http://www.escapistmagazine.com/news/view/109568-Sony-Admits-Private-PSN-Info-Has-Been-Stolen-All-Of-It

While it doesn't say much about what exactly happened, a new update to the PlayStation Network disaster reveals that somebody, somewhere, managed to break into the system and get hold of your private information - all of it.

If you're reading this, then you're almost certainly aware that over the past week, Sony's PlayStation Network has been suffering some rather severe technical difficulties. Sony is apparently still trying to figure out what's going on, or at the very least isn't yet ready to disclose all the facts, and there's still no ETA for a resumption of services. But in a new status update, Sony revealed that PlayStation Network and Qriocity user data has in fact been compromised. And not just your PSN ID.

"Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID," Sony's Patrick Seybold wrote in a message being sent to all registered PSN account holders. "It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained."

"If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," he continued. "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

In other words, not to put too fine a point on it, whoever broke into Sony's systems got everything - everything. At this point, the situation appears to have shifted from a dispassionately amusing debacle to an absolute balls-out train wreck, certainly not helped by the fact that Sony may have sat on this information for nearly a full week before letting the public know just how badly it was compromised.

Sony advised PSN members to pay special attention to their credit card account statements and other related information, be alert for email, telephone and postal scams and change all passwords as soon as possible, which is to say, whenever Sony gets the PSN working again. It also regrets any inconvenience.

And it ain't over yet, folks. We'll keep you posted.
Wow.

Just wow.

Hope you guys didn't have to much sensitive info in their.

just a second take on Kotaku

A security breach in the Playstation Network by still unidentified hackers resulted in stolen personal information, Sony confirmed today.

Sony says while personal information was likely stolen they don't believe credit card numbers were and that they hope to have the Playstation Network service back up within a week.

The news comes more than nine days after the intrusion and six days after Sony shut down both the Playstation Network and Qriocity services in reaction to the breach. Sony says they've hired a "recognized security firm" to conduct a complete investigation into what happened and have taken steps to enhance security and strengthen network infrastructure.
"We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network," Patrick Seybold, senior director of corporate communications for Sony Computer Entertainment of America, wrote on the official Playstation Blog today.

Among the possible information stolen:

Name
Address (city, state, zip)
Country
Email address
Birthdate
PlayStation Network/Qriocity password and login and handle/PSN online ID.
"While there is no evidence at this time that credit card data was taken," writes Seybold, "we cannot rule out the possibility."

"If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained," Seybold continues.

Sony is encouraging users to be especially aware of potential phishing scams from people using email, phone calls and mail to try and extract more personal or sensitive information from you. Sony also is strongly recommending that you change you password once you're able to log back into the Playstation Network.

"To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports," Seybold wrote

"We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions."

But i suggest you keep up with the Playstation official Blog
http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/

I understand this is bad, but i get reeeeeeeally annoyed to the way some people are reacting to this.

It's hard to understand what this is under the scope of a Huge company like Sony, but this is the sort of situation where you want to take a LOT of care about what information you release, in what order... you don't want to pass out incorrect information to the media or the customers, and you certainly don't want to feed information that can reach the people who did this in the first place.

This is real ugly stuff, but this one time i'm not avert to say that Sony is the victim this time around

They were trying to protect their image at the expense of their customers. That's really what the week long wait boils down to. I wouldn't accept it if my bank took a week to tell me my info was compromised, so I'm sure as hell not taking it from Sony.

They were trying to protect their image at the expense of their customers. That's really what the week long wait boils down to. I wouldn't accept it if my bank took a week to tell me my info was compromised, so I'm sure as hell not taking it from Sony.

Or maybe it took them a Week to actually asses the correct information and coordinate all of this mess?

seriously... is this really hard to grasp? Does it HAVE to be "fiendish evil corporation sacrifice customers to delay information for a few days about being attacked by hackers"?

Or maybe it took them a Week to actually asses the correct information and coordinate all of this mess?

The right thing to do, were they unsure which I doubt, would have been to inform customers, "Some of your info may have been leaked," from word go.

The right thing to do, were they unsure which I doubt, would have been to inform customers, "Some of your info may have been leaked," from word go.

Which they did.

They specifically said that they don't know if customer information was leaked, and they would release information as soon as they were sure.

then cause panic, HUGE backlash in stock value, customer support, risk lawsuits, involve banks in the mix and multi million dollars in potencial financial trouble for something that "may or may not have happen" months before E3, instead of wait a few days and provide the best reliable information... doesn't sound like the right thing to do

Which they did.

They specifically said that they don't know if customer information was leaked, and they would release information as soon as they were sure.

*looks at all official updates on Sony blog*

*sees nothing of the sort*

When'd they do that? Can I see a source?

then cause panic, HUGE backlash in stock value, customer support, risk lawsuits, involve banks in the mix and multi million dollars in potencial financial trouble for something that "may or may not have happen" months before E3, instead of wait a few days and provide the best reliable information... doesn't sound like the right thing to do

Yes, waiting several days to cause these things was clearly the right thing to do.

http://www.pcworld.com/article/226162/Sony_Yet_to_Determine_Scope_of_PlayStation_Network _Attack.html#tk.rss_news

Edit: A bit later than my initial blurry eyed reading last night made it sound, admittedly, but that is in fact a thing they told the press.

So... yesterday...

EDIT: Also gotta love all the updates despite that possibility focusing on, "We're just taking it down while we improve our infrastructure no worries be happy now."

The site, that they took down because of the breach, has been down for a week. I'm SOMEWHAT SKEPTICAL that it took them until just yesterday to realize, "Oh hey, some stuff miiiight have been leaked," especially since they were able to give a fairly clear list of what was leaked today.

It's not the same thing!

There is no way to cut this in a positive light, but they didn't simply wait to tell... now they've informed, the information is correct and conclusive and inform people what to do next, there is a private investigation firm searching for who did this, they are rebuilding the entire system to prevent further and future leaks and they were able to assess what information was leaked because of that... maybe, just maybe, that's all information they didn't have on the first days

It is one of the largests Companies in the world y'know... you don't compile that amount of data and mobilize that many people and offices in a turn of 24 hours.

It's not the same thing!

There is no way to cut this in a positive light, but they didn't simply wait to tell... now they've informed, the information is correct and conclusive and inform people what to do next, there is a private investigation firm searching for who did this, they are rebuilding the entire system to prevent further and future leaks and they were able to assess what information was leaked because of that... maybe, just maybe, that's all information they didn't have on the first days

It is one of the largests Companies in the world y'know... you don't compile that amount of data and mobilize that many people and offices in a turn of 24 hours.

They took it down because there was a breach. As in, they knew there was a breach, and then they took it down.

It took them several days to inform people of the breach. Then several more to inform about the possibly compromised info.

Yesterday, they "weren't sure" if any info had been leaked.

Today, they're able to list almost exactly what was leaked, but phrase the credit card stuff as possible.

If they were able to do that, I highly doubt they only realized, just yesterday, that info might have been leaked. They knowingly kept customers in the dark about the theft of this info because it would make them look bad.

You can phrase it politely and as in their favor as you want, but that is what happened.

Did...I miss a few pages or something where this was all ramped up to sucha point or something?

On topic, I will say that, if Sony didn't have at least a small inkling that this might have been malicious early on, then they are very poor at this and I still don't regret not giving them my money so they could let my info get leaked.


edit: If they knew from the take-down that it WAS a Breach, there is absolutly no excuse for not informing the consumer at the same time

On topic, I will say that, if Sony didn't have at least a small inkling that this might have been malicious early on, then they are very poor at this and I still don't regret not giving them my money so they could let my info get leaked.

They knew it was malicious the first day it went down.

Also, Bells is VERY UPSET that I'm blaming Sony for this I guess.

They knew it was malicious the first day it went down.

Yeah, slipped in a quick edit, that sort of business practice is just disgusting and shameful.

Yeah, I mean, my main problem isn't that they were hacked. Maybe they should have had better security, and if my info were at risked yeah I'd be pretty pissed, but I'm not all "RAWR SONY I HATE YOU FOR GETTING HACKED." My main problem is their incredibly poor handling of the situation.

There's no way for Sony to cut this in a positive light so instead they just didn't say anything till the last possible second and so made themselves look negligent. Dunno who is in charge of Sony's P.R department but I'd make 'em commit seppuku..

Had they said something a week ago when it happened, at least customers would've got the impression they were somewhat on top of things. If they thought for a second there was a risk of identity theft they shoulda informed us, so we could have had a heads up.

Weather forecasters don't tell you there's a tornado coming when it's at your doorstep, they let you know early that you can expect the possibility of one and you prepare for it.

I find it incredibly hard to believe Sony hadn't the slightest clue there was a security breach, and if so, they could have at least released some kinda "Maybe you all ought to change your passwords and beware.."

And if they were wrong, and there actually was no security breach and we ended up all fine and dandy, then so be it. They'd have inconvenienced customers slightly instead of majorly.

This was going to end up as a P.R nightmare anyway, so they were going to look bad before E3 regardless.

They knew it was malicious the first day it went down.

Also, Bells is VERY UPSET that I'm blaming Sony for this I guess.

i'm not "very upset" it just annoys me all this assumption being made in order to blame Sony as some sort of Evil Mastermind of Corruption and Corporate Greed, when in fact they act pretty much as any self respecting corporation would in a case like this...

This was not some sort of "prank" by a couple of Hackers, this was an actual criminal activity against sony. And a serious one, a big one. In cases like this you -do not- rush to tell everyone what "may perhaps have happen", you get your facts straight and then inform your customers a one-note speech with truthful information. That's what sony did, specially considering that this is linked to a serious criminal offense that will have legal repercussion, you have to measure your words and actions... not just "cause it's nicey nice to do" but cause there are also legal reasons to act this way.

I know people loooooooove to shit on corporations and Sony, but this time they are actually the first Victim in this case.

This was not some sort of "prank" by a couple of Hackers, this was an actual criminal activity against sony. And a serious one, a big one. In cases like this you -do not- rush to tell everyone what "may perhaps have happen", you get your facts straight and then inform your customers a one-note speech with truthful information. That's what sony did, specially considering that this is linked to a serious criminal offense that will have legal repercussion, you have to measure your words and actions... not just "cause it's nicey nice to do" but cause there are also legal reasons to act this way.

Out of curiosity, what legal repercussions would have resulted from them informing customers that there was a possibility of leaked information the first day the network went down?

I mean, you're saying that companies don't do that in this kind of situation, but why? What is at stake for them not to? It's not like a judge would look at the case and be like "Oh, Sony was suggesting information MIGHT have been leaked before they were sure? Case tossed." That's not a thing that happens.

Guys, I'm gonna say this once, so y'all shut up and listen. Sony is handling this well and anyone with any clue as to how this shit works would know that.

The first step is to minimize damage. When someone hacks into your system, they're not always sloppy about it and you may not know you've been hacked at first. They took down PSN when it became clear that it would be the best way to minimize further damage.

The second step is not to give out bad info. The press looooooves them some bad info to go to town on. Sony hired on a security analyst to help them track down what exactly happened and that analyst is the one who's given them the info they're releasing now. Sony COULD have just gone "OH NOEZ WEVE BEN HACKED UR DATAZ R ALL GONE!" and it would have accomplished jack shit and probably not been accurate, instead causing a panic and media frenzy based on what would have likely been bad info.

The third step is to fully assess what happened so you can give out GOOD info, which is what they're in the process of doing now. This will lead to the perpetrators tossing the salad behind bars when it's all figured out.

They're also well on their way to step 4, which is to make sure it doesn't happen again. They're already beefing up the system so it'll be more secure when they re-launch it.


Sony is handling this as best as can be expected given that someone, for the very first time, managed to compromise their online system. It's only been, oh, what, going on FIVE YEARS or so since it launched? The fact that they were hacked is by no means their "fault." If someone wants to get into your system, bullheaded persistence will eventually pay off. They had it up for years with no issue, and let's face it, they were carrying lots of juicy info. People were probably trying for ages to get into it and someone finally succeeded. Yes, that they were hacked is not a good thing, and they'll be hearing about it for years, I'm sure, but this, I assure you, was not some fly-by incident.



I think the thing that pisses me off most about this are the trolls and people who just want to stir up shit. Looking at the posts on the blog, the same three trolls are causing a ruckus, or trying to, and it makes me smile to see the intelligent people telling them to fuck off and the couple of posters there who actually know their stuff.

Your characterization of my argument is ridiculous.

I am saying they likely had this info long before releasing it.

They chose not to, because it would reflect badly on them.

Given the bad news, they should have warned customers as soon as possible.

They did not do that.

They actively kept customers in the dark as much as possible while this was going on.

There is no real explanation for that other than it would have been inconvenient for Sony.

Yes, it would have. It sucks, but these things happen. I'm not blaming them for being hacked.

However, that being hacked was, likely, not their fault does not excuse their poor handling of the situation. They could have had an official statement written up the moment they knew. They chose not to. There is no excuse.

Everyone's to blame, and

http://wiki.urbandead.com/images/7/7b/NONE_OF_YOU_ARE_SAFE.jpg

i blame Sony as some sort of Evil Mastermind of Corruption and Corporate Greed, when in fact they act pretty much as any self respecting corporation would in a case like this...

There is a joke here.


In seriousness, no. You don't dick around for a week making 100% absolutly sure that your customers had information stolen. It does not make people feel better that you let their private infomation hang in complete limbo for an entire week just so you wouldn't have to be wrong because you took caution and had respect for your customers.

That is not the lesser of two fuck-ups. I'd rather have to say "Hey guys, sorry about the scare there they didn't steal anything" then have to say "They stole everything you gave us, and they did it a week ago but we wanted to be sure"

causing a panic and media frenzy based on what would have likely been bad info.Happening anyway, but worse because they didn't let on that there might have been a risk originally.

So again: Out of curiosity, what legal repercussions would have resulted from them informing customers that there was a possibility of leaked information the first day the network went down?

I mean I get what you're saying, and yeah, OTHER THAN waiting this long to be like 'Hey, you might want to be careful of your credit card information for awhile' they are handling it well. But they have actually put their customers at risk by not stating as soon as they knew it was an intrusion they didn't know if customer information had been compromised. And saying they don't know isn't giving bad information. It's simply throwing a heads up to the consumer.

Which doesn't hurt anyone. If everything was safe everyone gets to be relieved in a few days when they learn that. If it's not, then no one is caught off guard.


EDIT: I am kind of curious how much of my own information was leaked. I haven't done anything on PSN for about 5 months. Obviously password, birthday, account info stuff like that. But I'm not sure if they'd even still have credit card information from when I bought the Scott Pilgrim game. Guess I'll call my bank and request new cards just in case, anyway.

Your characterization of my argument is ridiculous.

I am saying they likely had this info long before releasing it.

They chose not to, because it would reflect badly on them.

Given the bad news, they should have warned customers as soon as possible.

They did not do that.

They actively kept customers in the dark as much as possible while this was going on.

There is no real explanation for that other than it would have been inconvenient for Sony.

Yes, it would have. It sucks, but these things happen. I'm not blaming them for being hacked.

However, that being hacked was, likely, not their fault does not excuse their poor handling of the situation. They could have had an official statement written up the moment they knew. They chose not to. There is no excuse.

Dude, your entire viewframe of this does not match the reality of the situation... your opinion that they "handled poorly" is only based in your own opinion that "they had the information early" which by itself is not solid.

What boogles my mind is how people aim all their sights at Sony while nearly nobody mentions the actual hackers to attacked their servers and stole the data and are the ones likely to use such data to harm Sony Customers. No server is absolutely safe and we all know why Sony got attacked.

Even if Sony had a Clue that this information leak was a possibility, they can't simply rush to the web and Blog about it. There are legal teams, entire departments, PR, a whole chain of command that this information has to go through before it reaches the Media... They can't provide just the problem. They have to provide the problem AND the ongoing solution, and practical solutions take time to put together. That's where "we've take down the service and are rebuilding it" and "Investigation team" come in. It's not a single phone call away.

So where "long before releasing" becomes reckless instead of By-the-book prudent? It's all assumptions made to blame Sony somehow, even though nobody has a real time frame for this "when did they know" "when they decided to act" "when they decided to hold off"... none of these are real complains, they are just bickering to kick the shins of the big old mean corporation...

In seriousness, no. You don't dick around for a week making 100% absolutly sure that your customers had information stolen

Your point comes entirely from the mindset that they were "dicking around". Maybe they jumped promptly to action and "telling everyone" was simply not the most important priority on top of the list. Like i said... it's different you come out telling the problem and you come out telling the problem and what you are already doing to prevent further damage and fix what was already damaged...

it's really not hard to grasp

none of these are real complains, they are just bickering to kick the shins of the big old mean corporation...



Your point comes entirely from the mindset that they were "dicking around". Maybe they jumped promptly to action and "telling everyone" was simply not the most important priority on top of the list. Like i said... it's different you come out telling the problem and you come out telling the problem and what you are already doing to prevent further damage and fix what was already damaged...

it's really not hard to grasp

Thanks for just tossing out that little "It isn't valid because you just want to blame Sony for everything" thing again, it really helps the cause.

Yes, it is hard to grasp how priority 1 is not to inform the public of a potential danger to their personal security, but instead to save as much face as possible by not saving any face at all.

Bells, I find your characterization of my argument increasingly inaccurate and insulting.

You claim that my arguments are based only on my opinion which is "not solid," according to you. However, the same is true of you, and we at least know they were aware of an intrusion before taking their services down. I explained my reasoning for why they had that info before: That it is highly unlikely they spent five days without any of this info, suddenly knew that there was a possible leak, and were then able to give very in depth info on the leak the very next day. I think this line of reasoning, that the information spike was too sudden to correlate with the information Sony had, is a fairly solid one. It's certainly at least as valid as your assumption that they didn't have this info before now.

Also important to keep in mind is that I've never said I excuse the hackers, and have specified that I don't blame Sony for being hacked.

In short: Please stop mis-characterizing my argument in an insulting way. Don't trivialize my argument as "just opinion" without recognizing the same could be said of your own. Please keep in mind that the blame I lay at Sony's feet is for only a very specific part of these events.

Thanks for just tossing out that little "It isn't valid because you just want to blame Sony for everything" thing again, it really helps the cause.

Yes, it is hard to grasp how priority 1 is not to inform the public of a potential danger to their personal security, but instead to save as much face as possible by not saving any face at all.

Sorry i wasn't really trying to diminish your own position.

What i'm saying is that they are not "trying to save face". when the boat is sinking you don't rush to tell the captain and the passangers. You try to plug the damn hole. Regardless of progress then you inform of the hole and assess the current situation that you see if you should turn around to port.

You the boat is sinking you don't rush to tell the captain and the passangers.

You tell the captain. Not you, personally, the guy plugging the hole, but SOMEONE does.

You can try to plug the hole and start informing and evacuating passengers at the same time.

What boogles my mind is how people aim all their sights at Sony while nearly nobody mentions the actual hackers to attacked their servers and stole the data and are the ones likely to use such data to harm Sony Customers. No server is absolutely safe and we all know why Sony got attacked.Because no one knows anything about them yet. Was it a them? Was it a him/her? Did they save the information or just pull it and delete it to prove a point? Are they in it for money? Chaos? Is it an attack based on an ideological view? Nothing really excuses it, but it's really hard to lay your targets onto a complete unknown.

At best we can waggle our fingers at the darkness and say 'oooh, you hackers.' Which, I mean, really? Yeah. They/he/she did a bad thing. Everyone knows they did a bad thing. There's nothing to discuss about that. It was bad. It shouldn't have been done. There will be legal repercussions if they are caught. Everyone agrees here.

Conversation on hackers done.

Even if Sony had a Clue that this information leak was a possibility, they can't simply rush to the web and Blog about it.Why?
There are legal teams, entire departments, PR, a whole chain of command that this information has to go through before it reaches the Media...Which all have to be consulted even if they're just saying they're taking it down. This is true of ANYTHING they say, unless there was complete silence (which there wasn't) this argument holds no watter.

So, again, why?

They can't provide just the problem. They have to provide the problem AND the ongoing solution, and practical solutions take time to put together.Why not? Why can't they inform customers there is a problem and they are in the process of doing x/y to attempt to fix it. Which is what they did, really, except they didn't bother mentioning what the problem actually was, when they said they were rebuilding their service and hired a security company.

What, exactly, kept them from tagging on a 'we don't know if customer information has been leaked at this time, but we will keep you informed as data presents itself' to the original mention of an external attack?

even though nobody has a real time frame for this "when did they know" "when they decided to act" "when they decided to hold off"Because Sony hasn't told us. They've told us next to nothing. We know they knew it was a possibility before they released it on the blog, however, because they told the press yesterday that they were unsure about customer information.

In fact, they must have known when they knew there was an external attack at ALL that they didn't know if customer information had been compromised. That's actually standard policy for basically every other company. Get hacked, release PR statement saying that they don't know if customer information was compromised but they will keep the user base informed.

Maybe they jumped promptly to action and "telling everyone" was simply not the most important priority on top of the list.Why shouldn't it be?

what you are already doing to prevent further damage and fix what was already damaged... PART of which is telling customers that they may need to watch their credit card statements/that their private information may be compromised. That is exactly how you prevent further damage when customer information has been leaked.

it's really not hard to graspAgreed.

Reading about "plugging the hole" and misreading Bells's "assess" as "asses" really threw the last few posts into a curve for me...

EDIT: Rereading them.

You can try to plug the hole and start informing and evacuating passengers at the same time.

While Freaking the fuck out, i would imagine... but again, if you take that route and then it turns out the hole was a minor problem that you could fix and proceed voyage normally, you would have a ton of people evacuating and panicking over something that didn't have to freak out about... so... first you evaluate then you act.

Krylo, just this doesn't turn into a blockade of text that would prevent others of joining i'll try to compress this into a minor post, hope i can respond your question in a proper form...

Maybe it's just Sony internal politics, but overall it makes legal sense, makes business sense to never dump a possible problem (a serious problem) on your customers unless you already have a fix underway. So, getting a solution to the problem comes first.

And nobody can actually take off the table the possibility that Sony did not have a full grasp of the problem and that's why they didn't inform it early on. In their own statements they inform that personal information was leaked but they could -not- inform for sure if Credit card information was stole (i would imagine because it's encrypted somehow?).

Reading about "plugging the hole" and misreading Bells's "assess" as "asses" really threw the last few posts into a curve for me...

I have no control over my S

... and if you read the above sentence literally, i just made a funny... HAH!

While Freaking the fuck out, i would imagine... but again, if you take that route and then it turns out the hole was a minor problem that you could fix and proceed voyage normally, you would have a ton of people evacuating and panicking over something that didn't have to freak out about... so... first you evaluate then you act.

Meanwhile, a ship full of passengers is sinking and it later turns out that yes you should have evacuated and informed passengers ASAP, but you didn't because for some inexplicable reason you thought telling them when the ship has sunk more than it already had would cause less of a panic.

overall it makes legal senseYou keep shoving legal in there. Legal doesn't belong in any way.

makes business sense to never dump a possible problem (a serious problem) on your customers unless you already have a fix underway"Makes business sense" does not excuse not informing customers of something that affects them to a SEVERE degree. Makes business sense is never an excuse for anything.

then cause panic, HUGE backlash in stock value, customer support, risk lawsuits, involve banks in the mix and multi million dollars in potencial financial trouble for something that "may or may not have happen" months before E3, instead of wait a few days and provide the best reliable information... doesn't sound like the right thing to do

Versus going after a kid for hacking his own PS3 to add in a feature that was on the fatboy PS3s... Yeah, priorities are a little borked here.

Well with the security compromise it's a good thing I did all purchases through those PSN cards you can get at Walmart. Though I am pissed that they let a stranger get away with totally fucking over their network security.

There seems to be moments when the network is up for like half a minute (I suddenly got a software update notification while play Fallout: New Vegas, and then I got the connection error a moment later), so at least they're trying to restore stuff.

Assuming the analogy is valid

We'd also be talking about a ship that would have been sinking for six whole days before the crew decided to inform passengers of a problem. The difference is, I think the passengers would know on day six there was an issue, whereas PSN customers are in the dark unless Sony tells them. I just assumed it was down due to routine maintenance. Also in the case of a ship sinking, death is the consequence of not heeding a warning and evacuating. In the case of the PSN, it's a financial issue, and while that is serious, it's not as serious as death.. So I'm not sure it's an apples-apples comparison..


I guess it's probably not useful to the discussion for me to nitpick the analogy, but everyone else is saying the important stuff much better than I could at the moment :P

Guys, I'm gonna say this once, so y'all shut up and listen. Sony is handling this well and anyone with any clue as to how this shit works would know that.

The first step is to minimize damage. When someone hacks into your system, they're not always sloppy about it and you may not know you've been hacked at first. They took down PSN when it became clear that it would be the best way to minimize further damage.

BS. Sony is about control and they're paying for that. The flaws were discovered (https://www.eff.org/deeplinks/2011/01/sony-v-hotz-sony-sends-dangerous-message) by research teams a while ago. That's not fixing it by going after the people that can help you fix your flaws.

The second step is not to give out bad info. The press looooooves them some bad info to go to town on. Sony hired on a security analyst to help them track down what exactly happened and that analyst is the one who's given them the info they're releasing now. Sony COULD have just gone "OH NOEZ WEVE BEN HACKED UR DATAZ R ALL GONE!" and it would have accomplished jack shit and probably not been accurate, instead causing a panic and media frenzy based on what would have likely been bad info.

And again, Sony was aware of the flaws a long time ago. That they could have fixed or started the patches for. They decided going after geohot was their primary focus. It wasted their time, along with their money in a fruitless endeavor to make an example out of him. They should have been fixing the problems of the network. Not installing rootkits, not taking away (AGAIN) the Other OS feature, not suing hackers that can help for control...

The third step is to fully assess what happened so you can give out GOOD info, which is what they're in the process of doing now. This will lead to the perpetrators tossing the salad behind bars when it's all figured out.

Yeah, good luck with that. What if the guys are in Nigeria, or Romania? Or how are they going to go after him if he just disappears without a trace? There's ways to make yourself ping from different countries. It's going to be an interesting battle.

They're also well on their way to step 4, which is to make sure it doesn't happen again. They're already beefing up the system so it'll be more secure when they re-launch it.

Uhm... 2 years and they've had the same security flaws? (http://www.engadget.com/2008/03/27/major-security-vulnerability-discovered-for-playstation-network/) Even Infinity Ward complained recently (http://consolepress.com/main/2011/01/16/infinity-ward-on-mw2-and-ps3-security-flaws/)


Sony is handling this as best as can be expected given that someone, for the very first time, managed to compromise their online system. It's only been, oh, what, going on FIVE YEARS or so since it launched? The fact that they were hacked is by no means their "fault." If someone wants to get into your system, bullheaded persistence will eventually pay off. They had it up for years with no issue, and let's face it, they were carrying lots of juicy info. People were probably trying for ages to get into it and someone finally succeeded. Yes, that they were hacked is not a good thing, and they'll be hearing about it for years, I'm sure, but this, I assure you, was not some fly-by incident.

Yes, yes it is their fault, because they wasted their time with their own bullheaded tactics. They made themselves a target through their own arrogance and stupidity. There were a lot of projects that hinged on using their product in various ways. The army PS3 supercomputer project, the Other OS for linux support, hell, I can't think of them all. All they had to do was find out the needs of their consumer base but they were too focused on doing what Sony thought was best. It garners no sympathy from the community for its actions and this is the equivalent of a karmic kick in the nuts to their platform.

You keep shoving legal in there. Legal doesn't belong in any way.


A straight out crime was commited that includes a violation of Credit Card information that was placed under Sony's care... you really think nobody would give a ring to Sony's legal team about this...?

i'm also trying to illustrate this

http://cache.gawkerassets.com/assets/images/9/2011/04/sony_stock.jpg

Sony Stock exchange values as of today. From Sony's point of view, this would be worst have they come out about "information theft" in the first hour of it happening, instead of organizing information and presenting it together with an ongoing solution (that they would not have in that first hour). Not saying it's brilliant thinking, just saying i can understand they thinking this way

A straight out crime was commited that includes a violation of Credit Card information that was placed under Sony's care... you really think nobody would give a ring to Sony's legal team about this...?

Whaaaa?

"Your information was stolen... a week ago." Makes "legal" sense? No. Stop it. That's gibberish.

i'm also trying to illustrate thisI'm trying to explain that "Is good for the business" does not equal "Is an okay thing to do." Quite often they are contrary to each other. You seem to be outright arguing that because it was good for the business it is okay they did something that was actively harmful to customers.

April 26, 2011
Mr. Jack Tretton
President and CEO
Sony Computer Entertainment America
919 East Hillsdale Boulevard
Foster City, CA USA 94404

Dear Mr. Tretton:

I am writing regarding a recent data breach of Sony's PlayStation Network service. I am troubled by the failure of Sony to immediately notify affected customers of the breach and to extend adequate financial data security protections.

It has been reported that on April 20, 2011, Sony's PlayStation Network suffered an "external intrusion" and was subsequently disabled. News reports estimate that 50 million to 75 million consumers – many of them children – access the PlayStation Network for video and entertainment. I understand that the PlayStation Network allows users to store credit card information online to facilitate the purchasing of content such as games and movies through the PlayStation Network. A breach of such a widely used service immediately raises concerns of data privacy, identity theft, and other misuse of sensitive personal and financial data, such as names, email addresses, and credit and debit card information.

When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised. Additionally, PlayStation Network users should be provided with financial data security services, including free access to credit reporting services, for two years, the costs of which should be borne by Sony. Affected individuals should also be provided with sufficient insurance to protect them from the possible financial consequences of identity theft.

I am concerned that PlayStation Network users' personal and financial information may have been inappropriately accessed by a third party. Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach. Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised. Nor has Sony specified how it intends to protect these consumers.

PlayStation Network users deserve more complete information on the data breach, as well as the assurance that their personal and financial information will be securely maintained. I appreciate your prompt response on this important issue.

Sincerely,

/s/

Richard Blumenthal
United States Senate

This showed up on Kotaku just now, it seems to be pretty much on the same page you guys are on, so i want to see what Sony is going to respond to this

See, that letter? That makes more "legal" sense than what you were saying.

Bells, small thing... There's a right way and a wrong way to handle something this time sensitive.

Right way: "Hey everyone, we just found out about a few problems with our security. We are currently working to find a way to ramify the situation. However, our engineers are telling us that we may have some compromised data. We are doing our best to find out exactly what, but it may take some time to find out all of the details.

Sony Research team"

Wrong way: "Hello everyone, we just found out a week ago that we've had compromised data that includes all of your information you have on PSN. We are working to figure out the solution to this problem, but we have no further clues at this time. Thank you and have a nice day.

Sony"

Which do you think has people pissed?

-E- And then the letter shows up...

I'm down with the letter.

Okay, I'm not one to bitch and moan a lot but Richard Blumenthal's background precedes him...

He's a damned bully (http://en.wikipedia.org/wiki/Richard_Blumenthal#Attorney_General_career) who goes after sites with very little proof and was really great at implicating Craigslist in being liable for what people did on their site. Even though Craigslist helped them to find illegal pimps and prostitutes (pimpin just ain't easy) he complained that CL should be taxed for what others did.

So yeah, he can make a letter... But his actions say it's all an act.

Yeah, it's possible to agree with the content of the letter but still dislike the person who wrote it.

"many of them children" is a politician's way of throwing down the gauntlet, picking it up again, and Johnny Cage split-punching you in the nuts with it. Then they guilt-trip you with the "See what you made me do?" line.

I mean, you fucked with "the children" Sony.. The spirit of American Innocence. The spirit all politicians bank on in elections. NEVER fuck with "the children".. ever.

I heard a "dun dun duuuun" go off in my head after I read that "many of them children" part.

How many children are honestly going to put their credit card info on the PSN?

...Okay, I was going to rhetorically ask how many kids are allowed to have credit cards, but then I remembered that the answer is America.

I guess that while Blumenthal is a douche trying to grab kudos from a cause he doesn't care about, it's good that Sony got called out by a senator. They might actually try to get their shit together now that they know the Guv'ment is involved.

*six days later*

Sony President: "Okay, so, six days ago we got a letter from some guy. And after a lot of analysis, we determined he was a Senator. We would've told you all sooner, but.. *shrugs*. In any event, yesterday Kieth in Marketing looking this guy up on Wiki, and ... it's not good.."

Sony Vice President: "HE USED THE CHILDREN CARD!!"

*mass panic in Sony Offices*

See, that letter? That makes more "legal" sense than what you were saying.

It might actually be more legally shady for them to withhold notification of privacy intrusion to the consumers that have trusted them with said information. You can easily seat them on the legally wrong side of the room here, and I bank on someone trying to in court, so all this "legal sense" stuff just doesn't make any 'regular' sense.

Legally, once you know of a security problem/breach, you must inform your users about it.

Even if you hate "as a business": As a business, Sony knows that if they don't comply with this law, the lawsuits et cetera are going to be monumentally worse than the bad PR.

Ergo, if Sony knows that they've had data compromised, they will report it. That they haven't reported it until yesterday makes it seem that they didn't know that the hackers had access to user data until yesterday. If they did, they're on grounds for numerous suits and fines.

From kotaku just now

While Sony discovered that hackers had broken into their Playstation Network on April 19, it wasn't until nearly a week later that the company understood the full scope of the breach, a Sony official tells Kotaku.

The company learned that customer data was stolen on Monday, only after an outside security firm conducted days of forensic analysis, Sony said.

U.S. Senator Richard Blumenthal publicly questioned today Sony's failure to "immediately notify affected customers of the breach and to extend adequate financial data security protections."
The letter, written to Sony Computer Entertainment of America president Jack Tretton, echoes the concerns of Playstation Network members who have been increasingly bothered by the lack of information from Sony.

Speaking to Kotaku tonight, SCEA spokesman Patrick Seybold explained the apparent delay in notifying customers.

"There's a difference in timing between when we identified there was an intrusion and when we learned of consumers' data being compromised," Seybold said. "We learned there was an intrusion April 19th and subsequently shut the services down.

"We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon."

About 4 p.m. Eastern Tuesday, Sony started notifying their Playstation Network members that private data including names, addresses and perhaps passwords were stolen from Sony's database. The company doesn't believe credit card data was stolen, but isn't positive it is secure.

I'll be cinic and predict that everything Sony says most of you will call "bullshit" on it, even though you just said that the Senator who was full of shit was "right on the ball" about everything he said Sony did wrong...

Still, everything reported so far is on par with the reasoning Sony is presenting now and goes along with what i said about there being a difference between being Reckless and being Diligent on how to provide information for your costumers for a crime that affects them too.

Honestly, I believe Sony.

Mainly because delaying the announcement until now, if they could have announced it previously, doesn't make sense. What do they gain from the delay? Practically speaking, nothing. What do they stand to lose? A hell of a lot.

Honestly, I think we all need to set aside our fanboyism for our respective consoles and mutually agree that Sony fucked this up.

I say this as a Sony fan, as someone who still proudly prefers the PS3 over the X360 and the Wii, and as someone who's profoundly disappointed in Sony's handling of this entire situation.

A lot of Sony fans seem to be reacting with indignation throughout the interwebs, and admittingly, part of the problem here is those legitimately railing against Sony for refusing to inform their customers of the ramifications right away are being overwhelmed by a far more hostile contingency of X360 fanboys seizing the opportunity to gloat. The latter are just immature assholes, insofar that it's worth noting that if this shit happened to Microsoft instead they'd be the ones scrambling to defend their "precious" X360 against an equally vicious group of PS3 fans, and the PS3 fans would be the assholes. The console wars are stupid, everyone involved in them are stupid, etc.

The fact that X360 fanboys are acting like petulant children at a candy shop, however, does not justify Sony fanboys "retaliating" by accusing everyone criticizing Sony's handling of this lovely little catastrophe of advancing some agenda. I fucking love Sony, but the reasons I love my PS3 have precious little to do with the individuals who work for Sony who are responsible for this fuckup. Most of my love for Sony stems from a combination of third-party developers who work on PS3 exclusives (Naughty Dog, here's looking at you) and the fine folks who actually develop Sony's hardware, in a division or department that I imagine is somewhat distinct from the group that handles security breaches or the Playstation Network, let alone the bigwigs in charge (and in their legal / media relations departments I'd presume) who make decisions as to when to release pertinent information to the public. I love the former. Adore the former. But I'm fucking pissed the shit off at the latter, because they clearly did not do an appropriate job protecting my credit card information, which is basically the single most important thing for them to do, really.

Do I honestly think that I out of all the seventy million PSN customers am going to find money accruing on my account? Probably not. I'll keep a lookout for a bit but I'm not going to lose sleep over it. My credit card has a $1000 limit and in the worst-case scenario I'd call and easily acquire a new card. What pisses me off isn't the fact that this happened (Sony can't control the fact that hackers are assholes) but the lack of transparency.

The minute Sony knew this had happened they had to suspect the possibility that our information had been stolen. They should have informed their loyal customers immediately of the possibility, even when that possibility was not confirmed. The fact that they waited for a week -- a week when someone out there might have been harmed by the hacker's actions in regards to their financial accounts or personal information -- is fucking stupid, and it suggests that individuals at Sony care more about bottom-line profit margins than about actually protecting their consumer base. They wanted to prevent losing money over media hysteria upon conjecture news, even if it meant a loyal PS3 owner out there was about to get smacked down with a hefty bill.

Let me be clear that the hacker owns 100% of the moral culpability for his actions. I hope they find him and give him a nice comfy jail cell to sit in for a while. That being said, Sony could have mitigated the damage and chose not to, deliberately leading us on with vague statements for as long as possible until they were basically forced to confess that, oh, yeah, our information's been compromised.

It's a dick move that shouldn't effect anyone's love (or hate) for the PS3, insofar as I'd personally guarantee anyone that Microsoft and Nintendo probably would have done the exact same things in the exact same situations. The problem isn't Sony, the problem is big businesses and their lust for profit and the manner in which CEOs and Board of Directors and major power players at big corporations operate and the infrastructure that supports their warped decision-making. The entire corporate system was aligned against Sony "doing the right thing."

I won't hate the artists, technicians, writers, and creators who make beautiful hardware and software with Sony's label on it just for getting caught up in the behemoth machinations beyond their control, but it's simply a fact: everyone's favorite videogaming companies has bigwigs in them that are completely and utterly full of shit and that do not have the best interests of their customers in mind, and this was completely evident in Sony's ludicrous botching of this particular situation. As a PS3 fan I can only desperately hope the console and those who develop for it do not pay the price.

I was actually hoping you'd give some opinion on the topic, Snake, just because your rants usually have a basis in reality, and you know the legal stuff better than most people here.

Just to give perspective on my thoughts, above, I actually don't own a PS3, and the only Sony product that I've really played much with is an original PS that my younger brother bought a couple years ago, since it came with Chrono Cross, and the second Megaman Legends game. (I played Megaman 64 on the N64.)

I was rather disappointed in Chrono Cross, incidentally. :(

There is a joke here. The joke is using the words "respect" and "corporation" in the same sentence.

Sony is an evil, corrupt and greedy corporation, Bells. There's no arguing that point. It's nothing personal, it's just that they are a large corporation. Even if everything they have done in this situation is in their customers' best interest, they're still doing it because they are corrupt and evil and greedy and want to keep their customers. It's not something we should respect because it's good business and other corporations also do it.

The question as I see it isn't how evil they are, but how good they are at being evil. Specifically, will we still buy their product? I for one am not going to give them my credit card number after this.

I was rather disappointed in Chrono Cross, incidentally.

What did you think of the music?

The question as I see it isn't how evil they are, but how good they are at being evil. Specifically, will we still buy their product? I for one am not going to give them my credit card number after this.

Same. I'm just glad I: A) Took my card off of PSN back in November; and B) That card expired. So even if they did get the card number, they lack the new expiration date.

I'll be doing all PSN transactions using PSN cards now.

The joke is using the words "respect" and "corporation" in the same sentence.

Sony is an evil, corrupt and greedy corporation, Bells. There's no arguing that point. It's nothing personal, it's just that they are a large corporation. Even if everything they have done in this situation is in their customers' best interest, they're still doing it because they are corrupt and evil and greedy and want to keep their customers. It's not something we should respect because it's good business and other corporations also do it.

The question as I see it isn't how evil they are, but how good they are at being evil. Specifically, will we still buy their product? I for one am not going to give them my credit card number after this.
Trying the keep you business afloat is kinda not entirely evil. Besides Sony's more (sometimes lovable)arrogant pricks then evil anyway. That cringe at the thought of mentioning/confessing any mistake they make.

I have not recieved any notifications about my info being hacked. Even then I never ever allow any online service to remember my debit card info. Sure it's a pain to type it all in over and over again. However for that extra burst of security it's worth it.

I have not recieved any notifications about my info being hacked. Even then I never ever allow any online service to remember my debit card info. Sure it's a pain to type it all in over and over again. However for that extra burst of security it's worth it.

Did Sony send out notifications? If so, I didn't get one either.

I have not recieved any notifications about my info being hacked. Even then I never ever allow any online service to remember my debit card info. Sure it's a pain to type it all in over and over again. However for that extra burst of security it's worth it.

Did Sony send out notifications? If so, I didn't get one either.

I would assume it takes a while to notify every Playstation customer.

I can confirm that I did get an email from Sony yesterday about the hacking.

Maybe they are notifying people in clusters, or maybe they managed to id specific Groups of people whose information may actually be compromised, who knows. Check your spam folders though...

Also, do keep in mind that Credit Card information was -not- confirmed as leaked. But Sony did inform that they couldn't deny the possibility right now.

However, that being the case, you can get in touch with your credit card holder and notify them of this (although i'm pretty sure they are aware) but you can inform where you are now and if you have plans of travels in the near future, so if your credit information shows up in any other place aside from those you said you plan to be, they can act preemptively.

However, that being the case, you can get in touch with your credit card holder and notify them of this (although i'm pretty sure they are aware) but you can inform where you are now and if you have plans of travels in the near future, so if your credit information shows up in any other place aside from those you said you plan to be, they can act preemptively.

Which is really a moot gesture at this point, any smart theif isn't going to keep and use the info for a week. They would exploit it as quickly as possible and then make off with the ill-gotten goods.

As there have been no reports of this happening I am doubtful they got hold of credit card information, but that doesn't make the sting of this debacle any less painful.

Are we done flipping out yet? Looks like it. Okay, so for timeline: http://blog.us.playstation.com/2011/04/26/clarifying-a-few-psn-points/

They released info as they got it. As in this is pretty standard policy. Is it perfect? No. Is it more accurate? Yes. Like I said, basic business practice is if there's a breach, you go on damage control and assessing the problem first. Why? So you don't cause yourself more problems. How the balance of info to action measures up is a personal belief, but when I said they were handling this better than people were making it out to be, I wasn't talking out of my ass. I know I've worn grooves in all your brains, but this is, in fact, my industry. It's my business as an IT professional to know a bit about how this stuff works.

That said, with the release of info to affected accounts, I don't know what system they're using. Obviously they can't send out emails to everyone at once. They'll be rolling them out in stages.



Also, Marc, thieves who steal this kind of info don't do it for their own use. They sell it to other people. For affected individuals, it could take months or even years before the final criminal gets their hands on their personal info and starts causing problems.

I know I've worn grooves in all your brains, but this is, in fact, my industry. It's my business as an IT professional to know a bit about how this stuff works.

And I'm sure this industry only has its customers' best interests at heart.

Any business that don't, dies out over time and shuts down. It's REALLY hard to become one of the largest companies in the world (and history) if customer satisfaction is not high enough. Does not happen via magic, it's not the product of some lame ass secret conspiracy of malignancy...

They gave info as they had info to give, and for their own report, they gave information about the theft of that personal data no more than 24 hrs before they got the final conclusion themselves. Considering that they gain nothing -at all- with lies on this, and if they WERE lying you would be able to hear people who understand about the subject at hand calling them out on it... i say it's pretty solid.

Any business that don't, dies out over time and shuts down.

Hahaha

Also, Marc, thieves who steal this kind of info don't do it for their own use. They sell it to other people. For affected individuals, it could take months or even years before the final criminal gets their hands on their personal info and starts causing problems.

I question the validity of this point, based on the fact that in the time after the breach has been discovered and reported, people will take measures to protect themselves in ways that will make the info less and less valuable.

I question the validity of this point, based on the fact that in the time after the breach has been discovered and reported, people will take measures to protect themselves in ways that will make the info less and less valuable.

Actually, that's not true. People are inherently lazy and don't check up on these things nearly as well as they should. By the time they take notice, it's usually already become an issue, and from that point on it's years of legal battles to clean it up. It's very easy to take a look at high numbers like that and say "the chances of it happening to me are tiny and I'm not worried." Much the same as 1 in 6 of people struck by lightning know the chances of being struck by lightning.


EDIT:
Or, to bring it up a different way, can you imagine personally or with a small team sorting through that much data and then using it yourself? I'd like to know what you think you could personally do with that much personal information.



@Non: To be frank, businesses don't care about customers; they care about their numbers. They care about their customers as far as keeping them keeps their numbers up and decisions on what info gets released when and similar are carefully considered. They could have incited a panic like there is now over account integrity, but if nothing had been compromised it would have been an unnecessary divot in their image and perceived reliability that would have served no one and only done unnecessary damage. The press still would have had a field day, people would still have flipped, and Sony would be no better off than now if they'd issued a statement earlier than they did about the possibility of info being accessed. And most especially, people would have been crying even louder about wanting info. Then if nothing had actually happened, they'd have to deal with idiots saying they were lying and covering shit up. This is a basic business practice that you don't announce something that you don't know is true. Even good things. As for Sony caring about its customers' information, they care very much about this because that's their business information which they use day to day for their own workings. I never indicated in the least that they gave a damn about individual people. Just that they were handling the situation better than people think.

I question the validity of this point, based on the fact that in the time after the breach has been discovered and reported, people will take measures to protect themselves in ways that will make the info less and less valuable.

Nah, it's actually true. There was one guy who got busted for stealing credit cards en masse, and selling them to a dude in Nigeria, who then as a plea bargain got a job working to stop that sort of thing, who then started doing it again for a pretty long time, setting a trail away from himself, before he finally got arrested for it. That's the only reason that I remember/know the claim is valid, because it was such an interesting story that it stuck in my mind.


It was more interesting in the non-five-second-synopsis, I swear.

I think we should be glad Sony told anybody anything.
You see if I was Sony CEO I'd cover it up, deny everything and by the time anyone worked it out I would have taken off with my massive year end bonus thanks to the stocks I have keep artifically inflated and the next CEO would have to deal with it. Because the corporate world rewards productive procedure.

Nah, it's actually true. There was one guy who got busted for stealing credit cards en masse, and selling them to a dude in Nigeria, who then as a plea bargain got a job working to stop that sort of thing, who then started doing it again for a pretty long time, setting a trail away from himself, before he finally got arrested for it. That's the only reason that I remember/know the claim is valid, because it was such an interesting story that it stuck in my mind.


It was more interesting in the non-five-second-synopsis, I swear.

I question the validity under the grounds that we KNEW information was taken and warned to take care of our information, not that someone stole the information and no one ever found out and it remained an unknown and someone sold it. Not really the same deal.

I question the validity under the grounds that we KNEW information was taken and warned to take care of our information, not that someone stole the information and no one ever found out and it remained an unknown and someone sold it. Not really the same deal.

Sure it is. If you have that scale of credit card info, you're not doing it to pay for stuff for yourself. If they know that you stole it, more's the reason to sell it to someone in a different country. If you're in the credit card info selling business, I don't think that you'd care if you're ripping someone off. Even if the middle man they're selling all the numbers to knows that the info is known, they might just bargain down the price, and still sell off all the numbers et cetera.

Plus, if the main point was to hurt Sony, all the more reason to sell Credit Card or Personal Information of their customers. Cause trouble, thus causing Customers to Trigger Legal action against Sony (which is already happening). So it's 1 Hacking Action that can lead to around 50 million problems aside from the hole in their bottom line this fiscal year thanks to that stock drop.

I had no really strange things on my account, but I did find out that the porn video site I used to sub to charged me today, when I canceled 2 months ago.

Sure it is. If you have that scale of credit card info, you're not doing it to pay for stuff for yourself. If they know that you stole it, more's the reason to sell it to someone in a different country. If you're in the credit card info selling business, I don't think that you'd care if you're ripping someone off. Even if the middle man they're selling all the numbers to knows that the info is known, they might just bargain down the price, and still sell off all the numbers et cetera.

.....

You are kinda missing my point. If it came out that info was stolen, the credit card holders would QUICKLY change their cards and the numbers would be completely useless. Someone secretly stealing numbers and no one knows and can't warn people and then they sell them months later IS DIFFERENT then someone hacking a major company like Sony, stealing card numbers (which hasn't been confirmed, but for the sake of this), and then Sony announces the breach and everyone changes things and your theft is useless.

I still question the validity from my original quote because it isn't the same as "one time this guy did this a much different way, the circumstances of which invalidate a comparison"

But Marc, your whole argument rests on pointing out that Sony held information back and delayed the chance for their costumers to protect themselves, is it not?

Fact is, everything points out that as soon as Sony knew this was the case, they informed. It even comes from the fact that they affirm that personal information WAS taken but that they can not confirm that Credit information was taken (again, i'm guess that the information was encrypted or had extra security). They took the service down, soon after that they informed that they were hacked and were already working on rebuilding their security system and investigating the situation, and then they informed that they had confirmed that some information was stolen... it seems clean to me. If the complaint is that it wasn't "fast enough", well, sorry to say it but it sounds more like bickering than a honest complaint against the company.

.....

You are kinda missing my point. If it came out that info was stolen, the credit card holders would QUICKLY change their cards and the numbers would be completely useless. Someone secretly stealing numbers and no one knows and can't warn people and then they sell them months later IS DIFFERENT then someone hacking a major company like Sony, stealing card numbers (which hasn't been confirmed, but for the sake of this), and then Sony announces the breach and everyone changes things and your theft is useless.

I still question the validity from my original quote because it isn't the same as "one time this guy did this a much different way, the circumstances of which invalidate a comparison"

You're totally missing the point. The credit cards are safe. Your personal info, such as name and address, which can be used to get more info to MAKE credit cards, is not.

That's the danger, here. The credit card solution would be easy to fix, but try getting that many people to move.

It seems the numbers were stolen during the 18th and 19th of April. basically 2 days before they took it down. According to some news papers and articles (mainly Yahoo).

It seems the numbers were stolen during the 18th and 19th of April. basically 2 days before they took it down. According to some news papers and articles (mainly Yahoo).

According to the link to Sony I posted a page or two back, it took them a couple days to know anything had happened. They shut down everything as soon as they did.

Like I said, hackers aren't always sloppy about this kind of thing.



Edit:
AND DAMMIT, THE CREDIT CARD NUMBERS ARE NOT WHAT WAS ANNOUNCED TO BE STOLEN!

It's personal info that we should really be worried about.

Just to add up for those who want to keep up with it, Sony placed a second FAQ for this on their blog

Q: Are you working with law enforcement on this matter?
A: Yes, we are currently working with law enforcement on this matter as well as a recognized technology security firm to conduct a complete investigation. This malicious attack against our system and against our customers is a criminal act and we are proceeding aggressively to find those responsible.

Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

Q: Was my credit card data taken?
A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.

Q: What steps should I take at this point to help protect my personal data?
A: For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports.

Q: What if I don’t know which credit card I’ve got attached to my PlayStation Network account?
A: If you’ve added funds to your PlayStation Network wallet in the past, you should have received a confirmation email from “DoNotReply@ac.playstation.net” at the email address associated with your account. This email would have been sent to you immediately after you added the funds, and will contain the first 4 digits and last 4 digits of your credit card number. You can also check your previous credit card statements to determine which card was attached to your PlayStation Network or Qriocity accounts.

Q: When or how can I change my PlayStation Network password?
A: We are working on a new system software update that will require all users to change their password once PlayStation Network is restored. We will provide more details about the new update shortly.

Q: Have all PlayStation Network and Qriocity users been notified of the situation?
A: In addition to alerting the media and posting information about it on this blog, we have also been sending emails directly to all 77 million registered accounts. It takes a bit of time to send that many emails, and recognize that not every email will still be active, but this process has been underway since yesterday. At this time, the majority of emails have been sent and we anticipate that all registered accounts will have received notifications by April 28th. Consumers may also visit www.us.playstation.com/support and www.qriocity.com for notices regarding this issue. In addition, we have taken steps to disseminate information regarding this issue to media outlets so that consumers are informed.

Q: What steps is Sony taking to protect my personal data in the future?
A: We’ve taken several immediate steps to add protections for your personal data. First, we temporarily turned off PlayStation Network and Qriocity services and, second, we are enhancing security and strengthening our network infrastructure. Moving forward, we are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. We will provide additional information on these measures shortly.

Q: Has Sony identified the party or parties responsible for the PlayStation Network hack and subsequent theft of personal information?
A: We are currently conducting a thorough investigation of the situation and are working closely with a recognized technology security firm and law enforcement in order to find those responsible for this criminal act no matter where in the world they might be located.

Q: When will the PlayStation Network and Qriocity be back online?
A: Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure.

You're totally missing the point. The credit cards are safe. Your personal info, such as name and address, which can be used to get more info to MAKE credit cards, is not.

That's the danger, here. The credit card solution would be easy to fix, but try getting that many people to move.

There are steps you can take to prevent that information from becoming dangerous to you in the hands of another. Since we know this happened, since we were warned, those actions can be undertaken and the value of the information will diminish.

This was my point.

A later part of trying to get that point across was to say that a case where a guy stole a bunch of raw credit card infor in secret and sold it in secret and was found out later after it had been used isn't comparable to what happened here.

That is still all beside the main point that the moment they knew there was an INTRUSION (April 19th) they should have went ahead a been upfront with their CUSTOMERS about it instead of saying that it was down for "TECHNICAL ISSUES".

They knew about the Intrusion BEFORE they took it down, and covered it with a LIE, because saying 'technical issues, all fine here' when you damn well know it was an intrusion (AND THEY DID WHEN THEY TOOK IT DOWN) is LYING, until they realized oh shit. This does not sit well with some people at all, and makes Sony look really shitty.

This lashing could have all been avoided by a simple "Hey, we took down the PSN today because we discovered that there had been a breach of the network security. We have no exact details on the scope and depth of the breach or the intended nature, we at Sony advise you take the proper caution with any personal information you may have had store in our network."

This could have happened April 19th, when they took it down because they saw it had been compromised.

To echo: It's really not that hard to grasp.

There are steps you can take to prevent that information from becoming dangerous to you in the hands of another. Since we know this happened, since we were warned, those actions can be undertaken and the value of the information will diminish.

This was my point.

A later part of trying to get that point across was to say that a case where a guy stole a bunch of raw credit card infor in secret and sold it in secret and was found out later after it had been used isn't comparable to what happened here.

That is still all beside the main point that the moment they knew there was an INTRUSION (April 19th) they should have went ahead a been upfront with their CUSTOMERS about it instead of saying that it was down for "TECHNICAL ISSUES".

They knew about the Intrusion BEFORE they took it down, and covered it with a LIE, because saying 'technical issues, all fine here' when you damn well know it was an intrusion (AND THEY DID WHEN THEY TOOK IT DOWN) is LYING, until they realized oh shit. This does not sit well with some people at all, and makes Sony look really shitty.

This lashing could have all been avoided by a simple "Hey, we took down the PSN today because we discovered that there had been a breach of the network security. We have no exact details on the scope and depth of the breach or the intended nature, we at Sony advise you take the proper caution with any personal information you may have had store in our network."

This could have happened April 19th, when they took it down because they saw it had been compromised.

To echo: It's really not that hard to grasp.

No, it really isn't, so I don't know why there's an issue with your timeline.


1) data is broken into
2) Sony finds out and shuts down everything
3) they DO NOT KNOW there is any data taken and thus don't admit to anything
4) they find out data was taken and fess up immediately


They may have known there was an intrusion, but they didn't know how far it had gotten in UNTIL THEY ASSESSED THE SITUATION and immediately informed everyone of the relevant info. Could they have announced the intrusion itself? Yes, and gotten people all worked up and had to deal with flyaway imaginations, even more bitching about a lack of info, and a general ruckus that could potentially have been worse than the current one.


In short, they did, by reasonable terms, the right thing. You simply do NOT let imaginations run wild in a crisis. Yes, you do a bit of covering shit up, because that keeps things in control so you can handle them better. When the had useful info, they released it, just like they should have.



Or, to apply this elsewhere. Say you have a cat and put it in a box, then push a button that may or may not release a deadly poison. By the way, this is your sister's cat and your sister is breathing down your neck with a butcher knife. Do you tell her you may or may not have killed her cat by pushing the button and let her stab you 32 times when the cat may still be alive? Fuck no. You check to see if the cat is actually dead. If not, you saved yourself 32 knife wounds by keeping your trap shut and no one is hurt.

You guys, could you quit it? You believe and are arguing two fundamentally different points, and are refusing to change your opinions.

Blue, you think that Sony ought to do what was best for a company.

Marc, you think that Sony ought to do what was best for the consumer.


THAT IS WHAT IS APPARENTLY SO HARD FOR YOU BOTH TO GRASP. YOU HAVE DIFFERENT OPINIONS.

You guys, could you quit it? You believe and are arguing two fundamentally different points, and are refusing to change your opinions.

Blue, you think that Sony ought to do what was best for a company.

Marc, you think that Sony ought to do what was best for the consumer.


THAT IS WHAT IS APPARENTLY SO HARD FOR YOU BOTH TO GRASP. YOU HAVE DIFFERENT OPINIONS.

The thing is telling people about what might be a minor issue and getting a mass panic going unnecessarily isn't even beneficial to the consumer. In this case, someone bypassed some heavy security and managed to get into some info from what Sony is saying and I believe them. Big companies like Sony don't leave things unsecured. Depending on their systems, getting into the system doesn't necessarily mean getting into the juicy parts.

If you tell people right away there might be a problem, people take that as "OMIGODTHERESAPROBLEM!" If it turns out there isn't actually a problem, you've created your own problems because everyone's in a froth, and before you go back to the "company" angle, people in a froth tend to stay that way through their own insecurities and the media's playing on them.

In short, if there's no solid info that people should be worried, worrying them and not having good info makes them MORE worried and stressed and that has an impact on their daily lives.

Nothing happens in a bubble, here. What's good for the company isn't necessarily bad for the people. If there's not really a problem, you don't need 70 million people biting their nails unnecessarily for the next month as the media toys with them.



To go back to the cat analogy, putting yourself in the sister's place, if she's told her cat might be dead, she's going to be stressed out over something that may not be true, whereas if she's not told and the cat is fine, to her, nothing ever happened and she goes on happily breathing down her sibling's neck carrying a butcher knife, 'cause that's just how she rolls.


EDIT:
What I'm saying is people are pissed off now, but they would have been even more pissed off if news had been blown when there was even less info. People are already bitching about the lack of info. Imagine several more days of that, and several more days of outright media circus based on conjecture and pundits like Glenn Beck throwing out their theories. That's extra stress in the company and customers both. Sure, people say they would have wanted to know earlier, but given an objective viewpoint, really, this was the better option.

See, the cat analogy is only accurate if we're talking about a cat that fulfills the position of the guardian of your entire household, and financial and personal information. If that cat might be dead, you tell your sister so that she can go put a new cat in charge of all that stuff, instead of leaving it potentially undefended, but who knows so why's it matter?


Like, if you had a castle. You find out that your tower guards might have had their soup poisoned. You're not going to NOT let the other people who might have to fight know, you'll tell them to be on their guard against attack, in case there are no guards.


Just because an analogy is logical within it's own context, it doesn't mean that the analogy is applicable to the situation. That's why I hate analogies, people think that defending their analogy as logical is analogous to defending a point as logical, but the analogy is not the situation.


Edit: People are complaining because they don't have any information, despite it being a week, not because they don't have all the facts. If your personal info MIGHT have been stolen, it doesn't matter if that's true or false, you want to know, and prepare as best you can as if it were. You should always assume the worst possible outcome, so that you're never under prepared. Preparing for the best possible outcome is just silly.

See, the cat analogy is only accurate if we're talking about a cat that fulfills the position of the guardian of your entire household, and financial and personal information. If that cat might be dead, you tell your sister so that she can go put a new cat in charge of all that stuff, instead of leaving it potentially undefended, but who knows so why's it matter?


Like, if you had a castle. You find out that your tower guards might have had their soup poisoned. You're not going to NOT let the other people who might have to fight know, you'll tell them to be on their guard against attack, in case there are no guards.


Just because an analogy is logical within it's own context, it doesn't mean that the analogy is applicable to the situation. That's why I hate analogies, people think that defending their analogy as logical is analogous to defending a point as logical, but the analogy is not the situation.


Edit: People are complaining because they don't have any information, despite it being a week, not because they don't have all the facts. If your personal info MIGHT have been stolen, it doesn't matter if that's true or false, you want to know, and prepare as best you can as if it were. You should always assume the worst possible outcome, so that you're never under prepared. Preparing for the best possible outcome is just silly.

While that's true, the media is also over-prepared to make a circus out of anything. People hate not knowing more than they ever hate knowing even the worst possible things. Call it lending a peace of mind when Sony didn't come forth right away with them being hacked, rather than leaving people fretting for days on end not knowing. When they knew damage was possible, THEN they came out with it so people could prepare properly with actual information. In the meantime, the info is unlikely to have been put to any real use. That all needs to be sorted through, then buyers have to be found, and so on. A week is simply not enough time for wide-scale damage to take place, especially from only partial information.

In short, although people feel cheated now, they still have fingernails left and for the most part people are safe. Nothing would have been gained by anyone if an initial hacking announcement had been made. Just more stress.



EDIT: This isn't even coming from me as being part of the industry. This is just knowing how the world works and how people think for a decent part of it. A lot of this is me parking my ass and thinking logically, rather than emotionally. Come to think of it, didn't we just have a thread on that?

EDIT: This isn't even coming from me as being part of the industry. This is just knowing how the world works and how people think for a decent part of it. A lot of this is me parking my ass and thinking logically, rather than emotionally. Come to think of it, didn't we just have a thread on that?

http://img.photobucket.com/albums/v294/krylo/Reactions/THEROCKBROW.jpg

No, it really isn't, so I don't know why there's an issue with your timeline.


No where does my stated series of events differ from what they said happened.

We learned there was an intrusion April 19th and subsequently shut the services down.

edit: We can agree to disagree over our personal viewpoints on how Sony did or didn't handle this situation to satisfaction, but questioning the facts YOU presented because I am using them, just not cool brah

EDIT: This isn't even coming from me as being part of the industry. This is just knowing how the world works and how people think for a decent part of it. A lot of this is me parking my ass and thinking logically, rather than emotionally. Come to think of it, didn't we just have a thread on that?

No it's not, though. You're treating your opinion as fact, and ignoring that it's an opinion, and someone else's opinion differs from it, which was exactly what that thread was about. So, yeah, we had a thread on that, but it would seem that you didn't read it too carefully.


And you said yourself, people hate not knowing more than they hate having bad information. So, you tell them that things are bad, and they're happy to know about it. You tell them that you got hacked, okay no more info, then a week later say, "And all your stuff was stolen lol", they don't like it.

Edit:
AND DAMMIT, THE CREDIT CARD NUMBERS ARE NOT WHAT WAS ANNOUNCED TO BE STOLEN!

It's personal info that we should really be worried about.

Link (http://arstechnica.com/gaming/news/2011/04/ars-readers-report-credit-card-fraud-blame-sony.ars)

According to the link to Sony I posted a page or two back, it took them a couple days to know anything had happened. They shut down everything as soon as they did.

Nobody is saying that Sony failed to take appropriate internal measures when they discovered the breach.

What we are saying, and what is pretty clearly evident, is that they kind of forgot to tell their customers, who probably want to know something about it as soon as possible.

AND DAMMIT, THE CREDIT CARD NUMBERS ARE NOT WHAT WAS ANNOUNCED TO BE STOLEN!

Who gives a fuck what Sony announces? The possibility of credit card data theft is enough. They should have informed their customers as soon as possible, so they could have made a decision about whether to take appropriate measures.

but this is, in fact, my industry. It's my business as an IT professional to know a bit about how this stuff works.

Do you have relevant degrees, too?

The possibility of credit card data theft is enough. They should have informed their customers as soon as possible, so they could have made a decision about whether to take appropriate measures.

They have...

There’s a difference in timing between when we identified there was an intrusion and when we learned of consumers’ data being compromised. We learned there was an intrusion April 19th and subsequently shut the services down. We then brought in outside experts to help us learn how the intrusion occurred and to conduct an investigation to determine the nature and scope of the incident. It was necessary to conduct several days of forensic analysis, and it took our experts until yesterday (April 25th) to understand the scope of the breach. We then shared that information with our consumers and announced it publicly this afternoon.

Protip: As Soon As Possible would have been When they detected the intrusion, not once they were 100% sure things were stolen.

If your business is an IT professional blues, then your business is not in PR or marketing and as such you clearly can't comprehend that, when it comes to hacked networks, consumers don't give a shit about the in-depth technical aspects or the splitting of hairs. If there is even the most remote possibility of financial data being compromised they want to know now.

You really sure can pick your battles huh dude?

Breathe, boys, breathe.

This is starting to get a little personal.

Breathe, boys, breathe.

This is starting to get a little personal.

i can totally agree with this... we can discuss this, we can disagree over this. But taking a breather is certainly not going to hurt...

Protip: As Soon As Possible would have been When they detected the intrusion, not once they were 100% sure things were stolen.

you are linking the intrusion to their server to the act of stealing the data. So i can suppose you believe those two are logically connected, right?

If that's the case... Sony informed of the External Intrusion on April 22, early in the morning. When they situation happened (if i'm not mistaken) late in April 19. So that's a 48hour cycle Between they acting and informing the public with accurate information even if it's not complete yet.

To me, that does not sound absurd. If you think that A hacker tapping their servers automatically entails suspicion that information may be stolen, then when Sony informed of the hacking you could've concluded that without having to be spoon fed the information. So that's 48 hours, not a week.

Now, Sony informed that they needed until april 25 to confirm that information was stole, what information, and to take all the arrangements they did while updating information as it became solid. That's 72 hours more. Still, not absurd to me.

Once a Hacking attempt is localized it's not just a matter of shouting what happened in the next few hours, their network and server systems are HUGE, they have to check IF information was stole, if A trojan was placed, something was altered, corrupted, maybe a rootkit, a keylogger, maybe more attempts to hack that weren't caught at first (since someone obviously managed to slip pass their security). Just cause someone hacked into their server that doesn't necessarily mean they are there to steal information... that is something that needs to be verified first.

It's a huge effort a very complex operation, even on laymen terms. And that just in checking what happened, not counting all the other parts in this.

So, yeah... 48hrs for the first cycle of information, and 72hrs more for a more detailed set of information, doesn't sound absurd to me.

If that's the case... Sony informed of the External Intrusion on April 22, early in the morning. When they situation happened (if i'm not mistaken) late in April 19. So that's a 48hour cycle Between they acting and informing the public with accurate information even if it's not complete yet.

To me, that does not sound absurd. If you think that A hacker tapping their servers automatically entails suspicion that information may be stolen, then when Sony informed of the hacking you could've concluded that without having to be spoon fed the information. So that's 48 hours, not a week.

Except, if I recall correctly (and to be honest I haven't been following TOO closely) they didn't even tell anybody it was an intrusion.

What happened first was they shut down the servers on April 19th. People started throwing around rumors that Anonymous was involved, which (some) Anons promptly denied, and Sony claimed it was an "internal issue." Nowhere in there did they say that their servers had been compromised.

The 48 hour period (more than that, but whatever) between the servers shutting down and when you say they informed the public of an intrusion (I don't feel like fact-checking, I'm just responding based on your information) is plenty of time on its own for people to use stolen credit card numbers.

In addition, when they DID announce an intrusion (again, based on your timeline) they didn't say what might have been stolen. For all the public knew, some pimply teen might've hacked the servers to give himself more PSN trophies. Sure, they didn't know the exact extent of the hacking, but if they detected an intrusion into their servers, they would've known what information could POTENTIALLY have been leaked based on what was stored on the hacked servers.

The fact that they didn't even tell anybody that leaked credit card numbers were a POSSIBILITY until a fucking week later is ludicrously poor form.

Sony had 2 Updates on April 20 and April 21, respectively. Those were their first 2 contacts.

We’re aware certain functions of PlayStation Network are down. We will report back here as soon as we can with more information.
Thank you for your patience.

While we are investigating the cause of the Network outage, we wanted to alert you that it may be a full day or two before we’re able to get the service completely back up and running. Thank you very much for your patience while we work to resolve this matter. Please stay tuned to this space for more details, and we’ll update you again as soon as we can.

Then, on April 22 they confirmed "External Intrusion"

An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th. Providing quality entertainment services to our customers and partners is our utmost priority. We are doing all we can to resolve this situation quickly, and we once again thank you for your patience. We will continue to update you promptly as we have additional information to share.

When they claim that "an external intrusion on our system has affected" something, then that generally implies a malicious takedown as opposed to information theft. Copying data doesn't negatively impact PSN or Qriocity at all.

In fact, I'd say that the spin they put on it would have guided people AWAY from the idea that their info may be compromised.

Credit cards for sale (http://uk.kotaku.com/5796902/there-are-22-million-psn-members-credit-card-details-up-for-sale)

Except that all major card holders so far say your credit information is safe and no dubious activity was detected (http://www.industrygamers.com/news/sony-psn-credit-card-information-remains-safe-say-card-companies/)

Credit cards for sale (http://uk.kotaku.com/5796902/there-are-22-million-psn-members-credit-card-details-up-for-sale)

Credit cards for sale (http://uk.kotaku.com/5796902/there-are-22-million-psn-members-credit-card-details-up-for-sale)

Not definitive either way, since they could be lying. I mean, there's always a sucker who'll help those poor rich millionaires in Kenya. And I'm at least certain, that a few liars out there might be taking advantage of this, even if credit cards were taken.

I did run into something that suggested that CC numbers were encrypted, except during purchase. Not sure if that's true, or just something somebody made up. To explain, your credit info is locked until you use it. If you used your card while the hack was active, you're potentially in more trouble.

If this is even true, & not just some paranoid thing I read somewhere. And no, I've no clue where I saw it. Sorry.

SWB

Also, out of 77 million accounts worldwide you are bound to find a few that WERE hit by scams for another reasom entirely that has no connection to the PSN

Bells, at this point, are you defending Sony because you legitimately believe that they've done nothing wrong at all in this situation, or because you started out defending them?

I mean, the evidence says, Sony messed up with how they handled the situation. To say "Well, despite people getting their stuff stolen after Sony was hacked, it's just a coincidence." is pretty much saying, "Screw the evidence, I have green hair."

Bells, at this point, are you defending Sony because you legitimately believe that they've done nothing wrong at all in this situation, or because you started out defending them?

I mean, the evidence says, Sony messed up with how they handled the situation. To say "Well, despite people getting their stuff stolen after Sony was hacked, it's just a coincidence." is pretty much saying, "Screw the evidence, I have green hair."
Wow! So many logical fallacies. I don't know where to start. first off your initial question doesn't make since (Plus you don't nessisarly have to agree to point out what should be common logic). Second off you need to learn that credit card fraud is, sadly, extremely common. With a large group such as oh 77 million people spanning the globe there could be a portion that was "robbed" before the incident.

Now i'm not for sony i think they royally fucked up but still I have a semi doubt on some of these claims.

The question comes from reading the entire thread, and seeing that all through it, Bells has steadfastedly stated that Sony wasn't at fault, because they did what was right for the company, despite it's potential to hurt consumers.

In light of that information, it's not really a huge leap in logic to ask if he's just continuing the point that Sony isn't at fault to try to win the argument that they didn't mess up and hurt their consumers, so that he is/wasn't wrong about defending them before.

Not trying to "win"... to me, it's logic at face value. I don't see Evil in Sony's doing, and i'm looking at this situation as is. You can trully make a case that they could do better, but i'm not seeing "THEY fucked US up"... i see a 48 hours delay between what happened and they notifiying people with correct information to the best of the ability, and then they continually notify people daily to semi-daily up to now. I see no foul play. really.

If all the argument against is that "they should have been faster" ... well... i don't know, does anybody here have the actual Knowledge to make the claim that they could and choose not to, aside from boasting "it's just common knowledge!" ?

And, yeah... Credit Card Fraud ( and plain stupidity of people using their credit cards online ) is common enough worldwide that it does factor in a slice of those 70+ million accounts affected. Not counting those who are just tossing fuel to the fire with bogus Claim that most don't verify (or can't) before replicating it as "hardcore facts" everywhere...

I see a distinct line between holding Sony accountable for your security and simply shitting on the "big mean company", if my Bank was robbed i wouldn't blame the Bank, but i would want to know that it's 100% safe to trust on it again or i would simply take my business elsewhere.

And fuck yeah, people with PSN accounts have a reason to be pissed, and it's way easier to beat the Big Mean Company than the Invisible Hacker or Hackers that did this. In this forum we have a lot of people with PS3's or PSP's and PSN accounts, and quite a few might have concerns over their data safety, so i think it's only fair to always take a cautious view and a open view of the whole deal, or else we're just feeding flames of panic, which is very different of honest concern.

You keep bringing up the "they could have been faster" argument when no one has actually said that, and "shitting on the big mean company" as a way of hand-waving away counter-points.

This does not paint the picture of someone presenting logic, at face value.

Personally, I'm make no judgement here. The hack wasn't Sony's fault specifically & while they could have said something a bit sooner, there isn't exactly a rulebook for this kind of thing. This wouldn't be the first time my CC info was comprimised (I think it might have been caused by the Taxi calling my CC over the radio, but that is just a guess).

I also see it like this, if Sony goes down or the PS3 is otherwise discontinued, I don't gain anything & lose a system I was reasonably happy with.

Until I know more, I plan to watch & wait. Hating Sony just for being Sony does little good. We don't have enough definitive news & too much speculation & rumors.

Kevin

No one is hating Sony just for being Sony.

The way I see it: Sony wasn't responsible for the hacking, but they are responsible for notifying their clients when they're hacked, by law. To say that they were attacked by a hacker and because of that, the PSN went down is really not notifying the clients, so much as it's deceiving them into thinking one thing happened, when another did. They did what they legally had to, in a way that keeps customers both uniformed and deceived. When I heard about the attack, I thought, "Oh, so it was a DDOS attack.", because that's what they painted it as.

In actuality, Sony themselves were the ones who took down the servers, because they found out that the hackers had gotten into them. Regardless of whether or not Sony knows that the hackers have stolen any data yet, they know that the hackers were there not to crash the network, but to get something off of it, yet they try to fake it to the public as a DDOS attack, which is where I think they've done wrong.

When a hacker gets INTO a system, if i understand correctly, there are only 3 things he can do:

Add something
Corrupt Something
Extract Something

Which of these 3 was done, to what extend, to what end... it takes time to evaluate. And it's possible to do more than one in hundreds of different ways.

I think we can all agree to that, right? From when Sony took the servers down to when they said it was an "external Intrusion" that was 48hrs. From that to "your data was stolen" was 72 hours, which they also said it took them that long (72hrs) to see that information was stolen.

I don't know if it takes that long to evaluate something like this, i also haven't seem yet anybody that knows of this stuff claiming that this is bullshit and that Sony could do that faster. so i have to take it as possible truth at least.

So, what i see out of this is that Sony DID notify their customers, and to the best of my knowledge, it was in a timely manner. the only timeframe that is iffy (if at all) are those first 48hrs, which to me, lies in a grey area... i don't know why it took 48hrs, to me it SOUNDS plausible considering the scope and that nobody saw this coming. So maybe they could do better in that first moment, but that's a far cry from ill intent.

The first 48 hours are entirely legitimate. If you get hacked, you will generally not find out immediately. The Gawker thing took them months to find out about.

The problem is, once Sony found out that they were hacked, they did lip service to the law, saying that their servers were down because of an intrusion by a malicious force. That makes it sound like they were DDOS'd, when in actuality, they pulled the plug themselves. They ought to have said, "We've been compromised, and are pulling the plug for the indefinite future, while we found out what data could have been stolen, what files could have been corrupted, or what else could have happened."

Now you see, in this i do take issue with Sony. Because i question the legitimacy of those 48hrs.. at least to an extent. I guess this is also the root of why people are actually so angry at Sony.

For them to take down their whole server, it's because they already know that something big enough is going down to justify that.

So, now it's just speculation that depends on how you see this company... some could say that they might be overly careful and took down the servers as soon as something was wrong, for safety. Which may be a overly colorful analysis, maybe overly optimistic, but still makes business sense to me, i imagine that would also make sense to a Company of the scope and size of Sony...

And Others can say that they only took it down when they already knew what was going on and took them 2 days to come clean and honest about it with their customers. which to me... sounds a bit silly, since if i ask myself "why would they do that if they gain nothing with that?" the answer i usually see online is "because they are evil and greedy"

Nobody can actually know, we can only guess. But considering that the shitstorm this unleashed brought in the FBI and more so fast, tells me that Sony knew this was big early on, but not "how" big until a few days later.


EDIT:

Aaaah now we're cooking!

http://kotaku.com/#!5797552/sony-admits-10-million-credit-card-accounts-may-have-been-compromised

It's a good thing Sony warned people to be vigilant about their credit cards, because as part of the company's Tokyo press conference yesterday PlayStation boss Kaz Hirai said that up to ten million customer's account details could have been compromised.

That's not the personal details on their PSN account - all 77 million of those were up for grabs - that's ten million customer's credit card details. While there is no confirmation yet that any of these accounts have indeed been tapped into, it is the first time Sony has been able to put a rough figure on the number of card holders potentially affected.

While it's been confirmed that CVV2 details - which are requested as part of PSN transactions, but not stored on Sony's servers - were not obtained, it's possible for hackers to obtain the three-digit codes (found on the back of cards) via simple brute force, especially when they have their hands on the rest of the card's details.

ALSO this.. from Playstation Blog

Complimentary Offering and “Welcome Back” Appreciation Program
While there is no evidence at this time that credit card data was taken, the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in each region.
The company will also rollout the PlayStation Network and Qriocity “Welcome Back” program, to be offered worldwide, which will be tailored to specific markets to provide our consumers with a selection of service options and premium content as an expression of the company’s appreciation for their patience, support and continued loyalty.
Central components of the “Welcome Back” program will include:
Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.
All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.
Music Unlimited powered by Qriocity subscribers (in countries where the service is available) will receive 30 days free service.
Additional “Welcome Back” entertainment and service offerings will be rolled out over the coming weeks as the company returns the PlayStation Network and Qriocity services to the quality standard users have grown to enjoy and strive to exceed those exceptions.
SNEI will continue to reinforce and verify security for transactions before resuming the PlayStation®Store and other Qriocity operations, scheduled for this month.
For more information about the PlayStation Network and Qriocity services intrusion and restoration, please visit http://blog.us.playstation.com. or http://blog.eu.playstation.com/

It's easy to debate the semantics of when/what/who/where/why, but what it really boils down to is: shit was hacked, shit was jacked, sony was left with the pants around their ankles and a sore keister as a result. Color it whatever way you want malicious intrusions preventing the servers from operating properly or Our junk was just kicked in by some bad guys. Either way, preventing further intrusion by yoinkin the connection to the interwebs was probly the best choice in a quick period of time. I don't even think I want to comprehend the amount of crap they had to slog through to find out just what the hell happened. The auditing logs must be...ridiculous to sift through.

Secure the equipment, Lip Service After. People will be pissed regardless of it is was one day or one week. Assessing damage is always priority in any situation on a network, big or small.

What I'm really curious about is what their Security Policy states for such a situation. Hell, I'd kick a cute little duckling to see their Security Policy in general and learn a thing or two from it.

On a note less about the when and why nonsense, I've had some interesting conversations with my IT instructors bout this. From what they know is Sony's server system has been primarily microsoft based. Last I heard Sony has been looking into integrating open source options for security, backup, and recovery reasons. haven't exactly been able to verify this, but it does make sense in a way. Lack of registry table vulnerabilities (break the table, break the system as it were) on top of multiple file format partitions and even more flexibility in recovery and security..I'm surprised they didn't go that route sooner.

It'll really be interesting watching how this situation pans out from an IT perspective.

Because it works in both threads, my older brothers Facebook status:

Barring a better, more official, story I'm going to assume they found bin Laden though his leaked PSN info.

And the hits keep roaring in (http://arstechnica.com/gaming/news/2011/05/sony-attacked-again-12700-non-us-cc-numbers-feared-stolen.ars?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+arstechnica/index+(Ars+Technica+-+Featured+Content))

And another,

http://online.wsj.com/article/SB10001424052748704436004576299491191920416.html?m od=WSJ_hp_MIDDLENexttoWhatsNewsThird

Also, heard this time it was about 24 million accounts.

Yep, Sony loves to F___ themselves without any type of lube. That sure must make them feel proud to go after someone, only to have to turn around and realize that hey, their own console really isn't all that secure.

Really Sony, REALLY?!

The best you can do is blame Anonymous for YOUR mistakes?

when in doubt, blame terrorists, its the american way

Really Sony, REALLY?!

The best you can do is blame Anonymous for YOUR mistakes?

AnonOps claims to have no involvement (http://youtu.be/ldtNivuSxoQ) but some branches are claiming that they have attacked Sony with a DDoS on the date of the hacking. Sony seems to think that a Anon or possibly several took advantage of the DDoS and hacked to account numbers then.

Half the problem with Anonymous is that No two parts of anon are alike. So it could be a highly likely possibility that a anon branch did this.

I find it funny how 1) anyone can just blame Anonymous outright and 2) Anonymous can actually try to deny involvement, considering that they're an organization (and I use the word loosely) with no recruitment standards or method of tracking their own activities whatsoever.

Anyone can claim to be part of Anonymous and be 100% right. AnonOps saying they didn't do it only means that they don't know WHO did it. It could still have been someone acting under the same banner.

Sony's reaction is fucking weak though, not that I'd expect anything else considering the lack of any cojonoes whatsoever on their part up till this point.


"hey guys we're gonna blame the HACKERS ON STEROIDS"

"while you were playing the blame game another 300 million credit card numbers got stolen holy shit"

"oh really, well we don't know who to blame for that yet, we'll get back to you once we do, also don't expect us to actually improve our security any time soon we're too busy blaming people"

"..."

"okay we're gonna blame bin laden for this one"

"..."

"bin laden's ghost"

"..."

"secret muslim hacker powers"

"..."

"...obama's got them too"

I find it funny how 1) anyone can just blame Anonymous outright and 2) Anonymous can actually try to deny involvement, considering that they're an organization (and I use the word loosely) with no recruitment standards or method of tracking their own activities whatsoever.

Anyone can claim to be part of Anonymous and be 100% right. AnonOps saying they didn't do it only means that they don't know WHO did it. It could still have been someone acting under the same banner.

Sony's reaction is fucking weak though, not that I'd expect anything else considering the lack of any cojonoes whatsoever on their part up till this point.
Apparently AnonOps spearheaded the first Sony DDoS during the jailbreak fiasco. They also seem to stand in formally for Anon as it's "Voice." However it is believed that AnonOps where the ones that handed out the IPs to all Sony servers meaning that they uninviting caused it. also Sony has found several accounts replaced with files that have "We are anonymous. we are legion." speech.

A text file...

So I want to blame Gandalf for a spring tornado all I need is a piece of white cloth?

That's like saying Freddy invaded the mainframe and punched out Neo because Agent Smith forgot to jack into the system.

A text file...

So I want to blame Gandalf for a spring tornado all I need is a piece of white cloth?

That's like saying Freddy invaded the mainframe and punched out Neo because Agent Smith forgot to jack into the system.

Yeah.... no.

It's fine if you want to be mad at Sony, and hold them accountable and everything. That's all fine, great and dandy. Not a single problem-o with that. But you need to dial it down a little, you're kinda all over the place here and your ranting is bordering on "A rock? You go to the moon and all you bring is a Rock? I have thousands of rocks in my backyard!" now...

The attack on Sony has direct connection to Geohotz lawsuit, where Anon was 100% supporting Geohotz and against Sony, even if it's not the "Anon Elite" it's likely a group within the group did this. It's what happens when you have a Legion of Faceless Vigilante Warriors online with no structure and a "Target of the Month" agenda... "Mouth Footing" is a inevitability, and now they will get the FBI up their asses for it.

I kinda went out of following with the thread, but is there any indication on when the PSN should get back up? I want to link it to my freshly made Steam account so I can have Portal 2 on my computer.

Didn't Sony say it'd be up this week?

Yeah.... no.

It's fine if you want to be mad at Sony, and hold them accountable and everything. That's all fine, great and dandy. Not a single problem-o with that. But you need to dial it down a little, you're kinda all over the place here and your ranting is bordering on "A rock? You go to the moon and all you bring is a Rock? I have thousands of rocks in my backyard!" now...

The attack on Sony has direct connection to Geohotz lawsuit, where Anon was 100% supporting Geohotz and against Sony, even if it's not the "Anon Elite" it's likely a group within the group did this. It's what happens when you have a Legion of Faceless Vigilante Warriors online with no structure and a "Target of the Month" agenda... "Mouth Footing" is a inevitability, and now they will get the FBI up their asses for it.

1) People give "Anon" waaaaaaaay too much credit for shit
2) because everyone will fall back on "I'm Anon!" to throw trails and sound cool
3)chillax, homes.

Yeah.... no.

It's fine if you want to be mad at Sony, and hold them accountable and everything. That's all fine, great and dandy. Not a single problem-o with that. But you need to dial it down a little, you're kinda all over the place here and your ranting is bordering on "A rock? You go to the moon and all you bring is a Rock? I have thousands of rocks in my backyard!" now...

The attack on Sony has direct connection to Geohotz lawsuit, where Anon was 100% supporting Geohotz and against Sony, even if it's not the "Anon Elite" it's likely a group within the group did this. It's what happens when you have a Legion of Faceless Vigilante Warriors online with no structure and a "Target of the Month" agenda... "Mouth Footing" is a inevitability, and now they will get the FBI up their asses for it.

Anon is a group of lol seekers. Blaming a group of vigilante protesters is merely pointing fingers and not finding ways to solve the problems of the PS3.

Having the Hirai come out and say "It was Anonymous, because we have a text file with their logo" is NOT evidence of their part in the hacking. The price of admission of saying you're a member of Anon? Two words "I'm Anonymous."

It's the problem that I have in Sony trying to justify this in condemning Anonymous. It's stupid and wastes the time of all involved.

actually I'd say by default you are as much apart of anonymous as not as long as you are just that, an anonymous hacker. Its a group with no organization, guidelines, or concrete goals. Its more a conceptual idea then anything. Just alot of these people like the idea of there being a group, something they can be apart of and move with, and thus toss up the banner. Ultimately all saying you are a member really does is say that you will follow a group trend rather then perform your griefing, theft, and at worst terrorist, actions on your personal views.

That being said blaming them is pointless. There is no way to punish or attack the group, its like blaming communists, or mexicans or whatever the public is witch hunting this week. They can only go after the specific individual involved and in that case whether or not they claim to be a part of some chaotic mass of individuals is pointless.

Yeah i just gonna go ahead and inform you guys of the new Identity Protection program you will get when PSN goes back online

Cyber monitoring and surveillance of the Internet to detect exposure of an AllClear ID Plus customer's personal information, including monitoring of criminal web sites and data recovered by law enforcement. If his/her personal information is found, the customer will be alerted by phone and/or email and will be provided advice and support regarding protective steps to take. The customer will also receive monthly identity status reports. Debix works with an alliance of cyber-crime experts from the government, academia and industry to provide these services.

Priority access to licensed private investigators and identity restoration specialists. If an AllClear ID Plus customer receives an alert, or otherwise suspects that he/she may be the victim of identity theft, the customer can speak directly, on a priority basis, with an on-staff licensed private investigator, who will conduct a comprehensive inquiry. In the case of an identity theft, the customer can work with an identity restoration specialist to contact creditors and others, and take necessary steps to restore the customer's identity.

A $1 million identity theft insurance policy per user to provide additional protection in the event that an AllClear ID Plus customer becomes a victim of identity theft. This insurance would provide financial relief of up to $1 million for covered identity restoration costs, legal defense expenses, and lost wages that occur within 12 months after the stolen identity event.

And this official Letter on the Playstation Blog is also a good read

Dear Friends,

I know this has been a frustrating time for all of you.

Let me assure you that the resources of this company have been focused on investigating the entire nature and impact of the cyber-attack we’ve all experienced and on fixing it. We are absolutely dedicated to restoring full and safe service as soon as possible and rewarding you for your patience. We will settle for nothing less.

To date, there is no confirmed evidence any credit card or personal information has been misused, and we continue to monitor the situation closely. We are also moving ahead with plans to help protect our customers from identity theft around the world. A program for U.S. PlayStation Network and Qriocity customers that includes a $1 million identity theft insurance policy per user was launched earlier today and announcements for other regions will be coming soon.

As we have announced, we will be offering a “Welcome Back” package to our customers once our PlayStation Network and Qriocity services are up and running. This will include, among other benefits, a month of free PlayStation Plus membership for all PSN customers, as well as an extension of subscriptions for PlayStation Plus and Music Unlimited customers to make up for time lost.

As a company we — and I — apologize for the inconvenience and concern caused by this attack. Under the leadership of Kazuo Hirai, we have teams working around the clock and around the world to restore your access to those services as quickly, and as safely, as possible.

I know some believe we should have notified our customers earlier than we did. It’s a fair question. As soon as we discovered the potential scope of the intrusion, we shut down the PlayStation Network and Qriocity services and hired some of the best technical experts in the field to determine what happened. I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks, and it took some time for our experts to find those tracks and begin to identify what personal information had — or had not — been taken.

As a result of what we discovered we notified you of the breach. Our investigation is ongoing, and we are upgrading our security so that if attacks like this happen again, our defenses will be even stronger.

In the last few months, Sony has faced a terrible earthquake and tsunami in Japan. But now we are facing a very man-made event – a criminal attack on us — and on you — and we are working with the FBI and other law enforcement agencies around the world to apprehend those responsible.

In the coming days, we will restore service to the networks and welcome you back to the fun. I wanted to personally reach out and let you know that we are committed to serving you to the very best of our ability, protecting your information better than ever, and getting you back to what you signed up for – all the games and great entertainment experiences that you expect from Sony.
With best regards,

Howard Stringer

Howard Stringer is a pretty stand up guy. He just has an entire atmosphere (http://www.wired.com/magazine/2010/03/ff_sony_howard_stringer/) in Sony that hurts his cause of keeping them as one company.

The Music guys don't talk to the TV guys, and the TV guys don't talk to the audio guys. So you have a place that's complaining and bitching about how their needs aren't met within the same company. I'd like to think that if he ever gets them all to focus on one thing, Sony would be a better place.

Until then...

Well, apparently Anonymous was involved, to a degree. Some members have come forth & indicated that, while the group at large wasn't involved some members were. Also, reading between the lines, I think that a planned attack was in the works, as one article cites a chat room message that indicates weakness in PSN's structure.

From the sounds of it, some members decided to go for financial gain, instead of noble reasons. Or not, as that's just conjecture on my part. Still, in some degree, it does sound like Anonymous was involved.

http://www.escapistmagazine.com/news/view/109842-Anonymous-Members-Hint-at-Unofficial-Involvement-in-PSN-Attack
http://www.ft.com/cms/s/2/d0a21040-7800-11e0-b90e-00144feabdc0.html#axzz1LbiGgDhc
http://gamerant.com/anonymous-psn-intrusion-hack-seb-83188/

(I'm a tad skeptical about how noble or uninvolved Anonymous, really is. So consider the two words in italics as air quoted.)

welp, good news it that the May 31st return deadline is not wholly accurate...the bad news... technically, is that they didn't really say if it would be sooner or later...much...much...later
http://www.escapistmagazine.com/news/view/109866-Sony-Denies-May-31-Deadline-For-PSN-Return

You know what? Digital distribution has really come into its own on the console market in the last 3 or so years, despite fears of this very thing happening.

I wonder if this will have a noticeable impact on the sales of digital distribution channels, not just on the PS3 but on the Xbox and even the PC.

Hackers are nothing new to PCs, and Microsoft is absolutly anal about anything weird on their systems.

I gotta say, I feel a lot more comfortable trusting the quality of a service I pay for then one that is free.

sometimes I feel like people are blaming the victims here. Sony is taking it big for this, yea their security could have been better, but its not their fault someone decided to hack their system and truth is no system can be fully secure. This happens all the time just on a smaller scale.

Besides, who this hurts most are game developers whose revenue stream from PSN is now zero. Also remember Sony is a publisher as well, and this massive hit means they wont have the money to put into new games and potentially pulling out of the market entirely if they cant come back from this. I am not a hug fan of the PS3, but I dont think the industry would be better without it

And near E3... so it hurts a tad bit more.

And, to be honest, people can boast that Sony's "gifts" to their customers is nothign less then their full obligation... but i honestly don't think so, again, i think E3 has weight in their decision, but they putted out a robust reward to compensate their customers for this, it's a nice gesture.

PS3 owners, I got a couple questions:


Can the PS3 work without PSN? (can you have one without having internet connection?)
Do you NEED a connection to the PSN in a similar way to the way Steam works? (you can't play because your game hasn't been updated)
How many local multiplayer games are there compared to online only multiplayer games?


I got a Wii so, I wouldn't care a lot if the Nintendo connection died because it only offers to me:

A shop for games (I think not many nice games have been on it lately)
Online multiplayer, either good (Mario Kart Wii) or horrible (Super Smash Brothers Brawl)
The games I own, that have online multiplayer, also have local multiplayer (except Battalion Wars 2)
Updates? they come in the games too


At first, I thought you were only missing the stuff I posted above (from my online experience with the Wii) but, it seems the problem is much bigger than that :/

First, you don't need the connection,, since software updates can be gained from using recent games.
Second, updates are optional to the game, but you need them for online stuff like multiplayer.
I can't give a good estimate on the third, but I would assume there's less local multiplayer games than online multiplayer games.

sometimes I feel like people are blaming the victims here. Sony is taking it big for this, yea their security could have been better, but its not their fault someone decided to hack their system and truth is no system can be fully secure. This happens all the time just on a smaller scale.

Besides, who this hurts most are game developers whose revenue stream from PSN is now zero. Also remember Sony is a publisher as well, and this massive hit means they wont have the money to put into new games and potentially pulling out of the market entirely if they cant come back from this. I am not a hug fan of the PS3, but I dont think the industry would be better without it

We already might not be seeing PS4 for another 5 years as is. Them pulling out though, isn't entirely likely (thankfully) since they still have the hype from the NGP to keep them in.

Can the PS3 work without PSN? (can you have one without having internet connection?)
Do you NEED a connection to the PSN in a similar way to the way Steam works? (you can't play because your game hasn't been updated)
How many local multiplayer games are there compared to online only multiplayer games?


Well, it gets under my skin a little because I picked up some funds for the PSN the day it went down. But I digest. It's not like it's the end of the world - you can still browse the net from the PS3 even though its marketplace is down. But some of the more popular games are played multiplayer. Even if they're not, they may have some online features like Dragon Age, that don't work when not connected to the Playstation servers.

We already might not be seeing PS4 for another 5 years as is. Them pulling out though, isn't entirely likely (thankfully) since they still have the hype from the NGP to keep them in.

not saying its likely, but before it wasn't even possible.

People aren't as keen to buy a PS3 right now, and developers as I mentioned were pretty hurt by this and they are the life blood of the hardware. Also remember this is Sony, and electronics giant. Moment this proves more trouble then its worth they can cut their loses and as a company keep going without much trouble

There are in fact a few PSN games that require an internet connection to start. Bionic Commando Rearmed 2 comes to mind.

You know what? Sony could have done nothing to prepare for this. Hacker protection is a reactive thing, and they are always playing catchup. The only reason this didn't happen to Microsoft and XBL first is that Anon put the PSN under scrutiny and mapped out the weaknesses in preparation for an attack. It's obvious that at least a few of them used that information to steal the personal data.

I'm not saying that Anon as a whole had anything to do with this, I am saying a greedy segment did.

This could have easily been Microsoft. Hell, it could still happen to them and if it did there really isn't a damn thing they could do to stop it from going down. It's a risk you take when you put a server of any kind on the internet. Nothing is hacker proof.

There are in fact a few PSN games that require an internet connection to start. Bionic Commando Rearmed 2 comes to mind.

You know what? Sony could have done nothing to prepare for this. Hacker protection is a reactive thing, and they are always playing catchup. The only reason this didn't happen to Microsoft and XBL first is that Anon put the PSN under scrutiny and mapped out the weaknesses in preparation for an attack. It's obvious that at least a few of them used that information to steal the personal data.

I'm not saying that Anon as a whole had anything to do with this, I am saying a greedy segment did.

This could have easily been Microsoft. Hell, it could still happen to them and if it did there really isn't a damn thing they could do to stop it from going down. It's a risk you take when you put a server of any kind on the internet. Nothing is hacker proof.

Security Maxims (http://www.ne.anl.gov/capabilities/vat/seals/maxims.html)

You're right -

Infinity Maxim: There are an unlimited number of security vulnerabilities for a given security device, system, or program, most of which will never be discovered (by the good guys or bad guys).

However

Arrogance Maxim: The ease of defeating a security device or system is proportional to how confident/arrogant the designer, manufacturer, or user is about it, and to how often they use words like “impossible” or “tamper-proof”.

Be Afraid, Be Very Afraid Maxim: If you’re not running scared, you have bad security or a bad security product.
Comment: Fear is a good vaccine against both arrogance and ignorance.

Because

Familiarity Maxim: Any security technology becomes more vulnerable to attacks when it becomes more widely used, and when it has been used for a longer period of time.

Also

Schneier’s Maxim #2 (Control Freaks Maxim): Control will usually get confused with Security.

I could go on, but that should be good at reasoning out why Sony lost this battle.

-E- Okay one more for relevance

Show Me Maxim: No serious security vulnerability, including blatantly obvious ones, will be dealt with until there is overwhelming evidence and widespread recognition that adversaries have already catastrophically exploited it. In other words, “significant psychological (or literal) damage is required before any significant security changes will be made”.

I could go on, but that should be good at reasoning out why Sony lost this battle.

It's... really not. Seriously.

Infinity Maxim: There are an unlimited number of security vulnerabilities for a given security device, system, or program, most of which will never be discovered (by the good guys or bad guys).

Translation - There's always security flaws.

Arrogance Maxim: The ease of defeating a security device or system is proportional to how confident/arrogant the designer, manufacturer, or user is about it, and to how often they use words like “impossible” or “tamper-proof”.

PS3 got arrogant about the safety of the PS3 with the flaws unable to be discussed. It came to bite them when they had no idea how to really take those flaws away.

Familiarity Maxim: Any security technology becomes more vulnerable to attacks when it becomes more widely used, and when it has been used for a longer period of time.

The PS3 has been out for a while now. Since Sony was familiar with the flaws, and didn't want them discussed, it's only a matter of time before they were hacked. The Xbox has probably been hacked, but no one cares because people are too busy playing around with the Kinect.

Schneier’s Maxim #2 (Control Freaks Maxim): Control will usually get confused with Security.

Sony was thinking if they had control of the hack, they would keep control of the PS3 intact. Big mistake.

Show Me Maxim: No serious security vulnerability, including blatantly obvious ones, will be dealt with until there is overwhelming evidence and widespread recognition that adversaries have already catastrophically exploited it. In other words, “significant psychological (or literal) damage is required before any significant security changes will be made”.

Their future is going to be one where they'll need to work on their security. I'm pretty sure Geohot is probably saying "I told you so."

From here on out, Sony has a lot of moves to make. It would be great if they recognized tinkerers and hackers as a part of the ecosystem, rather than someone to get rid of (read: their "piracy is evil" schtick is kind of old), but it's going to take a lot more work to convince people that A) their network will be secure and B) they won't try to pull the same shenanigans at a later date (sue hackers, ignore security holes, etc...)

http://www.mcvuk.com/news/44296/PS3-trade-ins-up-200

Oh Sony, It just keeps getting worse for you guys doesn't it.

well what do you expect, when most of your big games are bought for multiplayer, and they lose multiplayer

That number will keep growing. Maybe even after the network is back up.

It might be PS4 time if PS3 keeps falling.

Translation - There's always security flaws.
which is why according to a source I know they updated their security software a little before the attack. Partly a flaw in itself as new tech takes time to get used to.


PS3 got arrogant about the safety of the PS3 with the flaws unable to be discussed. It came to bite them when they had no idea how to really take those flaws away.If anything Sony has been more on it's toes then ever. With DDos's from Anon and the recent crack.



The PS3 has been out for a while now. Since Sony was familiar with the flaws, and didn't want them discussed, it's only a matter of time before they were hacked. The Xbox has probably been hacked, but no one cares because people are too busy playing around with the Kinect.Your right microsoft has been hacked numerous times. they just catch it because its usually one guy when the system is in its optimal stage. Not during a DDos and transition phase.



Sony was thinking if they had control of the hack, they would keep control of the PS3 intact. Big mistake.the mistake was pissing off Anon. as in the end they handed out information and IPadresses like candy. Traffic conformation says that Sony servers where DoSsed before the hack and during the hack.



Their future is going to be one where they'll need to work on their security. I'm pretty sure Geohot is probably saying "I told you so."Why? for unlocking old features. Their system could have been compromised a long time ago with the Linux on ps3 from the start. Its because they offered the feature that the attacks that weakened security happened in the first place and the Security compromise came up.

While yes they need to accept their modding community, but the security compromise was Far beyond their control. they where caught with their pants down updating, and pissed off a Large very smart hacking community that has repeatedly been compared to walking nukes in programing.

It`s back up now - for me at least. Any status on the

One free month of Playstation Plus
One free download, though it was unspecified what this download would be
One free month of Qriocity, a movie and music streaming service on the PS3

so far?

Everyone overestimates 'anon' waaaaay too much~

It`s back up now - for me at least. Any status on the

One free month of Playstation Plus
One free download, though it was unspecified what this download would be
One free month of Qriocity, a movie and music streaming service on the PS3

so far?

Is that different from Europe?
I think it was said Europe, at the very least, would be allowed to download TWO PS3 titles, along with the free month of PS+.

I don't know, I just copied that from the "Playstation University" (http://www.psuni.com/psn-compensation-detailed-7983/) story. That being said, apparently all that's required right now is a normal, old PS3 update - after that, you should be able to connect to the PSN.

The Playstation Store is still down, though. It's still "undergoing maintenance."

Source: http://blog.eu.playstation.com/2011/05/06/scee-identity-theft-protection-offering/

Also, look out for more information on the rest of our Welcome Back programme, including which free content you will be eligible for. We will be offering PSN users the opportunity to select two PS3 games from a list of five, as well as offering PSP users the opportunity to choose two games from a list of four. We will let you know exactly what games are available very soon.

Again, I stress, this is from the European Playstation blog, so it could very well NOT apply to the US.

...'M Canadian.

But you're our hat so...


Man I hoped for it to simply at least be 1 free PS3 game of our choosing. Would pick Moon Driver or maybe even Little Big Planet 2 in a heart beat.

...'M Canadian.

Canadians are nothing but a bad joke.
Everybody knows that.

I mean, look at Nikose. He's a bad joke. He claims to be Canadian. 1+1=?

But seriously, you fall under SCEA, right? So... while it was a bit stupid of me, it still sorta applies. Kinda. If you squint a bit.

So let me get this straight...

As a PSP holder, I have a choice of a F2P game or an MMO game, both of which I have little to no interest in?

Are they retarded?

Were PSP owners inconvenienced by the PSN bein' down? Why do any of us really deserve free stuff on what is, presumably Sony's dime? We did nothing but sit on internet and complain while Sony tried to fix things.

At best, we're kids braying toa stressed out parent going "I want, I want!"

I don't know about the PSP, but I don't really notice since I'm only playing Arkham Asylum and New Vegas at the moment. It is annoying that I can't get 100% on Arkham because I can't play the challenges, but that's nothing too seriously.

I hoping it won't have too much affect on L.A. Noire either though.

Liek i said before, what Sony is doing is a gesture. A PR gesture, a "they would be fucking crazy not to do this" but it still... a gesture. They didn't implode their own servers, they were targeted by criminals, clear and simple. Nobody is truly owed anything aside from developers who lost money during this.

I would argue that any company should be responsible for the service they provide.

And they are, and Sony took responsability, admitted responsability and even took strides to make amends and try and prevent this from happening again, they did that.

Still doesn't mean their clients are automatically entitled to "I'm sorry gifts". Refunds for payed services not provided while psn was out, those are by Law, and those were given. Everything else is just good PR.

^^^^

Eh. Pretty standard fare. Once a company fucks up to anyone, they're supposed to make a reasonable 'above and beyond' attempt to make up for it. Especially for something they should have been more prepared for then they were.

If Mars fucks up with an accidental unlisted Allergen? Enjoy not only a replacement, but $20 worth of free candy on top, just as an example. (http://consumerist.com/2011/05/mms-is-really-nice-after-accidentally-triggering-your-mint-allergy.html)

It's a great example of above and beyond that gets customer loyalty. Larger companies often don't do it, but damn, it's worthwhile to do! Sony is attempting it. I'm happy with what they're offering, although I don't think I own any of the games mentioned. I'll enjoy the month of discount games, I suspect.

PSN is down.

It's rolling "maintenance". They're apparently having a large amount of password resets (http://blog.us.playstation.com/2011/05/15/update-on-service-restoration-rollout/) so they're closing down random areas temporarily to lighten the load.

hahahahaha


"here's a mandatory password reset"

"Oh fuck our system can't handle this many password resets"

IT seems that the majority of the DDOS came from a rented amazon server (http://www.g4tv.com/thefeed/blog/post/712656/amazon-server-involved-in-sony-psn-network-outage/)

The hackers are obviously professionals as most of the brute force and data extraction was from a Amazon rented server with huge bandwidth and processes during the entire attack.
It seems that the FBI has quite a case on their hands.

The hackers are obviously professionals as most of the brute force and data extraction was from a Amazon rented server with huge bandwidth and processes during the entire attack.
It seems that the FBI has quite a case on their hands.

http://i165.photobucket.com/albums/u59/Poetisch/Playin-It-Like-A-Pussy.jpg (http://www.youtube.com/watch?v=3EUJYh32KVw)

Haha, Seil is a shithead.

Oh?

The image there just has a pile of shit on it and it says "this image was hotlinked without permission Hey Shithead! No hotlinking!!".

e: And at the same time the image is a link to a Die Hard 4 trailer.

Fixed.

It was better before you fixed it.

It was better before you fixed it.

Are you talking abou PSN, or Seil's image? Since PSN is kinda up. Well after 5 attempts I signed in. Store isn't going to be up, but I think on-line works.

I just didn't have time to check.

SWB

Well, unless someone in this thread fixed PSN, I was probably talking about Seil's image being funnier when it was calling him a shithead.

However, I was going to throw something in my title making a joke about how PSN was better when it was down too, but then that felt labored and lame.

Well, unless someone in this thread fixed PSN, I was probably talking about Seil's image being funnier when it was calling him a shithead.

FYI -

Joshua Grech of the Daily Telegraph reports that the PSN started coming back up sometime Sunday, although it may take a few days for everything to be available again. He also reports that Sony is going to offer a "Welcome Back" package of software and content to encourage people to stay with Sony and Playstation (or come back if they've bought an Xbox during the outage). As part of the increased security in the system users will have to change passwords when they log back in, and will have to prove they are the account holder to do it.
http://lubbockonline.com/interact/blog-post/bert-knabe/2011-05-16/did-you-miss-playstation-network

Changing your password alone is something of a pain, as I mentioned in my post - it took five attempts, as my connection kept crashing.

SWB

http://blog.us.playstation.com/2011/05/14/play-on-%E2%80%93-psn-restoration-begins-now/

Liek i said before, what Sony is doing is a gesture. A PR gesture, a "they would be fucking crazy not to do this" but it still... a gesture. They didn't implode their own servers, they were targeted by criminals, clear and simple. Nobody is truly owed anything aside from developers who lost money during this.

PR and a clever marketing ploy (http://ps3.ign.com/articles/116/1165493p1.html)

I am curious, for those that think this "welcome back" stuff doesn't cut it, what do you think would?

Two free games (again, last I heard, and maybe only Europe?), free online identity security service (I don't know numbers, but I figure that's gotta be worth a LOT. Times a few million. If that isn't one HELL of a welcome back, I don't know...)

I'm happy with that, and since I haven't gotten a call from my bank (yet. Knock on wood), I wasn't even all that angry at Sony.

free online identity security service

you mean one of those services that offers security alerts and insurance in case of identity lose? Cause having that for every single PS3 owner would be insanely expensive

you mean one of those services that offers security alerts and insurance in case of identity lose? Cause having that for every single PS3 owner would be insanely expensive

Actually... I think this was optional?
And for one year. In any case, this is something I read on the US Playstation blog.

I'd suggest you go down there to verify, but I'm fairly certain there was an option to get this.

Two free games (again, last I heard, and maybe only Europe?), free online identity security service (I don't know numbers, but I figure that's gotta be worth a LOT. Times a few million. If that isn't one HELL of a welcome back, I don't know...)

I'm happy with that, and since I haven't gotten a call from my bank (yet. Knock on wood), I wasn't even all that angry at Sony.
Last I checked, the games were all MMOs. You get 30 days for free, then have to pay for the service afterwards. That's just dubious. They could probably throw in an actual downloadable game and be done with the issue.

you mean one of those services that offers security alerts and insurance in case of identity lose? Cause having that for every single PS3 owner would be insanely expensive

The system is more of a alert protocol that warns local enforcers if I am reading it right. Meaning that the majority of the cost is already on the countries the owner is in. PSN is just helping.

There's a free month or so trial playstation network plus, or a free month for existing PSN+ users.

Last I checked, the games were all MMOs. You get 30 days for free, then have to pay for the service afterwards. That's just dubious. They could probably throw in an actual downloadable game and be done with the issue.

Where did you check this?
No matter the search term, all I get is a vague "free game". No further specifics.
(and that's just briefly ignoring the potential differences between the US and EU.)

PR and a clever marketing ploy

What? Don't get me wrong, I'm sure that some gamers will find the service somewhat useful and opt to pay for it after the free period is over, but what else can Sony do?

We've all been "inconvenienced" by this - even though I have yet to see someone actually, genuinely put out by it. They got attacked, and shut down their free service, along with their payed services, to deal with it. And instead of patiently waiting while they got attacked again, Sony was flamed, their people called out and ultimately a user base dropped their system for the X-Box.

Now we're pretty much demanding free merchandise from them - seeming like entitled asses all the way - which they're trying to supply. What's a better idea than supplying free access to their payed service? Something that probably should've been a no-brainer at Sony's Playstaton offices, and we're complaining about that, too. It's PS+, it's obvious that if we were to get any compensation, no matter how ill-deserved (http://www.cad-comic.com/cad/20030530), we're get that. it'd be one of the only things they could give us.

It's just grinding my gears that most of us are overtly-entitled (http://www.joystiq.com/2007/12/31/unhappy-xbox-live-users-demand-compensation/). And we're acting like this is the first time something has negatively affected the gaming industry. The X-Box enjoyed a reputation of

http://www.miteredcode.com/wp-content/uploads/2010/03/redachieve.jpg

So what? Now it's the Playstation's (http://v.cdn.cad-comic.com/comics/cad-20110516-6456b.png) turn? /fanboy

Also... check again. These are the FREE games for Europe and Germany, you get to pick 2

Here's whats on offer. Two PlayStation 3 games from the following list:

LittleBigPlanet
Infamous
Wipeout HD/Fury
Ratchet and Clank: Quest for Booty (Europe only)
Dead Nation
Super Stardust HD (North America/Germany only)
And two PSP games from the following list:

LittleBigPlanet PSP
ModNation Racers PSP
Pursuit Force
Killzone Liberation
That list is a bit different for PSN users in Germany, which swaps Dead Nation and Infamous for the less violent Super Stardust HD and Hustle Kings on the PS3. German PSP owners will get Everybody's Golf 2 and Buzz Junior Jungle Party instead of Pursuit Force and Killzone Liberation on the PSP.

On top of that, PSN account holders can expect 30 days of free PlayStation Plus membership if they're non-subscribers, 60 days of free subscription for those currently enrolled in the program.

In North America, Sony will also offer a selection of to-be-announced "On Us" movie rentals "available to PlayStation Network customers over one weekend, where Video Service is available." PlayStation Home fans will also receive "100 free virtual items" and an "exclusive game," Ooblag's Alien Casino, in North America.

From Kotaku

The US Appreciation package:

All PlayStation Network customers can select two PS3 games from the following list. The games will be available for 30 days shortly after PlayStation Store is restored and can be kept forever.

Dead Nation
inFAMOUS
LittleBigPlanet
Super Stardust HD
Wipeout HD + Fury

For PSP owners, you will be eligible to download two PSP games from the following list. The games will be available for 30 days shortly after PlayStation Store is restored and can be kept forever.

LittleBigPlanet (PSP)
ModNation Racers
Pursuit Force
Killzone Liberation


The lack of Ratchet and Clank disappoints me. Wish I had a European account.

The US Appreciation package:
The lack of Ratchet and Clank disappoints me. Wish I had a European account.

You aren't missing much, as the game is a tad short & really lacks good replay. (You play to the end, and have the option to restart. Have to reacquire all your weapons & find power ups. Really feel the guide rail in this.)

I'd go with inFamous 1st, then LBP, but I own both so Wipeout & something else for me.

Gonna go with Wipeout and maybe Infamous or Little Big planet.

dead nations the only one I can get that I didn't already play, but have some interest in.

I'll definitely pick up infamous, but I'm not sure about the second one. From what I've read Dead Nation only has 10 levels. Sounds like it could be rather short.

Anyone know enough about Super Stardust to recommend it?

If not, I'll probably grab Infamous and LittleBigPlanet, although I'm actually not terribly excited for LBP.

I thought I was ready for LBP, but it's a little too slow for me, the creation tools are interesting, but it'd take too long both to get good with them make something genuinely worthwhile... And I already own Infamous.

So yeah - I was hoping for something like discounts on everything in the PSN store.

these are all games Sony funded, so they atleast dont have to pay publishers for each one given away. Probably still developers though. So thats why you are getting those ones

Where did you check this?
No matter the search term, all I get is a vague "free game". No further specifics.
(and that's just briefly ignoring the potential differences between the US and EU.)

It was the EU blog, when I looked up the EU package. All they had was the MMOs which put me into RAAAAAGE mode.

Now they've detailed the US version so I'm good now.

Jagos, what you were looking at was the goodies bag for SOE. The company that runs all the MMO's they were giving stuff away for. What you were looking for is this, the PSN welcome back package.

I like this package too, I already owned Infamous and LBP, so I think I'm going for Wipeout and Dead Nation.

http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/

Shit just keeps on happening, huh Sony?

Sony recently discovered a Hack involving the PSN password recovery page. This hack allows the hackers to change a PSN user's password using only their date of birth and e-mail. All PSN users are requested to change their e-mails to one that won't be used asap.

The hack was apparently dealt with but Sony still says you should take extra measures and change your e-mails anyway.

well it will never be "safe" but you should give them credit for taking no chances and immediately telling everyone and taking extra measures to handle it

Yeah, Sony just can't get a break can they?

http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/

Shit just keeps on happening, huh Sony?

Sony recently discovered a Hack involving the PSN password recovery page. This hack allows the hackers to change a PSN user's password using only their date of birth and e-mail. All PSN users are requested to change their e-mails to one that won't be used asap.

The hack was apparently dealt with but Sony still says you should take extra measures and change your e-mails anyway.

We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.

Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up.

http://blog.eu.playstation.com/2011/05/18/update-on-psn-password-reset-process/

Ah so that's what that was. Nice to see the bug was fixed.

I have to say I wasn't really thrilled with the 'welcome back' package Sony is planning on offering, esspecially the bad-gift that is a month of Playstation Plus. Anyway, I haven't heard anything about subscription extensions for games like DC Universe, anyone got a link?

Also: ANOTHER attack? Ugh.

I mean, in the end it's still pretty bad, if this URL exploit could lead to problems, but it's no hacking.

Methinks that website you linked was having a bad case of the paranoia. ;)

ANOTHER attack?
Wait? What? When?

It doesn't help matters that Stringer (CEO) is calling this "just a hiccup".

With people's credit card info and information as collateral

Just a question here, a dumb question but one I'm curious abofut. How does having my info - address and postal code and the like give someone the opportunity to steal my identity?

I always thought people needed things like my social security number, which wasn't required for the PSN, or the Credit Card info, which we're told wasn't stolen, or a birth certificate or something. Some legitimate piece of ID. Because as far as I know, now I'm sucseptible to spam mail.

Also, Jagos, like, calm down. I'm fairly certain that Sony isn't trying to be hacked over and over. They got hacked once, they tried to figure out what was going on, the second time they were in the middle of redoing the security system and had their services offline, the third time (I believe) they were just implementing the new system. It's not like they're trying to be attacked, it's just that they've got some unavoidable moments of vulnerability.

It doesn't help matters that Stringer (CEO) is calling this "just a hiccup".

With people's credit card info and information as collateral

I'm going to be a complete asshole here, and I hate to do it, but I'll do it anyway:

Why don't you go over there and show them how it's done, Jagos.

Like Seil says, Sony isn't happy about this either.
This is already costing them. Big.
It's not like they just haphazardly throw shit together and hope it sticks.

EDIT: Not any more, at least. As far as they have, before these hackings.

Also, I'd like to point out (as I have been) that for the last couple of years, every console's and their respective company have had some ill luck - we made fun of the X-Box breaking, we made fun of the Wii library and motion controls. It's just Sony's turn now - and I'm not saying that those incidents are relatable, that they're the same thing, but goddamn do nerds like us like rage-ing over shit.

Also, what are other companies doing in regards to their security? Correct me if I'm wrong, but doesn't the X-Box at least have you put in your credit info? The attacks on Sony are just drawing attention to the issue of poor security, and it's just getting hit over and over again. If the next attack comes further on down the road, and Nintendo, Microsoft or Sony isn't prepared for it, there's going to be a shit storm.

I'm going to be a complete asshole here, and I hate to do it, but I'll do it anyway:

Why don't you go over there and show them how it's done, Jagos.

Like Seil says, Sony isn't happy about this either.
This is already costing them. Big.
It's not like they just haphazardly throw shit together and hope it sticks.

EDIT: Not any more, at least. As far as they have, before these hackings.

~the issue continues to be the downplaying of the problem vs the actual severity and details at stake and NOT that they would dare to be so rude as to be victims~


To note, this isn't "It's just Sony's turn to be made fun of". RRinging Xboxes and poor game support for Wii are a considerable distance away from what has occured here.

~the issue continues to be the downplaying of the problem vs the actual severity and details at stake and NOT that they would dare to be so rude as to be victims~


of course they are downplaying the problem, bigger the problem is perceived the more this hurts them. What do you expect them to say, "there was a horrible breach of security that completely crippled us and screwed over every single one of our clients, and there are still tons of security holes just waiting to be exploited because its impossible to be completely secure"

Cause that would be business suicide

Also I guess it would be honest advertising, and fuck if businesses start doing that.

of course they are downplaying the problem, bigger the problem is perceived the more this hurts them. What do you expect them to say, "there was a horrible breach of security that completely crippled us and screwed over every single one of our clients, and there are still tons of security holes just waiting to be exploited because its impossible to be completely secure"

Cause that would be business suicide

Fine, whatever.

Sony is completely in the right for deciding to be as business as they like all over their customers when their name has already been dragged through the mud by this entire incident.

That'll win all the customers. Forever.

Peace. Out.

Also, Jagos, like, calm down. I'm fairly certain that Sony isn't trying to be hacked over and over. They got hacked once, they tried to figure out what was going on, the second time they were in the middle of redoing the security system and had their services offline, the third time (I believe) they were just implementing the new system. It's not like they're trying to be attacked, it's just that they've got some unavoidable moments of vulnerability.

I dunno why everyone thinks I'm angry, I'm just pointing out what the guys at the top are saying.

*Hic* (http://www.bloomberg.com/news/2011-05-17/sony-chairman-stringer-calls-hacker-attack-hiccup-in-road.html)

Hell, Sony isn't allowed to relaunch in Japan (http://www.foxbusiness.com/industries/2011/05/15/japan-restart-sony-online-games-services-approved/) until it secures everything down. Given how much was taken, I would think it would take a lot longer than 30 days to get everything restored, or even locked down. It's just really hard to hear someone say this is a "hiccup" when it's cost them so much.

Sorry I cannot think of a tactful way to say this

because you dont understand how PR and marketing work. The public wants this to be a minor problem thats fixed quickly and hasn't harmed them. Sony is trying to appear that it was exactly that without giving blatantly wrong information, while they try to fix this. Average PS3 owner wants this to be a "hiccup" so they are calling it one.

What do you expect them to say? That there was a severe security breach? Do you think that would help anything, would saying that get it fixed faster, would it make them feel better, would it increase security? No all that would do is generate even more illwill against the company which it really doesn't need right now after criminals attacked them.

Sony has nothing to gain by making it look like a disaster, it helps no one to call it a disaster, so of course they aren't gonna call it a disaster

No pink, 'M on me PSP. I seriously don't think that customers are put out by this. There has, from what I've heard, been no credit inf stolen. So what has been compromised?

Address, postal codes emails? All info people could get from Google, or Facebook, if I cared to look.

And what will people do with that information? Mail a letter? To my knowledge, in order to steal someones identity, you need some government certified papers, like a social security number. I 'm pretty sure that's not required.

So what was the big deal? The PSN outage? We were upset and crying for compensation because we couldn't get online?

You guys are being weird and way oversimplifying the entire scenario. It's freaking me out.

...Stop being weird.

*Facepalms* (http://www.zdnet.co.uk/blogs/security-bullet-in-10000166/sony-site-used-for-phishing-10022513/?tag=mncol;txt)

At this point, it's beyond ridiculous that PSN's network is so piss poor.

Before all this I was seriously considering getting a PS3 so I could get hold of FF Vs. XIII, and now I am pretty bummed out.

Before all this I was seriously considering getting a PS3 so I could get hold of FF Vs. XIII, and now I am pretty bummed out.

Well, if its any inticement, you might be eligible for 2 free games if you buy now. Really not sure on that, but its possible.

SWB

Well, if its any inticement, you might be eligible for 2 free games if you buy now. Really not sure on that, but its possible.

SWB

Nah, I'm pretty sure you need to have been a member the day it dropped.

Marc, I'd get one anyway. Just don't put a credit card in. Though I don't see this happening again. And if it does it will probably be later and not any time soon. Sony is still too on guard for a current attack to be too successful.

*Facepalms* (http://www.zdnet.co.uk/blogs/security-bullet-in-10000166/sony-site-used-for-phishing-10022513/?tag=mncol;txt)

At this point, it's beyond ridiculous that PSN's network is so piss poor.

umm Jagos, your link even says it has nothing to do with PSN hack. Its just someone taking advantage of the confusion. I mean I dont blame blizzard for all the "your world of warcraft account needs confirmation" spam

And a nitpick, PSN network is redundant, like ATM machine.

umm Jagos, your link even says it has nothing to do with PSN hack.

That's like saying the SOE overall hack had nothing to do with the PSN hack. We're commenting that Sony in general has piss-poor security. It's still hack that affected Sony hardware.

That's like saying the SOE overall hack had nothing to do with the PSN hack. We're commenting that Sony in general has piss-poor security. It's still hack that affected Sony hardware.

seriously, this is the first time you've heard of this happening with a major network? Have you checked your junk mail lately?

Nobody has really mentioned the biggest problem of the leaks which is the list of passwords. While Sony got everyone to change their passwords, most people use only a few/one passwords for multiple sites including their email and things. If I can use this list of passwords to get into your email I can probably get into your bank or other things.

seriously, this is the first time you've heard of this happening with a major network? Have you checked your junk mail lately?

Differences that are apparently over your head:

Selling your email to spam lists

signing up for spam

Playstation network being hacked.

Differences that are apparently over your head:

Selling your email to spam lists

signing up for spam

Playstation network being hacked.

Terminology that is apparently over your head:

Phishing: Tricking users into giving their email addresses and passwords to people, and signing up for spam.


I honestly have no idea what you're trying to get across in this post. I mean, it SEEMS like you think that you have a pretty solid point, but there is no logically linking thread through your post. And you want to be derogatory instead of actually explaining the point? I dunno, that's all I got out of it. Didn't help that you just threw a link up claiming phishing, with no explanation for people who didn't want to bother reading a huge news article.

After everyone bitching and moaning about how my identity is going to be stolen, charges are gonna be run up on my credit card, about how this is gonna destroy Sony, I'm glad that the worst thing that's gonna happen is that I halfta delete a little more spam.

They got hit pretty damn hard though... (http://arstechnica.com/gaming/news/2011/05/sony-forecasts-a-31b-loss-for-fiscal-2011-due-to-quake-psn-failure.ars?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+arstechnica/index+(Ars+Technica+-+Featured+Content))

I'd like to make a motion for more links that spell out the article explicitly within the URL. That'd make my life of a lazy person so much easier.

Nobody has really mentioned the biggest problem of the leaks which is the list of passwords. While Sony got everyone to change their passwords, most people use only a few/one passwords for multiple sites including their email and things. If I can use this list of passwords to get into your email I can probably get into your bank or other things.
while I agree with this problem, its not sony, or any other networks fault that people use only one e-mail password combo.
Differences that are apparently over your head:

Selling your email to spam lists

signing up for spam

Playstation network being hacked.
the article says, "unrelated to PSN network hack" why do you keep talking aobut it when it has no direct connection.

Phishing: Tricking users into giving their email addresses and passwords to people, and signing up for spam.

as RPG explained, thats the definition of phishing, you will notice that it has nothing to do with firewalls, hacking, or data encryption. Its a mistake on the user. While they should do all they can to fight this, its not there fault they gave out this information after Sony told them to never give it out. The specific reason they aren't asking for personal information to confirm your identity is to try and avoid this kind of thing.

while I agree with this problem, its not sony, or any other networks fault that people use only one e-mail password combo.


While they are not being as safe as they can be it is reasonable to expect your passwords to be well protected by sony.

Ohhhhh he meant phishing scam while I was rather clearly referring to somebody hacking into a server and setting up a page dedicated to phishing on private hardware.

Which is totally different from the random "Woldofwarcraft" phishing pages as they're not hosted on, you know, Actual WOW servers.

Hostility because, ho fuck how do you purposely and obtusely argue that

"Have you checked your junk mail lately?" compares to "Wow, these guys, much like Mastercard, have terrible protection for their servers", and frankly I found "Have you checked your junk mail lately" to be snarky- thus the snark back.


The major difference being "HOSTED on Sony's server hardware" versus "Hosted on some bullshit other URL that looks similar".

PR and marketing It occurs to me that we're not getting any information about what has happened from any source other than Sony. Anyone who's reporting on the story as far as I've seen are basically reading from Sony's press releases. Where are the journalists who could be investigating things and presenting a somewhat unbiased account?

(Probably doing something important.)

It occurs to me that we're not getting any information about what has happened from any source other than Sony. Anyone who's reporting on the story as far as I've seen are basically reading from Sony's press releases. Where are the journalists who could be investigating things and presenting a somewhat unbiased account?

(Probably doing something important.)

sadly investigative reporting is kind of dead. News outlets are more concerned with generating ratings and they can do that just fine by spinning Sony's releases how they'd like.

Has anyone seen anything about how you claim the "I'm Sorry We Played Fast and Loose with Your Private Info**" Games?

**This is a joke, I actually don't think any of this is really Sony's fault.

Store is up tomorrow from what I hear. (http://www.gamespot.com/news/6314576.html?tag=updates%3Beditor%3Ball%3Btitle%3B 2)

Or not. (http://www.gamasutra.com/view/news/34805/Sony_PSN_Store_Will_Not_Relaunch_Today.php?utm_sou rce=feedburner&utm_medium=feed&utm_campaign=Feed%3A+GamasutraNews+%28Gamasutra+Ne ws%29)

It seemed like it probably wouldn't since that was only a leaked memo. If they had any real inclination to get it up on May 24th, they'd probably have officially announced it before hand.

I'm beginning to think that Sony's PR team has botched this up even more than their Security Team did, if that's even possible. They totally had the opportunity to officially deny the May 24th PSN Store report before the morning of the 24th and for some reason they refused to. It's like their PR team needs to go to Customer Relations 101 Courses.

They've got "sometime before the end of the month to go, though." So... like, 11.59PM May 31st.

I just wanted to share what I consider the best analysis of this situation (http://www.escapistmagazine.com/videos/view/extra-credits/3306-NOT-a-Security-Episode)

I do not fully agree, though just about every point we discussed here is shown in a fairly objective manner