Support NeoGAF

[FINALBOSS]

I happened to catch one of your first posts in this thread and you've been on a roll ever since. It helps that you have such a distinctive avatar, not to mention that everyone quotes you.

It's kind of entertaining to watch someone so obviously unhinged by other people expressing outrage over identity theft. I'm just trying to understand why it bothers you so much!

Well...it doesn't.

I'm just bored...fucking PSN is down man. Nothin to do

 

[MrPink93485]

Where did they say they don't have your CC number? Last I saw they weren't sure.

Well they're not entirely sure, but they said they haven't found any evidence suggesting so....yet. So they're leaving the possibility open pending of course their investigation is complete, or to cover their asses a bit.

 

[Myzer]

That one article linked said they have enough info to take out a loan in someone's name. How little do they need to get a loan, or is that only in Australia?

If so, man, Australia sucks.

In Australia we have the 100 point check which is used for things like loans and banking accounts. http://en.wikipedia.org/wiki/100_point_check

 

[TheExecutive]

It's a slippery slope either way, they run a high risk of unnecessarily panicking their customers with a hasty press releases based on an incomplete ongoing analysis and a lack of understanding of the extent of the issue and the exact data that was compromised. I personally, think it was admirable that they did peruse this kind of due diligence, it was thorough, complete and reliable information opposed to something that was reactionary, incomplete, based on assumptions and would've been irresponsible on their behalf if they had of released it 48 hours after this broke out.

There is very little chance that it actually took a week to figure out how deep the security breach went. There is no fucking way they were unsure until yesterday.

 

[Loudninja]

So Tuesday at the most for atleast getting back online right?

We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week

 

[epmode]

I'm just bored...fucking PSN is down man. Nothin to do

Netflix!

 

[Sean]

E3 will be awesome. I'll LMFAO if they don't mention it at all.

It's not the kind of thing you would want to mention. They should have it fixed by then and I'm sure Sony is banking on people forgetting about this by E3.

 

[Professor Beef]

Well...it doesn't.

I'm just bored...fucking PSN is down man. Nothin to do

Single-Player!

 

[patsu]

If they truly have no means of confirming the CC situation going further, which I still find surprising, then that may be the case.

I just wonder whether the public would've been more appreciative of an earlier warning, even before the completion of their investigation, or would it have fueled the situation even more than it is doing now. Of course, I have absolutely now clue whether they were legally binded to take the steps they did in that order, and keep their suspicions to themselves, or if it's the PR department's proposal.

That's a lot of whethers and ifs, and this analyst's armchair is making my ass itch. Good day!

That poster mentioned that CC info was probably not taken. If Sony had gone ahead, and said CC info probably not taken. Then today announced that they don't know CC info is taken or not, they'd be in even deeper sh*t.

 

[Zoe]

You think another shitty game in the FF series going to a competitor is more impactful than possibly 77 million psn users personal information being stolen? I will wait to see the full impact of this but I pray you are right.

If people actually start seeing massive amounts of fraud from this it could forever wipe out the online market for Sony which in turn would mean the playstation brand is in deep shit.

Best and worst case scenario here but in all honesty both are possible.

Because everybody stopped using Visa and Mastercard when Heartland's breach resulted in up to 100 million credit card numbers being compromised, right?

 

[antiquegamer]

If this situation happened to XBLA (hopefully not though), I guess it will be 10x worse because:

- A lot of people have gold accounts (pay for a set number of months)
- XBL is much more active than PSN
- You can't delete your credit card info unless you call them up a number of times
- The "meat" of the 360 is XBL online play

Not sure what XBOX live has to do with PSN and how shitty Sony is handling the situation. I an sorry but to wait a week to tell customers that their personal information has been compromise is seriously fuck up. I don't even re.ember what info I have on my PSN account and I can't even check so now I have to go to through all my other accounts and changes all the stuff that could let people weasel their way to get password changes.

Anyway this is really mess up.

 

[Mr. Enigma]

I just got a text message from a friend saying PSN is back up. Can anyone confirm this?

 

[Shotgun Kiss]

Aw man, why did UKResistance have to shut down last month? Their take on all of this would have been gold.

 

[Hex]

Not unless he shotgunned the box.

Unfortunately he forgot the magazine rack so no point was made this day

 

[Aselith]

i disagree with this statement. i'm just personally on the side of they should keep their mouths shut until enough information has been acquired. it would only make them look worse and cause even more problems if they scared everyone about CC info and then turned out to be a false alarm.

but this isn't what a lot of people are blowing up over. they (not everyone) are blowing up specifically because they believe that sony knew about the compromised data and hid it for days before telling us. not that they suspected data compromise and didn't warn us.

that's what im talking about. and that's what i think is the most important discussion point at the moment. or at least it WAS, until sony came out and clarified as i quoted above. unless anyone has any evidence or proof that sony knew about the data compromise earlier then it's pointless to even argue.

It would make them look like they actually care about their customers. Frankly, the way they handled this makes them look like they were trying to sweep it under the rug. That might be ok with some stuff but not with financial information security. Speed of response is paramount in these situations and they delayed telling anyone until the very last minute. Seven days is enough to clean out a lot of people. Luckily, it doesn't seem like that's happened but it's not by any means thanks to Sony.

People would not give a shit if Sony warned them and it turned out to be jumping the gun. Some people might halfheartedly complain because some people complain about anything but the majority would not care. The majority are very pissed about leaked data being hidden from them and RIGHTLY SO.

 

[daffy]

Where did they say they don't have your CC number? Last I saw they weren't sure.

You are right I suppose. There's no evidence either way, but with no evidence that they have them I tend to believe they don't.

Will revise my post either way

 

[phosphor112]

lol what. Far more sensitive networks are accessible from open platforms like PC's and are not hacked. If Sony was seriously relying on client side security, which i doubt, then this will serve as nothing more then a cautionary tale.

The point is this wouldn't be an issue if hacking such devices were curbed by legal means.

 

[LiK]

I just got a text message from a friend saying PSN is back up. Can anyone confirm this?

he is wrong.

 

[Seraphis Cain]

Well...it doesn't.

I'm just bored...fucking PSN is down man. Nothin to do

I know man, I know.

Worst part is, with PSN down I don't even want to play any singleplayer games on my PS3. It just feels so...empty.

On the plus side, I guess it's good that I've been able to catch up on some PS2 games since this whole thing started. Still, another week at the most without PSN? Damn.

 

[Rebel Leader]

I just got a text message from a friend saying PSN is back up. Can anyone confirm this?

checking now

EDIT: nope

 

[Vamphuntr]

I just got a text message from a friend saying PSN is back up. Can anyone confirm this?

It's still down here.

 

[bangai-o]

April 20th "We’re aware certain functions (um what?) of PlayStation Network are down. We will report back here as soon as we can with more information.

Thank you for your patience."
April 21st "While we are investigating the cause of the Network outage (the "off" switch had already been flipped on PSN), we wanted to alert you that it may be a full day or two (false) before we’re able to get the service completely back up and running. Thank you very much for your patience while we work to resolve this matter. Please stay tuned to this space for more details, and we’ll update you again as soon as we can."

April 22nd "An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th (but couldn't post about it on the 20th or the 21st). Providing quality entertainment services to our customers and partners is our utmost priority. We are doing all we can to resolve this situation quickly, and we once again thank you for your patience. We will continue to update you promptly as we have additional information to share. "

April 30th, DreamCast had travelled to the future from 2001 to kill the future. Thus preventing the events of ApocalyPS3, in which PS3 was sent back in time to kill Dreamcast of 1999.

 

[CaptainABAB]

Typically, no you don't use a different salt. The problem with using a different salt is you then still need an associative table somewhere with the salts. It is inefficient. Thus most systems use a single salt value for the hash. if you are going to use a second associative table to begin with, you would just use a key system.

As for being able to decrypt passwords being dangerous. Umm... Yeah, I hate to point out that two way encryption is how trillions of dollars are transacted on the web everyday. It's really not that hard to keep a private key secure. Keep it off of the accessible filesystem, minimal user acces, etc. In many ways it's more secure than a one way hash based on a single salt (passwd for example) because something like passwd can still have a dictionary attack rum against it and at that point is only as safe as the weakest password on the system.

Huh?

The point of the salt is to use a different value for each hashed password. For example, the username or a timestamp (user creation, last password modified datetime, etc.) The salt does not need to be secret and it can be stored right next to the hashed password.

Decryption of passwords is more dangerous than decryption of a single banking transaction or a top-secret document.

Decrypting = cracking a safe with money inside
Decrypting a password = cracking a safe filled with the combinations to many safes

 

[FINALBOSS]

Netflix!

Watching Reno 911 right now!

Single-Player!

Ya...true. I've been playing a TON of MK.

 

[jacket320]

Wow, lots of FREAKED out people in this thread. Thanks for the bits of info here and there though.

 

[GillianSeed79]

It's a slippery slope either way, they run a high risk of unnecessarily panicking their customers with a hasty press releases based on an incomplete ongoing analysis and a lack of understanding of the extent of the issue and the exact data that was compromised. I personally, think it was admirable that they did peruse this kind of due diligence, it was thorough, complete and reliable information opposed to something that was reactionary, incomplete, based on assumptions and would've been irresponsible on their behalf if they had of released it 48 hours after this broke out.

I don't know man. If you are a multi-billion dollar corporation you just don't pull the plug on your entire network because you are worried customer info “might” have been compromised in order to spend six days and due dilligence to confirm it was.

 

[Mr. Enigma]

he is wrong.

Thank you. He's been going nuts all week about it being down so he has no reason to troll me. I wonder what made him say that.

 

[btkadams]

I just got a text message from a friend saying PSN is back up. Can anyone confirm this?

https://store.playstation.com/login.gvm
he is wrong.

 

[Aruarian Reflection]

yep, no one remembered the Live blackout or the Gawker security breach already. this too will pass.

On the contrary, lots of people (myself included) have permanently stopped visiting Gawker sites because of the security breach. So, quite a few of us still remember. I won't be using PSN ever again as well.

 

[xbhaskarx]

Well, I feel it sucks on both ends. Sony for whatever reason didnt tighten shit up when they made the ps3 and make sure stuff was cool. But at the same time, there was a ton of pro Geohotz or whatever was goign on with that.

I'm not that familiar with hacking and computer security terminology, are these technical terms?

 

[Rebel Leader]

Thank you. He's been going nuts all week about it being down so he has no reason to troll me. I wonder what made him say that.

He has gone insane. Take him to a doctor quick.

 

[SapientWolf]

It's a slippery slope either way, they run a high risk of unnecessarily panicking their customers with a hasty press releases based on an incomplete ongoing analysis and a lack of understanding of the extent of the issue and the exact data that was compromised. I personally, think it was admirable that they did peruse this kind of due diligence, it was thorough, complete and reliable information opposed to something that was reactionary, incomplete, based on assumptions and would've been irresponsible on their behalf if they had of released it 48 hours after this broke out.

"Thorough", "complete", and "reliable" aren't the adjectives I would use to describe their communications about this incident. The most info they've given is that they suspect they have been owned by hackers but they don't know the full extent. When the communications are pieced together it makes it look like they weren't planning on saying a thing but info was leaking and they didn't want to get caught doing a cover-up.

 

[FINALBOSS]

I know man, I know.

Worst part is, with PSN down I don't even want to play any singleplayer games on my PS3. It just feels so...empty.

On the plus side, I guess it's good that I've been able to catch up on some PS2 games since this whole thing started. Still, another week at the most without PSN? Damn.

Word man, I feel you.

I STILL haven't put in Portal 2. I was waiting for PSN to come back up :/

 

[Mr. Enigma]

My friend said he was able to connect to PSN and was signed in, but got immediately disconnected after about a minute.

 

[Dreamgazer]

On the contrary, lots of people (myself included) have permanently stopped visiting Gawker sites because of the security breach. So, quite a few of us still remember. I won't be using PSN ever again as well.

How do you know most of them didn't drop Gawker for the horrible redesigns?

 

[TheExecutive]

Because everybody stopped using Visa and Mastercard when Heartland's breach resulted in up to 100 million credit card numbers being compromised, right?

Is heartland a brand name I should recognize with something? What service do they provide and depend on directly to the consumer?

 

[Rebel Leader]

My friend said he was able to connect to PSN and was signed in, but got immediately disconnected after about a minute.

Well your friend.. it's gonna have one less friend to troll

 

[Absoludacrous]

You are right I suppose. There's no evidence either way, but with no evidence that they have them I tend to believe they don't.

That's pretty trusting. Personally I would lean on the other side. Maybe not enough to change all my cards, but at least enough to check my records more carefully the next few months.

As someone that deals with PCI compliance, it's a death knell to announce cc's being stolen. So for them to even admit a possibility is enough of an alarm bell for me.

 

[Professor Beef]

Thank you. He's been going nuts all week about it being down so he has no reason to troll me. I wonder what made him say that.

to troll me.

.

 

[MustacheBandit_]

Thank you. He's been going nuts all week about it being down so he has no reason to troll me. I wonder what made him say that.

his phone was likely hacked by the PSN hackers and they are just messing with you.

 

[Neuromancer]

Well...it doesn't.

I'm just bored...fucking PSN is down man. Nothin to do

Masturbation!

 

[FINALBOSS]

On the contrary, lots of people (myself included) have permanently stopped visiting Gawker sites because of the security breach. So, quite a few of us still remember. I won't be using PSN ever again as well.

You've gotta be trolling. Never going to use PSN again?

You never going to use Mastercard again? Or Visa? Or Bank of America?

 

[Trevelyon]

There is very little chance that it actually took a week to figure out how deep the security breach went. There is no fucking way they were unsure until yesterday.

You know that how?

It was investigation by a firm independent of Sony, I have no reason to doubt their findings and how long it took to get an exact and accurate account of what was comprised. I'm not into conspiracy theories, honestly I've heard enough of them to make my head spin, if you think there's some sort of collusion or cover up, well that's like your opinion man, the truth is out there!

 

[ConradCervantes]

I don't know how to think of this. On one hand, no company is ever truly safe from breaches of security. There is no such thing as foolproof in my mind. On the other hand, Sony's lack of updates regarding the situation until now constitutes an egregious violation of their customers' collective trust and support. We all deserved to know this much sooner than we did, and not clarifying the extent of the compromised network is unforgivable.

I honestly do not know what to do. Part of me wants nothing to do with Sony ever again, but another part of me says hey, shit happens.

 

[Vamphuntr]

The store will be hammered hard when it will be back up. Everyone will be clearing their personal info.

 

[TheMissingLink]

I GOT MY EMAIL!

 

[travisbickle]

So this is all due to the keylogger whatever? details were stolen. Was this inevitable after
that?

 

[I NEED SCISSORS]

The whole situation is like if a chef was making a cake, but someone put poison in the cake, and the chef saw this, but didn't tell the customer before they ate it.

 

[Rebel Leader]

I honestly do not know what to do. Part of me wants nothing to do with Sony ever again, but another part of me says hey, shit happens.

I am more leaning to the "Shit happens" side

 

[FINALBOSS]

Masturbation!

That's soooooooooo much work though.

And it's so hot in MA today. It's still quite toasty now.