Slashdot Mirror
Sony Rebuilding PlayStation Network Security After Attack
alphadogg writes "The outage of Sony's PlayStation Network and Qriocity service, now in its fourth day, looks set to continue after the company said on Sunday that it is 'rebuilding' its system to better guard against attacks. Sony said on Saturday that the outage was caused by an 'external intrusion' into the network, but has yet to detail the problem. The PlayStation Network is used for PlayStation 3 online gaming and sales of software to consoles and the PlayStation Portable. The Qriocity service runs on the same network infrastructure and provides audio and video to Sony consumer electronics products."
Someone insert a Sony music CD into a computer there?
You say to the public that anonymous increased Sony sales.
Fuck Geohot, fuck failoverflow and fuck the assholes who released rebug. Had Sony sent a couple a guys armed with Barrett M82s to Geohot's house back then we would not have these problems now. Fucking assholes, I hope all of you get shot in the head with a sniper rifle!
Is any of this the result of Sony's PSN being a free service? Could something like this happen just as easily on Xbox Live, or would it be more difficult since they charge for the service and are therefore able to put more money into it?
How bad does the security have to initially be for it to be better to take the whole thing down and start over?
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
no backups.
"National Security is the chief cause of national insecurity." - Celine's First Law
Are you seriously suggesting that Sony deosn't have enough resources to develop a decent service that is critical to their business?
This is almost surely a result of either:
I really doubt it's a money issue.
...it's not hackers, unless the hackers are the ones who crashed the Amazon network which Sony uses. So, really. The one we should be getting mad at is Amazon and their bullshit about how cloud computing is flawless. I'm a little surprised Sony didn't do what Netflix did and drop their services across three different Amazon zones.
Were these attacks related to 'anonymous' attacks early this month over sony suing a guy for hacking his ps3?
In Soviet Russia ... customers cripple Sony's hardware!
It's GLaDOS I tell you!
For those of you that use your PS3 mainly for streaming Netflix (like me), just keep hitting login after you've gone to the red 'Netflix' screen. It will try to login and fail about 3 to 5 times in a row. Then you will be able to access your Netflix account like normal.
Look where all this talking got us, baby.
I wonder if, once the network is back up and running, they'll ever get around to reviewing the mistakes in their Terms of Service
http://slashdot.org/submission/1535196/Why-doesnt-SONY-like-Canadians
Sony has a bunch of pretty big games coming out right now. One of the biggest happens to be Portal 2, which when purchased for PS3 gives you a code so that you can register it via Steam on your PS3 and then use Steamworks to then register a free PC copy on your PC via Steam . Portal 2 saves to the cloud, so you can play Portal 2 co-op with people across all platforms (ie, PS3 players can play against a Mac player or PC player). Then you have all the Amazon EC2 stuff going on which some rumors claim is used by Sony for portions of PSN.
I have no idea whether that is true or not, but if I were a large corporation that just settled an issue with a guy making homebrew jailbreaks for my product and a few days later I made a massive alteration to my gaming network service by infusing a whole new service (Steamworks) that has 25,000,000 players on it during one of the biggest game launches of the year (Portal) and that merges PC, Mac, and PS3 users together so they can not only have a copy for one platform and own it for the others, but play with the users on those other platforms in real time and somehow this new thing went a little haywire as new rollouts often do and took down my entire network for five or six days . . . I might just use the opportunity to save face over "we done fucked up" and blame a bunch of anonymous crackers for everything, to buy us time and win some purchase in the hearts of the public who is impacted by this and has some rage to direct wherever they're told it belongs.
The thing is that Sony has very little credibility, so when they say that it's intrusion that caused problems I immediately think that they are being untruthful. Remember the rootkit? They said it didn't exist. Remember Geohot? They claimed that he'd agreed to their terms of service, but couldn't substantiate, despite a huge fishing exercise. Remember RIAA, digital copies destroy music? Sony is part of RIAA; 45 Sony names in their member list.
Once this was a brilliant company. Now I see a company in death convulsions, blaming everyone else for their internal problems.
I'll take claims of hacking with a large tub of salt until they prove it.
is getting what they deserve here.
Bet you'll think twice about pissing off the whole world again, won't you, faggots?
A parting shot from an ousted president in his last days perhaps.
I work in IT and I would not want to be in the team(s) responsible to fix this mess.
This is truly a disaster, the worst case scenario you dread when responsible for a large network/system.
Usually a 99% uptime is what the company strive for.
Seems like they are in deep trouble if after 4 days it is not back up, I've had to deal with severe outages before (8 hours or so) and the pressure to get things running was enormous. (with 200k users)
It is a MASSIVE failure for whoever is in charge of this system.
Heads will roll.
"...company said on Sunday that it is 'rebuilding' its system to better guard against attacks"
We mean it. Really, this one goes to eleven for security.
When did Sony become Microsoft?
Even at $99 per year, App Hub is already good PR for Microsoft, compared to Nintendo which flatly rejects all home-based businesses and Sony whose developer relations web site isn't even responding. Likewise, the iPhone Developer Program at $99 per year was good PR compared to what came before it, namely the headaches of BREW.
It's too bad they couldn't have done it proactively while the system was online instead of after the fact.
http://lkml.org/lkml/2005/8/20/95
I wonder if the system that was compromised contained the credit card data they have stored for the PSN accounts.
Source http://psgroove.com/showthread.php?3088-PSN-Suspended-Being-Completely-Overhauled&p=36277&viewfull=1#post36277
....
""Sony got hacked but what happened was the hacker left them a dirty little surprise that wasn't caught until well after he was force disconnected. Most companies assume that when they shut out the hacker the attack is over and they patch the hole he used to get in. In this case him leaving something behind wasn't caught and by the time its users started reporting being kicked out his dump had started executing and forcing psn networks to stall out. Not only did this hacker steal information but he left something behind that started erasing and duplicating internally on the servers (hence the reports from users claiming that games were acting out right before the service went down entirely). Chances are by the time sony got to it the damage was too great and therefore they had two options 1. Negate all achievements, purchases, etc and deal with the nightmare of it. 2. Export the db tables for each user and rebuild it's network all over again. Keep in mind Sony just hired almost a dozen i.p. specialist and almost just as many security experts after firing a few over the jailbreak psn masking happened. If they can get psn back up in as little as 7 days it'll be a miracle and chances are you will have lost all of your activity for up to 5 days prior to the initial attack".
"
This sounds a bit more plausible then any other theory about PSN's outage including AnonOP's attacking Sony.
Personally I am happy to see Sony get raped like it rapes it's customers.
BTW: all of you PSN junkies going through forced detox, you have a few options. Get online with a Wii or Xbox or
Try this old game called LIFE , it is a hell of a game, comes with a life subscription , completely interactive and has over 6 billion players. No respawn , no cheats unless it is with a partner that isn't your Sig Other. It has no down time unless you end the game. According to myth , the developer hacked it out in 6 days.
I would rate it 6 stars out of 5.
We cannot solve problems with the same thinking that got us there - A Einstein(paraphrased)
Hate to say it, but the AppleTV is looking pretty good right now.
Also the iPad2 which can handle Netflix video just fine and mirror to a TV.
Or of course there is the Roku box solution too.
Tying the ability for Netflix to function to the ability of PSN to function is madness. I liked the PS3 for Netflix playback but there's no way I'm relying on it going forward.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Dude, and when we want adult games or other things taken seriously, here are slashdotters saying, majority of gamers are in their mid 20s to 30s, not children.
Make up your mind.
Simple demographic facts are, that there are more people between the age of 18 to 35, than people between 8-18.
18-35ers can afford games.
Childrens parents play games too.
And please mr know it all, cite your facts that gamers are majorly children, this isnt 1982 tron days dude. Go back to your boring ass SQL server job that requires Mr Bean attire.
Liberty freedom are no1, not dicks in suits.
So this is making me wonder... Sony claims that some "hacker group" called Anonymous, breached their security, hence the outage. Yet Anonymous, who has both made a claim to attack Sony AND has claimed their past attacks, is not claiming responsibility?
Any chance that someone over at Sony broke something and PR wants to blame it on a "hacker group"?
"Be polite, be professional, but have a plan to kill everybody you meet." General James Mattis
Sony is such a wonderful company, I'm sure they will be happy to give me a partial refund for not being able to use the GT5 online features this month. They were so nice when they told me they would automatically remove the other OS software for me, I didn't have to do a thing. Just agree to let them do it. If I didn't agree, I was no longer able to use the PS3 for any network games as promised, but I give them that one- they knew it was for my own good. They were also really looking out for me and even put software on music CD's and DVD's (the last place you would expect to find executable code) and it would install all by itself and I didn't even have to worry about all the windows setup junk. To top it off, they even scanned my hard drive to let me know if anyone had put shared music on it! all for free! they never charged me a thing for doing any of this! What a nice company. Obama even went and had his recent fund raiser at Sony. They must be great! No politician would ever be dirty!
"Computers are a lot like Air Conditioners" "They both work great until you start opening Windows"
The identity of the hackers are secrets. The zero day exploits of the hackers is secret. The tactics of the hackers are varied and in many cases also secret. But When you work as an employee for a company everything is transparent to the adversary.
The adversary knows what kind of firewall you use, what OS you use, what software you use, who you hired to protect the network, what their capabilities are or aren't, but they also know as a corporation you are limited to the profit motive.
So shutting down the network isn't the worst. The worst is creating as much or as great a loss in money as possible. Deleting information isn't as bad as copying intellectual property, source code, or something like this.
And like I said before it's probably Sony blaming it on Anonymous, that doesn't mean it actually is Anonymous.
Sony is trying to turn gamers against anonymous and at the same time trying to hype the situation up to get law enforcement to put more resources on it.
However, if your primary objective is control, rather than failure tolerance, reducing the number of things that your device is good for when severed from the mothership is entirely sensible
The problem with that thought is, there are two motherships.
Every other device on the planet (that I know of), talks to the Netflix mothership.
Only the PS3 software (that I'm aware of), introduces another player in that chain. The PS3 Netflix app responds to not one, but two motherships - Netflix and the PSN.
That's the problem. What you say about control makes sense but every other player already does that, without an issue. Only when you start having too many motherships, do you have an issue. Even from a pure control perspective the PS3 netflix player is not "doing it right".
Hopefully it's just badly written on the part of Netflix and they can re-work it to be more fault tolerant of PSN going down - it seems like that would be possible since it kind of works already for some people.
But until it's clear those strings are cut I cannot trust it as a primary Netflix player and will move away from it.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Never forgets.
Never forgives.
I feel a enormeous curiosity about what the problem is. Is something mundane?, like a cascade error, or really a intrusion?. I feel I would love to read a novel or a article about the issue here :D
Sony has ben fighting the esence of hacking on latelly. The problem with GeoHot and the hackers is political. The hackers think that can open the hardware that own, and toy with it, and spread any information that learn from the machine. Sony want to use the system to stop these people from doing so, and seems very efficient in bending the rules of the system to do absolutelly evil things, like reveal the private information to everyone that has mantained relations with GeoHot accounts. Even if the current downtime has nothing to do with hacking, theres a lot of bad karma around. What goes around comes around.
I think that if you learn why the ENTER key of your keyboard is broken, you can tell others. Sony is just tryiing to fight common sense here. If where a car, no one would even take then seriusly, but computers are black box for a lot of people.
-Woof woof woof!
So that is IBM/HP/Red Hat exactly? I know how I find security of mind. It is when my accountant chokes on the bill and gasps while clutching his heart, "there isn't enough money in the world to pay this hourly rate". Then I know I went right and got an IBM guy in to do the job.
Seriously, how do you expect me to sleep well at night with some MSCE guy charging minimum wage? Dammit, your bill got to bleed the company dry. That is a sign of quality.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Sony you can't stop the hacking anymore. When you had the same problem awhile ago! And now you claim your rebuilding your Infrastucture?
The outage of Sony's PlayStation Network and Qriocity service, now in its day 5, looks set to continue after the company said on Sunday that it is 'rebuilding' its system to better guard against attacks. Sony said on Saturday that the outage was caused by an 'external intrusion' into the network, but has yet to detail the problem. The PlayStation Network is used for PlayStation 3 online gaming and sales of software to consoles and the PlayStation Portable. The Qriocity service runs on the same network infrastructure and provides audio and video to Sony consumer electronics products." Yeah crappy products if you ask me! And an outdated Infrastucture! SCEA needs to starting changing by charging to play online! This would definitely ease the Dentions on the online play when players are playing the shoot em up games Call of Duty Especially COD and any online play game! Sony there is no hacking & cheating on XBL not that I have seen any as of yet Thank you Microsoft!
I actually find it hard to believe that this is an intrusion. I think that they were working on the upgrade to the new "PSN": http://kotaku.com/#!5785451/yes-your-playstation-network-account-is-changing-hands-sort-of. They screwed something up, lost their database, and didn't have proper backups. They are probably trying to rebuild the database and in the meantime use a convenient scapegoat to blame the outage on so they don't look quite as bad. In fact, all of the recent problems have been since this announced change of account management for PSN.
Oh wait, Ohh no, not Hiren's Boot CD! my god they are destroying all our firmware and this time they installing BSD! Fuck we cannot hack BSD with our own firmware. Who gave them that idea? whats more they are now changing hosts files and a running a Syn attack script each time we try to do an update!!!!
*Head Explodes*
You can thank team REBUG and their POS CFW for that.
Sony brought down the PSN. They said they did. They did it so they could audit access because a remote intrusion was detected. The remote intrusion did not cause the outage, Sony did.
PS3 went in the trash on Saturday. It was the only hold big media still had on me so I'm glad to see it go.
I just needed a little help kicking the habit. I cancelled my cable about 4 years ago and this was the last hold-out of mind-numbing corporate entertainment.
I'm finally free! Thanks anonymous!
...that's what I'm doing with my home entertainment setup, now that my PS3 doesn't work anymore.
Seriously, Sony...just give it up. Open up your system and get to work on the PS4.
...probably did it because "Sony" has become synonymous with "douche bag"
...is the fact that I can't transfer a game I had bought right before the shutdown to my PSP, because I'm not signed into the account that bought it.
I really wish they would at least put out a dummy sign in of some sort so I could have some control over the content I paid for |:
What do I know, I'm just an idiot, right?
O_o uhhhhh, yeah.
I don't know if this is the elephant in the room or not, but I find it VERY odd that Sony is so quiet about this. Also, no media seems to be picking up on what to me, is the elephant in the room. The outage occurred just after the launch of Portal 2 on the PS3...clearly GLaDOS has something to do with this.
Seriously though, Portal 2 launch = PS3 steamworks integration.
Could this just be some poorly developed integration that left a gaping hole open to hackers?
Well at least they are going to rebuild PSN security. Like that is going to change anything! Hackers are always going to be one step ahead unless you find a better one to work for you.
Splitreason Clothing | Gear for geeks and gamers.