*ren* PSN Down, Customer Info Compromised
- Thread starter Cheezdoodles
- Start date
This is technically a good move by them, although I'm sure the media will unfairly tie it in with the previous catastrophies. A security fault elsewhere has been detected and stopped. That's like Amazon publishing that they found a load of people's credit cards had been cloned, had stopped orders, will honour wrong purchases, and have notified the affected parties. Public disclosure lets everyone know the extent of the problem and that fraud is ongoing, and hopefully enough public security breaches will motivate people to actually get some proper security. The same password and email for everything is almost akin to everyone keeping a front-door key under the doormat.I'm pretty through with Sony at this stage, but maybe they really are deserving of some credit...
Momentary OT: To be fair, a lot of the reason UAC was as annoying as it was when Vista launched was that Windows application developers did a poor job following best security practices despite extensive documentation provided by Microsoft on how to write applications that properly respected the system security policies they intended to put in place for Vista. I'm not saying flashing warnings every couple of seconds was necessarily the best approach, but developers carried over a lot of bad habits from Win 9X to Win XP that really should have been corrected by the time Vista came out.
Back on topic: This PR seems to me to show a lot of improvement. It's timely, detailed and indicates a proactive security response. Kudos to them for addressing their earlier shortcomings.
UAC generated noise through 'false positives'. So much of it's noise was unwarranted that people learnt to ignore it. As long as security alerts are only kosher it should help highlight the fact. If they become so commonplace that people become complacent, I say they deserve their accounts to get hacked!
I would say that this is because crap software abusing Windows. The company I work for released software that required the user the be admin just a year ago....
Dunno. Windows was completely open and a lot of folk developed software without ever seeing or hearing about official MS guidelines. It's all very well MS saying this software 'incompatibility' wasn't their fault, but Joe Public wasn't ever looking for software that follows official guidelines and just experienced all his favourite, trusted apps giving him grief. And there are SOOOOO many PC apps that MS couldn't really expect every one to be correctly coded. They didn't have that much control and the platform took a life of its own that their attempts to better control caused a lot of aggro.
Internet breaches are nothing like, and reporting on such security faults has to be the way forward. Only if someone introduced a change in the HTTPS protocol or something, and people got used to seeing and ignoring security warnings from imperfect websites when submitting data, could it be considered similar. People's expectations are set and a sea change in such an open environment as HTML couldn't be handled in a controlled fashion.
This it OT, but what should MS had done? Keep everyone running as root/admin?
Source?
Actually, that seems a bit unfair, at least just going from Sony's own words in the above posted quote, as it appears they weren't completely caught with their pants down this time.
I'm pretty through with Sony at this stage, but maybe they really are deserving of some credit...
I agree.
The fact that the enormous majority of sign-in attempts failed indicates that whatever they were using to attack the network was not actually a remotely current list of actual PSN subscriber account name/password pairs.
I'd guess it was either:
a) A list of compromised e-mail accounts that someone just tried to point at PSN (as I believe has already been suggested) OR
b) The list of username/password pairs that were presumably leaked during the big leak a while ago, the vast majority of which would of course no longer work.
In either case, it doesn't represent any additional actual data leaks by Sony, and the fact that the detected the intrusions, locked down any compromised accounts, and then reached out to let people know what was going on so that there wasn't a bunch of rampant speculation the first time someone with a locked account tried to log on and made a blog post was a heads up decision.
As far as I'm concerned, they did everything right here.
I don't have the answer, so thankfully can't carry on this OT. Actually, basically, the answer is the same in every such situation - design things right in the first place! Because legacy systems cause way too many problems, and anything that goes public as an open system will take on a life of its own.
The PSN account lock down is very specific. Millions of people sign in all the time. They locked the 92,000 accounts because they look suspicious. For those people, it's more than an alert. They have to follow up with Sony to determine if their passwords are compromised. I doubt Sony will bother us for every intrusion attempt (There are many attempts every day, every week). It costs Sony money to send out these alerts.
In the UAC example, putting up a dialog has no/negligible cost to MS. I think Windows 7 already relaxed Vista's system because customers complained about too many prompts.
In the UAC example, putting up a dialog has no/negligible cost to MS. I think Windows 7 already relaxed Vista's system because customers complained about too many prompts.
Woah! What info did the hackers who got into your account manage to take?
I think his point is that XBOX Live is under attack just like PSN is and then there is a stab at the customer service which i guess would require another thread. And your point is?
The MO is they either brute force your password or use login credentials from somewhere else. Once they have access to your Live account they buy 6000 and then 4000 MS points using your attached credit card/paypal account. Then they spend all the points on XBLA games and DLC or transfer them to another tag, play some FIFA12, maybe they transfer your GamerTag to a new Windows Live account, maybe they transfer your tag to a new region (Russia or China). Basically they make themselves at home using your gamertag on their (presumably) modded 360 until you notice what's happening and notify MS support.
In my case there was no available balance on my card when they attempted to buy the points so the transactions were declined. I was also awake and at my computer right when it was happening and you get an email even for failed purchase attempt so I immediately logged in at xbox.com and changed my password. But since they couldn't successfully buy any points it seems they just moved on.
Similar threads
