PSN Down

[+jamesyfx Subscriber²]

Yeah, the Network is the same.

[CUBBYJR2005]

The reason everyone is freaking out is because this affects 77 million people. Yes, hacking occurs every day. Yes Apple and MS was hacked in the past. But this is 77 million people were talking about.

Stop blaming Sony on this? Lack of communication and gaping security holes isn't their fault at all. /sarcasm

what you said about "lack of communication" yes i agree on that part.

[Fourjays Veteran]

how does that justify this? If they had a decent system in place and still got hacked they it'd have been understandable...as of now - this just seems a giant cluster****. (this is assuming that unsecured dev. network caused the whole mess)

It doesn't justify it. They are just pointing out that this isn't anything really unusual or new as the various fanboys seem to be making out (like Sony are the first company to be hacked).

I wouldn't consider the dev network "unsecured". As far as Sony was concerned, the only user's who would have dev access were those who had been given a dev console. Is it great security? No way whatsoever. It could definitely use another layer of security as I previously said, especially given the amount of power devs reportedly have. But it wasn't "unsecure" until the hackers managed to spoof their console as a developer one.

"Unsecure", for me, is when a website or service just doesn't bother to even prevent ways of attack. For example, a client's osCommerce site was compromised via an admin file upload feature that was not correctly behind the admin-wall. So any user could upload any file to anywhere on the server (and did).

[Soulsiphon]

Just read the update. Sony did a really good job handling the situation IMHO. Whats done is done just got to move on now.

New blog post:

Source: http://blog.us.playstation.com/2011/04/26/clarifying-a-few-psn-points/

Clarifying a few points my ass. They're *trying* to revise the history of how they completely dropped the ball and let millions of their customers and subscribers information loose to hackers.

"Lets clarify this, we let you know fast and early"...sure ya did.

Nobody's moving on from anything.

[Singh400]

[Ayepecks]

Source? If Sony are doing it though you can guarantee many other companies are just as lax.

Your argument seems to be that because it's been proven true that a company has lax security in this one instance makes it true for all companies. That's not much of an argument. Is it true that this could have happened to any company? Absolutely, yes. Any company that instituted the same policies as Sony, which no one has any way of knowing. Hell, Microsoft could have similar security holes and we wouldn't know. But there's no way of knowing what companies have inadequate security, so while you're correct in telling people not to assume it can't happen to someone else without information to back that up, you're just as wrong as the people you're decrying. Because you're saying that other companies have the same flaws with no information to back it up.

[shakey]

http://lmgtfy.com/?q=list+of+companies+hacked

Many of companies have been hacked. The proof is there. To say Sony is bad because of it, would also say that almost every other company out there is just as bad, along with many government agencies. Texas Workforce Commission, which handles foodstamps, unemployment, medicade, and other social services, had the information of their databases compromised. If the government has holes in it, I would suspect any other service to as well.

Also, while PSN have 70+million users, I doubt all 70 million users information was taken. Most likely a lot was, but I doubt all of the users.

People can over react and do what they want, hell, the network when it comes up will hopefully be faster with less people on it. But safety is a delusion. Your data is only safe as long as you never give it out. Once any company has it, it is available to anyone with the right tools.

The sad thing is, people over look the hackers in this. They think it is all Sony, yet they don't put the blame on the actual people who caused the harm. Some people have a totally ass backwards approach to life.

[____]

Many of companies have been hacked. The proof is there. To say Sony is bad because of it, would also say that almost every other company out there is just as bad, along with many government agencies. Texas Workforce Commission, which handles foodstamps, unemployment, medicade, and other social services, had the information of their databases compromised. If the government has holes in it, I would suspect any other service to as well.

Just because other services are doing it doesn't make it okay. Reusing a nonce or storing passwords in plaintext shows either complete ignorance of encryption or complete apathy for the protection of user data, neither of which is acceptable. Sony is just lucky they don't store more sensitive data, if either of these flaws were found at a Medical Records Facility they would be sued in to the ground for non-compliance without mercy. Worst case for Sony they have to settle a class action law suit and give every PSN member with credit card info in the system a free year of LifeLock

[DukeEsquire]

Just because other services are doing it doesn't make it okay. Reusing a nonce or storing passwords in plaintext shows either complete ignorance of encryption or complete apathy for the protection of user data, neither of which is acceptable. Sony is just lucky they don't store more sensitive data, if either of these flaws were found at a Medical Records Facility they would be sued in to the ground for non-compliance without mercy. Worst case for Sony they have to settle a class action law suit and give every PSN member with credit card info in the system a free year of LifeLock

Doesn't make it right, but it does show that Sony isn't doing anything out of the ordinary.

[Tarvis123]

Trying to justify Sony's negligence in this case because it might or has happened with other companies is stupid. Of course other companies can be hacked and no information is entirely safe, but my personal information has not been stolen from any of those companies, and if it was I would just be as angry at them as I am at Sony right now - especially if they were storing passwords in plain text.

This is one of the worst cases of data theft ever and I can't understand why people are trying to justify it, regardless of their loyalties with Sony. Sony had suspicions for almost a week that the hackers might have accessed personal data, but said nothing. Obviously I hate the hackers with all I have for doing this, but I can't blame them for the fact it took Sony a week to tell us that they might have stolen all of our information. Poor communication, poor security, and just poor handling of the entire issue.

At the very least, I hope this causes other companies to double-check their own security.

[Minifig]

Welp, I don't know about the rest of you but I just got done calling my bank and having them ship me a new debit card. :unsure:

I know this won't end well for Sony...

[+Audioboxer Subscriber²]

[CUBBYJR2005]

I got a email from them shortly ago

[tmorris1]

Welp, I don't know about the rest of you but I just got done calling my bank and having them ship me a new debit card. :unsure:

I know this won't end well for Sony...

Never use a debit card online. You are much safer with a credit card. With a debit card they can drain your bank account.

[American Ninja]

all this panicing for no reason. :wacko:

[NeoTrunks]

all this panicing for no reason. :wacko:

I can understand the panicing. No one wants to have their information stolen.

[Ayepecks]

http://lmgtfy.com/?q=list+of+companies+hacked

Many of companies have been hacked. The proof is there. To say Sony is bad because of it, would also say that almost every other company out there is just as bad, along with many government agencies. Texas Workforce Commission, which handles foodstamps, unemployment, medicade, and other social services, had the information of their databases compromised. If the government has holes in it, I would suspect any other service to as well.

Also, while PSN have 70+million users, I doubt all 70 million users information was taken. Most likely a lot was, but I doubt all of the users.

People can over react and do what they want, hell, the network when it comes up will hopefully be faster with less people on it. But safety is a delusion. Your data is only safe as long as you never give it out. Once any company has it, it is available to anyone with the right tools.

The sad thing is, people over look the hackers in this. They think it is all Sony, yet they don't put the blame on the actual people who caused the harm. Some people have a totally ass backwards approach to life.

Posting a Google search doesn't prove your point. Not to mention the search phrase you used doesn't specify the kind of hack, how severe the hack, the data stolen, the size of the company, the type of network being infiltrated (read: we're not talking about a simple website here, nor are we even talking about a corporate website), and countless other variables. In other words: your search is absolutely useless for the sake of comparison.

Furthermore, I don't see anywhere in your search where a document proves that "almost every other company out there is just as bad." You're posting your own beliefs on the matter that do not relate to the findings of your flawed search. I also don't see how you can compare a state agency to a multibillion dollar technology corporation running a large scale technology service in terms of technology security.

You seem to be missing the point: I'm not saying that it is impossible for companies to have similar flaws to Sony. I'm saying it's stupid to attempt to shame someone for saying "well Microsoft doesn't have this flaw!" by insisting that Microsoft does have this flaw. Neither scenario is known, and either could be correct or could be wrong.

[Razorwing]

Thank goodness my CC just expired.

[Bhav]

Never use a debit card online. You are much safer with a credit card. With a debit card they can drain your bank account.

Never used a debit card anywhere in my opinion (unless you're withdrawing cash obviously).

With a credit card, the money that's spent isn't yours. So as long as you're responsible in terms of paying off your transactions every month, the credit card is the safest and most efficient way to spend.

(Of course, far too many people are careless fools when it comes to anything financial, so things don't always play out so well)

[CentralDogma]

Holy corporate shilling Batman!

I could understand the support for Sony during the whole homebrew lawsuit debacle, but this, this is absolutely horrendous on Sony?s part.

First it was ?don?t blame Sony, blame the hackers?. But I do blame the hackers, and there?s a nice jail sentence waiting for them if they?re ever caught. But I blame Sony, because I gave them my information under the impression that they would secure it properly. In fact, the ToS that they attempted to sue hackers over outlines exactly how they will treat your data. They had a duty to protect your data and failed, plain and simple.

Now it?s ?don?t blame Sony, every company leaks your data?. Do they? Steam and the Wii have yet to leak personal details. So, no, while some companies may not take the proper precautions, most will. And those that won?t receive likewise bad press. Was the Epsilon data breach not heavily covered in mainstream media even though it was just the user?s email that was leaked? With a headline like ?Citibank, Sears, MasterCard Data Stolen? how could they not. Was the Gawkers data breach not heavily covered on tech site even though it was a fraction (1.4 million) of Sony?s (75 million) and only the encrypted passwords? Considering the scope (75 million) and nature (email, password, DoB, address, CC info), this deserves a measure more coverage.

I really don?t know why anyone would defend Sony in this case. Do you all own Sony stock? Actually, if you did own Sony stock, you should be ****ed too. The outage of PSN on Easter weekend on the heels of 3 major releases is a financial disaster for Sony, and that?s not even taking into account the cost of cleaning up this disaster.

[MrArifPatel]

I've got a feeling it's going to be another long weekend for PSN gamers :(

[DPyro]

Just cancelled my CC even though I'm pretty sure I deleted the info, knowing Sony they kept my info anyway.

[DukeEsquire]

Holy corporate shilling Batman!

I could understand the support for Sony during the whole homebrew lawsuit debacle, but this, this is absolutely horrendous on Sony?s part.

First it was ?don?t blame Sony, blame the hackers?. But I do blame the hackers, and there?s a nice jail sentence waiting for them if they?re ever caught. But I blame Sony, because I gave them my information under the impression that they would secure it properly. In fact, the ToS that they attempted to sue hackers over outlines exactly how they will treat your data. They had a duty to protect your data and failed, plain and simple.

Now it?s ?don?t blame Sony, every company leaks your data?. Do they? Steam and the Wii have yet to leak personal details. So, no, while some companies may not take the proper precautions, most will. And those that won?t receive likewise bad press. Was the Epsilon data breach not heavily covered in mainstream media even though it was just the user?s email that was leaked? With a headline like ?Citibank, Sears, MasterCard Data Stolen? how could they not. Was the Gawkers data breach not heavily covered on tech site even though it was a fraction (1.4 million) of Sony?s (75 million) and only the encrypted passwords? Considering the scope (75 million) and nature (email, password, DoB, address, CC info), this deserves a measure more coverage.

I really don?t know why anyone would defend Sony in this case. Do you all own Sony stock? Actually, if you did own Sony stock, you should be ****ed too. The outage of PSN on Easter weekend on the heels of 3 major releases is a financial disaster for Sony, and that?s not even taking into account the cost of cleaning up this disaster.

Then sue Sony.

If you think Sony did something wrong, go find a lawyer. I bet he'd gladly work for a contingency fee basis because there are 70 million potential plaintiffs.

[Mr Winkle]

i don't think i can add any more than has already been said, but i really cannot believe that this data was stored as plain text in a database which was internet facing. worse still, the passwords tied to each account were not stored in the database as a non-reversible hash. it really is unbelievable and it really is terrible design.

but this has been a pr disaster for sony. here in the uk this data breach is all over the news with fairly high billing. it even made the pm programme on radio 4.

we don't know whether the entire database and credit card info has been exposed, truth is, we may never know. but the headlines and innuendo are hugely embarrassing.

the time it's taking for them to bring the platform back up seems to suggest that it is being re-written with levels of abstration in place so it's not possible for direct db access by some means. it wouldn't surprise me if there is a mandatory firmware update required to enable you to get back on psn as soon as it's up and running again with re-enforced api.

but it does go to show though, with the root key to the ps3 readily available the platform is effectively broken until the ps4 and this game of cat and mouse will not end here.

[+Audioboxer Subscriber²]

I need to ignore Twitter right now... there are tons of people (and site feeds) spewing ignorance galore...

I work at a company that deals with data security... we wish everyone that lost a laptop or left data unencrypted had used our product(s) first. The fact is, NOBODY is impervious to being hacked. It happens all the time to tons of companies. It happens at a much larger scale than the 75M PSN users.

By data breach standards, what Sony has done here is the absolute text book implementation of what to do correctly. They didn't put protocol aside to keep selling PSN content. They didn't put protocol aside to let gamers keep gaming, potentially muddying up the systems being scoured for clues. They didn't try to hide that this happened. They didn't try to analyze it themselves but instead brought in experts.

The people and sites that are faulting Sony on how they've handled this so far are simply, and I mean no disrespect by the use of the very most accurate word I can think of... "ignorant" as to what they're talking about.

If you think Sony should've battened down the hatched and never gotten hacked... talk to the HUNDREDS of other companies/brands/organizations out there that have endured the exact same fate. If you think Sony shouldn't have been storing credit card information (at all or in a certain way) you should know that all there are now are recommendations or guidelines, there are no LAWS yet that force companies to certain degrees of protection and even if they were adequately protected, depending on the extent and nature of the hack, having them protected to PCI DSS guidelines STILL might not prevent people from getting to our credit card information...

That said, Sony said there was no evidence that our credit cards were compromised. They recommended (and to be honest, this was worded well) that "While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained." How can they be faulted for that? Would you rather them lie and say "you're safe" or "they were compromised"?

This was a text book reaction to a large scale data breach and unlike MOST companies where we'd simply get an unexpected letter in the mail, we were somewhat kept in the look by the raised awareness that PSN being down leading them to say something. You don't spill details during an investigation and these things take time. Hell, try checking out your computer after you've had a trojan installed and activated... now amplify that work by about a bajillion. Going through that stuff takes time.

Source: http://forums.sarcasticgamer.com/showpost.php?p=645846