Beyond3D Forum

Beyond3D Forum (http://forum.beyond3d.com/index.php)
-   Console Forum (http://forum.beyond3d.com/forumdisplay.php?f=37)
-   -   *ren* PSN Down, Customer Info Compromised (http://forum.beyond3d.com/showthread.php?t=60017)

Xenus 01-May-2011 06:58

Yeah really her part of the answers have been incomprehensible. Hopefully we have a better directly translated transcript at some point vs just a transcript of what she said.

-tkf- 01-May-2011 07:03

The nice guy just said that while Anon had attacked them worldwide on IT services, he didnīt blame the PSN attack on them. Still unknown who it was.

The amount of heat that is going to hit the hackers who did this can be compared to the sun :-)

minimoke 01-May-2011 07:03

Based on their explanation and the fact that it was a known vulnerability, was this a JavaScript Injection Attack or something a bit more advanced?

AzBat 01-May-2011 07:05

My connection crapped out but it sounded like the passwords were hashed. Did I hear that right?

Tommy McClain

Xenus 01-May-2011 07:07

No one knows yet what the attack was

Yeah mine cut out just at that moment too but neogaf said she said they were hashed.

-tkf- 01-May-2011 07:09

Quote:

Originally Posted by AzBat (Post 1547723)
My connection crapped out but it sounded like the passwords were hashed. Did I hear that right?

Tommy McClain

As i heard it, the CC cards was in another "part of the database" and was encrypted. And no confirmed use of a CC from the hack.

AzBat 01-May-2011 07:13

Quote:

Originally Posted by -tkf- (Post 1547725)
As i heard it, the CC cards was in another "part of the database" and was encrypted. And no confirmed use of a CC from the hack.

Yeah yeah, knew about that already. Looks like engadget answered what I was asking, if the passwords were hashed & they said yes too.

Tommy McClain

minimoke 01-May-2011 07:13

Yeah, I didn't hear the hashed part either.

deathindustrial 01-May-2011 07:15

"This problem cannot be dealt with just by Sony" was what was just said by (I believe) their CIO. That certainly sounds like Sony putting their head in the sand, especially if the initial exploit was due to an out of date Apache install. Law Enforcement is for punitive, post-investigative purposes but has zero to do with prevention and best practices. I am not getting "we screwed up, we are going to right the ship" out of this at all, I am instead getting "Anonymous is so mean. Look, a free cookie!" If anything, Sony seems to be looking at this as a marketing opportunity for Playstation+.

They also brought up Anonymous *again* to try to deflect blame despite there being no evidence whatsoever this has anything to do with them (seems more likely a generic automated script looking for vulnerable systems from what they have said so far).

Cheers

Xenus 01-May-2011 07:18

Death a question brought up anonymous they said there is no data to connect the attacks what do you want them to do ignore the question all together?

-tkf- 01-May-2011 07:20

Quote:

Originally Posted by deathindustrial (Post 1547729)
"This problem cannot be dealt with just by Sony" was what was just said by (I believe) their CIO. That certainly sounds like Sony putting their head in the sand, especially if the initial exploit was due to an out of date Apache install. Law Enforcement is for punitive, post-investigative purposes but has zero to do with prevention and best practices. I am not getting "we screwed up, we are going to right the ship" out of this at all, I am instead getting "Anonymous is so mean. Look, a free cookie!" If anything, Sony seems to be looking at this as a marketing opportunity for Playstation+.

They also brought up Anonymous *again* to try to deflect blame despite there being no evidence whatsoever this has anything to do with them (seems more likely a generic automated script looking for vulnerable systems from what they have said so far).

Cheers

I heard that he said that Anon had attacked their services but there was no clear evidence that is was them.

PSN+ was just mentioned where Kaz made clear that they would Refund those that would like to get out of PSN+ and refund the wallet. How is this a promotion?

Besides, Anon is no one and everyone, so why shouldnīt it be someone that was a part of the original attack? You donīt know, and anon doesnīt know. Itīs like seperating pepsi from coke in a bucket of cola.

AzBat 01-May-2011 07:23

Official press release...

http://blog.us.playstation.com/2011/...ble-this-week/

Tommy McClain

-tkf- 01-May-2011 07:29

Stolen from gaf..

http://i53.tinypic.com/33wwsio.jpg

Xenus 01-May-2011 07:29

Something about a tunnel being created to get into their application server activating the backdoor through a specific command.

deathindustrial 01-May-2011 07:39

Anyone know anything about an earlier PSN breach one of the reporters seemed to make reference to (not sure if that was translated correctly)?

The translation sucks as it can be hard to tell who is talking sometimes. . .

Xenus 01-May-2011 07:41

Yeah and another reporter brings up anonymous.

-tkf- 01-May-2011 07:45

Quote:

Originally Posted by Xenus (Post 1547738)
Yeah and another reporter brings up anonymous.

And is told by Kaz that there is no evidence that they were involved..

Got that @death?

thop 01-May-2011 07:50

Kaz was very serious. Compliment on Sony for getting competent simultan translators though, who knew all the relevant technical terms.

Cornsnake 01-May-2011 07:55

So Sony doesn't take their part of the responsibility for all this. They don't apologise for taking so long to imform their customers. They only regret that this attack on their network has happened.

Sony is a failure of a company.

Xenus 01-May-2011 07:56

Really corn you listened to all that conference and didn't hear Sony take responsibility once?

messyman 01-May-2011 08:00

Sony executive Kaz Hirai apologizes for PlayStation Network outage


in case if you missed that part.

http://venturebeat.com/2011/04/30/psn-outage-apolog/

bkilian 01-May-2011 08:00

Quote:

2:52 JST: Kaz suggests that users may be prompted to change PSN passwords more frequently in future.
How, exactly, does this help either protect the users data, or stop another attack in the future?

If a hacker steals the password database, they're still going to have the _current_ password, no matter if you changed it a week ago.

Fricking security theater...

eastmen 01-May-2011 08:01

I'm interested in the lawsuits that will come of this. Not to impressed with sony at the moment

-tkf- 01-May-2011 08:12

Quote:

Originally Posted by eastmen (Post 1547746)
I'm interested in the lawsuits that will come of this. Not to impressed with sony at the moment

Interested in what way? How much pain it will inflict or how much incompetence that will be brought to light?

I canīt recall that you have ever been impressed with Sony so nothing new there :-)

eastmen 01-May-2011 08:21

Quote:

Originally Posted by -tkf- (Post 1547748)
Interested in what way? How much pain it will inflict or how much incompetence that will be brought to light?

I canīt recall that you have ever been impressed with Sony so nothing new there :-)

I want to see what personal information is worth.

I'm lucky that i never use credit card information for any online thing (even amazon i use pre paid credit cards) . However for my cousin they most likely have his credit card , the user id he uses for most of his info , a bunch of security questions and i'm sure now he has to retire at least one password that he uses for a few diffrent things.

How much is that worth in the eyes of the courts that will handle it ? How much is it worht personaly to any one of us.

I know its worth more than even a $600 playstation so I already know sony wont compensate me the way i'd like , to others it may be worth nothing and to sony it only seems to be worth a month of psn + which costs what $3 bucks to the user ?


Anyway I'm sure alot of people moving foward will still trust sony. I however can't see how anyone would even think of buying a sony product in the future. Its one thing for this to happen with an exploit that no one knew about but the hackers found. But to have a known exploit /back door sitting wide open is insane !


In the end I hope this makes all the companys out there do a double take at their servers and secure them better


All times are GMT +1. The time now is 16:51.

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.