DPyro Posted May 1, 2011 Share Posted May 1, 2011 SOME PLAYSTATION?NETWORK AND QRIOCITY? SERVICES TO BE AVAILABLE THIS WEEK Phased Global Rollout of Services to Begin Regionally; System Security Enhanced to Provide Greater Protection of Personal Information Following a criminal cyber-attack on the company?s data-center located in San Diego, California, U.S.A., SNEI quickly turned off the PlayStation Network and Qriocity services, engaged multiple expert information security firms over the course of several days and conducted an extensive audit of the system. Since then, the company has implemented a variety of new security measures to provide greater protection of personal information. SNEI and its third-party experts have conducted extensive tests to verify the security strength of the PlayStation Network and Qriocity services. With these measures in place, SCE and SNEI plan to start a phased rollout by region of the services shortly. The initial phase of the rollout will include, but is not limited to, the following: Restoration of Online game-play across the PlayStation?3 (PS3) and PSP? (PlayStation?Portable) systems -This includes titles requiring online verification and downloaded games Access to Music Unlimited powered by Qriocity for PS3/PSP for existing subscribers Access to account management and password reset Access to download un-expired Movie Rentals on PS3, PSP and MediaGo PlayStation?Home Friends List Chat Functionality ..... Complimentary Offering and ?Welcome Back? Appreciation Program While there is no evidence at this time that credit card data was taken, the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in each region. The company will also rollout the PlayStation Network and Qriocity ?Welcome Back? program, to be offered worldwide, which will be tailored to specific markets to provide our consumers with a selection of service options and premium content as an expression of the company?s appreciation for their patience, support and continued loyalty. Central components of the ?Welcome Back? program will include: Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon. All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service. Music Unlimited powered by Qriocity subscribers (in countries where the service is available) will receive 30 days free service. Additional ?Welcome Back? entertainment and service offerings will be rolled out over the coming weeks as the company returns the PlayStation Network and Qriocity services to the quality standard users have grown to enjoy and strive to exceed those exceptions. Read More Link to comment Share on other sites More sharing options...
KyleGM Posted May 1, 2011 Share Posted May 1, 2011 SOME PLAYSTATION NETWORK AND QRIOCITY SERVICES TO BE AVAILABLE THIS WEEK Phased Global Rollout of Services to Begin Regionally; System Security Enhanced to Provide Greater Protection of Personal Information. Tokyo, May 1, 2011 ? Sony Computer Entertainment (SCE) and Sony Network Entertainment International (SNEI, the company) announced they will shortly begin a phased restoration by region of PlayStation?Network and Qriocity? services, beginning with gaming, music and video services to be turned on. The company also announced both a series of immediate steps to enhance security across the network and a new customer appreciation program to thank its customers for their patience and loyalty. Following a criminal cyber-attack on the company?s data-center located in San Diego, California, U.S.A., SNEI quickly turned off the PlayStation Network and Qriocity services, engaged multiple expert information security firms over the course of several days and conducted an extensive audit of the system. Since then, the company has implemented a variety of new security measures to provide greater protection of personal information. SNEI and its third-party experts have conducted extensive tests to verify the security strength of the PlayStation Network and Qriocity services. With these measures in place, SCE and SNEI plan to start a phased rollout by region of the services shortly. The initial phase of the rollout will include, but is not limited to, the following: ? Restoration of Online game-play across the PlayStation?3 (PS3) and PSP? (PlayStation?Portable) systems ? This includes titles requiring online verification and downloaded games ? Access to Music Unlimited powered by Qriocity for PS3/PSP for existing subscribers ? Access to account management and password reset ? Access to download un-expired Movie Rentals on PS3, PSP and MediaGo ? PlayStation?Home ? Friends List ? Chat Functionality Working closely with several outside security firms, the company has implemented significant security measures to further detect unauthorized activity and provide consumers with greater protection of their personal information. The company is also creating the position of Chief Information Security Officer, directly reporting to Shinji Hasejima, Chief Information Officer of Sony Corporation, to add a new position of expertise in and accountability for customer data protection and supplement existing information security personnel. The new security measures implemented include, but are not limited to, the following: ? Added automated software monitoring and configuration management to help defend against new attacks ? Enhanced levels of data protection and encryption ? Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns ? Implementation of additional firewalls The company also expedited an already planned move of the system to a new data center in a different location that has been under construction and development for several months. In addition, PS3 will have a forced system software update that will require all registered PlayStation Network users to change their account passwords before being able to sign into the service. As an added layer of security, that password can only be changed on the same PS3 in which that account was activated, or through validated email confirmation, a critical step to help further protect customer data. The company is conducting a thorough and on-going investigation and working with law enforcement to track down and prosecute those responsible for the illegal intrusion. ?This criminal act against our network had a significant impact not only on our consumers, but our entire industry. These illegal attacks obviously highlight the widespread problem with cyber-security. We take the security of our consumers? information very seriously and are committed to helping our consumers protect their personal data. In addition, the organization has worked around the clock to bring these services back online, and are doing so only after we had verified increased levels of security across our networks,? said Kazuo Hirai, Executive Deputy President, Sony Corporation. ?Our global audience of PlayStation Network and Qriocity consumers was disrupted. We have learned lessons along the way about the valued relationship with our consumers, and to that end, we will be launching a customer appreciation program for registered consumers as a way of expressing our gratitude for their loyalty during this network downtime, as we work even harder to restore and regain their trust in us and our services.? Complimentary Offering and ?Welcome Back? Appreciation Program Read the rest at Sony's Blog The "Welcome Back" program is looking pretty nice, I was going to buy PS+ before it went down so this just gives me even more incentive now :) ? Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.? All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service. ? Music Unlimited powered by Qriocity subscribers (in countries where the service is available) will receive 30 days free service. Link to comment Share on other sites More sharing options...
iamawesomewicked Posted May 1, 2011 Share Posted May 1, 2011 2:36 JST: Q: Was this hack exploiting a known vulnerability, or a new one? A: The one at this time was a known vulnerability, but SNEI management was not aware of it. We're creating an information security officer to improve that. (Sony declined to discuss details of the exploit... it sounds like protections against it aren't in place yet.) Source This eliminates the new CFW being the cause, essentially. Link to comment Share on other sites More sharing options...
Doli Posted May 1, 2011 Share Posted May 1, 2011 30 days pof PSN+ is nice. Free games for 30 days and discounts on some games. The free games expire after the service but you keep the PSN+ only avatars and themes. Link to comment Share on other sites More sharing options...
KyleGM Posted May 1, 2011 Share Posted May 1, 2011 Damn you DPyro :rofl: I just hope that the 15 months PS+ offer will still be on, cause I think it was ending in May. Link to comment Share on other sites More sharing options...
Kreuger Posted May 1, 2011 Share Posted May 1, 2011 Wow, PS+ free? Whoopee. Link to comment Share on other sites More sharing options...
rajputwarrior Posted May 1, 2011 Share Posted May 1, 2011 Source This eliminates the new CFW being the cause, essentially. how? Link to comment Share on other sites More sharing options...
CentralDogma Posted May 1, 2011 Share Posted May 1, 2011 3:01 JST: Sony decided to correct an earlier statement, saying that PSN passwords were not encrypted but rather hashed. Well, that's better than nothing. But if you were doing it right, you wouldn't be "asking customers to change all their passwords too, and change all passwords used on other websites that happen to be the same as the PSN ones". 2:36 JST: Q: Was this hack exploiting a known vulnerability, or a new one? A: The one at this time was a known vulnerability, but SNEI management was not aware of it. We're creating an information security officer to improve that. (Sony declined to discuss details of the exploit... it sounds like protections against it aren't in place yet.) Baffling... Link to comment Share on other sites More sharing options...
D. S. Veteran Posted May 1, 2011 Veteran Share Posted May 1, 2011 We will never know what really happened in the attack (at least not for a few years) because it would be foolish of SONY to release the details. We can debate it all we want but we'll never know for sure unless someone inside SONY leaks it. I, for one, am pretty happy that PSN is coming back online and hope that this situation never happens again and that there aren't any long or short term consequences for the people possibly affected. Link to comment Share on other sites More sharing options...
Fourjays Veteran Posted May 1, 2011 Veteran Share Posted May 1, 2011 Well, that's better than nothing. But if you were doing it right, you wouldn't be "asking customers to change all their passwords too, and change all passwords used on other websites that happen to be the same as the PSN ones". A hash would actually be pretty decent for security as it is one-way (no decryption, although it is still possible to crack it as with anything). Not sure why they'd do that if they have good encryption though (as they'd need for the CC info). If they are hashing the passwords then they shouldn't need to make everyone change them. My guess is they possibly hadn't salted the hash (addition of a random or user-specific value), or the salting method/value has also been exposed making it easier to crack the hashes. Of course, salting a hash/encrypting only makes it difficult once the attacker has the database of passwords. They shouldn't really get it in the first place, so how they got in is more important IMO. Link to comment Share on other sites More sharing options...
Miuku. Posted May 1, 2011 Share Posted May 1, 2011 But if you were doing it right, you wouldn't be "asking customers to change all their passwords too, and change all passwords used on other websites that happen to be the same as the PSN ones It's standard practice in the scenario of any leakage of information of any kind. If for example our business would leak customer information we would still send out warning to our customers and urge them to change passwords in any related services and/or services that they may have used the same authentication on. Better to be safe than sorry. Link to comment Share on other sites More sharing options...
+Audioboxer Subscriber² Posted May 1, 2011 Subscriber² Share Posted May 1, 2011 Whole event here - http://www.engadget.com/2011/05/01/sonys-kaz-hirai-will-address-playstation-network-hack-at-1am-et/ 2:46 JST: Sony says that there's some speculation, but that it doesn't have any proof that Anonymous is behind the attacks. "It's not that we don't have any infomation at all, but it's still within the realm of speculation," says Sony's translator. 3:38 JST: Sony is presently looking into structured ways to refund customers who wish to cancel their service, but don't presently have such a mechanism in place. Anyway, get service back, get the welcome pack rolled out, and if there is no proof of foul play 1~2 months down the line, I'm sorry to say for those incredibly upset about all of this, but business will get back to normal. I just want my service/online functionality back, nothing has happened to my account in 2 weeks. All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service. Link to comment Share on other sites More sharing options...
SkyDX Posted May 1, 2011 Share Posted May 1, 2011 It's standard practice in the scenario of any leakage of information of any kind. If for example our business would leak customer information we would still send out warning to our customers and urge them to change passwords in any related services and/or services that they may have used the same authentication on. Better to be safe than sorry. That. If my house key gets stolen and I manage to get it back I would still change the locks as I can't be sure that the thief hasn't made a copy :p Link to comment Share on other sites More sharing options...
neoadorable Posted May 1, 2011 Share Posted May 1, 2011 hope PSN goes back live soon, it would be nice to use the full features of the PS3. Link to comment Share on other sites More sharing options...
game_over Posted May 1, 2011 Share Posted May 1, 2011 Question: If i've bought something off the PSN store, but not a member of PSN+ (ie, my details shouldn't be stored in anyway - i'm not sure i've never checked) does this mean my details definitely wont be on the servers? The only thing i've ever bought is the COD:First Strike map pack a couple of weeks a go. Link to comment Share on other sites More sharing options...
D. S. Veteran Posted May 1, 2011 Veteran Share Posted May 1, 2011 Question: If i've bought something off the PSN store, but not a member of PSN+ (ie, my details shouldn't be stored in anyway - i'm not sure i've never checked) does this mean my details definitely wont be on the servers? The only thing i've ever bought is the COD:First Strike map pack a couple of weeks a go. If you used a CC and then didn't remove it from the acount details, then it will have been stored. If you removed it from your acount details, only then it wouldn't be in storage. If you used a PSN card, there shouldn't be any problem. Link to comment Share on other sites More sharing options...
Corris Veteran Posted May 1, 2011 Veteran Share Posted May 1, 2011 Free stuff is always nice, but I just want PSN back on-line, the day before it went off-line I was going to buy PixelJunk Shooter 2, and figured I would put it off and do it tomorrow, I go back on and everything is off-line, typical lol. Question: If i've bought something off the PSN store, but not a member of PSN+ (ie, my details shouldn't be stored in anyway - i'm not sure i've never checked) does this mean my details definitely wont be on the servers? The only thing i've ever bought is the COD:First Strike map pack a couple of weeks a go. Not sure why you mentioned Playstaion+, storing details has nothing to do with having or not having P+, if you bought something with your card from the Playstation Store and haven't removed the details yourself then they would have been stored somewhere for future use, just like most other on-line shops do. Link to comment Share on other sites More sharing options...
game_over Posted May 1, 2011 Share Posted May 1, 2011 Free stuff is always nice, but I just want PSN back on-line, the day before it went off-line I was going to buy PixelJunk Shooter 2, and figured I would put it off and do it tomorrow, I go back on and everything is off-line, typical lol. Not sure why you mentioned Playstaion+, storing details has nothing to do with having or not having P+, if you bought something with your card from the Playstation Store and haven't removed the details yourself then they would have been stored somewhere for future use, just like most other on-line shops do. AH i thought it was an reoccurring subscription? Link to comment Share on other sites More sharing options...
Corris Veteran Posted May 1, 2011 Veteran Share Posted May 1, 2011 AH i thought it was an reoccurring subscription? Yup it is, atleast as far as I know, but just like using Amazon or Paypal they will keep your card details stored somewhere so next time you come back you don't have to enter your details again. Link to comment Share on other sites More sharing options...
+Audioboxer Subscriber² Posted May 1, 2011 Subscriber² Share Posted May 1, 2011 AH i thought it was an reoccurring subscription? It is unless you turn off the automatic subscribe under account settings. Link to comment Share on other sites More sharing options...
Neo003 Posted May 1, 2011 Share Posted May 1, 2011 Sony apologizing to PSN customers. Not that I really care about free month of PSN, I already have PSN+ for a year so a month is not going to make much difference to me. But for people who don't, this is a good chance to see what it's all about. Link to comment Share on other sites More sharing options...
Miuku. Posted May 1, 2011 Share Posted May 1, 2011 Americons should take a lesson from that. Link to comment Share on other sites More sharing options...
Neo003 Posted May 1, 2011 Share Posted May 1, 2011 Americons should take a lesson from that. About what :/, how to screw up security and ask American to find out how did this all happen. Link to comment Share on other sites More sharing options...
Miuku. Posted May 1, 2011 Share Posted May 1, 2011 About what :/, how to screw up security and ask American to find out how did this all happen. It's called humility, something sorely lacking over there. Link to comment Share on other sites More sharing options...
Singh400 Posted May 1, 2011 Share Posted May 1, 2011 Dunno, if this has been posted yet. But it's worth a read:- Key points from the Sony Conference : gaming Link to comment Share on other sites More sharing options...
Recommended Posts