*ren* PSN Down, Customer Info Compromised

The letter from Howard Stringer on the EU blog is pushing it, comparing the breach with the Earthquak and Tsunami, they might not intend it like that. But reading it, definitely sounds like they are playing the poor us card there.
And the stronger defense statement, mmmmm would me much more assuring if they trotted out state of the art or best money can buy. Now their just upgrading with no real faith in the upgrade :D

http://blog.eu.playstation.com/2011/05/06/a-letter-from-howard-stringer/

But most importantly when will it be back? Last estimate we saw was one week from Tuesday last week. :D
 
I don't know if it came across that way to everyone (probably not), but I'm sure the point is that Sony was hit hard by the Tsunami / Earthquake problems, but unlike that natural disaster the current problems were actually a man-made criminal attack that is seriously damaging the company (also stock-wise). So from his perspective, and the two things hitting the company so close after each other, it is not a strange comment. I guess to many Europeans the Tsunami / Earthquake in Japan isn't just as big of a deal - heck most of us even got Motorstorm: Apocalypse on the original release date. ;)
 
I think they need a server vulnerability scale, that would allow them to better inform their customers of the issues at hand.

1.0 - kiddie script.. someone is testing the ports
|
V
8.0 cancel your credit cards
 
I think they need a server vulnerability scale, that would allow them to better inform their customers of the issues at hand.

1.0 - kiddie script.. someone is testing the ports
|
V
8.0 cancel your credit cards

9. "Whaddya mean you left it on the train?"

10. "I'm sure we had a server here somewhere... Check the back of the sofa Kaz mate"
 
http://blog.us.playstation.com/2011/05/06/service-restoration-update/

...When we held the press conference in Japan last week, based on what we knew, we expected to have the services online within a week. We were unaware of the extent of the attack on Sony Online Entertainment servers, and we are taking this opportunity to conduct further testing of the incredibly complex system....

At this rate Duke Nukem Forever is going to be released before PSN is back online.

If their account authentication system is that "incredibly complex" it sounds like they are doing something incredibly wrong.

Cheers
 
http://blog.us.playstation.com/2011/05/06/service-restoration-update/



At this rate Duke Nukem Forever is going to be released before PSN is back online.

If their account authentication system is that "incredibly complex" it sounds like they are doing something incredibly wrong.

Cheers

I would like that, i have waited for Duke Nukem since 1997.

It´s obvious that getting PSN online is not a quick fix and the scale doesn´t help.

Being a big supporter of Cloud Services (and preacher) this really made me think. These things happens now and will continue to happen. And as more and more functions is bound to the services in the cloud, services becomes even more vulnerable. If PSN is down, you can´t play online, it doesn´t matter that the servers are hosted somewhere else. If Google has a problem, you can´t access your mail or you docs, pics etc that is in the cloud. The centralized nature is a big weakness when something goes wrong.

I hope that Microsoft, Nintendo and espcially Sony learns from this. I would propose a complete backup system that only works in "read only mode". Providing the basic services so that games work but only basic.
 
I believe MS has nothing tech-related to learn from this Sony SNAFU as MS's Azure-based services have provided for a lot of the functionality Sony and others are missing. The likely features being automatic rolling updates and upgrades, automatic rollback of failed patches, failure detections of the nodes, load-based scaling, location independence of nodes, as well as consistent backup policies and procedures. Have a look at the various Azure-based presentations at PDCs (Professional Developer Conference) or TechEds. I first noticed this at the 2008 PDC in Los Angeles.
 
I believe MS has nothing tech-related to learn from this Sony SNAFU as MS's Azure-based services have provided for a lot of the functionality Sony and others are missing. The likely features being automatic rolling updates and upgrades, automatic rollback of failed patches, failure detections of the nodes, load-based scaling, location independence of nodes, as well as consistent backup policies and procedures. Have a look at the various Azure-based presentations at PDCs (Professional Developer Conference) or TechEds. I first noticed this at the 2008 PDC in Los Angeles.

Could you provide some links? It would be interesting to see how Microsoft is better than Amazon or Google.
 
I was curious about the source of the outdated Apache server / no firewall claims. For the moment I am having to assume that it is related to the IRC log that was making the rounds back in February 2011:

http://www.ps3hax.net/showpost.php?p=172049&postcount=180

Google's cache from March 23 shows the server in question displaying the banner for 2.2.17 of Apache which is current:

http://webcache.googleusercontent.c...aystation.net:443/+auth.np.ac.playstation.net

I then wanted to know what "forums" Dr.Spafford was using as his source for the congressional testimony (based on various news articles making the rounds) and so took a peek at his written submission and it contains this gem:

I have no information about what protections they had in place, although some
news reports indicate that Sony was running software that was badly out of date, and had
been warned about that risk.

http://republicans.energycommerce.house.gov/Media/file/Hearings/CTCP/050411/Spafford.pdf

So anyone using Dr. Spafford as the source for the "they ran outdated software" claim did not actually read his submission - he doesn't know anything more than you or me. The situation is dire enough without media hacks making crap up.

Cheers
 
I was curious about the source of the outdated Apache server / no firewall claims. For the moment I am having to assume that it is related to the IRC log that was making the rounds back in February 2011:

http://www.ps3hax.net/showpost.php?p=172049&postcount=180

Google's cache from March 23 shows the server in question displaying the banner for 2.2.17 of Apache which is current:

http://webcache.googleusercontent.c...aystation.net:443/+auth.np.ac.playstation.net

I then wanted to know what "forums" Dr.Spafford was using as his source for the congressional testimony (based on various news articles making the rounds) and so took a peek at his written submission and it contains this gem:



http://republicans.energycommerce.house.gov/Media/file/Hearings/CTCP/050411/Spafford.pdf

So anyone using Dr. Spafford as the source for the "they ran outdated software" claim did not actually read his submission - he doesn't know anything more than you or me. The situation is dire enough without media hacks making crap up.

Cheers

Yeah, people are so eager to believe the worst about Sony that any rumor that blackens their eye is immediately repeated as fact. The fact is that "security expert" was literally repeating something he read on a message board once. His claim that Sony knew was based on an assumption that someone from Sony probably read the same post he did. He did not have first hand knowledge. He did not personally inform Sony. He didn't even do the very basic detective work you have that completely repudiates the claims. We are in a backwards world where everything Sony said is assumed to be a lie or conspiracy and "IRC chat logs" have miraculously become the most trusted news source in the industry.

It's an example of just how far the journalistic standards have fallen and the way the "console wars" have made it impossible to have an honest discussion about anything. Everything becomes a proxy battle between internet partisans, and blogs like Kotaku are more than happy to stoke the mob mentality since it gets them clicks (and their writers are paid by the post and will write up anything).

Anyway. You should send a tip to Joystiq or somebody with your findings.
 
Anyway. You should send a tip to Joystiq or somebody with your findings.
I agree with everything you've written, including this. If this expert's testimony is useless, it needs to be known so those listening to him know to disregard his unjustified comments.
 
I agree with everything you've written, including this. If this expert's testimony is useless, it needs to be known so those listening to him know to disregard his unjustified comments.

For my part I'm going to write it up and post it to Bitmob. That's a better place than my own blog, which is mostly satirical, and maybe a link on N4G can help get this information out. Here's my article: http://bitmob.com/articles/detective-work-reveals-psn-servers-up-to-date
 
I was curious about the source of the outdated Apache server / no firewall claims. For the moment I am having to assume that it is related to the IRC log that was making the rounds back in February 2011:

http://www.ps3hax.net/showpost.php?p=172049&postcount=180

Google's cache from March 23 shows the server in question displaying the banner for 2.2.17 of Apache which is current:

http://webcache.googleusercontent.c...aystation.net:443/+auth.np.ac.playstation.net

I then wanted to know what "forums" Dr.Spafford was using as his source for the congressional testimony (based on various news articles making the rounds) and so took a peek at his written submission and it contains this gem:



http://republicans.energycommerce.house.gov/Media/file/Hearings/CTCP/050411/Spafford.pdf

So anyone using Dr. Spafford as the source for the "they ran outdated software" claim did not actually read his submission - he doesn't know anything more than you or me. The situation is dire enough without media hacks making crap up.

Cheers

Thank you for your very informative reporting. I wish more news outlet would do this kind of work, but instead we have to depend on people like you.
 
How come Sony hasn't been more clear as to when PSN will be back up? It seems like they're deliberately obfuscating in order to give the impression it's going to be 'any day now' as if they are trying to limit the loss of their audience.
 
How come Sony hasn't been more clear as to when PSN will be back up? It seems like they're deliberately obfuscating in order to give the impression it's going to be 'any day now' as if they are trying to limit the loss of their audience.
Well they kinda have, but got their forecasts wrong. It was due up this week, but then they found something else to worry about. With something like this you can't give a firm date. It'll be ready when its ready. They can only update on how things are looknig at the moment.
 
Well they kinda have, but got their forecasts wrong. It was due up this week, but then they found something else to worry about. With something like this you can't give a firm date. It'll be ready when its ready. They can only update on how things are looking at the moment.

It just sucks to be without, it would be easier to make alternative plans if they gave a better indication on when they optimistic/realistic/pessimistic ETA of the return of service. :mad:
 
I meant something useful, if Azure does something special compared to the competition it would be interesting to read about it. Considering how slow that Microsoft have been when it comes to Cloud services i would be pleasantly surprised if they do anything better than those that is beating them on a daily basis.

How can you say MS have been slow when it comes to Cloud services considering they've been using and providing them since 2008?

One of the modes of Azure services is the OS image is provided as a read-only image. You deploy your service on top of it, and any changes are saved off as a differencing disk. This allows them to do automatic updates of the OS layer underneath your service without affecting the service at all. They also do the OS updates on a different node and run a series of tests after the update(s) are applied to determine if your service works after the update. If it has no issues, they cut over to the new node and remove the old node.
 
Back
Top