from what i've listened to it sounds like they still haven't upgraded the softare to stop the expliot . So realisticly as soon as the servers go up they can get hacked again
*ren* PSN Down, Customer Info Compromised
- Thread starter Cheezdoodles
- Start date
from what i've listened to it sounds like they still haven't upgraded the softare to stop the expliot . So realisticly as soon as the servers go up they can get hacked again
This is not the first time my information gets stolen, every forum i sign up to, every web page i register my info at exposes me to the "cyber threat" and sometimes those forums get hacked usually because of some kind of incompetence on someones part. This is failure on a much greater scale but the personal impact for me is no different.
If i were not to use products or services that have failed i could hardly do anything online or buy any products. I need a slim and i have thought about PSN+ for a while, with this disaster on their hands i think Sony will do their outmost to make PSN+ more attractive, i am going to reap the rewards
Fanboish attack the competing products to their preferred choice i don´t see any reason to do that.
This is not the first time my information gets stolen, every forum i sign up to, every web page i register my info at exposes me to the "cyber threat" and sometimes those forums get hacked usually because of some kind of incompetence on someones part. This is failure on a much greater scale but the personal impact for me is no different.
If i were not to use products or services that have failed i could hardly do anything online or buy any products. I need a slim and i have thought about PSN+ for a while, with this disaster on their hands i think Sony will do their outmost to make PSN+ more attractive, i am going to reap the rewards
Fanboish attack the competing products to their preferred choice i don´t see any reason to do that.
The diffrence between beyond3d being hacked and users getting information and psn getting hacked and users getting information are on two hugely diffrent levels.
Beyond3d doesn't know my name , my credit card info and a slew of other things i'd rather hackers not have acess too.
Sony itself hasn't done much to make PSN+ attractive up till this pont , i don't see what they are going to do to move it up to attractiveness .
I dunno your attitude just reminds me of MMORPG players attitudes. Hey they shiped a buggy unplayable game but we are still goign to buy it and give them money and then defend them on it.
When you reward stupidity and mediocrity your just going to be met with more of it.
For sony to really improve anything they would need a mass exodus of users from psn/playstation. If users just blindly continue to support them ythey will just continue making the same mistakes over and over again.
Just look at sony's online strategy . 100m- 150m bought the ps2 and we watched sony stand still on online while sega and ms advanced online console gaming leaps and bounds. The ps3 came out and for a number of reasons never took off like the ps2/1 did and we saw sony trying its best to catch up with MS online.
The same goes with nintendo. You support them and they continue on the same path , the casual well dried up and suddenly they are making wise choices again (or they seem too)
Did you watch the thing, first thing they did were apologizing, and then they proceeded to bow their head in shame for allmost half a minute.
Anyway, the perpetrator is anonymous, if he weren't, they would most likely have been caught by now.
As for if the guy-fawcet-anonymous-people, don't like that what other anonymous people do, they should either stop beeing anonymous, or get a different name, or start having memberslist, and a organisation, or generally stop everyone from doing whatever they want. If you're anonymous, you don't have any say over what other anonymous people do.
Kaz also said that he didn't know if it were the internet-group known as anonymomus, and the dude on the right also said that were background information on some of the challenges they had faced with hacking lately, not only this incident.
Sony can't solve this issue alone, they are a part in this case, so they have to work alongside security firms, and law agencies.
They also did say that they had failed to have sufficent security-measures in place in order to protect their customers, and they were working to improve this.
As for Playstation+ marketing opportunity.
It's a subscription service, we've bought a license for PS+ software.
We subscribers will get it extended for a month, to make good for the lost time when we couldn't use our license.
Same with Quriocity subscribers. but I don't know how that works tough, since it's not available here in Norway.
As for regular playstation-users, they will only get to take advantage of the PS+ service for 30 days for free. After that their account expire, and their games won't be playable anymore.
- That means they probably get access to atleast one free PSN-game, and 2 mini's and one PS1-games, for 30 days, depending on your territory.
They also get's lots of free DLC (Like Killzone 3 map pack, until may 10), and some premium content like themes and wallpaper wich is theirs even when the PSN+ license expires.
In addition they can download alot of software for reduced prices.
PSN+ is a content-service, so Sony is the one who have to pay the various content-providers, if any of the 'free' users takes advantage of the offer free games, as compensation for the downtime.
Pretty sweet deal if you ask me, but if you don't want it because you hate beeing marketed towards, feel free to pretend you don't have access to those games those days..
PS+ is not beeing pushed in your face, the only thing is that on the store some items has a plus on the icon, and says 'Free' or lower than normal price.
Kind a funny, i had WOW in my response, but removed it.
I have played wow since the end of 2004 and it started out very buggy, i kept providing money and have had some of the best gaming moments in my life in that game.
In WOW, accounts, usernames and passwords are stolen on a daily basis in big numbers, maybe that is why i am a bit numb
PSN+ may not have been attractive to you, but i would be surprised if anything that Sony provided would be your interest.
And the information i provide on the different sites i frequent differs, there is a real chance of this not being the last time i get information stolen.
This is the wrong thread to discuss Online strategy.
You just prove my point with wow . Wow continues to be hacked but record numbers of users continue to pay monthly so Blizzard has no reason to fix the problems.
mandatory authenticators would fix 99% of the hacking problems but blizzard wont want to pay the cost of it. So we get shoddy security.
When you enable that attitude your just as guilty as the company that takes advantage of you.
But i've said my peace on the subject and i'm sure it wont change your mind and i'm sure many ps3 owners will be satisfied with the dog and pony show and the free dog treats they are given and in time this will be forgoten by the majority. But it will be forgoten by sony also and thus the cycle will repeat and we will have the same discusion days , weeks , months or even years from now and nothing will change because of it and the cycle will repeate again
mandatory authenticators would fix 99% of the hacking problems but blizzard wont want to pay the cost of it. So we get shoddy security.
When you enable that attitude your just as guilty as the company that takes advantage of you.
But i've said my peace on the subject and i'm sure it wont change your mind and i'm sure many ps3 owners will be satisfied with the dog and pony show and the free dog treats they are given and in time this will be forgoten by the majority. But it will be forgoten by sony also and thus the cycle will repeat and we will have the same discusion days , weeks , months or even years from now and nothing will change because of it and the cycle will repeate again
I doubt that, Sony will have to pay more than it costs to provide prober security.
And in Blizzards case it´s a good example of just how hard it is to provide security. They invest tons of money into security and they do provide free authenticators. The real issue for Blizzard is how much hassle you want the user to have in order to access the services. Ohh and btw, users with authenticators have been hacked
As i said before, everyday i use products that are filled with security holes from companies with lots of history on bad behavior and extremely bad security rep. The number one is Microsoft, how should i avoid Microsoft on a daily basis? Change my PC to Mac? wouldn´t help at all.
Names and addresses are freely obtainable from electoral rolls, phone directories, etc. That's how come paper junkmail is able to contact a person by name at their house, and how investigators into family trees can locate long lost family members. That side of data isn't particularly private and never has been (prior to things like the Data Protection Act) - it's just been limited by distribution.
Password and email data is a significant loss for those who use the same password in lots of places, which is lots of people. And if that password is the same as your email password, God help you! One's email address seems the king pin to a persons internet security, with anyone having access to that able to changes passwords for any site you visit. That's as much a problem with forums as PSN though. Credit card details are something forums don't have to contend with, but remember they haven't been stolen yet and were encrypted. Until we hear otherwise, we can't say Sony weren't protecting our CC info.
Of all the occasions I've known of cards getting compromised, it's been more low-tech, card-holder-present issues. The one time I had my account used it was after reluctantly helping my sister out paying a bill over the phone. You never know if the phone operator on the other end is jotting down your details for their own use later or nor. I never before or since used my card in transactions in stores or over the phone for this very reason. My friend's details were nicked paying by card in a petrol station in the usual way. Those are far riskier transactions, but people do that all the time without the same fear they have over something like this with Sony. A bank of encrypted card numbers is safer than using a CC card in stores in everyday shopping, or to take money out of a cash machine, so the fear response here should be appropriately calibrated.
The real negative here was Sony's slow response, but they haven't tried to cover it up, and are assuming responsibility for consequences. Going forward with their network services division, Sony will possibly have the strongest security of any service now, with other companies feeling themselves safe enough not investing in more protection until they too are hacked.
I wonder big companies like these get together and share security ideas? In the same way developers share code, would Sony explain to other high-risk parties how they were hacked so better protections can be found? Or is that left to the security companies such as that Sony is employing to learn and offer their services?
Password and email data is a significant loss for those who use the same password in lots of places, which is lots of people. And if that password is the same as your email password, God help you! One's email address seems the king pin to a persons internet security, with anyone having access to that able to changes passwords for any site you visit. That's as much a problem with forums as PSN though. Credit card details are something forums don't have to contend with, but remember they haven't been stolen yet and were encrypted. Until we hear otherwise, we can't say Sony weren't protecting our CC info.
Of all the occasions I've known of cards getting compromised, it's been more low-tech, card-holder-present issues. The one time I had my account used it was after reluctantly helping my sister out paying a bill over the phone. You never know if the phone operator on the other end is jotting down your details for their own use later or nor. I never before or since used my card in transactions in stores or over the phone for this very reason. My friend's details were nicked paying by card in a petrol station in the usual way. Those are far riskier transactions, but people do that all the time without the same fear they have over something like this with Sony. A bank of encrypted card numbers is safer than using a CC card in stores in everyday shopping, or to take money out of a cash machine, so the fear response here should be appropriately calibrated.
The real negative here was Sony's slow response, but they haven't tried to cover it up, and are assuming responsibility for consequences. Going forward with their network services division, Sony will possibly have the strongest security of any service now, with other companies feeling themselves safe enough not investing in more protection until they too are hacked.
I wonder big companies like these get together and share security ideas? In the same way developers share code, would Sony explain to other high-risk parties how they were hacked so better protections can be found? Or is that left to the security companies such as that Sony is employing to learn and offer their services?
(((interference)))
Veteran
Well, someone seems to have tried to access my Amazon account and buy something as Amazon has sent me an email saying they've detected unauthorised account activity and shut down my account.
It seems that yesterday someone tried to make a $10 payment to some 'Offerpal Media' for '49 YoCash (85MSPRD_357819719)' using my credit card but the transaction failed.
It might well be related to the PSN fiasco as my PSN and Amazon accounts share email addresses and passwords. Thankfully I use a different password for banking and my email itself.
It seems that yesterday someone tried to make a $10 payment to some 'Offerpal Media' for '49 YoCash (85MSPRD_357819719)' using my credit card but the transaction failed.
It might well be related to the PSN fiasco as my PSN and Amazon accounts share email addresses and passwords. Thankfully I use a different password for banking and my email itself.
Last edited by a moderator:
I don't disagree, however it's an odd coincidence - maybe Geohotz made it easier in some way (exposed a weakness) is all I'm saying. Often things like this are due to several factors that all add up to one event (from personal experience), this seems too soon after the hack for such a serious attack to have nothing whatsoever to do with it.
http://www.sony.net/SonyInfo/News/Press/201105/11-0501E/index.html
Just because you don't use your creditcard online dosn't mean that it's secure. :-/
But with less use, you're more secure. But the second you sign up for a credit card your credentials get's stored in a online database. And both City Group or Discovery wich probably issued your card, probably has several data-theft each year, aswell as many other stores you use it in.
Anyway, hopefully the hackers most likely don't know our passwords either, it's beeing hashed locally on your PS3, before beeing sent in to PSN.
Hashing changes your password like this:
However it's still a vulnerability even if he don't know how to decipher it, with the custom-firmware, the hacker could write his own PSN login-software, wich send out the hash-value he needs no matter what he types in where you would type in a password.
(This podcast explain it pretty good)
So that is why Sony wants you to change the password with the firmware-upgrade.
And it also needs to be done on a PS3 wich you've activated your account on, this way it will know it's not any fake yourself wich comes along and do try to change it.
I don't think that a known threat neccesarily mean that the backdoor was wide open.
It just means that the experts have seen the tool or concept before, and know how the tool wich were beeing built on their servers works.
When they move data from the thousand computers in the old serverpark to the new one, they need to be able to move the data without bringing the infection with them to the new server park. And this goes quicker when it's a known tool/concept, than if they didn't know how the malicious tool worked.
So that is why Sony wants you to change the password with the firmware-upgrade.
And it also needs to be done on a PS3 wich you've activated your account on, this way it will know it's not any fake yourself wich comes along and do try to change it.
Thanks for the password info
Regarding the above - do we know if 'hacked' PS3s could 'pretend' to be other PS3s - and if so could the people who stole the data match a PS3 with a password? It seems possible to me...if highly unlikely.
Sony may have been targeted due to its attitude toward the hacking community because of how Sony treated geohot, Graf and fail0verflow. I remember thinking there would be hell to pay when you give the hackers a reason to target your company. Geohot's hack of Other OS may have been the spark, but Sony may have provided the fuel for the fire.
OTOH, it could be that PSN was a convenient target of opportunity and that it was low hanging fruit for the criminal elements.
Be *very* careful with things like this. It may be that this is a legitimate fraud detection playing out for you, but every single time I have received an email such as this - and it has been many many times - the email itself is the scam/fraud. On email/return links, mouse over to see where the destination URL is; almost always it will be a fraudulent source masquerading as the vendor in question. Think about what email addresses the vendor has on file, how they normally structure their communications with you, whether what you're reading seems legitimate.
Emails specifically like the one you describe I should note. If they ask for login/password or to link from the email, do not do it. Go to the site directly via a different browser/window and check it out like that if you feel so inclined. Else you may find the fraud alert becomes self-fulfilling.
I would expect fake PSN related emails to begin propagating before too long; proceed very cautiously, and again, don't click any links.
Just as an example I got some fake Netflix email on Friday saying my account had been suspended. Well, first of all Netflix doesn't have the email address this email went to. The rest becomes pretty obvious, and as typical the link URL was to something other than the actual vendor domain, and in this case to netflix-check.co.cc (I wouldn't advise anyone visit that, whatever it is)
The above was one of the least sophisticated of the scam emails I regularly receive to my work email address, and believe me I worry about how others might pursue action in similar circumstances every time I get one myself. And reading what your own email supposedly said, I have to tell you that it wreaks of an Amazon pretender. Going to Amazon directly outside of that email and seeing if the account has indeed been shut down is the way to establish the veracity; following a link and entering username/password is just a way to directly validate ID and enable an actual thief.
Last edited by a moderator:
I guess I'll be doing it through email, then, because that system is long dead.
To the people saying this is Goehot's fault for hacking the PS3: What indication is there that the perpetrator used a PS3 to perform this attack? Wouldn't it be far simpler to just use a PC?
For the people saying that it's a response by hackers to how Geohot was treated by Sony: True hackers would not steal data. It's as simple as that. By all accounts, this was done by a bunch of cybercriminals out of Russia or someplace, for the sole purpose of selling the stolen information on the black market. They did it for the money, and that's all. There was no "revenge" motivation or anything. That's evident enough in the simple fact that they didn't attack Sony.. they attacked us, the users. Sony was merely the middleman. The normal hacking community are users just like us. A lot of them probably have PSN accounts themselves. That's what makes me believe Anonymous when they stated that they didn't do this. It's not what they do, period.
If it is some stupid script-kiddie or a rogue group from Anonymous, then God help them. Because the hacking community, and the rest of Anon, will get wind of it and tear them to pieces, and then hand all of their personal information to the authorities.
For the Sony-haters: Who else is there that you trust implicitly? Do you really think that Microsoft and Nintendo are immune to this kind of thing? No one is. No. One. The more people say that this is all Sony's fault, the more likely someone's going to take down Xbox Live just to prove a point.
Thanks for the password info
Regarding the above - do we know if 'hacked' PS3s could 'pretend' to be other PS3s - and if so could the people who stole the data match a PS3 with a password? It seems possible to me...if highly unlikely.
Yes, hacked PS3s can return any info whatsoever that the user wants it to, including spoofing itself as another and different PS3. The trouble with this is in obtaining the actual values to use from the spoofed console.
Hopefully for the users' sakes that console registration information was not part of the data breach. If it was, the moment the PSN is enabled and if PSN prompts for password change BEFORE the old password is required or allows for a password reset without the old password, the hackers can simply login as any user they like and set the password to whatever they want it to be. I don't think that situation is likely. They will likely require the old/current hacked password as part of the login and then prompt for a password reset.
Sony's faults in this situation are not keeping their software current and patched in addition to their incompetency in waiting over a week to notify the consumers of the breach. Those two realms are completely Sony's fault.
I'm no Sony fan, but I think they did enough apologizing & offered more than enough compensation for most of those affected. So much in fact, that I think they will restore faith in the majority of their customers regardless of whether I think they deserve it or not. Now they won't come out of this unscathed either. I'm sure there will be a small percentage leave & PSN will continue to have the black eye of bad security associated with it for the near term. The Escapist has suggested 1 in 5 are considering leaving PSN for Xbox Live, but I think that's too high. Anyway, it will be interesting to see how it effects new products like NGP & the tablets and whether or not they start charging for the service.
Tommy McClain
Tommy McClain
As with anything security related, if it is not open and peer-reviewed the probability of having an issue is seriously increased.
Amazon, Apple, Google, Microsoft, Nintendo, Sony or whom ever that runs an online business with information stored about customers etc are targets for people with malicious goals and most likely will be cracked and exploited in someway.
As for Sony they dropped the ball, they dropped it first. Could they have done better, sure, everybody can always do better, but that is extremely easy to say in hindsight.
You can crucify Sony as much as you want, boycott them and their products, but believing your safe by going to Microsoft or Apple instead, your just setting yourself up for another fall.
Amazon, Apple, Google, Microsoft, Nintendo, Sony or whom ever that runs an online business with information stored about customers etc are targets for people with malicious goals and most likely will be cracked and exploited in someway.
As for Sony they dropped the ball, they dropped it first. Could they have done better, sure, everybody can always do better, but that is extremely easy to say in hindsight.
You can crucify Sony as much as you want, boycott them and their products, but believing your safe by going to Microsoft or Apple instead, your just setting yourself up for another fall.
Similar threads
