*ren* PSN Down, Customer Info Compromised

[deathindustrial]

10 million credit cards on account apparently. So that kind of puts the number of PSN accounts versus actual users in perspective.

Cheers

 

[Xenus]

35 million users.

And no they didn't they said it was probably not related but they were talking about anon attacking their servers with DDOS, publishing info on high ranking members including family and children and their planned sit in protest.

 

[RobertR1]

lol they got exploited by a known vulnerability and management didn't know they were not patched. (as per translator)

Gotta make it hard for PR to brag about PSN accounts now that Kaz admitted duplicated and said only 10mil cards are registered.

 

[Xenus]

I'm surprised you could get that out of what she is saying. Male translator speaks natural english. Female translator though it's hard to tell what she is trying to say half of the time.

 

[deathindustrial]

. . . publishing info on high ranking members including family and children and their planned sit in protest.

Which has what exactly to do with with the data breach? Nothing, just another pass the buck attempt by Sony. This press conference is not the place for that.

My hope was that Sony would own up to their responsibilities and try to move forward, not continue with the head in sand approach a la Gamasutra's article.

Cheers

 

[Xenus]

Death it was another breach of security that's all it was and they spent all of 30 secs to minute of so far a 45 min conference on it. They were not passing the buck they were just giving a brief overview of the other breaches/service interruptions there were.

 

[minimoke]

PSN Passwords were not encrypted!!!

 

[AzBat]

Props to Hirai for profusely apologizing multiple multiple times. Also, looks like they will require 1 of 2 methods to reset passwords. 1) They will be sending password reactivation to the verified email addresses only. 2) For those resetting their passwords on their consoles, they will only allow passwords to be reset via only the original PS3 systems that created the accounts. That should be sufficient.

Other than that one huge PR blunder. Still can't believe waited a week to tell customers. It should have happened the day the knew of the intrusion or the day the shut down the network. Also, still can't believe that passwords weren't encrypted. Hopefully they learned a lesson. Having a dedicated security officer should help.

Tommy McClain

 

[Xenus]

I'm not sure she said that why couldn't it be the guy translator at that time. She bumbled around and I think ended up saying the same thing in the FAQ. But there were so many uhs and I think and incomprehensible words strung together that I have no idea what her answer was at all.

 

[-tkf-]

@Death

So far i understand that Sony will enchance security (doh) and they will comply with requirements from the "different" regions. Charges that follow because of Credit Replacements would be covered in some form (thats how i understand it).

No head in the sand imho, seems humble enough. And it´s pretty clear why, they mention Tablets and NGP both heavily tied to network services.

When getting online with PSN (when restarted) users will be asked to provide a new password.

Fire the female translator!

 

[Xenus]

Yeah really her part of the answers have been incomprehensible. Hopefully we have a better directly translated transcript at some point vs just a transcript of what she said.

 

[-tkf-]

The nice guy just said that while Anon had attacked them worldwide on IT services, he didn´t blame the PSN attack on them. Still unknown who it was.

The amount of heat that is going to hit the hackers who did this can be compared to the sun

 

[minimoke]

Based on their explanation and the fact that it was a known vulnerability, was this a JavaScript Injection Attack or something a bit more advanced?

 

[AzBat]

My connection crapped out but it sounded like the passwords were hashed. Did I hear that right?

Tommy McClain

 

[Xenus]

No one knows yet what the attack was

Yeah mine cut out just at that moment too but neogaf said she said they were hashed.

 

[-tkf-]

My connection crapped out but it sounded like the passwords were hashed. Did I hear that right?

Tommy McClain

As i heard it, the CC cards was in another "part of the database" and was encrypted. And no confirmed use of a CC from the hack.

 

[AzBat]

As i heard it, the CC cards was in another "part of the database" and was encrypted. And no confirmed use of a CC from the hack.

Yeah yeah, knew about that already. Looks like engadget answered what I was asking, if the passwords were hashed & they said yes too.

Tommy McClain

 

[minimoke]

Yeah, I didn't hear the hashed part either.

 

[deathindustrial]

"This problem cannot be dealt with just by Sony" was what was just said by (I believe) their CIO. That certainly sounds like Sony putting their head in the sand, especially if the initial exploit was due to an out of date Apache install. Law Enforcement is for punitive, post-investigative purposes but has zero to do with prevention and best practices. I am not getting "we screwed up, we are going to right the ship" out of this at all, I am instead getting "Anonymous is so mean. Look, a free cookie!" If anything, Sony seems to be looking at this as a marketing opportunity for Playstation+.

They also brought up Anonymous *again* to try to deflect blame despite there being no evidence whatsoever this has anything to do with them (seems more likely a generic automated script looking for vulnerable systems from what they have said so far).

Cheers

 

[Xenus]

Death a question brought up anonymous they said there is no data to connect the attacks what do you want them to do ignore the question all together?