Support NeoGAF

[Nekofrog]

LOL


Obviously Sony isn't absolved of irresponsibility but it's funny how some people blame the victim (Sony and its customers) and ignore the actual criminals.

What can we do to them? Nothing.

What can we do to Sony? Vote with our dollars and hit them for not having a system capable of withstanding such an attack.

 

[Quasar]

Also thank Sony for the shitty implementation of all the CC info..

Assuming that data got leaked. I certainly hope that is true. That would be another major security failure.

Who actually runs the PSN security team? Is it within SCE or someone further afield?

 

[magicaltrevor]

right. don't hold your breath.

I know, I know... But this guy has been posting for a while now on Engadget and at first I didn't believe him to be a legit SCE representative, but it turns out his info is always accurate.

Check out his other replies as well.

 

[sinnergy]

LOL


Obviously Sony isn't absolved of irresponsibility but it's funny how some people blame the victim (Sony and its customers) and ignore the actual criminals.

So you leave your car unlocked when you park it? And make it a thief extra easy.

Same as Sony did with the CC info, 2 months ago hackers posted all over the net Sony implemented this wrong..

 

[EricHasNoPull]

this thread is getting bizarre with GAFFers slicing at each other's throats.

I suggest making some sandwiches rather than setting your sandwiches down, gentlemen.

Or just watch the latest epicmealtime and come back to this thread.

Ichigo I may have been a little aggressive towards you in the other thread, I apologize, you aight man, you aight...

I feel like this "closure" by Sony has finally calm my nerves down, despite the announcement being about 4 days late and tipping more on the "worst" case scenario side of the scale than the "best".


I swear the last 25 posts

-It's Sony's fault
-No, it's the Hackers fault
-It's Sony's fault
-No, it's the Hackers fault
-It's Sony's fault
-No, it's the Hackers fault
-It's Sony's fault
-No, it's the Hackers fault
-It's Sony's fault
-No, it's the Hackers fault
-It's Sony's fault
-No, it's the Hackers fault

did you guy's just wake up now and see this thread or something?

 

[Jinfash]

Same here. This shit's ridiculous...

I have nothing to say, I just want to post right after you.

Edit: Oh, thanks a lot guys for breaking the combo.

 

[The Shadow]

So you leave your car unlocked when you park it? And make it a thief extra easy.

Same as Sony did with the CC info, 2 months ago hackers posted all over the net Sony implemented this wrong..

Did you not see where I said Sony isn't absolved of responsibility? Do you know what absolved means?

Genuinely curious here.

 

[Canova]

Sony must compensate consumers over this debacle!

GIVE ME MORE EXCLUSIVE GAMES GODAMMNIT!!!! I know they have a lot, but I want more!

 

[HYDE]

Did you not see where I said Sony isn't absolved of responsibility? Do you know what absolved means?

Genuinely curious here.

I am just curious to find out what absolved means, when you tell the frog.

^^^^^And yes to what Canova says. Oh, and ICO/SOTC collection now please.

 

[Nekofrog]

Did you not see where I said Sony isn't absolved of responsibility? Do you know what absolved means?

Genuinely curious here.

You did that while implying that we should be doing/saying something about the hackers.

Yeah, we get it. They suck. They did it. Now let's focus on actually PREVENTING this from happening again by putting in the spotlight how it was allowed to happen in the first place (ie, Sony's shit security). We can't do anything about the hackers.

 

[KenOD]

I think I preferred the old thread, Kratos and tic-tac-toe are much more fun then the blame game.

 

[lupinko]

Probably will look to using PSN cards more often now. Sigh.

 

[Shearie]

Since the beginning, whenever I bought anything off of PSN or Apple's App Store for that matter, I always delete my debit card info right after I bought whatever I bought as a precaution. So should I be in the clear of any potential debit card debauchery in this case?

 

[jax (old)]

I swear the last 25 posts

-It's Sony's fault
-No, it's the Hackers fault
-It's Sony's fault
-No, it's the Hackers fault
-It's Sony's fault
-No, it's the Hackers fault
-It's Sony's fault
-No, it's the Hackers fault
-It's Sony's fault
-No, it's the Hackers fault
-It's Sony's fault
-No, it's the Hackers fault

+1

I agree. Stop it. If there's nothing to add. don't

Cancel your credit cards. Or Not.


I'm waiting for PSN to come back so I can maybe get some freebies + download Dino Crisis2.

 

[darkwing]

You did that while implying that we should be doing/saying something about the hackers.

Yeah, we get it. They suck. They did it. Now let's focus on actually PREVENTING this from happening again by putting in the spotlight how it was allowed to happen in the first place (ie, Sony's shit security). We can't do anything about the hackers.

the FBI could convict them

http://wikibon.org/blog/the-11-largest-data-breaches-in-recent-history/

Last August, Albert “Segvec” Gonzalez was indicted by a federal grand jury in New Jersey — along with two unnamed Russian conspirators — on charges of hacking into Heartland Payment Systems.

 

[carlos]

a bit off topic, but I just got the email from sony and it mentions that there are 267,000 users in Puerto Rico that could be affected.
Never knew of sales data here, so while not actual ps3's, it could be used in some sales-age thread if someone was curious

 

[Magic Mushroom]

What can we do to them? Nothing.

What can we do to Sony? Vote with our dollars and hit them for not having a system capable of withstanding such an attack.

Like what? Not buying any games anymore and hurting hard working developers in the process, developers who aren't responsible for this either?

 

[MarkMclovin]

What a load of fucking hassle. So now I need to cancel my debit card that I use pretty much every day and I can't cancel it yet as I need to use it.

Jesus Christ.

 

[Mailenstein]

You remember GeoHot's latest blog? You don't?

Well, his last sentence was:

Hell, maybe you even pissed off your engineering employees enough to leave some nice backdoors?

lol, if true.

 

[kamorra]

I was actually talking about your sleep, not mine, I am fine with the $55, weather I get it back or not .. I am more concerned about my personal info being spread all over the world.

Speaking of you catching any sleep, just curious do any of these recent events effect you in any way? Or you're only here pulling overtime to cheerlead your vague cause?

Ok, look. Think what you want about me. I tried to give serious answers and you are just a dick. I'm sure that you nice guy outside GAF and there are probably many people here who love how passive aggressive you can be. Just carry on but please add me to your ignore list, it will save you a lot of trouble from vague idiots like me.

 

[Version 3.0]

Like what? Not buying any games anymore and hurting hard working developers in the process, developers who aren't responsible for this either?

Considering the amount of PSN content that's also available elsewhere, buy it elsewhere.

 

[darkwing]

Like what? Not buying any games anymore and hurting hard working developers in the process, developers who aren't responsible for this either?

collateral damage?

 

[sangreal]

the FBI could convict them

http://wikibon.org/blog/the-11-largest-data-breaches-in-recent-history/

It's probably easier to catch someone when they are working for you

http://www.wired.com/threatlevel/2010/03/gonzalez-salary/

 

[Hero of Canton]

Sorry if it's already been posted, but I think this image just about sums the situation up:

 

[SpokkX]

I have never registred my real credit card on psn..

Really because psn just seems like a tacked on experience and it imo felt insecure from the beginning.

On live I feel way more secure and actually use my credit card.

The worst part about this is that sony actually leaked PASSWORDS also? How in the hell were these not encrypted to begin with?!

I will use my ps3 for one thing this year: Uncharted 3. But thats it now

 

[phosphor112]

I like the blame game. If Fail or Geo never fucked with this shit, we wouldn't be here, and that's a fact. Sony took the necessary steps to secure their products and services as much as they can, but only got criticism for being "anti-consumer." Yes, look whos anti consumer now.

 

[darkwing]

I have never registred my real credit card on psn..

Really because psn just seems like a tacked on experience and it imo felt insecure from the beginning.

On live I feel way more secure and actually use my credit card.

The worst part about this is that sony actually leaked PASSWORDS also? How in the hell were these not encrypted to begin with?!

I will use my ps3 for one thing this year: Uncharted 3. But thats it now

where did you get the info it was not encrypted?

 

[Dead Man]

I just made two sandwiches:

Irish soda bread, Dubliner cheddar cheese, thin slices of ham, mixed salad leaves and nice heapings of Irish butter and mayonnaise.

Suck it Sony..

Damn that sounds good...

 

[sangreal]

I like the blame game. If Fail or Geo never fucked with this shit, we wouldn't be here, and that's a fact. Sony took the necessary steps to secure their products and services as much as they can, but only got criticism for being "anti-consumer." Yes, look whos anti consumer now.

Where are you getting the "fact" that this hack was carried out with a PS3, modified or otherwise? Or that modded PS3s facilitated or contributed to the attack.

 

[kamorra]

I just got a email from Sony Computer Entertainment Hong Kong. Old right?

Valued PlayStation®Network Customer:

We have discovered that between April 17 and April 19, 2011, certain PlayStation®Network user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

Temporarily turned off PlayStation®Network services;
Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation®Network password and login, and PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation®Network password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation®Network, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony Computer Entertainment will not contact you in any way, including by email, asking for your credit card number, identity number or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony Computer Entertainment is not the entity asking. When the PlayStation®Network services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation®Network user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony Computer Entertainment takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 2341 2356 (HONG KONG) OR 021 2994 8800 (INDONESIA) OR 1 800 81 4963 (MALAYSIA) OR 800 8523 663 (SINGAPORE) OR 0809 079 888 (TAIWAN) OR 0 2715 6100 (THAILAND). should you have any additional questions.


Sincerely,
Sony Computer Entertainment Hong Kong Limited

 

[BatmanX]

I don't know how much this "problem" is related with the firmware's hacking opened by geohotz but if its really connected maybe sony has closed the settlement a little too early with that guy

 

[HYDE]

I have never registred my real credit card on psn..

Really because psn just seems like a tacked on experience and it imo felt insecure from the beginning.

On live I feel way more secure and actually use my credit card.

The worst part about this is that sony actually leaked PASSWORDS also? How in the hell were these not encrypted to begin with?!

I will use my ps3 for one thing this year: Uncharted 3. But thats it now

since uncharted is the only thing ps3 is worth it for right? you forgot to add knock on wood dude, same thing could happen to live.

 

[jax (old)]

I have never registred my real credit card on psn..

Really because psn just seems like a tacked on experience and it imo felt insecure from the beginning.

On live I feel way more secure and actually use my credit card.

The worst part about this is that sony actually leaked PASSWORDS also? How in the hell were these not encrypted to begin with?!

I will use my ps3 for one thing this year: Uncharted 3. But thats it now

apparently you can tell from the GUI that psn is a tacked on experience and insecure from the beginning. kudos.

ridiculous

 

[phosphor112]

Where are you getting the "fact" that this hack was carried out with a PS3, modified or otherwise? Or that modded PS3s facilitated or contributed to the attack.

So, you're implying someone hacked PSN over an HTTPS on a PC of some sorts? OR it involves modifying the console that NORMALLY provides ample security clientside, and modify it to bypass things server side as well.

If you think this was done without the PS3, you are clearly delusional.

 

[Monty Mole]

I like the blame game. If Fail or Geo never fucked with this shit, we wouldn't be here, and that's a fact. Sony took the necessary steps to secure their products and services as much as they can, but only got criticism for being "anti-consumer." Yes, look whos anti consumer now.

There are people trying to hack the databases of all types of services that store personal information and credit card details all the time. The fact that it was PSN has nothing to do with gaming, and also has nothing more to do with the recent Hotz debacle than just a coincidence of timing. It's all down to insecurity. You really think hackers haven't already tried to do the same with services like iTunes/Xbox Live/Steam/eBay/Amazon/Netflix etc? There's a goldmine of credit and personal information on any service, this stolen data can then be sold on in chunks for money.

This attack wasn't someone trying to shut PSN down. It was someone trying (and succeeding) to steal data. It was Sony who shut PSN down in response.

 

[Shearie]

I have never registred my real credit card on psn..

Really because psn just seems like a tacked on experience and it imo felt insecure from the beginning.

On live I feel way more secure and actually use my credit card.

The worst part about this is that sony actually leaked PASSWORDS also? How in the hell were these not encrypted to begin with?!

I will use my ps3 for one thing this year: Uncharted 3. But thats it now

Oh, so since day 1 your Jedi senses informed you that Sony's network was insecure? Could you feel the network insecurity surging from the Dual Shock 3?

 

[Speevy]

On live I feel way more secure and actually use my credit card.

Let's have a race once PSN comes back.

I'll give you my login information to my PSN account, and you let me recover your gamertag.

We'll see who can stop the other from buying games.

 

[darkwing]

So, you're implying someone hacked PSN over an HTTPS on a PC of some sorts? OR it involves modifying the console that NORMALLY provides ample security clientside, and modify it to bypass things server side as well.

If you think this was done without the PS3, you are clearly delusional.

biggest mistake in relying heavily on client-side security, when cfw were able to login into PSN they should have rebuilt the PSN even if it took weeks

 

[HYDE]

Oh, so since day 1 your Jedi senses informed you that Sony's network was insecure? Could you feel the network insecurity surging from the Dual Shock 3?

the vibration is strong young skywalker. lol, that sounds terrible, after having said it.

@Speevy: I wuv u.

 

[Raistlin]

Can someone explain why they feel the need to change email passwords?

 

[darkwing]

Can someone explain why they feel the need to change email passwords?

probably because their email password is the same with their PSN one

 

[neorej]

Can someone explain why they feel the need to change email passwords?

People use the same e-mail/password-combo for their PSN as their email.

 

[DoctorButt]

bring porn to the psn store

its the only way sony

 

[HYDE]

People use the same e-mail/password-combo for their PSN as their email.

that's crazy n' lazy all at the same time, while being kinda stupid too.

 

[phosphor112]

I don't know how much this "problem" is related with the firmware's hacking opened by geohotz but if its really connected maybe sony has closed the settlement a little too early with that guy

Honestly, they did. It would be a winning case for Sony and for anyone else that wants to protect their console against hackers.

There are people trying to hack the databases of all types of services that store personal information and credit card details all the time. The fact that it was PSN has nothing to do with gaming, and also has nothing more to do with the recent Hotz debacle than just a coincidence of timing.

This attack wasn't someone trying to shut PSN down. It was someone trying (and succeeding) to steal data. It was Sony who shut PSN down in response.

...Yeah? And? Do you realize how many security issues releasing the metldr keys has created?

F*ckPSN, SSL spoofers, ID spoofers, the list goes on.

 

[Dreams-Visions]

that's crazy n' lazy all at the same time, while being kinda stupid too.

people probably felt their password was very secure. didn't expect it to be stolen from the other side.

 

[neorej]

people probably felt their password was very secure. didn't expect it to be stolen from the other side.

Never use a password twice, as a general rule of thumb.

 

[Absoludacrous]

Let's have a race once PSN comes back.

I'll give you my login information to my PSN account, and you let me recover your gamertag.

We'll see who can stop the other from buying games.

Won't he have a head start though since he'll already have your login information?

 

[darkwing]

Honestly, they did. It would be a winning case for Sony and for anyone else that wants to protect their console against hackers.


...Yeah? And? Do you realize how many security issues releasing the metldr keys has created?

F*ckPSN, SSL spoofers, ID spoofers, the list goes on.

Sony should have rebuilt the PSN when these happened, instead they waited, now look what happened tsk tsk can this be brought up as evidence in a class action lawsuit?

 

[HYDE]

people probably felt their password was very secure. didn't expect it to be stolen from the other side.

no, i mean mirroring id/p at multiple places. i am not ridiculing anyone who is or might get victimized. i am merely stating it's nuts to mirror id/p at all. if it is found someone would have a hay day with your information/funds.

edit: basically what neorej said.