Beyond3D Forum

Beyond3D Forum (http://forum.beyond3d.com/index.php)
-   Console Forum (http://forum.beyond3d.com/forumdisplay.php?f=37)
-   -   *ren* PSN Down, Customer Info Compromised (http://forum.beyond3d.com/showthread.php?t=60017)

Akumajou 06-May-2011 01:10

Quote:

Originally Posted by goonergaz (Post 1548662)
As much as I am a big fan of Sony you are completely correct. I manage a system where I work and I know for a fact that the suppliers of said system have an identical test server for such updates and I have a test server on site for testing new software - it may take months to plan though...depending on the severity of the issue and complexity of the 'fix'.

I do believe Sony were slow to react but I also believe the dates provided above (I'm sure the FBI will catch them out if anything is untrue) - so Sony told us pretty much as soon as it was confirmed (within a day) not 7/9 days as many seem to suggest.

I wonder if Sony were working on a complete migration and this is why it was left unpatched for so long...it would also explain why they can 'all of a sudden' migrate to new 'more secure' servers when usually such excersises take months of planning.

But Sony's servers are not easily accesible like the usual hacks that plague Windows Operating Systems, you have to have inside access to proprietary Sony software, and these hackers got access to such things as well as reverse engineering/hacking of the Sony firmware that unless they did not have the official documentation they would have never been able to simply crack it.

I personally am very disappointed at how the mainstream tech media keeps making it sound like these hackers are intelligent when they just had access to stuff the average consumer is not supposed to have access to so its no suprise otherwise they would have hacked the PS3 way back in 2006 or early 2007 even if OtherOS was never offered.

macabre 06-May-2011 03:25

http://blog.us.playstation.com/2011/...e-restoration/

Quote:

Today our global network and security teams at Sony Network Entertainment and Sony Computer Entertainment began the final stages of internal testing of the new system, an important step towards restoring PlayStation Network and Qriocity services.

http://blog.us.playstation.com/2011/...ugh-debix-inc/

Quote:

A $1 million identity theft insurance policy per user
http://blog.us.playstation.com/2011/...ward-stringer/

Brad Grenz 06-May-2011 03:47

One year of identity theft insurance is a pretty common in these situations. I wonder what Sony actually pays when they sign a contract for so many customers? I bet it isn't very much per customer.

Xenus 06-May-2011 05:38

It's probably not even that they just signed such a contract. It's probably covered under some insurance they bought against this type of thing.

goonergaz 06-May-2011 10:22

Quote:

Originally Posted by Akumajou (Post 1548844)
But Sony's servers are not easily accesible like the usual hacks that plague Windows Operating Systems, you have to have inside access to proprietary Sony software, and these hackers got access to such things as well as reverse engineering/hacking of the Sony firmware that unless they did not have the official documentation they would have never been able to simply crack it.

I personally am very disappointed at how the mainstream tech media keeps making it sound like these hackers are intelligent when they just had access to stuff the average consumer is not supposed to have access to so its no suprise otherwise they would have hacked the PS3 way back in 2006 or early 2007 even if OtherOS was never offered.

Sorry, I wasn't aware of the insider info - it was implied somewhere IIRC but I don't recall it being confirmed?

JPT 06-May-2011 11:35

The letter from Howard Stringer on the EU blog is pushing it, comparing the breach with the Earthquak and Tsunami, they might not intend it like that. But reading it, definitely sounds like they are playing the poor us card there.
And the stronger defense statement, mmmmm would me much more assuring if they trotted out state of the art or best money can buy. Now their just upgrading with no real faith in the upgrade :D

http://blog.eu.playstation.com/2011/...ward-stringer/

But most importantly when will it be back? Last estimate we saw was one week from Tuesday last week. :D

Arwin 06-May-2011 12:23

I don't know if it came across that way to everyone (probably not), but I'm sure the point is that Sony was hit hard by the Tsunami / Earthquake problems, but unlike that natural disaster the current problems were actually a man-made criminal attack that is seriously damaging the company (also stock-wise). So from his perspective, and the two things hitting the company so close after each other, it is not a strange comment. I guess to many Europeans the Tsunami / Earthquake in Japan isn't just as big of a deal - heck most of us even got Motorstorm: Apocalypse on the original release date. ;)

goonergaz 06-May-2011 12:39

I must confess that I thought the anti Sony brigade are going to lap that quote up.

AlphaWolf 06-May-2011 21:06

I think they need a server vulnerability scale, that would allow them to better inform their customers of the issues at hand.

1.0 - kiddie script.. someone is testing the ports
|
V
8.0 cancel your credit cards

BoardBonobo 06-May-2011 22:19

Quote:

Originally Posted by AlphaWolf (Post 1549040)
I think they need a server vulnerability scale, that would allow them to better inform their customers of the issues at hand.

1.0 - kiddie script.. someone is testing the ports
|
V
8.0 cancel your credit cards

9. "Whaddya mean you left it on the train?"

10. "I'm sure we had a server here somewhere... Check the back of the sofa Kaz mate"

deathindustrial 07-May-2011 03:44

http://blog.us.playstation.com/2011/...ration-update/

Quote:

...When we held the press conference in Japan last week, based on what we knew, we expected to have the services online within a week. We were unaware of the extent of the attack on Sony Online Entertainment servers, and we are taking this opportunity to conduct further testing of the incredibly complex system....
At this rate Duke Nukem Forever is going to be released before PSN is back online.

If their account authentication system is that "incredibly complex" it sounds like they are doing something incredibly wrong.

Cheers

-tkf- 07-May-2011 08:09

Quote:

Originally Posted by deathindustrial (Post 1549092)
http://blog.us.playstation.com/2011/...ration-update/



At this rate Duke Nukem Forever is going to be released before PSN is back online.

If their account authentication system is that "incredibly complex" it sounds like they are doing something incredibly wrong.

Cheers

I would like that, i have waited for Duke Nukem since 1997.

Itīs obvious that getting PSN online is not a quick fix and the scale doesnīt help.

Being a big supporter of Cloud Services (and preacher) this really made me think. These things happens now and will continue to happen. And as more and more functions is bound to the services in the cloud, services becomes even more vulnerable. If PSN is down, you canīt play online, it doesnīt matter that the servers are hosted somewhere else. If Google has a problem, you canīt access your mail or you docs, pics etc that is in the cloud. The centralized nature is a big weakness when something goes wrong.

I hope that Microsoft, Nintendo and espcially Sony learns from this. I would propose a complete backup system that only works in "read only mode". Providing the basic services so that games work but only basic.

BRiT 07-May-2011 16:59

I believe MS has nothing tech-related to learn from this Sony SNAFU as MS's Azure-based services have provided for a lot of the functionality Sony and others are missing. The likely features being automatic rolling updates and upgrades, automatic rollback of failed patches, failure detections of the nodes, load-based scaling, location independence of nodes, as well as consistent backup policies and procedures. Have a look at the various Azure-based presentations at PDCs (Professional Developer Conference) or TechEds. I first noticed this at the 2008 PDC in Los Angeles.

-tkf- 07-May-2011 18:32

Quote:

Originally Posted by BRiT (Post 1549174)
I believe MS has nothing tech-related to learn from this Sony SNAFU as MS's Azure-based services have provided for a lot of the functionality Sony and others are missing. The likely features being automatic rolling updates and upgrades, automatic rollback of failed patches, failure detections of the nodes, load-based scaling, location independence of nodes, as well as consistent backup policies and procedures. Have a look at the various Azure-based presentations at PDCs (Professional Developer Conference) or TechEds. I first noticed this at the 2008 PDC in Los Angeles.

Could you provide some links? It would be interesting to see how Microsoft is better than Amazon or Google.

AlphaWolf 07-May-2011 19:03

you mean like

http://www.microsoft.com/windowsazure/

?

deathindustrial 08-May-2011 07:15

I was curious about the source of the outdated Apache server / no firewall claims. For the moment I am having to assume that it is related to the IRC log that was making the rounds back in February 2011:

http://www.ps3hax.net/showpost.php?p...&postcount=180

Google's cache from March 23 shows the server in question displaying the banner for 2.2.17 of Apache which is current:

http://webcache.googleusercontent.co...laystation.net

I then wanted to know what "forums" Dr.Spafford was using as his source for the congressional testimony (based on various news articles making the rounds) and so took a peek at his written submission and it contains this gem:

Quote:

I have no information about what protections they had in place, although some
news reports indicate that Sony was running software that was badly out of date, and had
been warned about that risk.
http://republicans.energycommerce.ho...1/Spafford.pdf

So anyone using Dr. Spafford as the source for the "they ran outdated software" claim did not actually read his submission - he doesn't know anything more than you or me. The situation is dire enough without media hacks making crap up.

Cheers

-tkf- 08-May-2011 08:12

Quote:

Originally Posted by AlphaWolf (Post 1549192)

I meant something useful, if Azure does something special compared to the competition it would be interesting to read about it. Considering how slow that Microsoft have been when it comes to Cloud services i would be pleasantly surprised if they do anything better than those that is beating them on a daily basis.

Brad Grenz 08-May-2011 09:00

Quote:

Originally Posted by deathindustrial (Post 1549251)
I was curious about the source of the outdated Apache server / no firewall claims. For the moment I am having to assume that it is related to the IRC log that was making the rounds back in February 2011:

http://www.ps3hax.net/showpost.php?p...&postcount=180

Google's cache from March 23 shows the server in question displaying the banner for 2.2.17 of Apache which is current:

http://webcache.googleusercontent.co...laystation.net

I then wanted to know what "forums" Dr.Spafford was using as his source for the congressional testimony (based on various news articles making the rounds) and so took a peek at his written submission and it contains this gem:



http://republicans.energycommerce.ho...1/Spafford.pdf

So anyone using Dr. Spafford as the source for the "they ran outdated software" claim did not actually read his submission - he doesn't know anything more than you or me. The situation is dire enough without media hacks making crap up.

Cheers

Yeah, people are so eager to believe the worst about Sony that any rumor that blackens their eye is immediately repeated as fact. The fact is that "security expert" was literally repeating something he read on a message board once. His claim that Sony knew was based on an assumption that someone from Sony probably read the same post he did. He did not have first hand knowledge. He did not personally inform Sony. He didn't even do the very basic detective work you have that completely repudiates the claims. We are in a backwards world where everything Sony said is assumed to be a lie or conspiracy and "IRC chat logs" have miraculously become the most trusted news source in the industry.

It's an example of just how far the journalistic standards have fallen and the way the "console wars" have made it impossible to have an honest discussion about anything. Everything becomes a proxy battle between internet partisans, and blogs like Kotaku are more than happy to stoke the mob mentality since it gets them clicks (and their writers are paid by the post and will write up anything).

Anyway. You should send a tip to Joystiq or somebody with your findings.

Shifty Geezer 08-May-2011 09:48

Quote:

Originally Posted by Brad Grenz (Post 1549258)
Anyway. You should send a tip to Joystiq or somebody with your findings.

I agree with everything you've written, including this. If this expert's testimony is useless, it needs to be known so those listening to him know to disregard his unjustified comments.

Brad Grenz 08-May-2011 10:44

Quote:

Originally Posted by Shifty Geezer (Post 1549264)
I agree with everything you've written, including this. If this expert's testimony is useless, it needs to be known so those listening to him know to disregard his unjustified comments.

For my part I'm going to write it up and post it to Bitmob. That's a better place than my own blog, which is mostly satirical, and maybe a link on N4G can help get this information out. Here's my article: http://bitmob.com/articles/detective...ers-up-to-date

tuna 08-May-2011 11:21

Quote:

Originally Posted by deathindustrial (Post 1549251)
I was curious about the source of the outdated Apache server / no firewall claims. For the moment I am having to assume that it is related to the IRC log that was making the rounds back in February 2011:

http://www.ps3hax.net/showpost.php?p...&postcount=180

Google's cache from March 23 shows the server in question displaying the banner for 2.2.17 of Apache which is current:

http://webcache.googleusercontent.co...laystation.net

I then wanted to know what "forums" Dr.Spafford was using as his source for the congressional testimony (based on various news articles making the rounds) and so took a peek at his written submission and it contains this gem:



http://republicans.energycommerce.ho...1/Spafford.pdf

So anyone using Dr. Spafford as the source for the "they ran outdated software" claim did not actually read his submission - he doesn't know anything more than you or me. The situation is dire enough without media hacks making crap up.

Cheers

Thank you for your very informative reporting. I wish more news outlet would do this kind of work, but instead we have to depend on people like you.

Squilliam 08-May-2011 11:41

How come Sony hasn't been more clear as to when PSN will be back up? It seems like they're deliberately obfuscating in order to give the impression it's going to be 'any day now' as if they are trying to limit the loss of their audience.

Shifty Geezer 08-May-2011 11:51

Quote:

Originally Posted by Squilliam (Post 1549278)
How come Sony hasn't been more clear as to when PSN will be back up? It seems like they're deliberately obfuscating in order to give the impression it's going to be 'any day now' as if they are trying to limit the loss of their audience.

Well they kinda have, but got their forecasts wrong. It was due up this week, but then they found something else to worry about. With something like this you can't give a firm date. It'll be ready when its ready. They can only update on how things are looknig at the moment.

Squilliam 08-May-2011 12:51

Quote:

Originally Posted by Shifty Geezer (Post 1549280)
Well they kinda have, but got their forecasts wrong. It was due up this week, but then they found something else to worry about. With something like this you can't give a firm date. It'll be ready when its ready. They can only update on how things are looking at the moment.

It just sucks to be without, it would be easier to make alternative plans if they gave a better indication on when they optimistic/realistic/pessimistic ETA of the return of service. :mad:

BRiT 08-May-2011 13:34

Quote:

Originally Posted by -tkf- (Post 1549257)
I meant something useful, if Azure does something special compared to the competition it would be interesting to read about it. Considering how slow that Microsoft have been when it comes to Cloud services i would be pleasantly surprised if they do anything better than those that is beating them on a daily basis.

How can you say MS have been slow when it comes to Cloud services considering they've been using and providing them since 2008?

One of the modes of Azure services is the OS image is provided as a read-only image. You deploy your service on top of it, and any changes are saved off as a differencing disk. This allows them to do automatic updates of the OS layer underneath your service without affecting the service at all. They also do the OS updates on a different node and run a series of tests after the update(s) are applied to determine if your service works after the update. If it has no issues, they cut over to the new node and remove the old node.


All times are GMT +1. The time now is 04:07.

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.