*ren* PSN Down, Customer Info Compromised

[Xenus]

The anger comes far more from the length of the shutdown and people wanting to use it already then Sony's bumbling PR.

 

[macabre]

I don`t think so. Anyway, finally some more specific information : http://ps3.nowgamer.com/news/5657/psn-back-up-wednesday-expert-claims

 

[Rotmm]

The anger comes far more from the length of the shutdown and people wanting to use it already then Sony's bumbling PR.

You honestly think so? I'd have thought good customer communication, regular progress updates and a realistic timetable (that could easily be extended if necessary) for the resumption would alleviate much of the anger currently being seen.

Edit

Anyway, finally some more specific information : http://ps3.nowgamer.com/news/5657/psn-back-up-wednesday-expert-claims

How is that 'more specific information'? It's yet another guess by someone who is unrelated to Sony.

And of course that's part of the problem... with Sony not making any steps at all to feed information into the marketplace, we have newshounds either adding 1 and 1 and coming up with 7 (Anon) or going to 'experts in the field' to make guesses that are then sometimes taken as facts, or at the very least 'specific information'.

 

[deathindustrial]

I don`t think so. Anyway, finally some more specific information : http://ps3.nowgamer.com/news/5657/psn-back-up-wednesday-expert-claims

Not sure why this random guy's opinion on when PSN is coming back up is any more likely to be accurate than yours or mine. Also, anyone care to unravel this strange quote?

Some random dude then clarifies possible changes to the service, "the only change the consumer may see is to the way we log in to PSN."

"Automated logins may be disabled, which is what a lot of the Distributed Denial of Service attack programs use to strain the servers."

Hard to tell whether the guy is simply full of it or whether the author just misquoted him or something.

Cheers

 

[bkilian]

Hmm, I absolutely hate if services store your credit-card detail, PSN does this and so does Amazon.
No easy way to disable this "feature" either.

Successful attackers can do with the rest of my PSN Account whatever they want, they earned all the worthless accomplishments on it

I worked at Amazon, and having seen the system they use to protect credit card numbers (affectionately known as CC Motel), I would be extremely surprised if credit card numbers were ever compromised at Amazon. Not even employees can ever retrieve a credit card number from an account, and the system that does store them is physically isolated and has no internet connection. When you add a credit card, it submits the number to the CC Motel (using a serial protocol with only a couple of very well defined simple commands) and gets a token back, which is stored in the account. When you buy something, they present the token and the amount to CC Motel, and it returns if the charge was successful or not. That's it.

 

[Rotmm]

I want to live it up at the CC Hotel, it sounds such a lovely place

 

[Rotmm]

Not sure why this random guy's opinion on when PSN is coming back up is any more likely to be accurate than yours or mine.

I got a little pissed-off earlier when someone posted the below comment as fact in response to a Kotaku story earlier:

they've lost everything, absolutely everything

trophy data
backup saves
purchase info and previously downloaded content
account info

all gone.

currently trying to piece it all together from historic back ups but according to sources it's not happening

Rumour is Kaz is going to announce a press conference shortly advising users as to how best to recover data from their own machines (if they can work out how to do it).

But the problem is without user account data they cannot reup the data to network because there's nothing to tie it to.

As such it's looking like a day zero reboot and massive headache proving what you've previously purchased for everybody with a PS3

So the first commenter posts it, saying it was from a trusted source and all of a sudden half-a-dozen thickos believe it. A little investigation and I discovered the 'source' of the post being the opinion of an anonymous poster on a tiny messageboard.

And yet, and yet some people were all to willing to believe it and, once can assume, further spread the rumour.

 

[Npl]

I worked at Amazon, and having seen the system they use to protect credit card numbers (affectionately known as CC Motel), I would be extremely surprised if credit card numbers were ever compromised at Amazon. Not even employees can ever retrieve a credit card number from an account, and the system that does store them is physically isolated and has no internet connection. When you add a credit card, it submits the number to the CC Motel (using a serial protocol with only a couple of very well defined simple commands) and gets a token back, which is stored in the account. When you buy something, they present the token and the amount to CC Motel, and it returns if the charge was successful or not. That's it.

And it does so while being isolated from the net? Wow, Im extremely impressed :smile:

 

[makattack]

I worked at Amazon, and having seen the system they use to protect credit card numbers (affectionately known as CC Motel), I would be extremely surprised if credit card numbers were ever compromised at Amazon. Not even employees can ever retrieve a credit card number from an account, and the system that does store them is physically isolated and has no internet connection. When you add a credit card, it submits the number to the CC Motel (using a serial protocol with only a couple of very well defined simple commands) and gets a token back, which is stored in the account. When you buy something, they present the token and the amount to CC Motel, and it returns if the charge was successful or not. That's it.

Yah, that's a typical solution for "removing a system from direct internet connection" but you have to know that the weakness to that method of having physical security for the system is those systems that *are* connected to it... and those systems are on a network of some sort, which ultimately ends up accessible from the internet.

So, if someone were to compromise the systems with the direct serial connection to the CC Motel, they could conceivable get CC Motel to make a lot of random charges on various accounts... if they know how to craft the request properly... sure, big ifs... but there are always vulnerabilities.

 

[bkilian]

And it does so while being isolated from the net? Wow, Im extremely impressed :smile:

Yep, it has a hardline direct to a payment processor. No net at all.

 

[bkilian]

Yah, that's a typical solution for "removing a system from direct internet connection" but you have to know that the weakness to that method of having physical security for the system is those systems that *are* connected to it... and those systems are on a network of some sort, which ultimately ends up accessible from the internet.

So, if someone were to compromise the systems with the direct serial connection to the CC Motel, they could conceivable get CC Motel to make a lot of random charges on various accounts... if they know how to craft the request properly... sure, big ifs... but there are always vulnerabilities.

Right, if someone compromises the sytem, ,they can possibly make charges to accounts, although they would not get the money. What they couldn't do, though, is steal the credit card number and then sell it/use it for their own financial gain.

 

[mrcorbo]

Apparently the fears of users' personal information being compromised were well-founded. There is no evidence yet that Credit Card data has been compromised, but it hasn't been ruled out either.

 

[Scott_Arm]

Apparently the fears of users' personal information being compromised were well-founded. There is no evidence yet that Credit Card data has been compromised, but it hasn't been ruled out either.

Shite. Time to start changin' my passwords again.

 

[AlNom]

:| Yikes.

 

[mrcorbo]

They've known about this for a week (if not the extent of it) and this is the first communication to users that their personal information may have been compromised.

 

[mrcorbo]

:| Yikes.

Thread title change to reflect this info? People need to know about this.

 

[AlNom]

I've updated the first post as well.

Bloody awful situation. Wonder what the lashback will be against Sony from a legal standpoint.

 

[Scott_Arm]

They've known about this for a week (if not the extent of it) and this is the first communication to users that their personal information may have been compromised.

Yeah, if they had suspicion that it might have been this serious, they should have said something right away, to err on the side of caution. Dicks.

I also appreciate that they didn't even bother to send this information to their PSN subscribers in an email. I mean, putting this information on their blog is obviously the best way impart this information to their casual subscribers. I'm sure all of the subscribers read that blog every day.

I'm also trying to remember if I had my credit card number stored on my profile. I don't think so ... What a huge pain in the ass, since I can't even log in to see. Request a new credit card? Yes or no?

 

[digitalwanderer]

Damn, did Sony do anything right in this situation?

 

[Scott_Arm]

Seen on arstechnica:

"PlayStation: It only gives away all your information."