Beyond3D Forum

Beyond3D Forum (http://forum.beyond3d.com/index.php)
-   Console Forum (http://forum.beyond3d.com/forumdisplay.php?f=37)
-   -   *ren* PSN Down, Customer Info Compromised (http://forum.beyond3d.com/showthread.php?t=60017)

patsu 17-Sep-2011 19:46

Then it should be a US only ToS change to benefit from US Supreme Court's decision.

specwarGP2 17-Sep-2011 19:55

Quote:

Originally Posted by Jedi2016 (Post 1582989)
I read this yesterday and the first thing that popped into my head was "can they do that?"

Why can't they? Lots of companies have something that say the same thing in their T&Cs. Wireless carriers for example.

Jedi2016 17-Sep-2011 22:34

Quote:

Originally Posted by specwarGP2 (Post 1583045)
Wireless carriers for example.

Who get hit with class-actions all the time. If that's true, then it's not worth a can of beans in terms of actual legal binding.

Carl B 17-Sep-2011 23:14

Thanks for the info concerning the Supreme Court ruling Patsu, was not aware of it, and certainly that changes my views as to the enforceability.

Xenus 17-Sep-2011 23:57

Class actions in general never really benefited the consumer unless they brought about large policy changes. The oh we're sorry for all your trouble here a buck fifty for everyone but the lawyer always seemed kinda pointless.

AlphaWolf 18-Sep-2011 00:16

Quote:

Originally Posted by Xenus (Post 1583093)
Class actions in general never really benefited the consumer unless they brought about large policy changes. The oh we're sorry for all your trouble here a buck fifty for everyone but the lawyer always seemed kinda pointless.

$50 is often more than most of these people will get if left to the corporations generosity. And there have been cases of large settlements (per class member), if not in consumer electronics.

Xenus 18-Sep-2011 00:19

50 is being generous in most of these cases though it's more often $5-10. More often then not the only one that really wins in these cases is the lawyer.

AlphaWolf 18-Sep-2011 00:50

Have some examples of that? Hot Coffee mod settlement was $35 if you had a receipt.

AntShaw 18-Sep-2011 03:48

FYI Corporations win arbitration 95% of the time. It disappoints me still a company would try and strong arm its consumers into something like this. It's about as low as it gets.

-tkf- 18-Sep-2011 10:30

Quote:

Originally Posted by AntShaw (Post 1583118)
FYI Corporations win arbitration 95% of the time. It disappoints me still a company would try and strong arm its consumers into something like this. It's about as low as it gets.

You must be disappointed all the time pal.

Shifty Geezer 18-Sep-2011 15:45

Just received an email saying PSN ownership is shifting over to SNE, and inviting me to visit here. It inculdes updated TOS. I haven't read them (not that I ever do!).

AntShaw 18-Sep-2011 21:38

Quote:

Originally Posted by -tkf- (Post 1583148)
You must be disappointed all the time pal.

Not at all. Fortunately, as a consumer I can choose with my buying power, and I continue to support the companies that take care of me instead of treating me like a criminal or trying to take away buyer rights because of something they put into a TOS.

zed 18-Sep-2011 22:41

Quote:

and I continue to support the companies that take care of me instead of treating me like a criminal or trying to take away buyer rights because of something they put into a TOS.
So I take it you dont use the microsoft windows OS [zing]

specwarGP2 19-Sep-2011 00:08

Quote:

Originally Posted by Jedi2016 (Post 1583077)
Who get hit with class-actions all the time. If that's true, then it's not worth a can of beans in terms of actual legal binding.

hmm dunno about that:

Judge shoots down Verizon customer class action suit.

-tkf- 19-Sep-2011 10:41

Quote:

Originally Posted by AntShaw (Post 1583222)
Not at all. Fortunately, as a consumer I can choose with my buying power, and I continue to support the companies that take care of me instead of treating me like a criminal or trying to take away buyer rights because of something they put into a TOS.

I look forward to your list :-)

patsu 12-Oct-2011 06:22

An Important Message From Sony’s Chief Information Security Office:
http://blog.us.playstation.com/2011/...urity-officer/

Quote:

We want to let you know that we have detected attempts on Sony Entertainment Network, PlayStation Network and Sony Online Entertainment (“Networks”) services to test a massive set of sign-in IDs and passwords against our network database. These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or other sources. In this case, given that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks. We have taken steps to mitigate the activity.

Less than one tenth of one percent (0.1%) of our PSN, SEN and SOE audience may have been affected. There were approximately 93,000 accounts globally (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are currently reviewing those accounts for unauthorized access, and will provide more updates as we have them. Please note, if you have a credit card associated with your account, your credit card number is not at risk. We will work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.

As a preventative measure, we are requiring secure password resets for those PSN/SEN accounts that had both a sign-in ID and password match through this attempt. If you are in the small group of PSN/SEN users who may have been affected, you will receive an email from us at the address associated with your account that will prompt you to reset your password.

...

-tkf- 12-Oct-2011 07:29

Quote:

Originally Posted by patsu (Post 1588989)
An Important Message From Sony’s Chief Information Security Office:
http://blog.us.playstation.com/2011/...urity-officer/

Will you look at that, Security Office! being pro-active! Sony!

Brad Grenz 12-Oct-2011 08:26

It's nice of Sony to say something. I'm seeing this getting reported in a "here we go again" kind of way on a lot of blogs, but Xbox Live has been experiencing a pretty serious hacking epidemic involving lots of actual fraud, really long waits to get your account fixed and the potential to lose it for good if the hackers succeeded in changing your region, all while MS pretends there is nothing wrong.

patsu 12-Oct-2011 18:06

Yes, this is actually good news for PSN users. ^_^
The hackers are trying to use passwords they stole elsewhere to try to get into major accounts such as PSN. I wouldn't be surprised if they try the same thing on other sites.

Sony probably noticed that the IP range is different from the regular sign-in IPs for the affected PS3s ?

Grall 12-Oct-2011 18:29

Quote:

Originally Posted by Brad Grenz (Post 1589009)
I'm seeing this getting reported in a "here we go again" kind of way on a lot of blogs

Actually, that seems a bit unfair, at least just going from Sony's own words in the above posted quote, as it appears they weren't completely caught with their pants down this time.

I'm pretty through with Sony at this stage, but maybe they really are deserving of some credit... :)

patsu 12-Oct-2011 18:31

I'm waiting to see which media outlet is smarter than the rest of the bunch... ^_^
Have a feeling it will take 4ever.

Shifty Geezer 12-Oct-2011 19:17

Quote:

Originally Posted by Grall (Post 1589136)
I'm pretty through with Sony at this stage, but maybe they really are deserving of some credit... :)

This is technically a good move by them, although I'm sure the media will unfairly tie it in with the previous catastrophies. A security fault elsewhere has been detected and stopped. That's like Amazon publishing that they found a load of people's credit cards had been cloned, had stopped orders, will honour wrong purchases, and have notified the affected parties. Public disclosure lets everyone know the extent of the problem and that fraud is ongoing, and hopefully enough public security breaches will motivate people to actually get some proper security. The same password and email for everything is almost akin to everyone keeping a front-door key under the doormat.

egoless 13-Oct-2011 02:01

Quote:

Originally Posted by Shifty Geezer (Post 1589149)
Public disclosure lets everyone know the extent of the problem and that fraud is ongoing, and hopefully enough public security breaches will motivate people to actually get some proper security.

Or create enough noise that nobody cares and you lose the impact of the severity of the situation. Like Vista's constant UAC prompts that people just blindly clicked through eventually. So, there's a downside to so much transparency too.

patsu 13-Oct-2011 03:26

They are obliged to say something here because they locked down those suspicious logins proactively, before bad things happen. :-)

If Vista refuses to let me into my PC, it better explains to me what is going on.

UAC has too many false positives.

mrcorbo 13-Oct-2011 04:09

Quote:

Originally Posted by patsu (Post 1589264)
UAC has too many false positives.

Momentary OT: To be fair, a lot of the reason UAC was as annoying as it was when Vista launched was that Windows application developers did a poor job following best security practices despite extensive documentation provided by Microsoft on how to write applications that properly respected the system security policies they intended to put in place for Vista. I'm not saying flashing warnings every couple of seconds was necessarily the best approach, but developers carried over a lot of bad habits from Win 9X to Win XP that really should have been corrected by the time Vista came out.

Back on topic: This PR seems to me to show a lot of improvement. It's timely, detailed and indicates a proactive security response. Kudos to them for addressing their earlier shortcomings.


All times are GMT +1. The time now is 21:36.

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.