Beyond3D Forum

Beyond3D Forum (http://forum.beyond3d.com/index.php)
-   Console Forum (http://forum.beyond3d.com/forumdisplay.php?f=37)
-   -   *ren* PSN Down, Customer Info Compromised (http://forum.beyond3d.com/showthread.php?t=60017)

-tkf- 28-May-2011 21:19

Quote:

Originally Posted by Shifty Geezer (Post 1554531)
Full forensic analysis isn't anything you'd want as a full-time part of your commercial organisation.

But you would expect a security team which by all accounts could have reacted faster. Of course, we don´t know to what extent there is anyone responsible for security within the PSN team.

Shifty Geezer 28-May-2011 23:16

There's different degrees of security though. You wouldn't expect every local law-enforcement agency to have a full SWAT team on hand - they'd have whatever level of security was appropriate for normal activities, and call in reinforcements as needed. We don't know the nature of the attack, despite those who are very quick to say it was nothing other than complacency and bare-minimum security on Sony's part. It's quite possible this was an attack no-one expected via a new vector, maybe even an employee traitor, and as such there was no realistic way anyone could defend against it. Yes, having a troop of the world's best security experts on hand 24/7 patrolling their servers would have given improved security, but at a potentially ridiculous cost. Life is a matter of compromises, always. There's no situation where you can forgo all compromise and buy the very best - there'll always be more you could do by spending more money. Whether Sony's compromise erred on the side of cheapness or reasonable standard or moderate effectiveness or insanely good, we don't know. Sony have said that their people looked into it, and some are just second-guessing what level of standard those people are.

BoardBonobo 28-May-2011 23:35

Quote:

Originally Posted by -tkf- (Post 1554535)
But you would expect a security team which by all accounts could have reacted faster. Of course, we don´t know to what extent there is anyone responsible for security within the PSN team.

But even a security team would have a mammoth task on their hands. You've noticed something fishy in a log, or a cron job has been interrupted, or maybe your database has reported an unusual amount of transactions. Whatever is was that alerted you in the first place you've got track the source. Is it just a script gone wild, unusual behaviour due to a race condition some code somewhere. Once you've looked at that on your server and you realise that it's actually an intrusion.

Next visit is to the log files, firewall, syslog, access and error logs. Now any of these can be hundreds of megs in size literally millions of entries. And they've all got to be gone through with a fine tooth comb to find the precise point of entry. You don't want to reset the server as the intrusion code might just be a virtual device which will self destruct if you do e.g. /dev/shm.

Going through the logs you start to realise that the intrusion has gone deeper than anything before and it's starting to look like the hacker(s) might have got close having low level access. That means they may actually have stolen the log in details of any staff member with access to server systems. Now you have to change every password on the system. Now you are looking at logs for systems that may very sensitive to the business itself. It's a complete nightmare.

This is the point you sever outside access and call in the big boys to do the rest. All of this can take days for a single server, if you're looking at dozens if not hundreds of servers that may have, potentially, been compromised then the task just grows exponentially.

No matter how fast you are, or how good your systems are at detecting unusual activity it all takes time to do the actual sleuthing.

mrcorbo 28-May-2011 23:49

Quote:

Originally Posted by -tkf- (Post 1554532)
Ehmm, we had a lengthy discussion about this and you post this when you know the story was different?

It's an oversimplification. I'll grant you that. As you said, it's covered ground and I didn't particularly want to go over the whole thing again point by point. Especially when all I was trying to get at was..

Quote:

Originally Posted by -tkf- (Post 1554535)
But you would expect a security team which by all accounts could have reacted faster. Of course, we don´t know to what extent there is anyone responsible for security within the PSN team.

..pretty much that.

Quote:

Originally Posted by Shifty Geezer (Post 1554555)
There's different degrees of security though. You wouldn't expect every local law-enforcement agency to have a full SWAT team on hand - they'd have whatever level of security was appropriate for normal activities, and call in reinforcements as needed. We don't know the nature of the attack, despite those who are very quick to say it was nothing other than complacency and bare-minimum security on Sony's part. It's quite possible this was an attack no-one expected via a new vector, maybe even an employee traitor, and as such there was no realistic way anyone could defend against it. Yes, having a troop of the world's best security experts on hand 24/7 patrolling their servers would have given improved security, but at a potentially ridiculous cost. Life is a matter of compromises, always. There's no situation where you can forgo all compromise and buy the very best - there'll always be more you could do by spending more money. Whether Sony's compromise erred on the side of cheapness or reasonable standard or moderate effectiveness or insanely good, we don't know. Sony have said that their people looked into it, and some are just second-guessing what level of standard those people are.

I'm comfortable enough with what I do know to make some inferences. There would have to be some pretty amazing twists in this story for the pieces not to fit the way I expect they do. Add in the broader context of how Sony have performed as a company both financially and technically as they have built out these systems and the teams that run them and the schizophrenic nature of their management (which you both have been lamenting recently) and I find it hard to be persuaded by arguments advocating that I should give them the benefit of the doubt.

BRiT 28-May-2011 23:51

Quote:

Originally Posted by BoardBonobo (Post 1554558)
No matter how fast you are, or how good your systems are at detecting unusual activity it all takes time to do the actual sleuthing.

Yes, but once you decide it's so bad that you have to effectively pull the plug on the service(s), you should at least notify your customers and not delay for another week before doing so. That action there is what makes Sony look incompetent in the eyes of some consumers.

patsu 29-May-2011 00:04

Quote:

Originally Posted by -tkf- (Post 1554535)
But you would expect a security team which by all accounts could have reacted faster. Of course, we don´t know to what extent there is anyone responsible for security within the PSN team.

React faster compared to what ? Do we know how many attackers were there ? (I have no idea)
Shutting down the entire PSN isn't a small decision. One of the official blog posts mentioned that they had to pull the plug when more and more machines become suspect.

Quote:

Originally Posted by BRiT (Post 1554564)
Yes, but once you decide it's so bad that you have to effectively pull the plug on the service(s), you should at least notify your customers and not delay for another week before doing so. That action there is what makes Sony look incompetent in the eyes of some consumers.

Not just that. The initial communication was also not so accurate. One of the posts mentioned "password" instead of "password hash".

Quote:

Originally Posted by BoardBonobo (Post 1554558)
...

Also interesting is the DoS attack shortly before the breach. I wonder if the attackers took the opportunity to compromise the service while everyone was distracted.

BoardBonobo 29-May-2011 00:37

Quote:

Originally Posted by patsu (Post 1554568)
Also interesting is the DoS attack shortly before the breach. I wonder if the attackers took the opportunity to compromise the service while everyone was distracted.

I would suspect, based on my own experience, it was whilst they were shoring up the firewall rules to cope with the DDoS attack from the EC2 cloud that someone noticed something awry in the firewall logs. Unusual traffic on a specific port perhaps.

Shifty Geezer 29-May-2011 09:58

Quote:

Originally Posted by mrcorbo (Post 1554562)
I'm comfortable enough with what I do know to make some inferences.

Where does your knowledge come from? Unless you have sources other than the same media outlets spouting nonsense that well all have had to put up with, you have next to no information. It's your prerogative to blame first and decide Sony are guilty until they can prove themselves innocent in your eyes, but no-one who wants to make a fair judgement will act on anything less than pretty concrete info. BoardBonobo has explained in detail how these things can work out. There's even been suggestion of a disgruntled employee being 'let go' taking revenge. We don't know anything really about the ins and outs, and yet you'll make a judgement call because you are comfortable with what you think you know.

Quote:

Originally Posted by BRiT (Post 1554564)
Yes, but once you decide it's so bad that you have to effectively pull the plug on the service(s), you should at least notify your customers and not delay for another week before doing so. That action there is what makes Sony look incompetent in the eyes of some consumers.

That's a valid point, but BoardBonobo's reply was specifically aimed at those who feel Sony shouldn't have needed outside help and should have been able to sort things out faster than they did (or are doing, Store still being down). Hopefully these people now see how complex the situation can be, and how their ideas of how things should be run aren't realistic.

goonergaz 29-May-2011 13:58

Quote:

Originally Posted by mrcorbo (Post 1553957)
One thing that concerns me, that I've mentioned before, was the need for Sony to bring in outside firms to investigate the intrusion. Ideally, wouldn't you want to have a sufficient level of expertise in-house to deal with something like this? The fact that they created the new position of CISO after the intrusion happened points to them realizing that they had a deficiency before. Not recognizing the need for this position beforehand points to a lack of competence in their management, at least in this specific case. It further leads me to suspect, that their staffing below the management level was probably insufficient as well for the operation they were being asked to oversee.

This to me is a rediculous assumption - the overheads would be astronimical for something that had never happened. I'm sure Sony had a level of 'expertise' but the breach was potentially very bad so brought in unbiased experts to give a full account of the damage so they know the worst case (ie staff won't be able to cover up or only tell half the story). Certainly I can't think of any company that doesn't use a form of 3rd party support...even Microsoft.

No company has 100% cover for every scenario - especially in the current climate where companies are cutting what's seen as 'fat' - even where I work bizzare descisions seem to be made and good knowledge seems to be made redundant - alternatively maybe they just didn't replace a person who had recently left, who knows - but the point is the same, no company has every angle covered no matter how important it is - every company/person improves aspects after bad things happen, unfortunately this was a very bad thing.

Look at airport security - it's fair to say that there's more than enough evidence to prove my comments are valid - and in those cases we are talking peoples lives not data!

mrcorbo 29-May-2011 16:18

Quote:

Originally Posted by Shifty Geezer (Post 1554625)
Where does your knowledge come from? Unless you have sources other than the same media outlets spouting nonsense that well all have had to put up with, you have next to no information. It's your prerogative to blame first and decide Sony are guilty until they can prove themselves innocent in your eyes, but no-one who wants to make a fair judgement will act on anything less than pretty concrete info. BoardBonobo has explained in detail how these things can work out. There's even been suggestion of a disgruntled employee being 'let go' taking revenge. We don't know anything really about the ins and outs, and yet you'll make a judgement call because you are comfortable with what you think you know.

Sony and yes.

Quote:

Originally Posted by Shifty Geezer (Post 1554625)
That's a valid point, but BoardBonobo's reply was specifically aimed at those who feel Sony shouldn't have needed outside help and should have been able to sort things out faster than they did (or are doing, Store still being down). Hopefully these people now see how complex the situation can be, and how their ideas of how things should be run aren't realistic.

To be clear, I am not saying that they shouldn't ever need to call for help. I am saying that they should have had the internal resources to accomplish more on their own. Especially when it came to keeping their customers informed.

mrcorbo 29-May-2011 16:29

Quote:

Originally Posted by goonergaz (Post 1554648)
This to me is a rediculous assumption - the overheads would be astronimical for something that had never happened. I'm sure Sony had a level of 'expertise' but the breach was potentially very bad so brought in unbiased experts to give a full account of the damage so they know the worst case (ie staff won't be able to cover up or only tell half the story). Certainly I can't think of any company that doesn't use a form of 3rd party support...even Microsoft.

No company has 100% cover for every scenario - especially in the current climate where companies are cutting what's seen as 'fat' - even where I work bizzare descisions seem to be made and good knowledge seems to be made redundant - alternatively maybe they just didn't replace a person who had recently left, who knows - but the point is the same, no company has every angle covered no matter how important it is - every company/person improves aspects after bad things happen, unfortunately this was a very bad thing.

Look at airport security - it's fair to say that there's more than enough evidence to prove my comments are valid - and in those cases we are talking peoples lives not data!

And that's all I want. For Sony and all other companies in this situation to recognize that:

This was a disaster.
Sony's response to the disaster was unacceptable.
They all need to take the steps necessary to improve their own security and their ability to respond when the next attack occurs.

As long as this happens I'll be satisfied and at least some good will come of it. OTOH, if the collective thinking is that Sony did nothing wrong and this is the level of response we should expect than this is exactly the level of response we will get going forward from the industry as a whole.

Shifty Geezer 29-May-2011 17:04

[QUOTE=mrcorbo;1554659]To be clear, I am not saying that they shouldn't ever need to call for help. I am saying that they should have had the internal resources to accomplish more on their own.[/qupte]More than what? We don't know what they did and didn't do. We have no information at all on what was really going on inside their server buildings and boardrooms.

Quote:

Especially when it came to keeping their customers informed.
I agree with that, but that's nothing to do with needing to call in external security experts for independent evaluation and advice.

BoardBonobo 29-May-2011 17:10

Quote:

Originally Posted by BRiT (Post 1554564)
Yes, but once you decide it's so bad that you have to effectively pull the plug on the service(s), you should at least notify your customers and not delay for another week before doing so. That action there is what makes Sony look incompetent in the eyes of some consumers.

I think in this instance they would have informed people earlier if it was required or not at all if the breach was a minor one. Once they'd cut the system off from the outside world I would bet that they thought it would be a small job to plug the hole, check for damage, and look for any inserted code. Having done that the system would be connected again.

Unfortunately what they found wasn't a simple breach. It was very complicated and had penetrated a long way into the system. And they took too long trying to pin it down themselves before asking for help.

Basically I don't think the delay was intentional, they were just taken back by the scale of the hack and tried to resolve it themselves. And like I said before, investigating a hack on this scale is so complicated, and tedious, it's mind blowing!

All the subsequent hacks that they suffered may be down to sys admin usernames and passwords being taken. Imagine if hackers now had access to the financial arm of Sony etc. The PSN is small fry compared to the collateral systems that may also have been compromised. They must have been (still are?) sh1tting themselves.

Shifty Geezer 29-May-2011 17:12

Quote:

Originally Posted by mrcorbo (Post 1554660)
And that's all I want. For Sony and all other companies in this situation to recognize that:.

Except airport security has become ludicrously complex, ludicrously expensive, and any terrorist can find ways around it...

patsu 29-May-2011 17:31

Quote:

Originally Posted by mrcorbo (Post 1554660)
And that's all I want. For Sony and all other companies in this situation to recognize that:

This was a disaster.
Sony's response to the disaster was unacceptable.
They all need to take the steps necessary to improve their own security and their ability to respond when the next attack occurs.

As long as this happens I'll be satisfied and at least some good will come of it. OTOH, if the collective thinking is that Sony did nothing wrong and this is the level of response we should expect than this is exactly the level of response we will get going forward from the industry as a whole.

I think they are going to setup a Chief Security Office to consolidate their security needs. That means a clear and sustainable budget. Would be interesting to see who's the first CSO. ^_^ ( I would be very surprised if Sony management give a pat on their back after losing $171 million over literally nothing, and ignore possible/similar losses in the future. ).

If you ask me, I think they also need a Chief Customer Officer too. The recent departure of marketing heads present a good opportunity to regroup in this aspect.

-tkf- 29-May-2011 18:39

Quote:

Originally Posted by patsu (Post 1554568)
React faster compared to what ?

To how they performed during this PSN crisis. We don´t know if they have a security team, but evidence seems to suggest they did not. With a dedicated team they would at least have knowhow on the inside, i am not talking hardcore specialist, but people that would be able to see faul play. And it might even have satisfied customers that find their reaction time to be to slow since they would have been able to make the "turn it all off" call earlier and give a valid reason instead of waiting for the experts.

With the setup and knowledge they had i still think they did what they could.

patsu 29-May-2011 19:47

Usually, experienced system and network administrators would have such skills. They are able to harden the OS alone or together with the vendors. They can also detect if the system has been compromised. At the same time, it's common to employ an external security consultant to audit the system -- especially for a publicly listed company.

If they have a top management in charge of the security, then they would have more resources, and their needs could be attend to more promptly. In general, one can never be done with security though (You can always do more but it may become too hard to use, and too expensive to implement).

goonergaz 29-May-2011 19:56

Quote:

Originally Posted by Shifty Geezer (Post 1554670)
Except airport security has become ludicrously complex, ludicrously expensive, and any terrorist can find ways around it...

exactly...the MS DRM limitations are a real PITA and cost me a year of playing my games...and I bet it doesn't stop people exploiting the system

goonergaz 29-May-2011 19:58

Quote:

Originally Posted by patsu (Post 1554698)
In general, one can never be done with security though (You can always do more but it may become too hard to use, and too expensive to implement).

indeed...nothing is perfect and will never be 'enough'

mrcorbo 29-May-2011 20:04

Quote:

Originally Posted by patsu (Post 1554674)
I think they are going to setup a Chief Security Office to consolidate their security needs. That means a clear and sustainable budget. Would be interesting to see who's the first CSO. ^_^ ( I would be very surprised if Sony management give a pat on their back after losing $171 million over literally nothing, and ignore possible/similar losses in the future. ).

If you ask me, I think they also need a Chief Customer Officer too. The recent departure of marketing heads present a good opportunity to regroup in this aspect.

They have already appointed a CISO (at least a temporary one while they look for a someone to permanently fill the post). The fact that they didn't have one before this is one of the things that makes me doubt the overall adequacy of their security staff at the time of the incident.

mrcorbo 29-May-2011 20:07

Quote:

Originally Posted by goonergaz (Post 1554701)
exactly...the MS DRM limitations are a real PITA and cost me a year of playing my games...and I bet it doesn't stop people exploiting the system

Your experience here is atypical. With all of the RROD replacements consumers would be screaming bloody murder if they all had to go through what you did. I have moved my content across 3 different 360s with no issues at all. It's (usually) much easier to recover content from a dead 360 than a dead PS3, actually.

mrcorbo 29-May-2011 20:12

Quote:

Originally Posted by BoardBonobo (Post 1554669)
I think in this instance they would have informed people earlier if it was required or not at all if the breach was a minor one. Once they'd cut the system off from the outside world I would bet that they thought it would be a small job to plug the hole, check for damage, and look for any inserted code. Having done that the system would be connected again.

Unfortunately what they found wasn't a simple breach. It was very complicated and had penetrated a long way into the system. And they took too long trying to pin it down themselves before asking for help.

Basically I don't think the delay was intentional, they were just taken back by the scale of the hack and tried to resolve it themselves. And like I said before, investigating a hack on this scale is so complicated, and tedious, it's mind blowing!

According to Sony's own timeline they took all of a day before calling in the first of the three(!) separate security teams they eventually called in.

goonergaz 29-May-2011 20:27

Quote:

Originally Posted by mrcorbo (Post 1554706)
Your experience here is atypical. With all of the RROD replacements consumers would be screaming bloody murder if they all had to go through what you did. I have moved my content across 3 different 360s with no issues at all. It's (usually) much easier to recover content from a dead 360 than a dead PS3, actually.

Well the point is to re-download content purchased from the store, this is much easier with the Sony system as it has a lot less restrictions. My point though was that even with the 'better' security involved it isn't perfect.

mrcorbo 29-May-2011 20:42

Quote:

Originally Posted by goonergaz (Post 1554709)
Well the point is to re-download content purchased from the store, this is much easier with the Sony system as it has a lot less restrictions. My point though was that even with the 'better' security involved it isn't perfect.

I don't know what you mean by restrictions. I took the hard drive from the old system, put it on the new system and recovered my Gamertag. Everything works as long as you are connected to Live (even if you only have Silver). Later, when I had some free time, I went to xbox.com, did the license transfer, and deleted and re-downloaded my content. I had a LOT of Rock Band songs to re-download, too. It still wasn't a big deal and took maybe an hour total.

patsu 29-May-2011 21:08

Quote:

Originally Posted by mrcorbo (Post 1554704)
They have already appointed a CISO (at least a temporary one while they look for a someone to permanently fill the post). The fact that they didn't have one before this is one of the things that makes me doubt the overall adequacy of their security staff at the time of the incident.

Yes, if they are serious about network operations, they should have appointed a "powerful" security head early, and be pro-active. For most organizations, the lead security guy is usually a techie, and may not have the mandate to plan, invest, and enforce security policies widely.

But even with a CSO, I expect them to still use external security consultants. Different talents are great in different areas, 'specially cutting edge ones. Not all of them will be in-house.


Quote:

Originally Posted by mrcorbo (Post 1554707)
According to Sony's own timeline they took all of a day before calling in the first of the three(!) separate security teams they eventually called in.

How long did they take to decide to shutdown PSN ? After it's down, it's natural to get as much help as possible to minimize the downtime. The external teams may specialize in different areas. And they can work in parallel to sieve through the data.

NavNucST3 29-May-2011 21:09

Quote:

Originally Posted by mrcorbo (Post 1554718)
I don't know what you mean by restrictions. I took the hard drive from the old system, put it on the new system and recovered my Gamertag. Everything works as long as you are connected to Live (even if you only have Silver). Later, when I had some free time, I went to xbox.com, did the license transfer, and deleted and re-downloaded my content. I had a LOT of Rock Band songs to re-download, too. It still wasn't a big deal and took maybe an hour total.

I never needed to delete any content just "re-download" (quotes because it isn't a full download). When I purchased a Kinect bundle for my son and did his license transfer I noticed that xbox.com now even has something akin to "send all titles to download queue" (I think it maxes out at something like 20 or 25).

goonergaz 29-May-2011 21:46

Quote:

Originally Posted by mrcorbo (Post 1554718)
I don't know what you mean by restrictions. I took the hard drive from the old system, put it on the new system and recovered my Gamertag. Everything works as long as you are connected to Live (even if you only have Silver). Later, when I had some free time, I went to xbox.com, did the license transfer, and deleted and re-downloaded my content. I had a LOT of Rock Band songs to re-download, too. It still wasn't a big deal and took maybe an hour total.

Sorry for going OT but I want to answer to clear this up.

I sold my old X360 and bought a slim, did the xfer but the slim was faulty - then I couldn't do any more xfers - I ended up spending ages on the phone going round in circles and eventually was told it was escallated to the US where they would 'reset' the DRM thing so I could do it.

Alas that never happened and I gave up (like I said, when they auto-charged me for XBL it took several phones calls to finally get a refund, so I figured as it was just a matter of waiting for a year I'd rather do that).

TBH to limit me to 1/2 xfers a year is a joke - what if had to sell up due to losing my job, downgrade to a cheap machine that died and I got another (or got a job and re-bought a slim) - I wouldn't be able to play games I purchased legitamately until the DRM limit had refreshed...it's a stupid system.

mrcorbo 29-May-2011 22:00

Quote:

Originally Posted by goonergaz (Post 1554733)
Sorry for going OT but I want to answer to clear this up.

I sold my old X360 and bought a slim, did the xfer but the slim was faulty - then I couldn't do any more xfers - I ended up spending ages on the phone going round in circles and eventually was told it was escallated to the US where they would 'reset' the DRM thing so I could do it.

Alas that never happened and I gave up (like I said, when they auto-charged me for XBL it took several phones calls to finally get a refund, so I figured as it was just a matter of waiting for a year I'd rather do that).

TBH to limit me to 1/2 xfers a year is a joke - what if had to sell up due to losing my job, downgrade to a cheap machine that died and I got another (or got a job and re-bought a slim) - I wouldn't be able to play games I purchased legitamately until the DRM limit had refreshed...it's a stupid system.

Why isn't your 360 connected to Live? You don't have to subscribe to Gold to have it validate your Gamertag and enable your content.

goonergaz 29-May-2011 22:09

Quote:

Originally Posted by mrcorbo (Post 1554740)
Why isn't your 360 connected to Live? You don't have to subscribe to Gold to have it validate your Gamertag and enable your content.

?? how else would I re-download my content?

AlphaWolf 29-May-2011 22:37

You don't need to do a DRM transfer at all if you have your gamer tag. It just limits you to playing the titles while logged in to your account.

goonergaz 29-May-2011 22:49

Well it didn't work for me, I recovered my gamertag then I re-downloaded my purchased content and it wouldn't work - I had to do the DRM xfer via the website to get the games to work...then they worked fine, until I had to take that X360 back and I had the same issue (games didn't work on new console - however this time I couldn't xfer them with the DRM thing as I had used up my allowance).

Ah, hold on...are we talking about so my kids could play the games...yes, I think that was the issue (fuzzy memory), you need to do the xfer so anyone (on your console) can play anything more than just a demo...also I didn't want to be "online" the whole time as my internet wasn't great at the time.

http://forum.beyond3d.com/showthread...light=drm+tool

Shifty Geezer 29-May-2011 22:50

...


???

goonergaz 29-May-2011 22:57

Quote:

Originally Posted by Shifty Geezer (Post 1554758)
...


???

sorry mate, a question was asked...I tried to answer - feel free to nuke...

Nesh 31-May-2011 16:21

any news when the store will be up? Also it appears that the Hong Kong PSN is sill "under maintenance"

Arwin 31-May-2011 16:28

Quote:

Originally Posted by Nesh (Post 1555079)
any news when the store will be up? Also it appears that the Hong Kong PSN is sill "under maintenance"

http://www.eurogamer.net/articles/20...by-end-of-week ...

I look forward to it - have some Rockband DLC to consume, and I'm sure I won't mind trying out Infamous either ... ;) . And Modnation Racers is still waiting to be bought.

deathindustrial 31-May-2011 16:42

So much for the "by the end of May" timeline. At least it means that there is still a chance that DNF will be out before PSN is back.

My wife and I have $70 sitting around collecting dust in PSN because it went down right after we had redeemed some PSN cards. Perhaps we should be demanding interest payments from Sony?

=)

Cheers

patsu 31-May-2011 16:52

I think before this release, they said end-of-May give or take a few days.


Quote:

Originally Posted by Arwin (Post 1555081)
And Modnation Racers is still waiting to be bought.

Thank you ! MNR is a great game, vastly underrated. Glad you plan on buying it.

deathindustrial 31-May-2011 17:02

Quote:

Originally Posted by patsu (Post 1555087)
I think before this release, they said end-of-May give or take a few days.

http://blog.us.playstation.com/2011/...tenance-today/

Quote:

For those asking about the PlayStation Store, we’re still targeting restoration of all services by the end of this month.
So a week ago they still were saying before the end of the month.

I wonder if Sony makes dev's sign something saying they can't sue them for losses due to store outages? This has gone on long enough that I would have expected to hear harsher reactions to 3rd party lost income. Or even to hear one or more small indies folding due to not being able to get their game out in their target window. Presumably the problem will last for a while afterwards too as Sony will have a backlog of content to deal with (approving and adding).

Cheers

patsu 31-May-2011 17:09

Quote:

Originally Posted by deathindustrial (Post 1555091)
For those asking about the PlayStation Store, we’re still targeting restoration of all services by the end of this month.

I remember reading another article that says it'd be up May 31st, or if they missed it, only a few days later. But too busy to find it now. ^_^

Shifty Geezer 31-May-2011 17:28

Quote:

Originally Posted by deathindustrial (Post 1555091)
So a week ago they still were saying before the end of the month.

As Patsu highlights, targeting. You can't force release of these service ahead of when they are ready! It's bad enough games getting released before they are finished because of a deadlined thought up in a board room years earlier, but there's no option for that here. Like many games (and projects) that miss the expected deadline because Life has a habit of throwing curveballs, we shouldn't consider estimates as binding. Within the same week as the end of the month is good enough IMO.

patsu 31-May-2011 18:11

Sony Disputing Report Suggesting May 31 Deadline For PSN Restoration:
http://www.giantbomb.com/news/sony-d...toration/3149/

The May 31st date was a target revealed to Bloomberg by Sony Japan.

Someone in US denied the projection as early as May 9, probably because:
(1) Online gaming and sign on came up before May 31
(2) It is unclear whether they could get everything up by May 31

Personally, I'm more afraid of millions of users redeeming and downloading free games at the same time. Their CDN partners better be ready. I alone can download 4 free games (2 PSP, 2 PS3).

There should be another note by some Sony exec noting that if it's not up by May 31, it should be up just a few days later. But for the life of me, I can't find it anymore. 8^/

-tkf- 31-May-2011 19:16

While i am sure they are doing everything they can i really think this is taking to long.

Xenus 02-Jun-2011 06:48

Playstation Store is online in the US at least. Commence the people being unable to do anything as everyone and their mother hammers it.

Cornsnake 02-Jun-2011 08:16

I'm getting an error message when I try to enter the PSN store here in Europe.

Arwin 02-Jun-2011 08:18

Quote:

Originally Posted by Cornsnake (Post 1555509)
I'm getting an error message when I try to enter the PSN store here in Europe.

Yeah, it's not up here yet. I think they also started later with the maintenance. Probably you need to add the time difference, so that the store should be back up closer to 16:00 or so. It's been staggered that way also when PSN came back online.

Cornsnake 02-Jun-2011 09:02

Quote:

Originally Posted by Arwin (Post 1555511)
Yeah, it's not up here yet. I think they also started later with the maintenance. Probably you need to add the time difference, so that the store should be back up closer to 16:00 or so. It's been staggered that way also when PSN came back online.

I got in after trying a few times. It seems the EU store hasn't updated though, unlike the US store. And it won't let me download the Infamous 2 and Red Faction demo's from the US store.

Edit: Downloading both demo's from the EU store now. :)

Nesh 02-Jun-2011 10:11

I went to the US store but it doesnt say anything anywhere about the compensation plan. is it something we are going to get later?

ShadowRunner 02-Jun-2011 12:22

PS blogs have been updated with a list of whats going to be on PSN+ for those that now have the free membership.

EU:
Quote:

Available to all PlayStation Plus members, including those who have 30 days free membership:

PSN:
Burnout Paradise
Magic: The Gathering – Duels of the Planeswalkers
Streets of Rage 2

PS One:
James Pond 2: Codename Robocod

minis:
BABEL: The King of the Blocks
The 2D Adventures of Rotating Octopus Character

Exclusive Discounts:
PlayTV Live Chat – 25% off until 6 July 2011
Thexder NEO – 50% off
Worms – 50% off
Burn Zombie Burn! – 50% off
Chime – 20% off
Under Siege – 40% off
Beyond Good & Evil – 20% off (from 8th June – 22nd June)

Dynamic themes:
Exclusive City theme
Exclusive Dragon theme
20% off a selection of new themes from The Studio

Premium Avatars:
Patapon 3 Avatars: Bowmunk, Cannassault, Gaeen, Manboth, Oohoroc

US:

Quote:

Full Game Trial:
Tom Clancy’s Rainbow Six Vegas 2
Dante’s Inferno Full Game Trial

Featured Games & DLC:
SOCOM 4: U.S. Navy SEALs SU90-S Shotgun (Free to PlayStation Plus subscribers)
SOCOM 4: U.S. Navy SEALs: Abandoned Map (Free to PlayStation Plus subscribers)
MAG Interdiction DLC (Free to PlayStation Plus subscribers, regular price $4.99)
Comet Crash (Free to PlayStation Plus subscribers, regular price $9.99) (Prior offer, still live)
Vector TD minis (Free to PlayStation Plus subscribers, regular price $3.99) (Prior offer, still live)
Oddworld: Abe’s Exoddus (PS one) (Free to PlayStation Plus subscribers, regular price $9.99) (Prior offer, still live)
Babel the King of Blocks (Free to PlayStation Plus subscribers, regular price $2.99)
The 2D Adventures of Rotating Octopus Character (Free to PlayStation Plus subscribers, regular price $3.99)
Duael Invaders (Free to PlayStation Plus subscribers, regular price $3.99) (Prior offer, still live)
Sonic the Hedgehog 2 (Free to PlayStation Plus subscribers, regular price $4.99) (Prior offer, still live)
Killzone 3 Steel Rain Map Pack (Free to PlayStation Plus subscribers, regular price $4.99) (Prior offer, still live)

Discounted Games & DLC:
Red Johnson’s Chronicles Episode 1 (PlayStation Plus price $9.74, regular price $12.99) (Prior offer, still live)
Dungeon Hunter (PlayStation Plus price $10.39, regular price $12.99) (Prior offer, still live)
Ricochet HD (PlayStation Plus price $2.50, regular price $10.00)
Cool Boarder 2 (PlayStation Plus price $3.00, regular price $5.99) (Prior offer, still live)
Under Siege (PlayStation Plus price $10.00, regular price $19.99)
Interpol (PlayStation Plus price $3.99, sale price $4.99, regular price $9.99)
Motor Storm Apocalypse Rare Elite Supercar (PlayStation Plus price $2.24, regular price $2.99)
Motor Storm Apocalypse Revelation Vehicle Pack Bundle (PlayStation Plus price $2.39, regular price $2.99)

Featured Themes & Avatars:
Resident Evil 5 – 10 Avatar Bundle ($0.99 and exclusive to PlayStation Plus subscribers)
Resident Evil 5 – Tricell Logo Avatar (Free to PlayStation Plus subscribers)
MotorStorm Apocalypse: Burning Avatar (Free to PlayStation Plus subscribers, regular price $0.49)
MotorStorm Apocalypse: Urban Avatar (Free to PlayStation Plus subscribers, regular price $0.49)
Anomalies Static Theme (Free and exclusive to PlayStation Plus subscribers)
SEGA Genesis Dynamic Theme (Free and exclusive to PlayStation Plus subscribers)
Junebug Bench Static Theme (Free and exclusive to PlayStation Plus subscribers) (prior offer, still live)
Street Fighter 2 – 8 Avatar Bundle ($0.99 PlayStation Plus Price, PlayStation Plus Exclusive)
Street Fighter 2 – Ken Avatar (Free to PlayStation Plus subscribers, regular price $0.49)

QORE:
May Single Episode (Free to PlayStation Plus subscribers, regular price $2.99)

ShadowRunner 02-Jun-2011 12:28

Quote:

Originally Posted by Nesh (Post 1555532)
I went to the US store but it doesnt say anything anywhere about the compensation plan. is it something we are going to get later?

They said on the blog that it will come a bit later, they are doing some testing. Wonder how the servers will hold up when it does go live, they ar big games and millions will be downloading.

Shifty Geezer 02-Jun-2011 12:42

Oh good. The PS+ discount applies to Under Siege, so I am going to get fiscal reimbursement for what I spent trying to get it a month ago. That makes my personal compensation complete.

Also, who here is feeling trusting towards PSN? Are you thinking it's safe and are ready to buy, or have recent rumours of more hacking on the way deterred you? I'm certainly looking at using vouchers rather than card for a good while at least.

Cornsnake 02-Jun-2011 12:57

Quote:

Originally Posted by Shifty Geezer (Post 1555565)
Also, who here is feeling trusting towards PSN? Are you thinking it's safe and are ready to buy, or have recent rumours of more hacking on the way deterred you? I'm certainly looking at using vouchers rather than card for a good while at least.

What make me less trusting of Sony is their almost complete silence these past few weeks. You'd think they would try their best to show customers they can put their trust in Sony. Like more details on how Sony plans to keep customer data safe, and how they'll respond if they ever get hacked again. But Sony can't even be bothered to crush any rumours that might end making them look bad, like when which services will return.

It almost seems like Sony believes this whole situation will go away if they just ignore it.

Shifty Geezer 02-Jun-2011 13:00

Quote:

Originally Posted by ShadowRunner (Post 1555559)
They said on the blog that it will come a bit later, they are doing some testing. Wonder how the servers will hold up when it does go live...

Slowly! No two ways about it, the internet pipes are going to be gummed up. Actually that might pose a major problem for buying any content for quite a while. Add in E3 coverage and, unless they've increased everything 10x beyond what they had previously, PSN'll be buckling.

Xenus 02-Jun-2011 13:07

Indeed I'm in no hurry to try to redeem my stuff when it goes live. It will be hammered.

Npl 02-Jun-2011 13:24

hmm, so how does this welcome back program work? dont see where I would get my free games.

Arwin 02-Jun-2011 13:42

Quote:

Originally Posted by Shifty Geezer (Post 1555565)
Oh good. The PS+ discount applies to Under Siege, so I am going to get fiscal reimbursement for what I spent trying to get it a month ago. That makes my personal compensation complete.

Also, who here is feeling trusting towards PSN? Are you thinking it's safe and are ready to buy, or have recent rumours of more hacking on the way deterred you? I'm certainly looking at using vouchers rather than card for a good while at least.

If I didn't trust PSN now, then I might as well stop using credit cards anywhere online altogether. My trust is yet to go down, as I have yet to see any evidence that credit card information was actually stolen. And I've just been on holiday using my credit card in various places abroad without any issues either, all the while getting prompt sms messages from my 50 cent/month subscription to getting notifications of successful transactions.

Nice to see that the very well reviewed Magic game is free on PSN. I've had some issues with timeouts appearing here and there but downloads themselves work fine, so the bottleneck does not seem to be bandwidth (I've downloaded about 4GB from the store as fast as I ever have, with the Infamous 2 demo at 2.5gb, Outland, and that Magic game) , but only the Store content interface and database that seems to be getting hammered. I get occasional errors and timeouts in there, but fortunately they seem to be such that actually getting to the content and putting it into my download queue works fine. It is also important to note by the way that over here we are having a bank holiday, so lots of people are home and when the store went live this morning everyone started downloading asap. :D

I haven't been able to properly access the store for songs from within Rockband 3 this morning, but I'll try again later to see if matters have improved there.

And yeah, the welcome back programme games are not up yet. I think that's probably a wise decision. Same for Modnation Racers, and a few other things. They're definitely planning to pace things out over the next weeks a little.

By the way if you have two Move controllers and don't have The Fight yet, there's a free demo up which allows you to pound a practice doll freely. That should certainly give you an indication of whether or not this is something for you. :)

ShadowRunner 02-Jun-2011 13:45

Quote:

Originally Posted by Shifty Geezer (Post 1555565)
Also, who here is feeling trusting towards PSN? Are you thinking it's safe and are ready to buy, or have recent rumours of more hacking on the way deterred you? I'm certainly looking at using vouchers rather than card for a good while at least.

To be honest im not worried at all, my credit card info will be encrypted regardless. Worse comes to worse i am covered against fraud by my bank anyhow. I dont really have it in me to be bothered much, the inconvenience of having to buy vouchers and redeem them outways my worries about someone getting my bank card details which is extremely unlikely. I am far more likely to have a keylogger or something hidden on my PC yet it doesnt stop me from buying online with it. We all know credit card fraud is rife yet we all own and use credit cards, even if the risk level of PSN has rised its still not near the risk of using my card in shops or online using my pc imo.

patsu 02-Jun-2011 14:24

Quote:

Originally Posted by Cornsnake (Post 1555569)
What make me less trusting of Sony is their almost complete silence these past few weeks. You'd think they would try their best to show customers they can put their trust in Sony. Like more details on how Sony plans to keep customer data safe, and how they'll respond if they ever get hacked again. But Sony can't even be bothered to crush any rumours that might end making them look bad, like when which services will return.

It almost seems like Sony believes this whole situation will go away if they just ignore it.

They have to answer to the Congress' inquiry and the Japanese government's challenge. We will hear more from them no doubt. Their PR folks are too afraid to make mistake because everything they say can be cast in negative light.

patsu 02-Jun-2011 14:31

Quote:

Originally Posted by Shifty Geezer (Post 1555565)
Oh good. The PS+ discount applies to Under Siege, so I am going to get fiscal reimbursement for what I spent trying to get it a month ago. That makes my personal compensation complete.

I got Under Siege, Wizardry and a KZ3 dynamic theme to celebrate. 8^P

Quote:

Also, who here is feeling trusting towards PSN? Are you thinking it's safe and are ready to buy, or have recent rumours of more hacking on the way deterred you? I'm certainly looking at using vouchers rather than card for a good while at least.
No difference for me. Should be able to reject fraudulent transactions. I'm kinda curious how identity theft and protection works. Someone used my identity for a medical expense about 6 years ago.

Edit: I'm thinking they might as well upsell the identity theft protection after one year.

Shifty Geezer 02-Jun-2011 15:24

Quote:

Originally Posted by Arwin (Post 1555580)
If I didn't trust PSN now, then I might as well stop using credit cards anywhere online altogether. My trust is yet to go down, as I have yet to see any evidence that credit card information was actually stolen.

I'm not worried about that content being stolen. I'm more worried about ongoing hacks. There was a very recent article prior to release saying hackers had got private info from Sony. If Sony are still being targeted, I'm not too happy about entering a card and that data being siphoned off, especially after hearing HTTPS has been compromised!

Quote:

It is also important to note by the way that over here we are having a bank holiday...
On a Thursday?! You continental types are so odd. :p

Quote:

Originally Posted by patsu (Post 1555592)
I got Under Siege...

Of course you are already plusified. It'd cost me £12 now or £7.20 if I wait to get the free + membership, so I'll hold on a little bit longer.

patsu 02-Jun-2011 16:20

Quote:

Originally Posted by Shifty Geezer (Post 1555605)
Of course you are already plusified. It'd cost me £12 now or £7.20 if I wait to get the free + membership, so I'll hold on a little bit longer.

Yes sir ! I have been waiting for its release. Truth to be told, given the content and innovation, I would have bought it too without PS+. But you are right, makes sense to wait for PS+ activation since it's free !

Shifty Geezer 02-Jun-2011 17:18

I think you're right about the value in itself. I just want back the few quid I wasted getting internet access! Also if this game plays amazingly with Move, I may need a Move controller, but I'm hoping DS will suffice. The devs have said they like the standard controls.

Npl 02-Jun-2011 19:08

well, reading the welcome back conditions it says that you need to have an PSN Account since 20th April... but it doesnt explicitly say that you had to be a PSN+ subscriber for that long for the 60 days extension.
Im thinking about buying + now and hope Ill get 60 days free :lol:

Mize 02-Jun-2011 19:17

The welcome back deal is for PSN+ only?

Npl 02-Jun-2011 19:25

Quote:

Originally Posted by Mize (Post 1555652)
The welcome back deal is for PSN+ only?

no, but if you have PSN+ you get additional 60 days for free, else you get only 30.

patsu 02-Jun-2011 19:25

http://blog.us.playstation.com/2011/...north-america/

Quote:

All PlayStation Network customers can select two PS3 games from the following list. The games will be available for 30 days shortly after PlayStation Store is restored and can be kept forever.
Dead Nation
inFAMOUS
LittleBigPlanet
Super Stardust HD
Wipeout HD + Fury

For PSP owners, you will be eligible to download two PSP games from the following list. The games will be available for 30 days shortly after PlayStation Store is restored and can be kept forever.
LittleBigPlanet (PSP)
ModNation Racers
Pursuit Force
Killzone Liberation

A selection of “On Us” rental movie titles will be available to PlayStation Network customers over one weekend, where Video Service is available. Those titles will be announced soon.

30 days free PlayStation Plus membership for non PlayStation Plus subscribers.

Existing PlayStation Plus subscribers will receive an additional 60 days of free subscription.

Existing Music Unlimited Premium Trial subscription members will receive an additional 30 days of free premium subscription.

Additional 30 days + time lost for existing members of Music Unlimited Premium/Basic subscription free of charge for existing Premium/Basic members.

To welcome users Home, PlayStation Home will be offering 100 free virtual items. Additional free content will be released soon, including the next addition to the Home Mansion personal space, and Ooblag’s Alien Casino, an exclusive game.

RobertR1 02-Jun-2011 19:27

This won't require us to put in our CC info for a 30day free PS+ membership, right?

patsu 02-Jun-2011 19:30

I have no idea. You can buy PS+ month by month, and the payment system usually only checks the wallet funds. I don't think there is a technical reason for requiring CC info. You can buy 3-month or one year worth and pre-pay the funds too.

goonergaz 02-Jun-2011 19:45

Quote:

Originally Posted by RobertR1 (Post 1555656)
This won't require us to put in our CC info for a 30day free PS+ membership, right?

no you don't and for PS+ it's now 70 days, not 60

patsu 02-Jun-2011 19:47

Huh ? Why 70 days ?

-tkf- 02-Jun-2011 19:51

Gave them everything again plus a years worth of PS+ subscription. And got the DLC for LA.N.

Do i feel safe? well my first CC was never really compromised (unless sony lies) and being in a developed country my bank gave me a new CC without any tears. I have this idea that every data is encrypted now :)

And something political, Sony is to blame for the security disaster, but not for the hack itself. And it´s not totally unlikely that Sony will be the target of another attack and knowing how computers and software works nothing is ever 100% safe. I wont give in to hackers and thief's rather risk (nothing really) it and enjoy whatever there is.

Npl 02-Jun-2011 19:56

I dint cancel my old CC, so since the data was already compromised, I have nothin to lose in case it gets compromised again :lol:

RobertR1 02-Jun-2011 20:32

Quote:

Originally Posted by goonergaz (Post 1555660)
no you don't and for PS+ it's now 70 days, not 60

I thought it was 30days of PS+ for users with no PS+?

Good news about not needing the CC.

patsu 02-Jun-2011 20:41

He meant 70 days for PS+ users instead of 60.

goonergaz 02-Jun-2011 21:40

Quote:

Originally Posted by patsu (Post 1555678)
He meant 70 days for PS+ users instead of 60.

yes, if you had PS+ you get an extra 10 days on top of the 60 for the time it was down

BRiT 02-Jun-2011 22:23

LulzSec versus Sony Pictures
 
Take this for what it's worth... I do not know if this is new or old or to be trusted, but it's something to read about.

http://pastebin.com/Y38gCS82 - LulzSec versus Sony Pictures
Quote:

"We recently broke into SonyPictures.com and compromised over 1,000,000 users' personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts. Among other things, we also compromised all admin details of Sony Pictures (including passwords) along with 75,000 "music codes" and 3.5 million "music coupons".

Our goal here is not to come across as master hackers, hence what we're about to reveal: SonyPictures.com was owned by a very simple SQL injection, one of the most primitive and common vulnerabilities, as we should all know by now. From a single injection, we accessed EVERYTHING. Why do you put such faith in a company that allows itself to become open to these simple attacks?


All times are GMT +1. The time now is 18:22.

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.