Beyond3D Forum

Beyond3D Forum (http://forum.beyond3d.com/index.php)
-   Console Forum (http://forum.beyond3d.com/forumdisplay.php?f=37)
-   -   *ren* PSN Down, Customer Info Compromised (http://forum.beyond3d.com/showthread.php?t=60017)

mrcorbo 28-Apr-2011 16:25

Quote:

Originally Posted by AntShaw (Post 1547145)
What happens when the PSN goes back up and they encourage everyone to go in and change their password. At this point, that data is already obtained by the hacking. What's to prevent them from going in and changing the information before you have a chance to?

Activation e-mails?

Statix 28-Apr-2011 16:28

Quote:

Originally Posted by Scott_Arm (Post 1547151)
Slim seems good. Not sure what this has to do with the topic at hand, exactly, other than random speculation.

Like I said before, it wasn't me who brought up the issue of failure rates or other company failures. And even if it is a slight tangent, it's at least slightly related to what I and Carl B were discussing. You guys really need to read up a little bit and realize that there's a discussion going on.

Quote:

Originally Posted by mrcorbo (Post 1547154)
Activation e-mails?

Exactly. Seemed pretty obvious to me. All the emails associated with each PSN are authentic and preserved in their original state, so activation email--a unique link to change your password via email--would be the answer.

makattack 28-Apr-2011 16:34

Quote:

Originally Posted by Statix (Post 1547139)
You say that they've moved on, and that they've improved their hardware QA and support for the consumer, moving past the RROD situation. That's fantastic, of course... but who's to say that Sony won't move on from its current situation, and accordingly improve their network infrastructure.? All the official statements from Sony about the matter seem to indicate that they are making massive efforts toward enhancing and restructuring the infrastructure and security systems of PSN for posterity. You seem to be implying that Sony is incapable of moving on, improving themselves, and learning from their mistakes.

Well, I would certainly be very impressed if they can make whole-sale architectural changes to an existing system with such large dependencies in a short time window (of a few weeks.)

Their PR seems to indicate datacenter moves, software architectural changes, etc..

Most changes of this magnitude, when done in an non-emergency basis, takes months to prepare -- or even more than a year for some, and usually weeks to implement.

Now, I have no idea what the scope of those changes are... it could simply be a move of a couple servers from one DC to another... or it could be dozens of servers. What's the software? The OS, database, some bespoke software, etc... I would assume some upgrades are required. Bespoke software updated/modified. Usually this requires some form of testing, first to validate that the vulnerability is eliminated, second to ensure you don't have a regression that causes more bad PR.

If they can do all this in a week or two... color me super impressed. Our organization (and many others) disaster recovery team could learn from them. I hope they'll publish an after-action report on this.

makattack 28-Apr-2011 16:37

Quote:

Originally Posted by mrcorbo (Post 1547154)
Activation e-mails?

Not sufficient, in my opinion... someone above just posted an incident they noted with their own personal email account having been the source of a SPAM attack.

How do you ensure those email addresses Sony has are in fact under the correct ownership of the original user?

Sadly, one of the best identity vetting methods may be to go through financial institutions... If you are indeed "Mr Hobbit" of "Shire, Eridore" then, a credit authorization check on your credit card with those bits of information should authenticate you as who you are... assuming that information wasn't altered or compromised -- which seems to be a somewhat safer assumption that assuming your email account is secure.

-tkf- 28-Apr-2011 16:59

Quote:

Originally Posted by makattack (Post 1547160)
Not sufficient, in my opinion... someone above just posted an incident they noted with their own personal email account having been the source of a SPAM attack.

How do you ensure those email addresses Sony has are in fact under the correct ownership of the original user?

Sadly, one of the best identity vetting methods may be to go through financial institutions... If you are indeed "Mr Hobbit" of "Shire, Eridore" then, a credit authorization check on your credit card with those bits of information should authenticate you as who you are... assuming that information wasn't altered or compromised -- which seems to be a somewhat safer assumption that assuming your email account is secure.

Spam that uses your email is nothing special, it borders on "ohh again" an old email adress is bound to get picked up by spammers . SPF/DKIM is the way to go for anti spam.

The "no news" from sony and information shutdown is bad, very bad. But some of it must be related to them having piss poor security staff (or whatever itīs called) coupled with wild panic at CEO lvl (chickens without heads). Seems to me that they discover something is wrong.. find it itīs major screwed, flips the off switch. Searches some more and just canīt get a grip on the situation, calls in the "experts", that start from scratch, confirms that itīs fucked up. And the CEOīs have no choice but to give up "the truth" instead of a water down "only 1% was stolen".

And as been huffed and puffed by hackers for "weeks", PSN was in a poor state but no one from Sony seems to have reacted or passed that info on. Donīt they have a few people hired to just keep track of the underground, or just middleground? How do they have any idea of what is going on outside their buildings?

Scott_Arm 28-Apr-2011 17:01

Quote:

Originally Posted by Statix (Post 1547156)
Like I said before, it wasn't me who brought up the issue of failure rates or other company failures. And even if it is a slight tangent, it's at least slightly related to what I and Carl B were discussing. You guys really need to read up a little bit and realize that there's a discussion going on.

Yeah, you guys. Read up on it.

makattack 28-Apr-2011 17:04

Quote:

Originally Posted by -tkf- (Post 1547167)
Spam that uses your email is nothing special, it borders on "ohh again" an old email adress is bound to get picked up by spammers . SPF/DKIM is the way to go for anti spam.

No, in this case:

Quote:

Originally Posted by djskribbles (Post 1547106)
So I just checked my e-mail this morning and I see someone I know responded to an e-mail that I apparently sent out. I checked my sent box and it shows that I sent spam mail out to everyone in my contacts list. :???:

Does this sound like it could be related, or is it possible I have a virus on one of my computers?

Sounds to me like someone got into his email account (dkskribbles, I hope you didn't use the same password on PSN as your email)... why else would he have a trace of that spam message in the "sent mail" container?

This is different from someone modifying a SMTP mailer header to change the reply-to and from fields to use someone elses email address.

mrcorbo 28-Apr-2011 17:08

Quote:

Originally Posted by Statix (Post 1547156)
Like I said before, it wasn't me who brought up the issue of failure rates or other company failures. And even if it is a slight tangent, it's at least slightly related to what I and Carl B were discussing. You guys really need to read up a little bit and realize that there's a discussion going on.

It was definitely you who brought up other company failures. Twice consequetively in fact before anyone else had mentioned it.

Cheezdoodles 28-Apr-2011 18:34

Still no email from sony...

Xenus 28-Apr-2011 18:39

I got mine last night. I know you're not going to like this answer but it takes time to send all these emails. Trying to mass send 77 Million emails will bring any email\exchance server to it's knees. Even if each branch of PSN is only sending a 10th of those it will take a while.

Rotmm 28-Apr-2011 18:51

Quote:

Originally Posted by Cheezdoodles (Post 1547191)
Still no email from sony...

I think they put something on the blog Q&A that they are aiming to have them all sent by the 29th, but that they're hoping that the media has spread the message far and wide long before then,

Cornsnake 28-Apr-2011 19:15

I wonder if the way Sony has been handling the situation is going to come back to haunt them. I can't imagine consumer rights organisations being too pleased with it. You can't fault Sony for not being able to create a 100% secure system, but you can fault them for the way they've been treating their customers.

joker454 28-Apr-2011 19:18

I just got the email, looks like it takes a few days.

Cheezdoodles 28-Apr-2011 19:18

Quote:

Originally Posted by Rotmm (Post 1547196)
I think they put something on the blog Q&A that they are aiming to have them all sent by the 29th, but that they're hoping that the media has spread the message far and wide long before then,

I dont give a **** about their blog. They should contact their customers directly, not assuming that people follow their blog. They haven't exactly been keen on spreading this to the media either

Rotmm 28-Apr-2011 19:34

Quote:

Originally Posted by Cheezdoodles (Post 1547204)
They should contact their customers directly, not assuming that people follow their blog. They haven't exactly been keen on spreading this to the media either

Here's the full quote:

Quote:

Q: Have all PlayStation Network and Qriocity users been notified of the situation?
A: In addition to alerting the media and posting information about it on this blog, we have also been sending emails directly to all 77 million registered accounts. It takes a bit of time to send that many emails, and not every email will still be active, but this process has been underway since yesterday. At this time, the majority of emails have been sent and we anticipate that all registered accounts will have received notifications by April 28th. Consumers may also visit uk.playstation.com/psnoutage and www.qriocity.com for notices regarding this issue. In addition, we have taken steps to disseminate information regarding this issue to media outlets so that consumers are informed.
I think we do have to be fair that pretty much all news organisations have 'spread the message' and also that sending that amount of emails takes time.

goonergaz 28-Apr-2011 21:00

Quote:

Originally Posted by Cheezdoodles (Post 1547204)
I dont give a **** about their blog. They should contact their customers directly, not assuming that people follow their blog. They haven't exactly been keen on spreading this to the media either

I don't watch much TV but I know it was on 3 news programs as the kids called me (morning, afternoon and evening)

djskribbles 28-Apr-2011 21:46

Quote:

Originally Posted by makattack (Post 1547171)
Sounds to me like someone got into his email account (dkskribbles, I hope you didn't use the same password on PSN as your email)... why else would he have a trace of that spam message in the "sent mail" container?

This is different from someone modifying a SMTP mailer header to change the reply-to and from fields to use someone elses email address.

The scary thing is, it's not the same password. I don't 100% remember my PSN password, but I'm 100% positive it's not the same as my email. If it is what I think it was, it is pretty similar though.

I've changed my password and I'm gonna monitor my sent folder to make sure this shit stops.

Shifty Geezer 28-Apr-2011 21:58

To confirm I've received the EU email, so it is just a slow communication. For the record I'm on holiday ATM and spent money on internet access with a view to buying Under Siege, so this PSN outtage actually has a monetray cost for me. Had I known PSN would remain down, I'd have spent less on internet access.

Class action lawsuit, here I come! :p

edit: As for Sony's imcompetance versus defenders, IMO Sony have been almost complete chumps this generation. I regard almost all their choices and actions since PS3's anouncement as negative or benign, with their good stuff only coming after a cock-up. They are nothing like their PS and PS2 hey-day, for whatever reason. This is just the latest of any number of massive failures.

BoardBonobo 28-Apr-2011 22:24

I got my (UK) email yesterday and my (JPN) email on Tuesday. I'm not particularly concerned with this as my email is a throw away account fed from a proxy account on a server I manage. I've renewed my card as a precaution. Not because I'm worried about money getting spent but more because my bank will freeze my account at the slightest hint of dodgy dealings.

I find Sony's response, or rather the delay, kind of annoying but if their security has been compromised so thoroughly that they didn't know what had been accessed, and what else did Sony have on those servers? PS4 details, infrastructure records, details of their new security for the PS3?, and at the same time they appear to have suffered hardware failure of some kind or even a direct breach via a data centre staff member. It makes it kind of understandable that they were somewhat reticent about making a statement without knowing the facts.

And though Sony have some very obvious issues with the way in which they handle and store end user data (plain text db's I mean really!?) it isn't their fault this happened. Without the malicious intent of external parties the system would have functioned perfectly well as it was and we would have happily gone on our way. I can only blame the hackers concerned with the attack for the loss of my PSN access. Not Sony. And if they catch whoever did this (not very likely) and if they turn out to be some retard script kiddie running metasploit or some RFP derived code then I hope their identities are made public to the same 77 million accounts that have been deprived of the PSN. Let the gamers work out the justice for them.

RobertR1 28-Apr-2011 23:02

Quote:

Originally Posted by BoardBonobo (Post 1547259)
And though Sony have some very obvious issues with the way in which they handle and store end user data (plain text db's I mean really!?) it isn't their fault this happened. Without the malicious intent of external parties the system would have functioned perfectly well as it was and we would have happily gone on our way. I can only blame the hackers concerned with the attack for the loss of my PSN access. Not Sony. And if they catch whoever did this (not very likely) and if they turn out to be some retard script kiddie running metasploit or some RFP derived code then I hope their identities are made public to the same 77 million accounts that have been deprived of the PSN. Let the gamers work out the justice for them.

That is amazingly poor reasoning. Anyone sensible is understanding of the criminal intent and activity in all walks of life. It's YOUR job to protect yourself from these elements. In respect to a global corporation that holds critical information on millions of users, it's paramount that security come before convenience, budget and functionality. You can play the victim card all day but in the end, the damage is done.

The level of ignorance displayed by Sony in maintaining passwords in clear text is mind boggling. Sony basically ended coming across with "you best to not trust us with your information."

digitalwanderer 28-Apr-2011 23:09


Carl B 28-Apr-2011 23:11

Quote:

Originally Posted by BoardBonobo (Post 1547259)
It makes it kind of understandable that they were somewhat reticent about making a statement without knowing the facts.

They weren't reticent in shutting down the PSN though, that is for sure, which implies to me they knew quite clearly they were in the midsts of something serious, and something that linked back to and involved their membership. I mean I can understand some people thinking that Sony is getting the heat too hard, but actually apologizing/explaining for them? I don't know.

It's a little ironic also that in this particular case, the defense for the lack of seriousness of this situation and its handling came from someone who quite obviously takes their own net anonymity and ID protection quite seriously. That is all well and good for you and your throw away account, but I use my *real* email addresses, name, etc when I sign up for accounts like these, and I don't think I'm in any sort of minority, know what I'm saying? ;) Maybe if you were down here in 'exposed' land you would view things a little differently wrt Sony's fabulous action times. :)

RobertR1 28-Apr-2011 23:23

Quote:

Originally Posted by Carl B (Post 1547272)
It's a little ironic also that in this particular case, the defense for the lack of seriousness of this situation and its handling came from someone who quite obviously takes their own net anonymity and ID protection quite seriously. That is all well and good for you and your throw away account, but I use my *real* email addresses, name, etc when I sign up for accounts like these, and I don't think I'm in any sort of minority, know what I'm saying? ;) Maybe if you were down here in 'exposed' land you would view things a little differently wrt Sony's fabulous action times. :)

Pretty much this. People tend to use proper information for trusted sources and until last week, I'd assume most people considered PSN to be a trusted source. There was no reason to believe this was some hobby/enthusiast project or a shady company you would think twice about when creating a service account. This is Sony.

The full effects of this won't be immediate for compromised users. Depending on how long before this information is distributed and maliciously used, you could see ongoing reports of identity thefts and hijacks for some time. If a common source for such is prior PSN access, then it'll be an easy association for people, right or wrong.

archie4oz 29-Apr-2011 03:03

Quote:

Originally Posted by RobertR1
The level of ignorance displayed by Sony in maintaining passwords in clear text is mind boggling. Sony basically ended coming across with "you best to not trust us with your information."


The level of ignorance displayed by posters who believe such nonsense is equally mind-boggling... :roll:

Even in the case of the Gawker breech, the passwords were encrypted (just not salted).

RobertR1 29-Apr-2011 03:16

Quote:

Originally Posted by archie4oz (Post 1547301)
The level of ignorance displayed by posters who believe such nonsense is equally mind-boggling... :roll:

Even in the case of the Gawker breech, the passwords were encrypted (just not salted).

Did you read Sony's FAQ?

"Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."





"

KongRudi 29-Apr-2011 04:20

Quote:

Originally Posted by AntShaw (Post 1547145)
What happens when the PSN goes back up and they encourage everyone to go in and change their password. At this point, that data is already obtained by the hacking. What's to prevent them from going in and changing the information before you have a chance to?

Even if the people wich did this, do take a chance on doing this, after the security upgrades, it's pretty slim chance that it should be your account they did try with..
Afterall there is 77 million accounts wich might have been stolen, if worst case scenario is true, there still is safety in numbers. :)

Quote:

Originally Posted by Cheezdoodles (Post 1547204)
I dont give a **** about their blog. They should contact their customers directly, not assuming that people follow their blog. They haven't exactly been keen on spreading this to the media either

Noone is going to contact 77 million people face-to-face directly, that's not realistic to expect.
Toyota didn't do that when they had floormats wich interferred with the braking system on their cars, they contacted their retailers, and media - said the car-model were recalled.

The only contact-information Sony has for you wich they are sure might be correct, is your e-mail address. You may or may not have filled in the correct address, when registering.. You did not fill in your phone number, or credit card information, with your account. So that may be false.

What Sony is doing is sending out e-mails, telling you what might have been stolen from them, and you should be carefull of what you give out, so noone gets the last remaining information.

Sony will not send you any e-mail's asking for your creditcard information, social security or similar, if that happens you are most likely beeing targetted for identity theft.

So I think it's unlikely that there is any kind of e-mail activation.
The safest thing is just to wait and see what happens when you turn on your PS3/PSP with the updated firmwares.:) As well as looking at your bank-account.

AzBat 29-Apr-2011 04:23

GeoHot responds...

http://geohotgotsued.blogspot.com/20...cent-news.html

Tommy McClain

AzBat 29-Apr-2011 04:26

Just a reminder here:

1) You don't have to have a CC attached to your PSN account.

2) You don't even have to own a Playstation product to have a PSN account.

Tommy McClain

KongRudi 29-Apr-2011 04:29

Quote:

Originally Posted by AzBat (Post 1547305)

Yeah, a writeup on how it all went down, so everybody can learn how to do this, is just what we need.. :)
That way, if someone steal your money, you can just steal it back.. GeoHot is so smart.. :)

mrcorbo 29-Apr-2011 04:58

Quote:

Originally Posted by RobertR1 (Post 1547267)
The level of ignorance displayed by Sony in maintaining passwords in clear text is mind boggling. Sony basically ended coming across with "you best to not trust us with your information."

Quote:

Originally Posted by archie4oz (Post 1547301)
The level of ignorance displayed by posters who believe such nonsense is equally mind-boggling... :roll:

Even in the case of the Gawker breech, the passwords were encrypted (just not salted).

Quote:

Originally Posted by RobertR1 (Post 1547302)
Did you read Sony's FAQ?

"Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

:lol: God I love irony.

digitalwanderer 29-Apr-2011 05:19

Quote:

Originally Posted by AzBat (Post 1547305)

Thanks for the link, I really liked this paragraph:

Quote:

Now until more information is revealed on the technicals, I can only speculate, but I bet Sony's arrogance and misunderstanding of ownership put them in this position. Sony execs probably haughtily chuckled at the idea of threat modeling. Traditionally the trust boundary for a web service exists between the server and the client. But Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client(can't trust those pesky consumers), everything is good. Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server? This arrogance undermines a basic security principle, never trust the client. It's the same reason MW2 was covered in cheaters, Activision even admitted to the mistake of trusting Sony's client. Sony needs to accept that they no longer own and control the PS3 when they sell it to you. Notice it's only PSN that gave away all your personal data, not Xbox Live when the 360 was hacked, not iTunes when the iPhone was jailbroken, and not GMail when Android was rooted. Because other companies aren't crazy.

archie4oz 29-Apr-2011 05:42

Quote:

Originally Posted by RobertR1
Did you read Sony's FAQ?

Yes, and reading a PR FAQ isn't necessary for me to know how the PSN works. I'm fairly confident of my knowledge of the workings of the PSN (marketing name) vs. the information of a generalized PR release.

archie4oz 29-Apr-2011 05:52

Quote:

Thanks for the link, I really liked this paragraph:
I found it rather amateurish and full of poor assumption. I mean seriously, the PS3 isn't the only PSN client. In fact, considering the knowledge the hacker community has of the various platforms that access the PSN, PS3 one of the poorest ones to use as an attack vector... What happened to the critical thinking skills around here?

Scott_Arm 29-Apr-2011 06:03

Quote:

Originally Posted by archie4oz (Post 1547313)
I found it rather amateurish and full of poor assumption. I mean seriously, the PS3 isn't the only PSN client. In fact, considering the knowledge the hacker community has of the various platforms that access the PSN, PS3 one of the poorest ones to use as an attack vector... What happened to the critical thinking skills around here?

Why is using the PS3 one of the poorest ways to attack PSN? If what he says is true, about PSN trusting the PS3 as a client, more than it should, then his speculation sounds reasonable.

archie4oz 29-Apr-2011 06:24

Why use a PS3? The PSP does the same shit and is a lot less secure and well known... Shit, why bother with clients at all?

betan 29-Apr-2011 06:55

Encryption is not as reliable as many here think when your service needs to decrypt the data often.

Regarding the passwords though, the question is whether the stupidity of Sony reached the levels of storing the passwords in plain text or hashed. Encryption is not important compared to one-way hash function, using which you don't keep the password in a retrievable manner.

While it may seem extremely unlikely that any decent company/web service stores plain texts, lack of any mention in the PR response is seriously thought-provoking.

Arwin 29-Apr-2011 07:28

What do you guys think of this, taken frim the latest Eurogamer.net article on the subject:

Quote:

While it has undoubtedly been a PR disaster for the platform holder, EEDAR VP Jesse Divnich called on users to keep the situation in perspective, applauding Sony for how it has dealt with the crisis.

"To date they have gone above and beyond their legal requirements on keeping consumers informed and this is something we should all appreciate in light of these events," he said, insisting it "could have happened to anyone one."

Security breaches such as these take place frequently, he argued, and Sony had behaved responsibly in choosing to inform its customers in the manner in which it did.

"As the shift towards a cashless society continues, we must be aware that security breaches of our personal information will continue to occur and that no outlet can provide a 100 per cent guarantee on the safety of our personal information.

"What occurred on the PlayStation Network happens daily throughout the world; many of which goes unreported or unfounded and it would be naïve to think that our personal information hasn't already been compromised elsewhere.

"The only difference with the PlayStation Network's breach is Sony's good ethical standing as a corporate citizen to inform their consumers of the breach of their network."

AlphaWolf 29-Apr-2011 08:07

Quote:

Originally Posted by Arwin (Post 1547323)
What do you guys think of this, taken frim the latest Eurogamer.net article on the subject:

I think its a load of crap. It took them far too long to address the issue publicly and only did so after pressure. And they are actually required by law to notify people of the breach and threat to their data in many places, so none of this came from the goodness of their heart.

Cheezdoodles 29-Apr-2011 08:17

Quote:

Originally Posted by KongRudi

Even if the people wich did this, do take a chance on doing this, after the security upgrades, it's pretty slim chance that it should be your account they did try with..
Afterall there is 77 million accounts wich might have been stolen, if worst case scenario is true, there still is safety in numbers. :)

Noone is going to contact 77 million people face-to-face directly, that's not realistic to expect.
Toyota didn't do that when they had floormats wich interferred with the braking system on their cars, they contacted their retailers, and media - said the car-model were recalled.

The only contact-information Sony has for you wich they are sure might be correct, is your e-mail address. You may or may not have filled in the correct address, when registering.. You did not fill in your phone number, or credit card information, with your account. So that may be false.

What Sony is doing is sending out e-mails, telling you what might have been stolen from them, and you should be carefull of what you give out, so noone gets the last remaining information.

Sony will not send you any e-mail's asking for your creditcard information, social security or similar, if that happens you are most likely beeing targetted for identity theft.

So I think it's unlikely that there is any kind of e-mail activation.
The safest thing is just to wait and see what happens when you turn on your PS3/PSP with the updated firmwares.:) As well as looking at your bank-account.

I did not suggest that they sould call me but contact me directly by email. I recieved it first today. Thats quite a bit to late in my book

minimoke 29-Apr-2011 08:27

Quote:

Originally Posted by betan (Post 1547322)
...While it may seem extremely unlikely that any decent company/web service stores plain texts, lack of any mention in the PR response is seriously thought-provoking.

This is probably stretching it a bit but the fact that the Sony customer care agents don't have access to user passwords i.e. They can't tell you your password over the phone maybe an indication that the passwords were hashed.

Phil 29-Apr-2011 09:37

Quote:

Originally Posted by Cheezdoodles (Post 1547326)
I did not suggest that they sould call me but contact me directly by email. I recieved it first today. Thats quite a bit to late in my book

As some (me included) have already pointed out - sending 77 million emails is not easy. It's not just about getting those emails out - it's also about not getting on any RBL spam lists or having your IP range blocked if suddenly a huge amount of mails originate from the same destiny. Sending a such a large amount of emails must be done in smaller batches. It's inevitable that some may receive emails a few days later than others.

TrungGap 29-Apr-2011 10:03

I'm no Sony fanboy, but I think Sony is doing a good job at this. Yes, there are security lapses, but that's will happen when you're rushing to play catchup. Giving their current situation, I don't think you can expect anyone (even MS or Google) to do better. It takes time for engineering to figure out what's going on. It takes time have all these information flow to the appropriate key individual. What they have done is pretty agile for a company of their size. Have you ever move a data center? Trust me, it's not something you can do easily. It takes a lot of key individuals to align themselves and guts to make it happen.

So +1 for Sony. I'm not happy that this security breach happens, but I'm happy have with the way they reacted/responded.

Shompola 29-Apr-2011 11:27

So everyone gotten their apology letter from SONY? I have not gotten one, and I am a bit worried that I registered my PSN account with now a defunt student e-mail account in the PS2 days. When did PSN go up?

Xenus 29-Apr-2011 12:14

PSN started with the PSP I think.

Arwin 29-Apr-2011 12:20

Quote:

Originally Posted by Xenus
PSN started with the PSP I think.

I'm fairly sure it started with the PS3?

Npl 29-Apr-2011 12:30

Quote:

Originally Posted by Shompola (Post 1547349)
So everyone gotten their apology letter from SONY? I have not gotten one, and I am a bit worried that I registered my PSN account with now a defunt student e-mail account in the PS2 days. When did PSN go up?

You got an US account?
I think they only send out emails for US customers (so far) - atleast I only did get one for my US account (not sure I left credit information on that one) and not the EU one.

And PSN started with PS3, in fact with a PSP you could only access PSN through a PS3 for a long time.

-tkf- 29-Apr-2011 13:05

I got mails from: Australia, Denmark and Japan

Shompola 29-Apr-2011 13:15

Not sure what account I have and what region. I believe I did create an account on playstation.com when I got my PSP in february 2005. So my playstation.com account is not my PSN account? I have also received 19th of April an ad from PSN about Ratcher 4 for one to my current e-mail. Hopefully this means that my current e-mail address is bound to my PSN account. I am fairly certain that I do have an PSN account as I could log into PSN from my PS3. I am so confused heh.

Billy Idol 29-Apr-2011 13:20

I got the email with the warning today...what took them so long?

Cyan 29-Apr-2011 13:46

Quote:

Originally Posted by AlphaWolf (Post 1547325)
I think its a load of crap. It took them far too long to address the issue publicly and only did so after pressure. And they are actually required by law to notify people of the breach and threat to their data in many places, so none of this came from the goodness of their heart.

Don't make the mistake of believing that these big companies, be it either Sony, Microsoft, or Nintendo, have a soul or a heart. I've seen too much and know quite a few things to begin comprehending all the nasty things these companies do, not only to customers but also to their employees.

I might have made a broad generalization, but 99% of the employees are just a number for them, not a person, let alone their customers. We are all alone inside our heads. And for these companies like part of the article of Geohotz posted here says, we are pesky customers.

Sony/Microsoft/Nintendo is basically the modern day version of the pharisees, and although somewhat declining in influence over the years, because of laws, it's still there.

I have a hard time trusting these companies like the people on the net who have friends like stars in the sky, so to say. And this comes from an exemplary customer -I never pirated a console nor the thought crossed my mind, I buy games on a regular basis, etc- like many others there are here on B3D.

If there is one thread that makes me feel better about myself and my ways, it is this one.

Not to get off-topic.... Well... The greater the size of the company, the greater the reaction is, so this issue is a 'big deal.'

I think that the greatness of the implications has been blown way out of proportion in some ways, but that doesn't mean what happened do not influence a HUGE chunk of the PSN population, because it really does. The lack of security is placing your customers in a vulnerable position where others can either harm them or devastate them economically or whatever -some people have experienced odd operations made by someone else using their credit cards, for instance, these last days.

As for those defending Sony all the time, a fanboy-ish attitude frothing at the mouth like a rabid dog isn't helping anyone. This is when when you realize that you are in an extreme minority on a particular matter...or many.

Sony should return to their old, quite old ways, lick the wounds and start anew during the next generation of consoles, because this one hasn't been their best.

It's not those companies alone. It's perhaps also a reflection of today's society. Nowadays everything is darker, more dense. Maybe it is a reflection of the society we live in. We also have wars everywhere, crisis, etc.

Not many time ago, in the 90s -which I consider my favourite decade- everything seemed more lively and positive. Anyway, I don't want to get off-topic.

mrcorbo 29-Apr-2011 13:48

Quote:

Originally Posted by TrungGap (Post 1547343)
I'm no Sony fanboy, but I think Sony is doing a good job at this. Yes, there are security lapses, but that's will happen when you're rushing to play catchup. Giving their current situation, I don't think you can expect anyone (even MS or Google) to do better. It takes time for engineering to figure out what's going on. It takes time have all these information flow to the appropriate key individual. What they have done is pretty agile for a company of their size. Have you ever move a data center? Trust me, it's not something you can do easily. It takes a lot of key individuals to align themselves and guts to make it happen.

So +1 for Sony. I'm not happy that this security breach happens, but I'm happy have with the way they reacted/responded.

The damning fact for me is that they deemed this intrusion serious enough to shut down the network right away. At this point, issuing a notice to their customers that the network had been breached by an unknown party and that they were investigating the extent of the intrusion would have been appropriate. Instead they said nothing. I won't accept this as an appropriate reaction. You may disagree, but I expect better and hopefully most agree with me. Customer backlash is the only way that not only Sony, but all other companies will be forced to handle these situations in a more customer-focused way.

mrcorbo 29-Apr-2011 14:08

Quote:

Originally Posted by archie4oz (Post 1547312)
Yes, and reading a PR FAQ isn't necessary for me to know how the PSN works. I'm fairly confident of my knowledge of the workings of the PSN (marketing name) vs. the information of a generalized PR release.

You should contact them and let them know that you are fairly confident the official Q&A that they are directing customers to on this issue is wrong. After all, it wouldn't be the first time that a 3rd party taught them something about their network they didn't know.

Cheezdoodles 29-Apr-2011 14:29

Quote:

I'm no Sony fanboy, but I think Sony is doing a good job at this. Yes, there are security lapses, but that's will happen when you're rushing to play catchup. Giving their current situation, I don't think you can expect anyone (even MS or Google) to do better. It takes time for engineering to figure out what's going on
Good Job? AGAIN a bare minimum , if your security is breached and you have sensitive customer information, you should immediately alert your customers.

While it takes some engineering to figure out what has been taken, that is irrelevant. If you know there is a risk customer info is out, and this can later be used for fraud, that is a big deal!

While you loose some face on this, the other outcome is much worse. By the looks of it, they have not obtained cc info. What if they had? In a week, you could scam a significant amount of people, and people wouldn't have been able to do anythinng.

Quote:

Originally Posted by Arwin (Post 1547323)
What do you guys think of this, taken frim the latest Eurogamer.net article on the subject:

Heh i would be slamming them for not issuing the information immediately. Just like the senator.

Cheezdoodles 29-Apr-2011 14:32

Quote:

Originally Posted by Cyan (Post 1547377)
Don't make the mistake of believing that these big companies, be it either Sony, Microsoft, or Nintendo, have a soul or a heart. I've seen too much and know quite a few things to begin comprehending all the nasty things these companies do, not only to customers but also to their employees. .

You do not need a soul or heart. All you need is to understand that your customers is by far the most vital part of your success:

Assume that CC info actually was stolen from all of us.

And that Sony did not inform us until a week after the fact, and lots of people got scammed in the meanwhile.

What do you think would happend to their customer base, and global perception?

Nesh 29-Apr-2011 14:41

Quote:

Originally Posted by Cheezdoodles (Post 1547384)
You do not need a soul or heart. All you need is to understand that your customers is by far the most vital part of your success:

Assume that CC info actually was stolen from all of us.

And that Sony did not inform us until a week after the fact, and lots of people got scammed in the meanwhile.

What do you think would happend to their customer base, and global perception?

Even as such that doesnt mean they wouldnt/dont go against morals when they have interests and know they wont suffer any consequences.

Now regarding why they informed the customers late, there is a possible logical explanation. When you want to communicate to the customer an issue you want to communicate it clearly and once. And to do that you have to assess the real magnitude of the problem and its nature as much as possible. Its bad practice to inform the customer about an issue, then come back to him and tell him things were actually different or worse.

If I were in their shoes I would have faced a huge dilemma

AlNets 29-Apr-2011 15:08

http://ca.kotaku.com/5796902/there-a...ls-up-for-sale

That should read "2.2 Million" in the URL, not 22 million. :p

Quote:

According to Kevin Stevens, an online security expert with TrendMicro, "low-level cybercriminals" are currently shopping around lists supposedly containing the credit card details of 2.2 million PlayStation Network members.
hm... :s

mrcorbo 29-Apr-2011 15:10

Quote:

Originally Posted by Nesh (Post 1547385)
Even as such that doesnt mean they wouldnt/dont go against morals when they have interests and know they wont suffer any consequences.

Now regarding why they informed the customers late, there is a possible logical explanation. When you want to communicate to the customer an issue you want to communicate it clearly and once. And to do that you have to assess the real magnitude of the problem and its nature as much as possible. Its bad practice to inform the customer about an issue, then come back to him and tell him things were actually different or worse.

If I were in their shoes I would have faced a huge dilemma

I would hope that going forward that all companies will have a contingency plan in place for this scenario that includes a pre-approved list of customer communications during the incident. Sony's response from a technical perspective seems to have been pre-planned and smoothly executed but I suspect there was a lot of back and forth between their legal and PR departments as to what information they were going to release publicly.

digitalwanderer 29-Apr-2011 15:12

Quote:

Originally Posted by AlStrong (Post 1547388)
http://ca.kotaku.com/5796902/there-a...ls-up-for-sale

That should read "2.2 Million" in the URL, not 22 million. :p



hm... :s

http://www.moonbattery.com/mushroom-cloud.jpg

AlNets 29-Apr-2011 15:16

Quote:

Originally Posted by digitalwanderer (Post 1547390)


pf... well, maybe if it is true. :p

Carl B 29-Apr-2011 16:05

Quote:

Originally Posted by archie4oz (Post 1547312)
Yes, and reading a PR FAQ isn't necessary for me to know how the PSN works. I'm fairly confident of my knowledge of the workings of the PSN (marketing name) vs. the information of a generalized PR release.

I wouldn't be surprised at all if their formal FAQ response contained errors; such would be the irony and reinforcement of their poor communications handling through this though.

Phil 29-Apr-2011 16:08

Quote:

Originally Posted by Cheezdoodles (Post 1547383)
Good Job? AGAIN a bare minimum , if your security is breached and you have sensitive customer information, you should immediately alert your customers.

I hate to sound like I'm defending, but it's hard to imagine what exactly happened. We're probably dealing with a very complex network with a lot of servers involved. I could imagine that at some point, some technician probably noticed things being off, parts of data that is corrupt or changed in some way alluding to perhaps a malfunction. Then a cup of coffee later, at some point after a little bit of digging, something seems terribly wrong. Now how fast do you think this kind of information passes up the ranks? How fast do you think you know of the true extend of that your system has been intruded and how much is at stake? Then after you know, you start to evaluate. Maybe the person in charge at the time isn't present, so it takes another few hours to get the message through "housten we have a problem". This isn't the type of company where you have a couple of technicians and a boss who is readily available to react to everything immediately.

You just don't shut things down, not when you're network has millions of customers accessing data at all times. And sending out 77 million email again is no small feat. I don't believe for a second that the true extend of the breach was something that was known quickly.

Unfortunately, I don't think anyone will ever know the true extend of how the system was breached and how long it took Sony to figure that out. Of course it's somewhat disappointing for the network to go offline and for it to take them so long to make some notice about what happened. Then again, I'm not really sure I even trust the official statement that they turned off PSN or that when they did, they knew exactly what they were dealing with. That might explain their "back-foot" reaction since they've been offline and why we are hearing about what has happend so late.

Scott_Arm 29-Apr-2011 16:12

Quote:

Originally Posted by archie4oz (Post 1547317)
Why use a PS3? The PSP does the same shit and is a lot less secure and well known... Shit, why bother with clients at all?

Different clients may access PSN differently. If the PS3 was intended to be a closed system, with some level of trusted access, then it could be that hacking the PS3 opened a door into PSN that they never thought would be opened. I'm not saying he's right, but he does have some experience with the actual firmware and might understand a little bit more about how it interfaces with PSN, since he was looking at a way to have it operate on a completely different network.

Scott_Arm 29-Apr-2011 16:16

Quote:

Originally Posted by Phil (Post 1547409)
I hate to sound like I'm defending, but it's hard to imagine what exactly happened. We're probably dealing with a very complex network with a lot of servers involved. I could imagine that at some point, some technician probably noticed things being off, parts of data that is corrupt or changed in some way alluding to perhaps a malfunction. Then a cup of coffee later, at some point after a little bit of digging, something seems terribly wrong. Now how fast do you think this kind of information passes up the ranks? How fast do you think you know of the true extend of that your system has been intruded and how much is at stake? Then after you know, you start to evaluate. Maybe the person in charge at the time isn't present, so it takes another few hours to get the message through "housten we have a problem". This isn't the type of company where you have a couple of technicians and a boss who is readily available to react to everything immediately.

You just don't shut things down, not when you're network has millions of customers accessing data at all times. And sending out 77 million email again is no small feat. I don't believe for a second that the true extend of the breach was something that was known quickly.

Unfortunately, I don't think anyone will ever know the true extend of how the system was breached and how long it took Sony to figure that out. Of course it's somewhat disappointing for the network to go offline and for it to take them so long to make some notice about what happened. Then again, I'm not really sure I even trust the official statement that they turned off PSN or that when they did, they knew exactly what they were dealing with. That might explain their "back-foot" reaction since they've been offline and why we are hearing about what has happend so late.

I think the problem with this reasoning is that they shut down PSN well before the admission of the data leak came out. When they shut PSN down entirely, they must have known that the breach was serious. If they did not know someone had attempted to steal data, then why did they shut it down?

Like I said earlier, at some point between shutting it down, and the release, they got the suspicion the hacker was trying to steal customer data. If they had that suspicion early on, they should have said something to their customers immediately, to help protect them, and they could have followed up later if it turned out that the data was not taken. If they had the suspicion later, why did it take so long?! You'd think the first thing they'd look at would be the integrity of their customer data. In one case you have incompetence, and in the other case you have customers as an afterthought.

JB9861 29-Apr-2011 16:21

Quote:

Originally Posted by AlStrong (Post 1547388)
http://ca.kotaku.com/5796902/there-a...ls-up-for-sale

That should read "2.2 Million" in the URL, not 22 million. :p



hm... :s

I've only seen one list so far so unsure if that's part of the *lists* that are being shopped around...but anyway its a fictional list. Would be unfortunate if CC info was ultimately comprised so I hope users are taking the proper precautionary measures to protect themselves.

archie4oz 29-Apr-2011 16:56

Quote:

Originally Posted by Carl B
I wouldn't be surprised at all if their formal FAQ response contained errors; such would be the irony and reinforcement of their poor communications handling through this though.

It's not necessarily wrong, it's just being interpreted by many incorrectly leading to false assumptions. Unencrypted database/tables != plain text passwords. You can still write encrypted data into unencrypted tables, you're just not encrypted database objects at a higher level. It's like the difference between having an encrypted files on an unencrypted HDD and encrypted the whole HDD.


In any case the whole *late* aspect is somewhat unrealistic too. How long did the State of Texas take to notify of it's breach? A year. How long did Gawker go exploited before notifying users? More than a Month. The latest breach at DoE OakRidge National Laboratory? A week. Epsilon? About 5 days from breach to when I started getting emails from their clients. By the standards of recent well known security breaches I'd say the response was fairly quick and reasonably measured. Also considering the significant signal to noise ratio coming off a massive DDOS, and subsequent focussed DDOS and probes, along with CFW/MFW users trying spoof access and/or accessing and downloading content from staging envs, along with the normal routine of maintenance and platform updates; the total shutdown was understandable (albeit still surprising even to me) just to reduce the noise floor of activity to ascertain damages.

Jedi2016 29-Apr-2011 17:09

The only thing that cracks me up about this mess are the people that are only complaining about the service being down. I appreciate the level of conversation in this thread, but read around some of the blogs and forums around the 'net, and you'll see a bunch of people whining that they can't play Black Ops online or whatever. Never mind my credit card and passwords, I want my frikkin' Black Ops. Those jackasses will be the first in line to get their bank accounts emptied, I'm sure.

As for the stuff that was taken, I'm not particularly worried about most of it. My name, handle, email, etc.. that's all public record. Probably wouldn't take too long on Google to pull up most of it.

The big question I have, the one that's come up in this thread several times, is how the password file was stored. Everyone assumes that it must have been encrypted, because of how stupid Sony would have to be to leave it as plaintext. But then there's that pesky press release of theirs that simply stated that the personal data files were not encrypted. I think we're in a gray area here, and I'd really like Sony to come out and say in plain English how the passwords were stored.

Frankly, I don't feel like going around and changing the email, name, and passwords of every site that I visit. Yeah, I can make it much safer by using randomly generated passwords on everything, but there's a fair number of sites I visit on my phone, which doesn't store passwords the way Firefox does. And I can just imagine trying to remember "kD(s&IN3%1sViK" every time I want to check my latest Amazon order. And then trying to type it into the iPhone's wonderful keyboard.

My point is that Sony needs to be abundantly clear on exactly what was taken, and what form it was taken in (encrypted, hashed, plaintext, etc). Then I can make an informed decision on exactly what I need to go change around the rest of the internet.

Carl B 29-Apr-2011 17:33

Quote:

Originally Posted by archie4oz (Post 1547424)
It's not necessarily wrong, it's just being interpreted by many incorrectly leading to false assumptions. Unencrypted database/tables != plain text passwords. You can still write encrypted data into unencrypted tables, you're just not encrypted database objects at a higher level. It's like the difference between having an encrypted files on an unencrypted HDD and encrypted the whole HDD.


In any case the whole *late* aspect is somewhat unrealistic too. How long did the State of Texas take to notify of it's breach? A year. How long did Gawker go exploited before notifying users? More than a Month. The latest breach at DoE OakRidge National Laboratory? A week. Epsilon? About 5 days from breach to when I started getting emails from their clients. By the standards of recent well known security breaches I'd say the response was fairly quick and reasonably measured. Also considering the significant signal to noise ratio coming off a massive DDOS, and subsequent focussed DDOS and probes, along with CFW/MFW users trying spoof access and/or accessing and downloading content from staging envs, along with the normal routine of maintenance and platform updates; the total shutdown was understandable (albeit still surprising even to me) just to reduce the noise floor of activity to ascertain damages.

Sony could definitely benefit by putting someone with a technical background in charge of the PR effort, even if only for a day, to at least spell out and clarify the nature of some of things you are alluding to, because I think it's understandable why people might reach the plain text conclusion. And in so doing, it doesn't help Sony's cause at the moment.

You're right about the length and severity of those other lapses you mentioned, but I'm not sure that does any assuaging in this particular case. It's different also in that Sony has actually shut down the related breached service in question indefinitely, with a not insignificant gap between the shutting down and the explanation commencing.

I'm not angry or anything with this turn of events; as others have mentioned, if the attackers were determined, the odds would be stacked against Sony regardless. But I can't give strong marks on the communications response on it even as such, and of course, I remain understandably aggravated that I'm at an unknown... or poorly communicated/understood... level of risk.

dobwal 29-Apr-2011 17:38

Quote:

Originally Posted by Nesh (Post 1547385)
Even as such that doesnt mean they wouldnt/dont go against morals when they have interests and know they wont suffer any consequences.

Now regarding why they informed the customers late, there is a possible logical explanation. When you want to communicate to the customer an issue you want to communicate it clearly and once. And to do that you have to assess the real magnitude of the problem and its nature as much as possible. Its bad practice to inform the customer about an issue, then come back to him and tell him things were actually different or worse.

If I were in their shoes I would have faced a huge dilemma

The best possible explanation is that Sony wanted to minimize the potential backlash. If the customers" best interest were the upmost priority the response would of been...

"PSN's security has been breached and we don't know how much of your info has been exposed. There is a possibility that all PSN user data including CC numbers has been compromised."

Sony weighed the risk of giving PSN user the worst case scenario up front over waiting and hoping an investigation would provide a scenario less scary. They chose to wait and they lost. They took the worst case scenario and made it worse by lumping a week of silence into the mix.

Sony understood the possible ramification of the breach because they shut down PSN as a response. The other immediate response should have been to inform the PSN userbase.

-tkf- 29-Apr-2011 18:24

Quote:

Originally Posted by Scott_Arm (Post 1547414)
I think the problem with this reasoning is that they shut down PSN well before the admission of the data leak came out. When they shut PSN down entirely, they must have known that the breach was serious. If they did not know someone had attempted to steal data, then why did they shut it down?

Like I said earlier, at some point between shutting it down, and the release, they got the suspicion the hacker was trying to steal customer data. If they had that suspicion early on, they should have said something to their customers immediately, to help protect them, and they could have followed up later if it turned out that the data was not taken. If they had the suspicion later, why did it take so long?! You'd think the first thing they'd look at would be the integrity of their customer data. In one case you have incompetence, and in the other case you have customers as an afterthought.

Itīs not clear cut, you have 77 million accounts. Do you ask 77 million "people" to change passwords unless you are somewhat sure? "they switched it off so they knew something was wrong!" yes, but not to what extent and they made a "big decision" when they switched it off. That costs money, so the critism on the security is valid, but imho it at least can be discussed just how bad Sony performed in regards to information.

Fun fact, if Geohot hadnīt cracked the PS3 in the name of "freedom" those 77 million users wouldnīt have been exposed. And his way in was OtherOS. Without OtherOS this might not have happend.

I am gonna get flamed for this, but the amount of arrogance and shortsighted views he presents competes with Sonyīs arrogance. But hey, the day Hackers actually take their responsibility serious is the day hacking stops?

archie4oz 29-Apr-2011 18:25

Quote:

Originally Posted by Jedi2016
The only thing that cracks me up about this mess are the people that are only complaining about the service being down. I appreciate the level of conversation in this thread, but read around some of the blogs and forums around the 'net, and you'll see a bunch of people whining that they can't play Black Ops online or whatever. Never mind my credit card and passwords, I want my frikkin' Black Ops. Those jackasses will be the first in line to get their bank accounts emptied, I'm sure.

As for the stuff that was taken, I'm not particularly worried about most of it. My name, handle, email, etc.. that's all public record. Probably wouldn't take too long on Google to pull up most of it.

The big question I have, the one that's come up in this thread several times, is how the password file was stored.


Well folks like that are probably also the type that probably have simple, commonly known passwords that even strong encryption isn't going to protect...

I'm not terribly worried about credit cards. Credit card companies generally have decent fraud detection services (I know mine does as I've been annoyingly inconvenienced by my card getting locked due to my shopping activities tripping red flags), and are able to resolve false charges fairly well. Passwords are annoying but if you're reasonably sensible and use different passwords for all your online accounts, then it's a minor issue. The data that bothers me is the security question and more specifically, the answer. Even if your password and credit card is secure, the relative invariance of security questions generally used makes exploitation a lot easier. After all, that's how Paris Hilton's T-Mobile account was hacked (and that even need any security breach to occur).

Jedi2016 29-Apr-2011 18:46

The problem with the security questions/answers is that, with the network down, I have no idea which questions and answers were used. I haven't so much as looked at that stuff since I created the account years ago.

macabre 29-Apr-2011 18:55

Some sites tell you the safety level of your password when you sign up, hope they include something like this in the new firmware/PSN version.

AlphaWolf 29-Apr-2011 19:31

Quote:

Originally Posted by -tkf- (Post 1547437)
Fun fact, if Geohot hadnīt cracked the PS3 in the name of "freedom" those 77 million users wouldnīt have been exposed. And his way in was OtherOS. Without OtherOS this might not have happend.

Actually, you don't know at all that it's true. Possibly, maybe even probably... but fact? No.

Quote:

I am gonna get flamed for this, but the amount of arrogance and shortsighted views he presents competes with Sonyīs arrogance. But hey, the day Hackers actually take their responsibility serious is the day hacking stops?
He can be arrogant if he wants, he's not running a consumer oriented business.

Rotmm 29-Apr-2011 19:41

Quote:

Originally Posted by -tkf- (Post 1547437)
Fun fact

Fact? Really?

'Supposition dressed as fact' would be, pun intended, a factually accurate description.

-tkf- 29-Apr-2011 19:47

Quote:

Originally Posted by AlphaWolf (Post 1547444)
Actually, you don't know at all that it's true. Possibly, maybe even probably... but fact? No.

He can be arrogant if he wants, he's not running a consumer oriented business.

Nobody got facts on any of this, those that have it wont say a word. But there is plenty of pointers that back it up.

Math that reverse engineered the Jig hack clearly stated that without Geohots original "glitch hack" the Jig wouldn't have come to be. Without the OtherOS option Geohot wouldnīt have had an easy way to snoop around with. So itīs not fact but it does seem plausible.


All times are GMT +1. The time now is 18:34.

Powered by vBulletin® Version 3.8.6
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.