Yeah really her part of the answers have been incomprehensible. Hopefully we have a better directly translated transcript at some point vs just a transcript of what she said.

The nice guy just said that while Anon had attacked them worldwide on IT services, he didn´t blame the PSN attack on them. Still unknown who it was.

The amount of heat that is going to hit the hackers who did this can be compared to the sun :-)

Based on their explanation and the fact that it was a known vulnerability, was this a JavaScript Injection Attack or something a bit more advanced?

My connection crapped out but it sounded like the passwords were hashed. Did I hear that right?

Tommy McClain

No one knows yet what the attack was

Yeah mine cut out just at that moment too but neogaf said she said they were hashed.

As i heard it, the CC cards was in another "part of the database" and was encrypted. And no confirmed use of a CC from the hack.

Yeah yeah, knew about that already. Looks like engadget answered what I was asking, if the passwords were hashed & they said yes too.

Tommy McClain

Yeah, I didn't hear the hashed part either.

"This problem cannot be dealt with just by Sony" was what was just said by (I believe) their CIO. That certainly sounds like Sony putting their head in the sand, especially if the initial exploit was due to an out of date Apache install. Law Enforcement is for punitive, post-investigative purposes but has zero to do with prevention and best practices. I am not getting "we screwed up, we are going to right the ship" out of this at all, I am instead getting "Anonymous is so mean. Look, a free cookie!" If anything, Sony seems to be looking at this as a marketing opportunity for Playstation+.

They also brought up Anonymous *again* to try to deflect blame despite there being no evidence whatsoever this has anything to do with them (seems more likely a generic automated script looking for vulnerable systems from what they have said so far).

Cheers

Death a question brought up anonymous they said there is no data to connect the attacks what do you want them to do ignore the question all together?

I heard that he said that Anon had attacked their services but there was no clear evidence that is was them.

PSN+ was just mentioned where Kaz made clear that they would Refund those that would like to get out of PSN+ and refund the wallet. How is this a promotion?

Besides, Anon is no one and everyone, so why shouldn´t it be someone that was a part of the original attack? You don´t know, and anon doesn´t know. It´s like seperating pepsi from coke in a bucket of cola.

Official press release...

http://blog.us.playstation.com/2011/...ble-this-week/

Tommy McClain

Stolen from gaf..

http://i53.tinypic.com/33wwsio.jpg

Something about a tunnel being created to get into their application server activating the backdoor through a specific command.

Anyone know anything about an earlier PSN breach one of the reporters seemed to make reference to (not sure if that was translated correctly)?

The translation sucks as it can be hard to tell who is talking sometimes. . .

Yeah and another reporter brings up anonymous.

And is told by Kaz that there is no evidence that they were involved..

Got that @death?

Kaz was very serious. Compliment on Sony for getting competent simultan translators though, who knew all the relevant technical terms.

So Sony doesn't take their part of the responsibility for all this. They don't apologise for taking so long to imform their customers. They only regret that this attack on their network has happened.

Sony is a failure of a company.

Really corn you listened to all that conference and didn't hear Sony take responsibility once?

Sony executive Kaz Hirai apologizes for PlayStation Network outage


in case if you missed that part.

http://venturebeat.com/2011/04/30/psn-outage-apolog/

How, exactly, does this help either protect the users data, or stop another attack in the future?

If a hacker steals the password database, they're still going to have the _current_ password, no matter if you changed it a week ago.

Fricking security theater...

I'm interested in the lawsuits that will come of this. Not to impressed with sony at the moment

Interested in what way? How much pain it will inflict or how much incompetence that will be brought to light?

I can´t recall that you have ever been impressed with Sony so nothing new there :-)

I want to see what personal information is worth.

I'm lucky that i never use credit card information for any online thing (even amazon i use pre paid credit cards) . However for my cousin they most likely have his credit card , the user id he uses for most of his info , a bunch of security questions and i'm sure now he has to retire at least one password that he uses for a few diffrent things.

How much is that worth in the eyes of the courts that will handle it ? How much is it worht personaly to any one of us.

I know its worth more than even a $600 playstation so I already know sony wont compensate me the way i'd like , to others it may be worth nothing and to sony it only seems to be worth a month of psn + which costs what $3 bucks to the user ?


Anyway I'm sure alot of people moving foward will still trust sony. I however can't see how anyone would even think of buying a sony product in the future. Its one thing for this to happen with an exploit that no one knew about but the hackers found. But to have a known exploit /back door sitting wide open is insane !


In the end I hope this makes all the companys out there do a double take at their servers and secure them better