PSN Outage Continues, Console Hack Claimed To Be Responsible

← Back to Stories (view on slashdot.org)

PSN Outage Continues, Console Hack Claimed To Be Responsible

Posted by Soulskill on Tuesday April 26, 2011 @07:29AM from the house-of-cards dept.

Over the weekend, we discussed news that the PlayStation Network had been down for days, with Sony saying little other than that it was caused by an "external intrusion" and that they were "rebuilding their network." Many of you have written to point out that the outage continues, with Sony saying they "don't have an update or timeframe to share at this point." One theory about the cause behind the network's downtime was recently espoused on Reddit by 'chesh,' a moderator at PlayStation-modding enthusiast site PSX-Scene.com. According to him, recently released custom firmware called Rebug allowed people to essentially turn their PS3s into dev consoles, though some features were missing. A different group supposedly used this firmware to get on PSN through the developer networks, and also found that fake credit card numbers were not being validated for game purchases, leading to what chesh called "extreme piracy." He acknowledges that this theory is speculation. Sony's handling of this outage is starting to draw attention from the government. Update: 04/26 20:47 GMT by S : Sony just posted more details, saying that a massive data breach occurred: An "unauthorized person" has PSN users' "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID." Billing address, password questions, and credit card info may also have been taken.

68 of 404 comments (clear)

Min score:

Reason:

Sort:

There's some karma for you, Mikey by elrous0 · 2011-04-26 07:29 · Score: 2, Interesting

I've got a friend who is a PS3 fanatic, and hates all things Nintendo and MS as a consequence (never understood the partisanship myself, and I've owned all three consoles at one time or another and they all have their respective merits). A couple of weeks ago when he found out I was buying Portal 2 for the Xbox (I sold my PS3 a while back), I was treated to a rant about how superior the PS3 version was because it allows cooperative play between PSN and Steam PC users (a nice feature, for sure). I thought I was going to have to give him a sedative to get him to shut up about how stupid I was to even consider the Xbox version, how great PSN is, how much Xbox Live sucks, etc., etc.
I'm tempted to rub this in his face, but it would probably only make him worse.

--
SJW: Someone who has run out of real oppression, and has to fake it.
1. Re:There's some karma for you, Mikey by tripleevenfall · 2011-04-26 07:33 · Score: 4, Insightful
  
  A one-week outage does not make Xbox live better.
2. Re:There's some karma for you, Mikey by xMrFishx · 2011-04-26 07:37 · Score: 5, Funny
  
  On the other hand, PSN can't actually get worse by being down.
3. Re:There's some karma for you, Mikey by Anonymous Coward · 2011-04-26 07:38 · Score: 4, Insightful
  
  It makes just about anything else better, for a week.
4. Re:There's some karma for you, Mikey by Bobfrankly1 · 2011-04-26 07:48 · Score: 4, Insightful
  
  A one-week outage does not make Xbox live better.
  Yeah, it's not the outage that makes Xbox live better, it's the external intrusion. Nothing quite like an external intrusion into a company that holds your credit/debit card data to make you wish you could pay for better service.
5. Re:There's some karma for you, Mikey by omnichad · 2011-04-26 07:50 · Score: 3, Insightful
  
  When one is free and one is paid? That certainly makes uptime LESS of a factor, though I suppose doesn't eliminate it.
6. Re:There's some karma for you, Mikey by nschubach · 2011-04-26 07:53 · Score: 4, Insightful
  
  Even if Sony offered a pay service, the same would have likely happened. I don't see the validity in your complaint.
  
  --
  Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
7. Re:There's some karma for you, Mikey by smelch · 2011-04-26 08:14 · Score: 2, Insightful
  
  There's the whole fact that it is, you know, actually better. Xbox Live is just about fucking perfect. You can bitch all you want about paying less than a WoW subscription to play all of your console games online, but that doesn't make the PSN even close to XBox Live. PSN always makes me feel like I'm playing multiplayer in 1998. I mean that literally not as a slam. I enjoy games from 1998 still. This may have more to do with the fact that Halo has amazing multiplayer if you are in to the game, and there is a lot of consistency between titles with good matchmaking. As far as I can tell each game has to roll their own for PSN.
  
  --
  If I can just reach out with my words and touch a butthole, just one, it will all be worth it.
8. Re:There's some karma for you, Mikey by tripleevenfall · 2011-04-26 09:00 · Score: 2
  
  You can play games against other humans. That's all I really care about. And of course, free is free.
9. Re:There's some karma for you, Mikey by GNious · 2011-04-26 09:01 · Score: 3, Funny
  
  Even if Sony offered a pay service[...].
  They should make one ... call it Playstation Plus or something ....
10. Re:There's some karma for you, Mikey by Purity+Of+Essence · 2011-04-26 09:17 · Score: 2
  
  If your assumption is that Sony's service would be identical regardless of whether you paid for it or not, that's awfully cynical of you.
  This is Sony we're talking about. Cynicism is not really required.
  
  --
  +0 Meh
11. Re:There's some karma for you, Mikey by harl · 2011-04-26 09:33 · Score: 2
  
  But you can't. That's the point of the article.
  
  --
  I find being offended by me offensive.
12. Re:There's some karma for you, Mikey by Seumas · 2011-04-26 09:52 · Score: 3, Informative
  
  Sony does offer a paid service. It's called PSN Plus and it's $60/yr. It's the same service with discounts on a few download titles plus automatic patch downloading.
  Having a paid service wouldn't make it any better, anyway. They're not a little startup. It's Sony. I'm pretty sure they can bootstrap a service on their own dime without a significant impact to the bottom line. Especially when it's used to bolster the userbase for their mainline product.
  Also, don't forget when XBOX Live had an outage for . . . a week? Or was it even longer?
  Of course, that was an outage. Not a complete failure of all security measures.
13. Re:There's some karma for you, Mikey by Seumas · 2011-04-26 09:54 · Score: 4, Interesting
  
  Sony does offer a paid service and it is identical to the free one, except it offers discounts on some downloadable games and automated patch downloads. It's called PSN Plus. PSN Plus users are also down right now and they are also part of the same data breach. So, the paid service is identical to the free service and the paid service is just as insecure as the free service.
14. Re:There's some karma for you, Mikey by Seumas · 2011-04-26 09:57 · Score: 2
  
  And XBOX Live is any better? Remember when XBOX Live was out for two weeks? You couldn't play that, either. And that isn't free.
  http://www.engadget.com/2008/01/03/xbox-live-outage-day-13-still-up-and-down-still-preventing-fu/
15. Re:There's some karma for you, Mikey by Bobfrankly1 · 2011-04-26 10:00 · Score: 3, Insightful
  
  Bottom line: This can CERTAINLY happen to XBOX Live (or any system hosted on a public network). The fact that it's taking so long to correct is a little disconcerting, but I'd rather they fully correct it then bring a vulnerable system back online.
  I'd be surprised if (evil) Microsoft didn't have a much more elaborate and robust system for countering "external intrusions". I'd chalk up their unwillingness to tie into many outside networks (Steam for one) as proof of their caution. With as much money as Live makes for them, they'd be foolish not to protect their cash cow.
  (eviler) Sony, on the otherhand, has shown the opposite. With the rootkit on audio CDs, and now this. As well, Sony LOSES money on the playstation network. Their focus is likely on how to make it profitable, not secure.
  If you'd rather trust your personal data (including credit/debit card) to the company with a record of security failure, have at it.
16. Re:There's some karma for you, Mikey by Tetsujin · 2011-04-26 10:15 · Score: 4, Funny
  
  you might as well. The cognitive dissonance could be hilarious to watch!
  I don't know, I wouldn't do it if you value him as a friend at all. A friend of mine is a big PS3 fan and I told him, look, there's no way PS3 can be the best when they have this sort of outage. It threw him into some kind of crazy logic-loop, and he started beeping and asking for someone named "Norman" to straighten things out for him...
  
  --
  Bow-ties are cool.
17. Re:There's some karma for you, Mikey by dissy · 2011-04-26 10:25 · Score: 3, Informative
  
  Parent never once mentioned Xbox Live (Or any service) was better, so that wasn't an argument being made to need a response about which was better.
  His entire post was a complaint about Sony fanbois who can't stop talking about how great Sony is.
  
  They also charge a monthly fee, just sayin'.
  Just like that :P
18. Re:There's some karma for you, Mikey by chaboud · 2011-04-26 10:35 · Score: 3
  
  The fact that my password and credit card number have been pwned sort of screws the PSN in my eyes.
19. Re:There's some karma for you, Mikey by Bobfrankly1 · 2011-04-26 10:37 · Score: 2
  
  And XBOX Live is any better? Remember when XBOX Live was out for two weeks? You couldn't play that, either. And that isn't free.
  http://www.engadget.com/2008/01/03/xbox-live-outage-day-13-still-up-and-down-still-preventing-fu/
  You could at random times during that two weeks. Microsoft communicated the issue and an expected turnaround. As well, MS comped subscribers a free live arcade game. Not to mention they didn't lose your personal data in the process. Don't forget to cancel that card!
  
  In short, yes, XBOX Live IS better.
20. Re:There's some karma for you, Mikey by somersault · 2011-04-26 10:54 · Score: 2
  
  Tell that to anyone who was dumb enough to sign up for PSN Plus (which I don't see any value in myself, but I did get an Xbox Gold subscription just to get similar levels of service to a basic PSN account..)
  
  --
  which is totally what she said
21. Re:There's some karma for you, Mikey by mug+funky · 2011-04-26 13:54 · Score: 4, Insightful
  
  face-saving talk...
  if they say "may have been", they mean "definitely has been".
  if they say "working around the clock to fix it", they mean "shitting in our pants and yelling at our techies but not authorizing overtime for them".
  the mere mention of CC details, and the advice to avoid scammers is basically confirmation.
  they're using the same language that TEPCO has been using the last month (not just Japanese).
22. Re:There's some karma for you, Mikey by Daniel+Phillips · 2011-04-26 15:25 · Score: 3, Interesting
  
  The fact that my password and credit card number have been pwned sort of screws the PSN in my eyes.
  And of course you feel completely safe in Microsoft's hands, the company with a long and glorious history of high profile fiascos like the all-day trading outage on the London Stock Exchange or turning a modern Navy frigate into a floating barge
  
  --
  Have you got your LWN subscription yet?
Speculation by Sonny+Yatsen · 2011-04-26 07:29 · Score: 4, Insightful

I understand that the slashdot community might be anxious to see the PSN come back up, but do we seriously have to start publishing nothing more substantial than speculation?
Also, I've met Dick Blumenthal. He's a very nice man. However, he is, by no means, "the government", nor does a single letter from a freshman senator constitute "attention from the government".

--
My postings are informational and does not constitute legal advice. Act on it at your risk.
1. Re:Speculation by ThePhish · 2011-04-26 07:45 · Score: 5, Informative
  
  You are correct, he is not the government...but he was CT's Attorney General for 20 years, and has long championed consumer rights and technology . So, him picking this battle as a freshman senator is technically accurate, but it does not reflect his multi-decade experience in the arena.
2. Re:Speculation by Anonymous Coward · 2011-04-26 08:30 · Score: 4, Informative
  
  Well, here's some "speculation" from Patrick Seybold // Sr. Director, Corporate Communications & Social Media.
  http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
  "... an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."
  Looks pretty bad to me. Anybody that reads and understands the above will never provide their real name or birthdate to a corporation online again. Ever.
3. Re:Speculation by catchblue22 · 2011-04-26 11:23 · Score: 2
  
  I always was very hesitant to provide Sony with my credit card. I simply don't trust them. I hate the way the PS3 always tries to dump you into the Playstation Store. It just feels obnoxious and disrespectful. And now hearing about their technical negligence, I am even more happy with my decision. Honestly, I have never had any need or desire to buy anything on PSN.
  
  --
  This and no other is the root from which a tyrant springs; when first he appears as a protector - Plato (423 to 327 BC)
Re:government? by tripleevenfall · 2011-04-26 07:34 · Score: 4, Insightful

Is there anything that isn't government business anymore?
Re:government? by kevinNCSU · 2011-04-26 07:37 · Score: 5, Insightful

why is the PSN outage any of the (US?) government's business?
Because Senators are suppose to represent their constituents and the issues they care about (lets leave the vote pandering cynicism discussion as off-topic for now) and his constituents are worried their personal/financial details were compromised in the attack so it makes sense that he would ask Sony whether or not this is the case as he has a better chance of being responded to because he wields more power.
Valve by bazald · 2011-04-26 07:42 · Score: 5, Interesting

It would be nice to be able to activate the PC version included with my PS3 copy of Portal 2. You're in a somewhat unique position to improve matters, given that you were planning to make the PC version available to us anyway.

--
Insert self-referential sig here.
Theory, speculation, bullshit. by ToasterMonkey · 2011-04-26 07:44 · Score: 4, Interesting

One theory about the cause behind the network's downtime was recently espoused on Reddit by 'chesh,' a moderator at PlayStation-modding enthusiast site PSX-Scene.com. According to him, ... [snip]
He acknowledges that this theory is speculation.

Slashdot should to change its moniker to "Jerry Springer for Nerds". All that's missing is a video feed of some grimy sweat pants wearing nerds furiously typing away virtual beatdowns over who got who's virtual girlfriend knocked up.
This whole "new media" thing is unconvincing.
1. Re:Theory, speculation, bullshit. by H0p313ss · 2011-04-26 07:48 · Score: 2
  
  nerds furiously typing away virtual beatdowns over who got who's virtual girlfriend knocked up.
  There was no need to bring the G word into the conversation, that's just uncalled for.
  
  --
  XML is a known as a key material required to create SMD: Software of Mass Destruction
Re:LOL by The+MAZZTer · 2011-04-26 07:46 · Score: 2

You seemed to have missed the part where dev consoles can get unlimited funds to buy content from the PSN store.
Sony's Silence says it all by Goffee71 · 2011-04-26 07:51 · Score: 2

At least Amazon were up front about the failure and remedy for its service... Sony should be learning that lesson - fast! http://www.cmswire.com/cms/enterprise-20/the-aftermath-amazon-ec2-sony-playstation-network-recover-from-cloud-crashes-010954.php

--
If he's the Walrus then can I be a penguin please?
1. Re:Sony's Silence says it all by Goffee71 · 2011-04-26 07:58 · Score: 5, Informative
  
  Oh, Sony takes that very minute to make full confession:
  
  Press the NUKE button now!
  
  Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows. We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.
  
  We’re working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback.
  
  Valued PlayStation Network/Qriocity Customer: We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
  
  Temporarily turned off PlayStation Network and Qriocity services; Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
  
  We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable. Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it: U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228. We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. res
  
  --
  If he's the Walrus then can I be a penguin please?
2. Re:Sony's Silence says it all by The13thSin · 2011-04-26 09:17 · Score: 2
  
  Also possibly relevant is the PSN Outage FAQ they posted: [link].
  
  --
  "This should be fun, and by fun, I mean a wholly depressing insight into the cognitive ability of some grown adults."
3. Re:Sony's Silence says it all by DaveGod · 2011-04-26 09:22 · Score: 2
  
  For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information.
  Thanks for that advice.
  Good to know I should take my sensitive information seriously.
  Thanks for the concern.
  No, really.
  Thanks.
Official word from Sony finally by ShaggusMacHaggis · 2011-04-26 07:57 · Score: 5, Informative

"We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
"
http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
1. Re:Official word from Sony finally by wbav · 2011-04-26 08:21 · Score: 2
  
  This is Sony.
  
  Security isn't their strong suit.
  
  --
  
  =================
  Unix is very user friendly, it's just picky about who its friends are.
2. Re:Official word from Sony finally by Ganthor · 2011-04-26 10:29 · Score: 2
  
  Yes that's correct, most would not have put their credit card information up there...unless they bought stuff online from them. *If* you've been through the sign-up procedure with them you'll know that they require a LOT of information. I was concerned at the time I signed up for this very reason. There was information that could help someone pretend to be me to the bank over the phone or to identify all the home addresses with PS3's to go get them.
  I ended up creating a bogus person - I am now glad I did and don't feel like such a paranoid dick any more. - In fact this caused me to start a standard fake person for all sign on ID's.
  Companies that require all this information to use their services should really consider what information they really need and what information are they willing to be responsible for. I tell you what, if people start getting scammed or ID stolen as a result of this, Sony better be willing cough up every last cent in compensation. Sure someone attacked their network, but by *requiring* people to enter this information they are assuming responsibility for protecting it. (I bet the expansive EULA and privacy statement say nothing about this).
Re:government? by i+kan+reed · 2011-04-26 08:02 · Score: 2

Yeah, that whole 17th ammendment ship already sailed, AC. Let it go.
Take note by ravyne · 2011-04-26 08:02 · Score: 2, Interesting

If the rumor is indeed true that a custom firmware has been used to get some people free stuff, take note how Sony has handled the situation -- A small, small portion of people (the few that run custom firmware, and the fewer that run this particular custom firmware) are getting a few free (virtual) goods, and they shut down the entire network, screwing 100% of their customers.

What if banks operated this way? They find a ring of fraudsters using bank accounts to commit fraud, and the bank responds by freezing everyone's accounts for weeks? It would be totally unacceptable.

When you find a small group of fraudsters, you take targeted action against them alone, even if it means you hemorrhage a little money compared to the more totalitarian approach. Its part of the cost of doing business. In the retail world they call it "spillage" -- the fact that some of your goods might get damaged beyond saleability or that a few things will go missing from the floor (or the stock room) is unavoidable -- you simply do your best to detect and take action against those responsible, but you don't go around treating every other customer as a criminal.

Of course, that assumes the rumored reason is the cause of this action -- I suspect its either speculation or a (possibly intentionally-leaked) cover story for other measures taken in response to the Anonymous attack and whatever information they got out of GeoHot in the settlement. I anticipate a new official firmware will be required after the network comes back up and it will be necessary to access the "new" PSN, and possibly even already-owned downloadable content. This long of a downtime indicates pretty drastic changes behind the scenes, methinks.
1. Re:Take note by afidel · 2011-04-26 08:54 · Score: 4, Interesting
  
  Nope, all personal data stored with your PSN account has been compromised. It's taken this long for the forensic team to verify what people suspected. Everything including name, address, birth date, the answers to your account reset questions (used by *many* sites), email address, and *passwords* (haven't they heard of a f'ing hash!). Obviously Sony has a worst case scenario here and they wanted to be absolutely sure it was as bad as they feared before coming forward. This probably means legal trouble for them in the EU, and it might actually get Congress off their arse to enact some privacy legislation.
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
2. Re:Take note by tlhIngan · 2011-04-26 09:14 · Score: 2
  
  If the rumor is indeed true that a custom firmware has been used to get some people free stuff, take note how Sony has handled the situation -- A small, small portion of people (the few that run custom firmware, and the fewer that run this particular custom firmware) are getting a few free (virtual) goods, and they shut down the entire network, screwing 100% of their customers.
  It's Sony's custom.
  Think about it. GeoHot did a mostly theoretical demonstration of a possible flaw in the PS3 hardware (RAM glitching - something that's almost impossible to protect against at the consumer level). It was unreliable, it didn't work 100%, and it required special hardware and physical modification to your PS3. But showing the demo once, Sony decided OtherOS was a security risk and removed it on all consoles afterwards.
  All for a tiny hard to use and accomplish hack. Even if it was put in modchip form somehow it would still not work 100%.
  For that, they remove OtherOS. Because it "might" lead to piracy.
  To top it off, the PS3 security was broken not using OtherOS (it was removed, remember?) but using some other vulnerability by guys trying to get OtherOS back, leaving the entire system broken.
  So no, Sony overreacting isn't unusual. And sometimes the skilled people who'll hack your hardware anyways should be given their due. Microsoft learned it for the original Xbox (they were given ample opportunity to allow Linux on it, otherwise they'd have to use a vulnerability which was kept secret until Microsoft denied their request, at which point it was public and the pirates then took the next step at enabling piracy via the vulnerability).
3. Re:Take note by cbhacking · 2011-04-26 09:23 · Score: 3, Insightful
  
  *passwords* (haven't they heard of a f'ing hash!)
  This is the company that used a constant instead of a random value to feed a critical encryption algorithm in their flagship product. You really think they understand password security? Even if they hashed the passwords, what do you figure the odds are that they salted, much less peppered, them? Apply rainbow tables and go home happy, since i can't imagine many of the users would have bothered with a particularly secure password.
  
  --
  There's no place I could be, since I've found Serenity...
Not exactly. by chemicaldave · 2011-04-26 08:16 · Score: 2

aren't there other goddamned things they should be working on?
As a member of the Subcommittee on Privacy, Technology and the Law, this is exactly what Richard Blumenthal should, and is doing.
1. Re:Not exactly. by chemicaldave · 2011-04-26 08:40 · Score: 2
  
  Where does that say - "ask a software/hardware vendor why their free service isn't up and running"?
  It doesn't... and Blumenthal isn't asking that... because he doesn't give a flying fuck about the functionality of the PSN. He cares about the "(4) Privacy standards for the collection, retention, use and dissemination of personally identifiable commercial information" which is clearly stated in his letter.
  
  "I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party," Blumenthal wrote to Jack Tretton, president and CEO of Sony Computer Entertainment America. "Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach."
  Please RTFA next time.
Re:government? by osu-neko · 2011-04-26 08:17 · Score: 2

why is the PSN outage any of the (US?) government's business?
Why would you even question that? Preventing citizens from being harmed or abused by others, whether they be foreign armies, domestic criminals, or large corporations skirting or possibly even breaking the law, is precisely the most fundamental function of any government. There are regulations dictating how a corporation must handle user's information precisely because of this, and there's good reason to believe Sony ain't following them at the moment. Are you suggesting governments should just ignore their job and not enforce laws or address threats to their citizens merely because it's a corporation that did them rather than an individual or a foreign power, and therefore somehow above the law?

--
"Convictions are more dangerous enemies of truth than lies."
To tell the truth... by Daniel+Phillips · 2011-04-26 08:21 · Score: 2

To tell the truth, I do not believe a think Sony says. Sony credibility has fallen to zero, or negative even. So if Sony says their system was brought to its knees by a "console hack" I naturally tend to assume that the real cause was an inside job. And then I go on to speculate about what kind of employee abuse goes on inside Sony that might trigger such a thing, not that I condone it.

--
Have you got your LWN subscription yet?
1. Re:To tell the truth... by scot4875 · 2011-04-26 11:52 · Score: 2
  
  Here's my guess: Sony trusted their client.
  They built the PS3, assumed that it would/could never be hacked, so then assumed that they could trust anything it sent them. They engineered their entire network around the fact that the client was trustworthy. They were lazy with security because they thought they had a secure path between themselves and the user.
  Then someone hacked the PS3. Oops. Now the cat's out of the bag, and if you leave the network available, God knows what will happen. So their only option is to bring the entire thing down before anyone gets a chance to see just how badly they fucked it up.
  --Jeremy
  
  --
  Jesus was a liberal
Forget CC#s, there is a worse scenario by Mysteray · 2011-04-26 08:32 · Score: 4, Interesting

I'd written a blog post speculating about a worst-case scenario involving attackers using the leaked firmware signing keys to push a malicious firmware update from Sony's compromised backend servers. Personally, I've disconnected my PS3 from the network until the all-clear sounds from Sony.
1. Re:Forget CC#s, there is a worse scenario by Stray7Xi · 2011-04-26 11:44 · Score: 2
  
  A broken/compromised Playstation is the least of your worries.
  Lost personal information is a well understand problem, credit monitoring, blah blah blah. Nightmare scenario for sony is a million PS3's updated with a firmware that no longer accepts updates. That would require a mass recall which would be very slow. It'd be utter destruction of the PS3 brand.
Re:And everyone was saying hacking their ps3 was o by Chyeld · 2011-04-26 08:34 · Score: 4, Insightful

Or we are seeing what happens when a company become so arrogant that they don't bother actually locking down this info despite the fact that it would be inevitable that someone would come along and find a backdoor.
Seriously, a 'hacked PS3' being able to do this is pretty much the definition of "Security Design Failure".
Next Gen Console Power by Drakkenmensch · 2011-04-26 08:37 · Score: 2

Bought the two big titles that came out a week ago. Can't play Mortal Kombat on my PS3 because PSN is down. Can't play Portal 2 on my Xbox360 because it red ringed on me. Isn't the latest technology grand?
Cultural effect? by vlm · 2011-04-26 08:46 · Score: 3, Insightful

Lets look at two problems with a Japanese company. PSN down and TEPCO's reactor. Both had similar reactions.
Silence, followed by small admissions, followed by admissions its much worse that it appears, followed by more silence, followed by admissions that some members of the public may have been harmed, repeat. No timetables, no estimates.
Is this possibly a Japanese cultural thing?

--
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
1. Re:Cultural effect? by Prien715 · 2011-04-26 10:36 · Score: 2
  
  Maybe. One was caused by the worst earthquake in Japanese recorded history* the other was caused by bad security practices.
  The other cultural difference (we'll see how Americanized they became) is that the people responsible may take responsibility and leave in disgrace. If this were America and your name was BP, you'd get a fat bonus check...for you know, performance.
  * Technically, the reactor survived the earthquake but was damaged beyond repair by the tsunami. But the earthquake caused the tsunami ergo the earthquake caused the reactor to fail. (Logic fails if it were possible to prevent tsunamis following earthquakes, but I have it on good authority we can't do that yet;))
  
  --
  -- Political fascism requires a Fuhrer.
2. Re:Cultural effect? by manaway · 2011-04-26 10:45 · Score: 3, Insightful
  
  Lets look at every problem with any company. (E.g. BP Oil spill, Three Mile Island, TEPCO's reactor, Sony's rootkit, Exxon Valdez, Apple's antenna, Microsoft's uhhh everything, various company's spinach, peanuts, milk, salmonella in meat, etc.) They all have similar reactions.
  Silence, followed by small admissions, followed by admissions it's much worse that it appears, followed by more silence, followed by admissions that some members of the public may have been harmed, repeat. No timetables, no estimates.
  Is this possibly a corporate thing?
  Answer: yes
3. Re:Cultural effect? by foetusinc · 2011-04-26 11:09 · Score: 4, Informative
  
  Yes - the Japanese as a rule will not speculate on worst case scenarios the way westerners do. They will say what they know has happened or is wrong, not what could be wrong or might have happened. This is often perplexing to both sides, so that they'll think we're being hyperactive or paranoid, and we'll assume they're being obfuscatory or secretive.
4. Re:Cultural effect? by doctor_no · 2011-04-26 16:26 · Score: 3, Insightful
  
  Sorry, but this is plain racist.
  We've had industrial accidents in West as well, as systems that have been hacked into. BP is the most recent example, and Union Carbine's Bhopal disaster is another (which killed 3,700 people and inured close to half a million). Cover ups, slow-response, not very unique to one country or company.
  None of it is "cultural thing". In fact, Sony isn't very Japanese these days, its run by a British-born American, and Western executives pull a lot of sway, especially in the music division, movie studios and Playstation division where a lot of its is centered in the US. Their phone division is split with Ericsson, their music division with Germany's BMG.
If Woody had gone straight to the police... by tekrat · 2011-04-26 08:51 · Score: 3, Insightful

If Sony had never removed "other OS" feature, they would never have encountered the focused rage of the entire enthusiast community.
Now, it's possible that the Playstation Network, and possibly the entire PS3 platform, is finished.
You reap what you sow, Sony....

--
If telephones are outlawed, then only outlaws will have telephones.
Problem with connected systems by mitler · 2011-04-26 09:09 · Score: 2

It seems we're going more and more toward this centrally connected system for gaming and software in general. Used to be if you wanted to use software you bought for a computer or game system, as long as you weren't in multiplayer or otherwise using network resources you were able to play without worrying about connection problems. Now when something like this happens a lot of things that have no apparent NEED for a connection stop working completely. It just shows that while being connected is nice, it certainly has drawbacks when some games or services are unusable. I can't watch Netflix now because it requires a PSN connection - even though the Netflix service is working perfectly fine. This reminds me a lot of Steam - another platform that is very convenient when it works, but extremely frustrating when it doesn't. These vendors need to come up with a better way to handle authentication in a way that doesn't leave you high and dry for something that would otherwise work if it wasn't for their failed network. Maybe some kind of token that only needs occasionally updated. Sometimes I miss those days when you just clicked the icon and it ran no questions asked!
Summer Wars by tekrat · 2011-04-26 09:20 · Score: 2

The anime film "Summer Wars" predicted this EXACT scenario, except a little more extreme and with more dire consequences, but pretty darn close.
http://www.anime.com/Summer_Wars/

--
If telephones are outlawed, then only outlaws will have telephones.
Evils of DRM by tekrat · 2011-04-26 09:26 · Score: 5, Insightful

Yeah, can't you wait until your Blu-Ray player stops working too, every time you want to watch a movie? This is why you can't have "server" verification. Because there's no guarantee the server will be there.
Tell your friend to return the game. It's broken. Get his money back. It's designed to fail.

--
If telephones are outlawed, then only outlaws will have telephones.
Re:I am not a security expert by tao · 2011-04-26 09:44 · Score: 3, Insightful

They almost certainly had that info on separate systems. Why else the "Billing address, password questions, and credit card info may also have been taken." disclaimer. If the information had been on the same system they would have been sure. However rather than assume that the information is safe just because it was on a separate server, they're saying that "at the moment we don't know. Please be vigilant until we can give a definite answer".
Re:Hmmm... by Bobfrankly1 · 2011-04-26 10:26 · Score: 2

Two things.
a. I thought slashdot didn't edit articles. I'm obviously wrong.

b. This smells of anonymous....
That guy always was a coward...
cleartext passwords? by Harald+Paulsen · 2011-04-26 10:46 · Score: 2

Does this mean PSN stored passwords in cleartext?
If the password was hashed I'm not that concerned. You won't find my password in a rainbow-table.
But if it was unhashed, a looooot of people should change their passwords.
This XKCD comes to mind

--
Harald
Re:I am not a security expert by nedlohs · 2011-04-26 10:53 · Score: 2

Everyone.
Re:So what happens to VISA/MasterCard.... by DeadCatX2 · 2011-04-27 00:30 · Score: 2

I feel a disturbance in the financial industry, as if millions of gamer's credit cards were stolen, and then suddenly canceled.

--
:(){ :|:& };: