PSN Down

[LiquidSolstice]

Well then, Audioboxer, I'm glad you guys got your online back, our truce is over, now we have to return to our daily console fanboy wars ;)

[+Audioboxer Subscriber²]

Dunno, if this has been posted yet. But it's worth a read:- Key points from the Sony Conference : gaming

Hirai said that no improper CC usage has been reported and they have no evidence of CC info being compromised. They said that Sony will pay for CC reissuing and assist with monitoring/insurance programs for customers. If there are any improper charges, they will be handled on a case-by-case basis.

CC info was encrypted and stored in a different part of the database from user personal information. Because of this, user information and CC information are being categorized separately.

Needs to be nailed into people's heads.

[Ayepecks]

It's called humility, something sorely lacking over there.

I get the distinct impression you've never been to the United States, and if you have it was only briefly.

Great news on the PSN front (Y)

[BoredBozirini]

That is their security solution for passwords? Just hash them?

...

[Belazor]

Sony apologizing to PSN customers.

That actually really moved me, I know how big of a deal it is for Japanese people when they do that...

[+Audioboxer Subscriber²]

You can watch the press briefing here - http://www.irwebcasting.com/110501/02/3a33cc2c90/index.html

[Unrealistic]

What I honestly want is to know what my security password and question were, or at least an idea of what it was.

[rajputwarrior]

Americons should take a lesson from that.

get off your high horse of stereotypes bud

and sony bowing down and apologizing like that (Y)

[MrArifPatel]

PSN are going to have a whole bunch of new signups, the amount of people I know that don't remember their password and have put a fake D.O.B on their account which is what they need to recover it is unbelievable.

[DPyro]

Sony's idea on security:

http://www.youtube.com/watch?v=RcL6DwSufMI

[AbandonedTrolley]

That actually really moved me, I know how big of a deal it is for Japanese people when they do that...

Exactly, this is a MASSIVE gesture by Sony. Admittedly they had no choice but to come clean and say sorry, but the way they have handled it is pretty much perfect.

[+Audioboxer Subscriber²]

Exactly, this is a MASSIVE gesture by Sony. Admittedly they had no choice but to come clean and say sorry, but the way they have handled it is pretty much perfect.

I think it shows they are genuinely wanting to resolve all of this and are sorry, where as you'd be led to believe they don't care/just want your money/are incompetent from the comments everywhere. Most of the fanboys though will still create "funny" photoshops of the picture on the last page, or mock it, but we know absolutely nothing Sony done/will do will in anyway will alter even a slight bit of their perception. That however is not unique to this situation.

Don't think there's much point in trying to laugh at America/West and say companies wouldn't bow here, because, well, they wouldn't and that's just the way it is. The Japanese are typically more modest people than us, and that is reflected in their culture.

At the end of the day it was/is a nice gesture to show humility for the actions/lack of actions leading to and following this situation.

[Unrealistic]

Don't think there's much point in trying to laugh at America/West and say companies wouldn't bow here, because, well, they wouldn't and that's just the way it is.

Here, they would ask for a bail-out, then pay themselves billions of dollars in bonuses, all while proclaiming the new PSN is ten times better than it was before.

[Singh400]

This is defintely worth a read: Wrongly Jailed Security Whistleblower Caught Up in PlayStation Hacker Hunt | Threat Level | Wired.com

...

To that end, he used a man-in-the-middle hack to monitor the SSL-encrypted traffic from his home console to Sony?s servers. He loaded a self-signed certificate onto the console, and directed the traffic through a proxy server on his own network. When he pored through the traffic, he noticed that Sony was running outdated versions of the Apache web server.

Sony, it turns out, uses a cluster of Apache servers to authenticate PlayStation consoles, a different cluster to serve downloadable content, another to store image files, etc. All of them are directly accessible from the internet, he says ?- there?s no VPN between the console and the PlayStation Network. And he claims all the servers were all at least a little out of date.

?Literally everything goes through a web server somewhere,? he says. ?Different [sony] divisions maintain different servers. I never saw a current version of Apache on any of them.?

Sony did not respond to an inquiry from Threat Level on Friday.

McDanel admits he doesn?t know that Sony?s web servers were vulnerable to attack. The authentication server he mentioned in the chats was running Apache 2.2.15, which was superseded in June 2010, but has no remote-access vulnerabilities listed on Apache?s website.

...

[bobeck]

I've always been mildly paranoid about my cc info with consoles...only use points cards for psn and live and only renew my live through cards...in retrospect i'm kinda glad i have

[American Ninja]

PlayStation Network Security Update

On Tuesday, April 26 we shared that some information that was compromised in connection with an illegal and unauthorized intrusion into our network. Once again, we?d like to apologize to the many users who were inconvenienced and worried abut this situation.

We want to state this again given the increase in speculation about credit card information being used fraudulently. One report indicated that a group tried to sell millions of credit card numbers back to Sony. To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list.

One other point to clarify is from this weekend?s press conference. While the passwords that were stored were not ?encrypted,? they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form. For a description of the difference between encryption and hashing, follow this link.

To reiterate a few other security measures for your information: Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.

We continue to work with law enforcement and forensic experts to identify the criminals behind the attack. Once again, we apologize for causing users concern over this matter.

Our objective is to increase security so our customers can safely and confidently play games and use our network and media services. We will continue to provide updates as we have them.

Source: http://blog.us.playstation.com/2011/05/02/playstation-network-security-update/

Glad to see them debunking all those false news stories going around.

[x9248]

Saying "to my knowledge" debunks nothing. Just like how they keep emphasizing that CCV codes were not taken... IF (believe who you want) credit card info was taken the numbers and expiration is good enough to purchase from some websites.

[neoadorable]

well, i just re-joined the Sony family so please don't think i'm badmouthing anyone, but their attitude towards security is lax, certainly laxer than MS. i mean just look at the parental control password for the PS3. it's numbers that show up on the screen as you type them! i mean, come on!

[Massiveterra]

Looks like SOE got attacked too. This happened BEFORE the PSN attack but they only found out yesterday.

http://www.guardian.co.uk/technology/blog/2011/may/03/sony-data-breach-online-entertainment

[LingeringSoul]

The Sony press conference (particularly the images of Kaz Hirai and the other two people bowing) has definitely tempered a lot of the anger that I initially felt toward the company. After all of those posts on the Playstation Blog that look like they were written by a robot, it is moving indeed to see a more emotional response coming from Sony. That humility and that human touch is worth a lot more than a material compensation in my eyes.

Good for Sony (Y) .

[bob_c_b]

Sorry but Sony deserves all the lumps/bruises they get for this, clearly not taking their data security seriously enough. If you want to play the cultural sensitivity card and buy into emotional arguments feel free, but those guys can bow all day, my personal data and CC# (luckily for me an expired CC, not so much for others) is in the wild and their apologies do little for people scrambling to protect their identities and credit scores.

[jerzdawg]

Sorry but Sony deserves all the lumps/bruises they get for this, clearly not taking their data security seriously enough. If you want to play the cultural sensitivity card and buy into emotional arguments feel free, but those guys can bow all day, my personal data and CC# (luckily for me an expired CC, not so much for others) is in the wild and their apologies do little for people scrambling to protect their identities and credit scores.

Wish I could + this one. While I do appreciate the humility, it doesnt change what happened. How any of you can change your opinion based on an apology and a bow is odd to me. I do wish we would get more concrete answers from Sony instead of "to my/our knowledge". There has to be server logs that would contain exact details of what information the hackers got.

[rajputwarrior]

Wish I could + this one. While I do appreciate the humility, it doesnt change what happened. How any of you can change your opinion based on an apology and a bow is odd to me. I do wish we would get more concrete answers from Sony instead of "to my/our knowledge". There has to be server logs that would contain exact details of what information the hackers got.

to my knowledge is what politicians say when they caught effing around with money or hookers. sony just refuses to full out admit the full extent of damages that may cause any sort of fear and hurt their stock prices anymore.

[Knightwolf20024]

another class action psn lawsuit

[shakey]

another class action psn lawsuit

This will be thrown out. How naive she is to think that our data is secure in anyone's hands. The US Government has had many more leaks of my information than I believe any company ever has, but they can't be sued for it. They just give a , "oopsie, someone did something" excuse, and that's all we can take. So to think a company will do a better job than one of the top leading nations in the world... that is just stupid.

Nothing they got anyway you couldn't get from any phone book or open facebook profile. People too sensitive about things that aren't even personal. Your name, address, email, all given away at the whim anyway whenever anyone basically ask for them about anything.