 

[Mailenstein]

E3 will be awesome. I'll LMFAO if they don't mention it at all.

 

[-Pyromaniac-]

A month or two from now most people probably won't even care.

Indeed. The hardcore will remember it the longest, everyone else will forget. The hardcore will stop caring in time.

 

[Dreamgazer]

E3 will be awesome. I'll LMFAO if they don't mention it at all.

Why would they want to mention it at E3?

 

[Vinci]

With the benefit of hindsight and knowing what actually happened, it's easy to say they should have said something day one even if they weren't sure. But people should probably also consider what a disaster it also would have been if the situation was reversed, and their premature statements caused people to needlessly panic - it would have been two rounds of PR disasters instead of one, and they would've had to be dealing with the PR side of the issue at the same time as the technical instead of being able to determine extent of damage first. The two should be separate, but invariably there will be an impact.

It would obviously have been nice to have both, but when it comes down to speed vs accuracy in cases of data breach, I can't say that making the decision to go with the latter, if that's what they did as the last PS Blog post mentions, is the wrong one.

No. Hell no. When it comes to jeopardizing others' personal information and possibly even credit card information, you better damn well inform them of the possibility in all damned haste. Period.

 

[Vestal]

E3 will be awesome. I'll LMFAO if they don't mention it at all.

You can put good money that both Nintendo and MS are already preparing 2 or 3 extra slides showing of their systems Security measures.

 

[Data West]

E3 will be awesome. I'll LMFAO if they don't mention it at all.

Sony won't

Microsoft will

 

[NeoUltima]

So I asked this ealier in the thread but got no answer:
With PSN being down, how are people logged into and posting comments on the PSblog?

It's boggling my mind. It won't let me log in cause PSN is down...so how are other people posting comments. I actually don't want to post a comment, but this shit is annoying me. The only explanation I can come up with is cookies (they were logged in before network shut down), but that don't seem right.

 

[ULTROS!]

If this situation happened to XBLA (hopefully not though), I guess it will be 10x worse because:

- A lot of people have gold accounts (pay for a set number of months)
- XBL is much more active than PSN
- You can't delete your credit card info unless you call them up a number of times
- The "meat" of the 360 is XBL online play

 

[Dead Man]

That one article linked said they have enough info to take out a loan in someone's name. How little do they need to get a loan, or is that only in Australia?

If so, man, Australia sucks.

No SSN's in Australia, we use a Tax File Number instead, and I don't know if it is required information for all lenders, or just some types.

 

[sangreal]

Typically, no you don't use a different salt. The problem with using a different salt is you then still need an associative table somewhere with the salts. It is inefficient. Thus most systems use a single salt value for the hash. if you are going to use a second associative table to begin with, you would just use a key system.

Of course you use a different salt, that is the entire point. You store the salt either as part of the hash, or together with it. Using a single salt is completely pointless. It invalidates one rainbow table, but you 'simply' need to generate one for the single salt. With a random salt, you have to generate a table for each possible salt.

As for being able to decrypt passwords being dangerous. Umm... Yeah, I hate to point out that two way encryption is how trillions of dollars are transacted on the web everyday. It's really not that hard to keep a private key secure. Keep it off of the accessible filesystem, minimal user acces, etc.

Except you need the key to validate the password, so if your system is compromised so is the key making it pointless.

In many ways it's more secure than a one way hash based on a single salt (passwd for example) because something like passwd can still have a dictionary attack rum against it and at that point is only as safe as the weakest password on the system.

Yes, passwd can still have a dictionary attack run against it, the point is that running a dictionary attack against one user with the password 'passwd' doesn't expose every user in the table with the same passwd. That is the purpose of the salt -- to make pre-computed rainbow table attacks more difficult.

So one user has 'passwd' salted with 'aB' stored as:
aBQxTtD9ECLq2

But you still have to run a separate dictionary/etc attack against user 2 who has 'passwd' salted with 'ab':
abhVCrvF/6OPY

Example based on the outdated and insecure but commonly used unix crypt (DES)

 

[Ozzykamikaze]

Why would they want to mention it at E3?

Thought the same thing....

Sony won't

Microsoft will

That would be stupid too.

"You know that service that competes with ours and is completely free? Yeah, it went down for a week!"

 

[lupinko]

that would be funny if this was all a ploy to get rid of game sharing.

oh shit.

there are gonna be new security measures -- I bet no game sharing is one of them.

If there is no game sharing, then how are you going to reenable your content on a new PS3 if your old ps3 kicked the bucket/you sold it/etc.?

The concept is perfectly fine, it's just that it's abused for the wrong reasons, then those who abuse it complain when they use up all the share slots.

 

[Dead Man]

With the benefit of hindsight and knowing what actually happened, it's easy to say they should have said something day one even if they weren't sure. But people should probably also consider what a disaster it also would have been if the situation was reversed, and their premature statements caused people to needlessly panic - it would have been two rounds of PR disasters instead of one, and they would've had to be dealing with the PR side of the issue at the same time as the technical instead of being able to determine extent of damage first. The two should be separate, but invariably there will be an impact.

It would obviously have been nice to have both, but when it comes down to speed vs accuracy in cases of data breach, I can't say that making the decision to go with the latter, if that's what they did as the last PS Blog post mentions, is the wrong one.

You know what? I don't really give a rats arse if I change my details or cards and then get told I didn't need to, I do care if I don't get told until a week later though.

 

[Rebel Leader]

So I asked this ealier in the thread but got no answer:
With PSN being down, how are people logged into and posting comments on the PSblog?

It's boggling my mind. It won't let me log in cause PSN is down...so how are other people posting comments. I actually don't want to post a comment, but this shit is annoying me. The only explanation I can come up with is cookies (they were logged in before network shut down), but that don't seem right.

I'm still... "wait.. what.... how are you posting?"

 

[daffy]

So I use the same debit card for my steam account.

If somebody tries to commit some fraud with my debit account, do I lose my $3,000 worth of steam games as a result? I heard the steam lock out horror stories.

FUCK SONY UP THE ARSE

They may not even have your debit card number according to Sony. Only email/personal information is definite. You can watch your account for any suspicious activity or order a replacement card number if you feel the need.

You aren't totally helpless in this situation.

 

[snackman]

Something from (MOLDOVA COMP)?? put 1 penny in my account 4 days ago is this related?

 

[MrPink93485]

So I asked this ealier in the thread but got no answer:
With PSN being down, how are people logged into and posting comments on the PSblog?

It's boggling my mind. It won't let me log in cause PSN is down...so how are other people posting comments. I actually don't want to post a comment, but this shit is annoying me. The only explanation I can come up with is cookies (they were logged in before network shut down), but that don't seem right.

They probably have automatic logging in for the site. At some point, the automatic logins will expire though if they don't bring up the network soon.

On Thursday, I was able to post in the LBP forums just because I was automatically logged in from an earlier point I logged in with my PSN ID and password.

 

[Knux-Future]

If everything i reset...that's when I get all emotional.

PS3's will be elbow drop'd

 

[Trevelyon]

They don't need to know. If they even suspected it they should have sent the word out so that people were aware of the risk and could take the proper precautions. Some people wouldn't do anything based on unverified suspicion but the people with their debit cards and their strong passwords in the system might not be willing to take any chances.

It's a slippery slope either way, they run a high risk of unnecessarily panicking their customers with a hasty press releases based on an incomplete ongoing analysis and a lack of understanding of the extent of the issue and the exact data that was compromised. I personally, think it was admirable that they did peruse this kind of due diligence, it was thorough, complete and reliable information opposed to something that was reactionary, incomplete, based on assumptions and would've been irresponsible on their behalf if they had of released it 48 hours after this broke out.

 

[Vestal]

If this situation happened to XBLA (hopefully not though), I guess it will be 10x worse because:

- A lot of people have gold accounts (pay for a set number of months)
- XBL is much more active than PSN
- You can't delete your credit card info unless you call them up a number of times
- The "meat" of the 360 is XBL online play

It would be a debacle, since LiveID is tied to so many different systems.. But at the same time, that makes it harder to hack since Microsoft has been using Passport/LiveID for over 14 years, so its a more mature infrastructure.

 

[Tron 2.0]

Something from (MOLDOVA COMP)?? put 1 penny in my account 4 days ago is this related?

There's no way to know.

 

[TheExecutive]

Honestly, I think the FFXIII going to the 360 situation is more impacting.

You think another shitty game in the FF series going to a competitor is more impactful than possibly 77 million psn users personal information being stolen? I will wait to see the full impact of this but I pray you are right.

If people actually start seeing massive amounts of fraud from this it could forever wipe out the online market for Sony which in turn would mean the playstation brand is in deep shit.

Best and worst case scenario here but in all honesty both are possible.

 

[TOAO_Cyrus]

This will be used for future court cases that may involve hacking consoles, and judges will side with the companies. Being able to hack devices that access large networks is dangerous. If Geohot was being sued when this happened, they would have pushed even harder than before.

lol what. Far more sensitive networks are accessible from open platforms like PC's and are not hacked. If Sony was seriously relying on client side security, which i doubt, then this will serve as nothing more then a cautionary tale.

 

[Vamphuntr]

I really don't think your downloads and purchases list will be cleared guys. In a worst case scenario you still have trace of the transactions unless you are completely incompetent. I have a folder with all my email confirming the stuff I bought and the money I added to the psn wallet.

 

[Curufinwe]

Tis a good thing gamers are a VERY forgiving bunch of people.


See: The Modern Warfare 2 "boycott" lollllllll

No one outside of Activision has any idea what the total sales (including downloads) of MW 2 on the PC were, and no one can say what they would have been if key features hadn't been stripped out of the game. There's no non-anecdotal evidence about what effect the "boycott" had.

 

[Epcott]

Fix this sooooney... I dun worked two jobs for ur systum. Feel so violated rite nows

 

[googleplex]

Why would they want to mention it at E3?

Why in the blue HELL would they talk about a security breach of thier network at E3?

 

[Vestal]

I wouldn't worry about Trophys and purchases being erased. These are all stored in DBs and shouldn't have any problem being migrated to whatever new new secured system they wish to employ.

 

[Zoe]

That one article linked said they have enough info to take out a loan in someone's name. How little do they need to get a loan, or is that only in Australia?

If so, man, Australia sucks.

If name, address, phone number, and DOB were all that are necessary to get a loan in the US, then identity theft would be a lot more rampant than it already is.

Whenever I've had to get a loan, I've needed the above plus residential history, employment history, and of course SSN. That information is then cross-checked against your credit report.

In order to see a credit report if you want to use someone else's information above, you need the person's SSN and the ability to answer security questions related to information found on the report.

They can't change the information on the report either. The actual person in the report doesn't even have the power to change information on their own credit report. That information is controlled by the credit companies, and they will only ever remove information upon request (and even then they may not do it if they have reason to believe it's valid).

In short, you need the SSN.

 

[epmode]

No one outside of Activision has any idea what the total sales (including downloads) of MW 2 on the PC were, and no one can say what they would have been if key features hadn't been stripped out of the game. There's simply no available evidence about what effect the "boycott' had.

Probably didn't affect much.

I didn't buy it though!

 

[Jinfash]

I think the investigation is over, actually. Though they don't have evidence of CCs being leaked, that doesn't mean they haven't been leaked.



I don't think they'd be released to us in the first place.



And I think while this isn't their final word on the subject, it's close to it, at least in terms of relating the damage done.

If they truly have no means of confirming the CC situation going further, which I still find surprising, then that may be the case.

I just wonder whether the public would've been more appreciative of an earlier warning, even before the completion of their investigation, or would it have fueled the situation even more than it is doing now. Of course, I have absolutely now clue whether they were legally binded to take the steps they did in that order, and keep their suspicions to themselves, or if it's the PR department's proposal.

That's a lot of whethers and ifs, and this analyst's armchair is making my ass itch. Good day!

 

[FINALBOSS]

yep, no one remembered the Live blackout or the Gawker security breach already. this too will pass.

This.


High-five.

 

[Dreamgazer]

Why in the blue HELL would they talk about a security breach of thief network at E3?

why in the red HELL are you rephrasing my question in a longer way?

 

[paparazzo]

Just got off the phone with my bank and had my card canceled, this is just ridiculous. I cannot believe it took Sony a fucking week to announce they extent of the damage. Just wow. That's the last time Sony gets my cc info. I'll stick to pre-paid cards, that is if I ever feel the need to purchase something of the PS store again which right now I'm not too keen on.

 

[Absoludacrous]

They don't have your debit card number according to Sony. Only email/personal information. You can watch your account for any suspicious activity or order a replacement card number if you feel the need.

You aren't totally helpless in this situation.

Where did they say they don't have your CC number? Last I saw they weren't sure.

 

[DrForester]

Why in the blue HELL would they talk about a security breach of thief network at E3?

What better place to announce that PSN is back up.

 

[Hellsing321]

So I use the same debit card for my steam account.

If somebody tries to commit some fraud with my debit account, do I lose my $3,000 worth of steam games as a result? I heard the steam lock out horror stories.

FUCK SONY UP THE ARSE

I wouldn't worry unless they somehow get acces to your steam account and start buying games. If that happens DON'T issue a charge back with your credit card company. Take up the matter with Steam support to get the charges settled.

 

[Curufinwe]

Probably didn't affect much.

I didn't buy it though!

I didn't either, but not because I wanted to join a boycott. I didn't buy it because I enjoyed CoD 4 on the PC mainly playing multipler on maps with 24-32 people and you couldn't do that in MW 2.