Slashdot Mirror
PSN Outage Continues, Console Hack Claimed To Be Responsible
Over the weekend, we discussed news that the PlayStation Network had been down for days, with Sony saying little other than that it was caused by an "external intrusion" and that they were "rebuilding their network." Many of you have written to point out that the outage continues, with Sony saying they "don't have an update or timeframe to share at this point." One theory about the cause behind the network's downtime was recently espoused on Reddit by 'chesh,' a moderator at PlayStation-modding enthusiast site PSX-Scene.com. According to him, recently released custom firmware called Rebug allowed people to essentially turn their PS3s into dev consoles, though some features were missing. A different group supposedly used this firmware to get on PSN through the developer networks, and also found that fake credit card numbers were not being validated for game purchases, leading to what chesh called "extreme piracy." He acknowledges that this theory is speculation. Sony's handling of this outage is starting to draw attention from the government. Update: 04/26 20:47 GMT by S : Sony just posted more details, saying that a massive data breach occurred: An "unauthorized person" has PSN users' "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID." Billing address, password questions, and credit card info may also have been taken.
I've got a friend who is a PS3 fanatic, and hates all things Nintendo and MS as a consequence (never understood the partisanship myself, and I've owned all three consoles at one time or another and they all have their respective merits). A couple of weeks ago when he found out I was buying Portal 2 for the Xbox (I sold my PS3 a while back), I was treated to a rant about how superior the PS3 version was because it allows cooperative play between PSN and Steam PC users (a nice feature, for sure). I thought I was going to have to give him a sedative to get him to shut up about how stupid I was to even consider the Xbox version, how great PSN is, how much Xbox Live sucks, etc., etc.
I'm tempted to rub this in his face, but it would probably only make him worse.
SJW: Someone who has run out of real oppression, and has to fake it.
I understand that the slashdot community might be anxious to see the PSN come back up, but do we seriously have to start publishing nothing more substantial than speculation?
Also, I've met Dick Blumenthal. He's a very nice man. However, he is, by no means, "the government", nor does a single letter from a freshman senator constitute "attention from the government".
My postings are informational and does not constitute legal advice. Act on it at your risk.
why is the PSN outage any of the (US?) government's business?
It would be nice to be able to activate the PC version included with my PS3 copy of Portal 2. You're in a somewhat unique position to improve matters, given that you were planning to make the PC version available to us anyway.
Insert self-referential sig here.
One theory about the cause behind the network's downtime was recently espoused on Reddit by 'chesh,' a moderator at PlayStation-modding enthusiast site PSX-Scene.com. According to him, ... [snip]
He acknowledges that this theory is speculation.
Slashdot should to change its moniker to "Jerry Springer for Nerds". All that's missing is a video feed of some grimy sweat pants wearing nerds furiously typing away virtual beatdowns over who got who's virtual girlfriend knocked up.
This whole "new media" thing is unconvincing.
You seriously believe that Sony would disable all access to it's multiplayer games, movie sharing etc, because someone's temporarily able to use one of their devices as a dev console? I think that overblows Sony's interest in homebrew.
Oh yes..
Because people who paid for services that they aren't getting is not important at all. Especially after that same company advertised Linux running on their PS3 and then on a whim changed their minds and screwed plenty of people over...
Not to mention Apple's careless tracking of the users' every move...
Nope, not important at all... Let's just let these companies do whatever they want. /sarcasm.
Yeah, um. Senator Blumenthal *was* going to be playing Portal 2 in coop mode with his state's senior Senator, but they can't do that while the PSN is down. Therefore the letter. Duh.
RTFA, etc.
I mean, I assume that's what it says. Not that I'd read it.
At least Amazon were up front about the failure and remedy for its service... Sony should be learning that lesson - fast! http://www.cmswire.com/cms/enterprise-20/the-aftermath-amazon-ec2-sony-playstation-network-recover-from-cloud-crashes-010954.php
If he's the Walrus then can I be a penguin please?
Nope. Everyone else already paid up their campaign contributions and lobbying fees.
"We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
"
http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
Things are not looking good... http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
If the rumor is indeed true that a custom firmware has been used to get some people free stuff, take note how Sony has handled the situation -- A small, small portion of people (the few that run custom firmware, and the fewer that run this particular custom firmware) are getting a few free (virtual) goods, and they shut down the entire network, screwing 100% of their customers.
What if banks operated this way? They find a ring of fraudsters using bank accounts to commit fraud, and the bank responds by freezing everyone's accounts for weeks? It would be totally unacceptable.
When you find a small group of fraudsters, you take targeted action against them alone, even if it means you hemorrhage a little money compared to the more totalitarian approach. Its part of the cost of doing business. In the retail world they call it "spillage" -- the fact that some of your goods might get damaged beyond saleability or that a few things will go missing from the floor (or the stock room) is unavoidable -- you simply do your best to detect and take action against those responsible, but you don't go around treating every other customer as a criminal.
Of course, that assumes the rumored reason is the cause of this action -- I suspect its either speculation or a (possibly intentionally-leaked) cover story for other measures taken in response to the Anonymous attack and whatever information they got out of GeoHot in the settlement. I anticipate a new official firmware will be required after the network comes back up and it will be necessary to access the "new" PSN, and possibly even already-owned downloadable content. This long of a downtime indicates pretty drastic changes behind the scenes, methinks.
Recent post on their blog (http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/) explains the following:
"... we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."
Obligatory...
I can see Sony's response already "These data breaches were caused by unauthorized tampering of proprietary hardware by criminal hackers in violation of federal DMCA laws and has caused considerable and irreparable damage and losses to our networks as well as preventing our users from fully enjoying their console experience in a lawful manner."
aren't there other goddamned things they should be working on?
As a member of the Subcommittee on Privacy, Technology and the Law, this is exactly what Richard Blumenthal should, and is doing.
"The main thing Sony will be doing now is taking the original server code and rebuilding it using new login keys for their admin side," he said. He also claimed that Sony "will probably take the chance to change the developers root key that was recently leaked, which tells PSN that a particular piece of software is licensed and allowed to use the PlayStation Network."
http://www.gamepro.com/article/news/219040/psn-may-be-back-by-wednesday-expert-claims/
Belief is the currency of delusion.
Senators and Representatives going after Apple, now Sony, aren't there other goddamned things they should be working on?
There are, and they are. A government, being composed of many, many individuals, is capable of working on many, many things at the same time. Thus, an argument along the lines of "isn't there something else they should be working on" is always utterly moronic...
"Convictions are more dangerous enemies of truth than lies."
To tell the truth, I do not believe a think Sony says. Sony credibility has fallen to zero, or negative even. So if Sony says their system was brought to its knees by a "console hack" I naturally tend to assume that the real cause was an inside job. And then I go on to speculate about what kind of employee abuse goes on inside Sony that might trigger such a thing, not that I condone it.
Have you got your LWN subscription yet?
I'm not running for an office because it's an off year and because my Senators and Representatives are doing a good job and not getting wrapped up in political grandstanding on this issue, but as a voter I have every right to complain about other politicians.
And no, really there's nothing else I need to be working on right now, thanks for asking.
I'd written a blog post speculating about a worst-case scenario involving attackers using the leaked firmware signing keys to push a malicious firmware update from Sony's compromised backend servers. Personally, I've disconnected my PS3 from the network until the all-clear sounds from Sony.
Or we are seeing what happens when a company become so arrogant that they don't bother actually locking down this info despite the fact that it would be inevitable that someone would come along and find a backdoor.
Seriously, a 'hacked PS3' being able to do this is pretty much the definition of "Security Design Failure".
Senators and Representatives going after Apple, now Sony, aren't there other goddamned things they should be working on?
Than writing a letter? We're not talking about a $5 million investigation.
Bought the two big titles that came out a week ago. Can't play Mortal Kombat on my PS3 because PSN is down. Can't play Portal 2 on my Xbox360 because it red ringed on me. Isn't the latest technology grand?
Spend hundreds of dollars at least to get a gaming PC, ignore the sunken cost of their PS3s, all to play portal 2 a few days sooner?
I've said it before and I'll say it again: PC fanboys really are the worst.
Disclaimer: I am a PC gamer, and do not have a PS3.
Sony announced today basically all personal info has been comprised by the hacker(s): http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
Hearings cost time and money.
Remember that Congress didn't get a final budget for 2010-11 done until a few days ago, when it should have been done by October 1 2010.
So sure, they can monkey around getting sidetracked because they've proven to be such great managers of time and schedules.
Lets look at two problems with a Japanese company. PSN down and TEPCO's reactor. Both had similar reactions.
Silence, followed by small admissions, followed by admissions its much worse that it appears, followed by more silence, followed by admissions that some members of the public may have been harmed, repeat. No timetables, no estimates.
Is this possibly a Japanese cultural thing?
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Story at Ars: http://arstechnica.com/gaming/news/2011/04/sony-admits-utter-psn-failure-your-personal-data-has-been-stolen.ars
If Sony had never removed "other OS" feature, they would never have encountered the focused rage of the entire enthusiast community.
Now, it's possible that the Playstation Network, and possibly the entire PS3 platform, is finished.
You reap what you sow, Sony....
If telephones are outlawed, then only outlaws will have telephones.
This is another example of the evil's of DRM. A friend of mine bought Bionic Commando Rearmed 2, an offline game that requires online verification every time you start it, from the playstation network awhile ago. Well guess what, that offline game hasn't worked for a week now.
Gotta love the online verification.
Translation :
newbie outsourced tech typed "sudo rm -rf *.*" and we don't have a backup.
If Sony ran a supermarket: if one guy was caught shoplifting, they'd close down the supermarket and deny an entire neighborhood any food.
This is their rootkit fiasco all over again. Deny, deny, deny, blame it on "hackers", don't admit that THEY fucked up.
If telephones are outlawed, then only outlaws will have telephones.
I did it. It was me. I did it specifically to piss you off, and it worked. I am very happy; thank you.
So the PSN is cracked... good and hard.
Will Sony face any penalties what-so-ever for this? No.
How many millions if not billions of dollars has their lax security cost their customers?
It seems we're going more and more toward this centrally connected system for gaming and software in general. Used to be if you wanted to use software you bought for a computer or game system, as long as you weren't in multiplayer or otherwise using network resources you were able to play without worrying about connection problems. Now when something like this happens a lot of things that have no apparent NEED for a connection stop working completely. It just shows that while being connected is nice, it certainly has drawbacks when some games or services are unusable. I can't watch Netflix now because it requires a PSN connection - even though the Netflix service is working perfectly fine. This reminds me a lot of Steam - another platform that is very convenient when it works, but extremely frustrating when it doesn't. These vendors need to come up with a better way to handle authentication in a way that doesn't leave you high and dry for something that would otherwise work if it wasn't for their failed network. Maybe some kind of token that only needs occasionally updated. Sometimes I miss those days when you just clicked the icon and it ran no questions asked!
I'm all for a little lighthearted security breaching from time to time, but steal my credit card info and I hope you go to jail.
The anime film "Summer Wars" predicted this EXACT scenario, except a little more extreme and with more dire consequences, but pretty darn close.
http://www.anime.com/Summer_Wars/
If telephones are outlawed, then only outlaws will have telephones.
I'm definitely not an expert in computer security. I do know a thing or two about programming and good practices though. The first amazement in this is that they had ALL of the account information available in a single place. I've never designed a system like PSN but right off the bat, I would ensure that the financial data and the account data are on completely separate systems. That way, if one gets hacked, the other has a chance of not getting compromised. The account details would be managed in much the same way as password data -- as hashes. And of course the two or more systems would be able to know who they are talking about by some user identity hash. It just makes simple and logical sense. Any information that is considered sensitive should be treated as such.
That's not to say that they didn't do this and that the compromise wasn't extremely sophisticated, but it certainly sounds like they did one thing wrong -- they stored credit card information in the clear and that user details were also stored that way.
Well, glad I'm not a Sony user.
I already have a gaming PC. And an xbox/ps3/wii...
To be fair, I hear Portal 2 is really good. ;)
Yeah, can't you wait until your Blu-Ray player stops working too, every time you want to watch a movie? This is why you can't have "server" verification. Because there's no guarantee the server will be there.
Tell your friend to return the game. It's broken. Get his money back. It's designed to fail.
If telephones are outlawed, then only outlaws will have telephones.
Two things.
a. I thought slashdot didn't edit articles. I'm obviously wrong.
b. This smells of anonymous....
I signed up recently to get the NHL GameCenter app. Basically it would let me stream games. My laptop didn't quite handle the high quality stream smoothly. I was hooking that to the TV previously. Since ps3/nhl had an exclusive agreement, this was the only way to go. Well, a week after buying the app, a new console firmware is released. That breaks the app. So it was a good month before that started working again. Now, ignoring the fact that the quality was actually worse than with my laptop, that really sucked. Now the network is down so, again, it doesn't work. And bonus, my information is compromised. I'm starting to get a little annoyed!
I could be wrong, but I have a feeling a lot of current employees could be on really thin ice over this one. Heads could be rolling at any time. I don't think I'd want to distinguish myself by being the guy who essentially tried to extort a pay raise out of them.
Portal 2 doesn't require hundreds of dollar to run.
That depends entirely on what hardware you have already. Plenty of people have laptops that are more than 5 years old, and that work fine for anything besides gaming. Out of my gamer friends, only one has a computer capable of running portal 2.
Mod up, AC has a point. Pretty much every Sony/PS3/PSN-related article that's been posted, both here and elsewhere, since the start of the Geohot debacle has been rife with the same generic "Geohot is a total douchebag. I don't need to know any details, just look at him!" or "Hackers should all be thrown in jail for life" or "You agreed to the ToS! Nobody can do anything against Sony now!" comments. I know GamesRadar was particularly bad about it but I'm sure there were others too. It's pretty clear that Sony has at least some "reputation preservation agents" working on this matter to try to steer public opinion toward their favour.
Help protect civil rights from abuse by the TSA - visit TSA News Blog.
http://www.tsanewsblog.com
So basically the shoe is now on the other foot and someone/people have now done to Sony what Sony has been doing to the public for years now. Namely, stealing their information, compromising their computer systems and causing general havoc within the household due to poorly or maliciously designed objects.
Boy, guess what I don't feel for Sony?
removing "other os" was *NOT* a good idea ? ;-)
You and I have different impressions of console fanboys then. I see console fanboys as generally being unconcerned with PC gamers. Consolers mainly seem to justify sony/ms/nintendo's every action and attack the "other" consoles. Furthermore, PC gamers are more vocal. I can't remember the last time I saw a PS3 or XBOX fan predicting the demise of PC gaming. PC fanboys conversely take every opportunity to preach their religion. Gaming article on slashdot? Two things are assured: 1. PC fanboy telling everyone they should throw away their consoles 2. Discussion of DRM.
Lastly, there's something much more arrogant about suggesting that -everyone- should do things exactly as they do (which is what PC fanboys like Dan667 are doing) than there is about making false predictions about the PC gaming industry (console fanboys).
Spend hundreds of dollars at least to get a gaming PC
Aww! How cute! You guys in the USA complain about spending hundreds of dollars.
Cheap PCs generally cost upwards of $1000 here (NZ). A little cheaper now that netbooks have come out, but last year I saw a full gaming rig going for around $7000. Yeah, I thought it was stupidly expensive too.
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
It's the same in the States. You're not getting a gaming rig for "hundreds of dollars" here. A new videocard (unless you go commodity) is going to run you $300 to $750. A good estimate on a high-end (but not highest) gaming system without peripherals is around $1,500. If you're buying one that is pre-built, then it might be more. I have no idea.
"A new videocard (unless you go commodity) is going to run you $300 to $750. A good estimate on a high-end (but not highest) gaming system without peripherals is around $1,500"
You're doing it wrong.
Does this mean PSN stored passwords in cleartext?
If the password was hashed I'm not that concerned. You won't find my password in a rainbow-table.
But if it was unhashed, a looooot of people should change their passwords.
This XKCD comes to mind
Harald
This is exactly the attitude I was afraid of. If sony was even mildly competent at security, nothing that could be done client-side from a console could be used to escalate privileges as radically as these people have.
Just because I can write software for my computer doesn't mean that I can exploit steam as thoroughly as PSN has been. The guys at sony don't have a lick of sense when it comes to network security. This is not geohot's fault.
You can build a good gaming system for under $1000 easy. Enough to run the latest games at decent (not best) settings. I spent $650 on my recent quad core 8GB ram machine (a few weeks old) but that was sans video cards. A GTX 460 is $200 so that brings it to $850 (without monitor).
I am likely a victim of the PS3 debacle, like so many others. So this does suck for us.
But through it all, I am smiling. Why you may ask? This, to me, is Karma coming full circle for Sony and their fucking rootkits from half a decade ago.
Remember those kids?
Huh?
A compromised PS3 with a malicious firmware can go undetected much longer, and keep sniffing your new CC# even after you change your card following the initial data breach.
Stolen CC# = a short window of opportunity time, until the number get reported. (Same as a stolen physical CC)
Compromised PS3 (a machine which is used to buy stuff online) = can be abused for much longer. (Same as a infected and root-kit-ed PC)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
No one is that arrogant. Clearly incompetence.
Support a great indie game: http://www.abaddon360.com
Because if so I should have gotten it from pirate bay.
But... the future refused to change.
"PSN is free."
PSN Plus is *NOT* Free.
Do you even own a PS3? Have you been on the PSN?
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
You're ignorant. Portal 2 can run on absolute shit hardware (minimum GPU is a 7600. The PS3 has a modified 7800. Most computers built within the past 5 years can run it and you can get one of those off Craigsist for LESS than the cost of the PS3.
And you're only level five elitist. Come back when you only use operating systems written in raw ASM, n00b.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
"A new videocard (unless you go commodity) is going to run you $300 to $750."
Whet ripoff shit shop do you buy your shit from?
http://www.pricewatch.com/video_cards/
$160 460GTX.
The 450GTS is only $110 and is barely under the 460 in performance. Still runs everything pretty much smoothly at maximum detail.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
I bank with Wells Fargo and after hearing of the data breach, I called to cancel my card. As soon as I mentioned Sony and Playstation, the rep told me that they have been receiving calls all day from Playstation users who are taking similar, proactive measures. In my case, I have a separate card that I use for online transactions, so my exposure was limited, but it is still a PITA to have to go through.
This episode just goes to show how far we are from having a truly secure, digital economy. If a company with the resources that Sony has cannot even store payment information safely, it really dampens the public's enthusiasm for a completely digital payment system.
My question is, why wasn't the information encrypted? Why weren't there access controls in place to prevent people from getting at that data? Why were the two systems linked in such a way that they could be compromised? All of these problems have been solved. Was the system even audited by an outside party?
My company works with Fortune 50 companies and the US government on a regular basis. Our clients expect that we have been subjected to audits by neutral third parties (and we have). We do not even store credit card information like Sony does. How did were they not aware of the risks inherent in their architecture?
If people can sue Apple over the location tracking issue, what is Sony's liability like on an issue like this one?
Mod up, AC has a point. Pretty much every Sony/PS3/PSN-related article that's been posted, both here and elsewhere, since the start of the Geohot debacle has been rife with the same generic "Geohot is a total douchebag. I don't need to know any details, just look at him!" or "Hackers should all be thrown in jail for life" or "You agreed to the ToS! Nobody can do anything against Sony now!" comments. I know GamesRadar was particularly bad about it but I'm sure there were others too. It's pretty clear that Sony has at least some "reputation preservation agents" working on this matter to try to steer public opinion toward their favour.
There should be a Godwin's law for people who believe the opposing viewpoints are shills for corporations. This is a discussion board. Your going to find people who don't agree with you. If you didn't then that would be a good sign that something odd was going on. Anywhoo Geohot was a total douchebag when he released the key.
Think Sony has finally shot itself in the face? Used to be they innovated in the electronics department, now they just innovate in cooking the corporate books.
Sure it is his fault. He didn't exactly work with Sony on the security problem. Or did give them a couple week to fix the problem and not tell anyone? I must of missed that part. It seems to me he went and published everything as fast as he could. That he blogged about it, made Youtube videos, and posted the security key on Twitter. Were you one of those twits who posted it on Slashdot. Thanks a lot for that. Your concern for my privacy and respect for property rights are really appreciate. I am sure the hacker who accessed my data did all his own work and did not need it.
Years ago the credit card companies came up with some very stringent rules for retaining credit card info. The fines are high for each card stolen. To be complaint requires regular testing from outside security firms. So either Sony skipped these rules which wouldn't surprise me, or the security firm is on the hook for this. Although one other option, and more likely, these rules make the industry sound good without actually making anything better.
I knew this was going to happen as well as did everyone when Geohot settlement hit. I hope they bring it to it's knees and forces Sony to beg for mercy from anon.
Most computers built within the past 5 years can run it and you can get one of those off Craigsist for LESS than the cost of the PS3.
Again, most of my gamer friends have 5 year old -laptops- which somehow seem to not count as computers in the eyes of most PC gamers. And again, cheaper than the cost of a PS3 doesn't matter to the gamers OP was talking to, their PS3s are already paid for. If you could get a computer that could run portal 2 for zero dollars, then yes, it would make sense for them.
And that's why it was a stupid suggestion.
... when 70 million cards get cancelled at once?
Watch this Heartland Institute video
I have to wonder of all the people here that have such a hate on for Sony have ever owned and run a business? Or have they been involved with the gaming industry at any point of it's development?
When you boil it all down to one thing in gaming, to it's essence in it as a business or entertainment, it's all about the game it's self. If you don't have "game", you don't have a product and you are done. Stolen Information? We can forgive that, crafting bastards are out stealing from everyone and they need burned for it. But cheaters!? Those we will NEVER tolerate as costumers. Face it, Sony knows this and will NOT let their PS3 go down in flames by being shredded by cheaters.
Their head guy also died about a week ago. That might have something to do with this as well, because civilized people will take the proper time to mourn the loss of someone that great in their lives. Personally as nerdraged as I am about this, I keep myself in check, being respectful of those who have lost someone great to them. Not to mention, isn't Sony out of Japan? Could we have a heart? Haven't those people had enough horror for a while? They don't need to worry about their jobs because pissy haxors and angry internet nerds are raging at them.
WTF? Where is our government in all this? I expected them to be dancing all over this like it's the hat in a Mexican hat dance. These fuckers never miss an opportunity to stick their noses into any Internet situation with their "Holy Cow, PROTECT THE WOMEN AND CHILDREN....for the children" shrill rhetoric. Are we seeing them look the other way while Sony a foreign based based company who competes with our precious Micro$oft, gets hammered?
This is where it goes sideways, so hang the fuck on. This is what our government has had to say about all this shit. ... *crickets* NOTHING. Ok, what is it then with them and I don't want to hear the "we are conducting a thorough investigation". If they aren't all over this like a fat kid a chocolate cake by now, either they are: a. Retarded and have no clue wtf is going on, which is NOT comforting all things considered. or b. They know, but aren't doing anything for whatever fucked up reasons.
Now I am sure they (Sony) have a PR department or something following internet forums. This issue has been going on a week and forums will catch it first, then a few blogs or sites will comment on it, starting with a trickle and building to a flood the longer this outage keeps up. I suggest they not hide this, for it makes the customers feel excluded and in fact, they should be more transparent. There might be a lot of old school people running Sony still, and for them business is war and an element of trust is always lacking in those who remember the nukes with bitterness.
People complain about "ownership rights" in here, but yet they ignore the ownership rights of Sony. Look if you don't like their system so much, build your own! With so many people who are obviously so much smarter than them, it shouldn't be such a hard thing, right? You go build a gaming system and keep it secure from hacking cheaters and people who want to take it all apart and then complain that its not working right. When you have done all of that, I really want to hear what you have to say about all of this.
I feel like I am going to the bank to make a withdraw and the bank has been robbed and people are cheering the bank robbers on. Well, the bank has no money now and I need some to pay my bills. WTF? Let me say this, this isn't some happy bandit gets the bad guy thing. That isn't how the real world works, mark my words, nothing good will come out of this for anyone.
Take the Red Pill.
your ps3 is a brick right now. it is obvious that sony is never going to do what is in your interest. They own the network, they own your hardware, they own the games you try to run. As many crap stories as I hear about consoles you have to ask why continue to take the abuse and just chuck the console in the trash.
Hitler finds out PSN is down.
"We have an A-Bomb...what more do you want, mermaids?" --I.I. Rabi, speaking in defense of Robert Oppenheimer
I'm certain that the PSN had to be audited as part of PCI-DSS compliance to process credit cards in the volume they had to. I'm sort of shocked that they didn't implement some sort of tokenization to process credit card data, but if they were storing complete card data... weren't they encrypted? If they did encrypt the data, did the hacker steal the keys too? Just how badly was Sony owned, anyway? And if they were just storing this plain text, then they and their auditor is going to have some serious 'splaining to do to the payment card peeps.
They're going to have a long, difficult process ahead of them, with lawsuits, fines, loss of business, customer trust, penalties, processing fee hikes, etc. Might be while they're still down, that they literally CAN'T go back on line until they satisfy an outside QSA that they have their i's dotted and t's crossed. Don't get me wrong, they deserve what they're getting, but if CC info is involved, this becomes the new landmark PCI case. Should be interesting to watch for years.
Like my comments? Try my podcast: http://www.baldmove.com
Good point. I'm usually so security-conscious that my hands begin to tremble whenever I remove the network cable from its locked safety cabinet and connect my computer to the net.
But one day in a moment of folly I thought "gee maybe it wouldn't be too dangerous to allow a simple video game to be played over my local LAN".
Silly me. I'll never make that mistake again.