[deathindustrial]

Quote:

Originally Posted by RobertR1

lol. Quoted so this gem doesn't get edited.

Why would I edit it? No need to make a personal slight just because you don't agree with me.

Looking at the Energy And Commerce Committee's site, they are definitely pushing the news that they have mailed Sony:

http://energycommerce.house.gov/news/letters.aspx
http://energycommerce.house.gov/issues.aspx?IID=5

Via Google I found a copy of a letter they were supposed to have sent Epsilon about their breach earlier this month except there is no mention of it anywhere I can find on the above site. I am having to assume it either never actually got sent or they have decided to hush up about it after the fact:

http://bono.house.gov/UploadedFiles/...ata_Breach.pdf

Obviously not a big enough sample size to make any assertions but it is strange that Epsilon / Alliance Data Systems has all but vanished from the system. I also could not find anything about the response that was supposed to have come by April 18th. . .

Cheers

[-tkf-]

Quote:

Originally Posted by RobertR1

Pretty much all of it. When something like this happens, the top of the org chart is ultimately responsible. The PS3 is under the NPS division and Kaz is on top of that org chart. You can't roll out a chump for the firing range.

If he's going to be fielding questions, he could/should bring a security specialist with him but if this is a canned speech, then no need. Btw, this is what he should have done a day or two after knowing what had occured.

He better show up with a humble attitude and not try to make anything look like it wasn´t their fault.

[bkilian]

Quote:

Originally Posted by Carl B

I don't know that Archie will reply to this directly, but if you go through older posts, you'll have your answer, such as it were. The rest of your post of course stands, but with the caveat that your "then" scenario in the if/then isn't necessarily applicable. In any case, when it comes to Sony and/or console-related news, I would always suggest taking Archie's posts as a value-add to the dialogue.

I looked back, and I stand by my statement... I work for MS, in the xbox org, and even I only have the vaguest idea of the internals of Live. Any statements I made about it would have almost the same chance of being right as anyone else who worked in the industry. (Now the messenger service internals I could talk about, but that wouldn't really help )

[KongRudi]

Quote:

Originally Posted by deathindustrial

Call me cynical but I would bet that letter is more the result of protectionist lobbying efforts (*cough Microsoft*) as opposed to any meaningful interest from the US government about consumer welfare.

Cheers

Microsoft sit in a glasshouse of their own, and they would probably like nothing more than to have people feel safe and secure when shopping and gaming online, so I don't think it'd be very likely for them to lobby against Sony here, sinceany new laws and similar would also affect themselves in the end.

[Carl B]

Quote:

Originally Posted by bkilian

I looked back, and I stand by my statement... I work for MS, in the xbox org, and even I only have the vaguest idea of the internals of Live. Any statements I made about it would have almost the same chance of being right as anyone else who worked in the industry. (Now the messenger service internals I could talk about, but that wouldn't really help )

I'm not saying you shouldn't stand by your statement, and I think I stood in support of your premise to begin with. I'm just saying that your initial query in that statement was followed by a presumed outcome that might have limited applicability to the individual you were asking it from. But I will admit that I am not in a position to affirm or speak for anyone on the matter.

For me it's more like what you just said regarding your involvement with XBox; now, were there a story on MS, and you chimed in with a fairly strong take on it, then knowing you are there and also that you likely would not plant a flag on an issue if you didn't feel adequately informed in your own right, then I would be less concerned with whether you worked in said division or not and simply more inclined to take your own confidence of knowledge in your position as sufficient to make me note your view. That is due to my own regard for your integrity and perception of your 'facts-required-before-speaking-with-authority' quotient. If you weren't yourself confident, you probably wouldn't say anything, right? And of course even moreso in situations like this, if you were asked to lend your official credentials to the matter after having spoken out on the subject, you likely would demure, since a PR firestorm like this would likely not benefit from your unsanctioned, unofficial participation providing title and position where the inevitable thread-linking and cross-talk would emerge across the net as a result.

I have that above respect for knowledge and insight towards Archie, given his past contributions, the areas in which he has shown particular expertise, and the particular glimpses into his official capacities he has in the past provided or shared on the forum. So it's true, support/evidence for his statements has not been provided, and he may be incorrect on the matter, but his entering the thread with specific color on the encryption situation is enough for me to say: ok, maybe it's this then.

[goonergaz]

Quote:

Originally Posted by AlphaWolf

either way its pretty hard to try and pass this off as "Geohotz's fault", his arrogance (and joy) on the matter is immaterial.

I'm curious...do you think this would have happened if he hadn't hacked the PS3?

[digitalwanderer]

Quote:

Originally Posted by goonergaz

I'm curious...do you think this would have happened if he hadn't hacked the PS3?

Yes, because someone else would have.

[goonergaz]

Quote:

Originally Posted by digitalwanderer

Yes, because someone else would have.

well they hadn't up until now...I'm sure it's just a coincidence though

[AlphaWolf]

Quote:

Originally Posted by goonergaz

well they hadn't up until now...I'm sure it's just a coincidence though

You mean they didn't tell you about it up till now. Criminal hacking is big business, do you think they are twiddling their thumbs while waiting around for some home brew guy to crack stuff for them?

Is it possible that what Geohotz did offered an opportunity? Yes. Is it possible that the Geohotz hack had nothing to do with, yes. Is he a convenient target for people looking to blame someone other than Sony? Also yes.

There's no question in my mind this would have happened with or without Geohotz, the timing may have changed, but if anything Geohotz releasing his info on the net should have made it very clear to Sony that the PS3 wasn't secure months ago and they should have stepped up efforts to secure PSN if the PS3 was supposed to be their lynchpin.

I doubt we'll ever know what really went down at Sony, but it didn't go right and it's going to be an expensive mistake. Governments are lining up to grill Sony and I suspect the class action suits are going to follow.

[bkilian]

Quote:

Originally Posted by Carl B

I'm not saying you shouldn't stand by your statement, and I think I stood in support of your premise to begin with. I'm just saying that your initial query in that statement was followed by a presumed outcome that might have limited applicability to the individual you were asking it from. But I will admit that I am not in a position to affirm or speak for anyone on the matter.

For me it's more like what you just said regarding your involvement with XBox; now, were there a story on MS, and you chimed in with a fairly strong take on it, then knowing you are there and also that you likely would not plant a flag on an issue if you didn't feel adequately informed in your own right, then I would be less concerned with whether you worked in said division or not and simply more inclined to take your own confidence of knowledge in your position as sufficient to make me note your view. That is due to my own regard for your integrity and perception of your 'facts-required-before-speaking-with-authority' quotient. If you weren't yourself confident, you probably wouldn't say anything, right? And of course even moreso in situations like this, if you were asked to lend your official credentials to the matter after having spoken out on the subject, you likely would demure, since a PR firestorm like this would likely not benefit from your unsanctioned, unofficial participation providing title and position where the inevitable thread-linking and cross-talk would emerge across the net as a result.

I have that above respect for knowledge and insight towards Archie, given his past contributions, the areas in which he has shown particular expertise, and the particular glimpses into his official capacities he has in the past provided or shared on the forum. So it's true, support/evidence for his statements has not been provided, and he may be incorrect on the matter, but his entering the thread with specific color on the encryption situation is enough for me to say: ok, maybe it's this then.

Well put, point taken.

[minimoke]

Live Video of the Sony press conference here:

http://www.irwebcasting.com/live/110501/02/index.html

[KongRudi]

I assume JST is Japan (GMT+9) - 10 minutes?

[Xenus]

Yup it has started

[Xenus]

They didn't have a chief security officer for the network that's odd.

[deathindustrial]

Wow, did they really just try to use Anonymous protesting their brick and mortars as an excuse for the breach?

[deathindustrial]

10 million credit cards on account apparently. So that kind of puts the number of PSN accounts versus actual users in perspective.

Cheers

[Xenus]

35 million users.

And no they didn't they said it was probably not related but they were talking about anon attacking their servers with DDOS, publishing info on high ranking members including family and children and their planned sit in protest.

[RobertR1]

lol they got exploited by a known vulnerability and management didn't know they were not patched. (as per translator)

Gotta make it hard for PR to brag about PSN accounts now that Kaz admitted duplicated and said only 10mil cards are registered.

[Xenus]

I'm surprised you could get that out of what she is saying. Male translator speaks natural english. Female translator though it's hard to tell what she is trying to say half of the time.

[deathindustrial]

Quote:

Originally Posted by Xenus

. . . publishing info on high ranking members including family and children and their planned sit in protest.

Which has what exactly to do with with the data breach? Nothing, just another pass the buck attempt by Sony. This press conference is not the place for that.

My hope was that Sony would own up to their responsibilities and try to move forward, not continue with the head in sand approach a la Gamasutra's article.

Cheers

[Xenus]

Death it was another breach of security that's all it was and they spent all of 30 secs to minute of so far a 45 min conference on it. They were not passing the buck they were just giving a brief overview of the other breaches/service interruptions there were.

[minimoke]

PSN Passwords were not encrypted!!!

[AzBat]

Props to Hirai for profusely apologizing multiple multiple times. Also, looks like they will require 1 of 2 methods to reset passwords. 1) They will be sending password reactivation to the verified email addresses only. 2) For those resetting their passwords on their consoles, they will only allow passwords to be reset via only the original PS3 systems that created the accounts. That should be sufficient.

Other than that one huge PR blunder. Still can't believe waited a week to tell customers. It should have happened the day the knew of the intrusion or the day the shut down the network. Also, still can't believe that passwords weren't encrypted. Hopefully they learned a lesson. Having a dedicated security officer should help.

Tommy McClain

[Xenus]

I'm not sure she said that why couldn't it be the guy translator at that time. She bumbled around and I think ended up saying the same thing in the FAQ. But there were so many uhs and I think and incomprehensible words strung together that I have no idea what her answer was at all.

[-tkf-]

@Death

So far i understand that Sony will enchance security (doh) and they will comply with requirements from the "different" regions. Charges that follow because of Credit Replacements would be covered in some form (thats how i understand it).

No head in the sand imho, seems humble enough. And it´s pretty clear why, they mention Tablets and NGP both heavily tied to network services.

When getting online with PSN (when restarted) users will be asked to provide a new password.

Fire the female translator!