blurredvision
Lifer
- Oct 19, 2000
- 17,860
- 4
- 81
Sony already basically said they weren't concerned with worrying about compensation at this time and would deal with it later.
Sony already basically said they weren't concerned with worrying about compensation at this time and would deal with it later.
Beev
Diamond Member
- Apr 20, 2006
- 7,775
- 0
- 0
Err, what did he say wrong? I'm in the "no compensation needed" camp, but I don't see what's wrong with what he posted.
Gheris
Senior member
- Oct 24, 2005
- 305
- 0
- 0
I think if someone owns a PS3 they every right to be angry. I once owned a PS3 and I am pretty annoyed by this. I am not sure how this ranks in the RROD debacle but personal information loss is a big deal. Especially when they say something like CC information "may" have been obtained.......may? That's pretty poor, system has been down for 5 days and it "may" have been compromised? This statement is damning for Sony. First they did not have the proper security measures in place, and second they do not have a method to confirm which information was accessed even after 5 days. Luckily I never used any of my CCs on PSN, if I did I would be really unhappy. I really feel for those that end up being affected by this.
American Gunner
Platinum Member
- Aug 26, 2010
- 2,399
- 0
- 71
With PSN down, I have been getting back into the 360. I forgot how awesome Live and the controller for the Xbox are, Sony better get there crap fixed.
Kaervak
Diamond Member
- Jul 18, 2001
- 8,460
- 2
- 81
Good lord, if that info from the pastebin is accurate that's terrifying. CC info sent as plaintext? WTF Sony? As a 360 owner, a personal info breach is a hell of a lot worse than a hardware failure. If (ROFL, when) my 360 fails I'm going to be annoyed but it's easy to take care of. A personal info breach containing name, address and possibly CC info, that's a damn nightmare to deal with. You PS3 owners have my sympathies, I truly hope that CC info wasn't compromised for you guys.
i kinda planned on blowing my vacation away on my ps3 but its been down the whole time and now my vacation is almost over.... so ya... and i hate xbox so... i've got nothing to do D:
purbeast0
No Lifer
- Sep 13, 2001
- 53,627
- 6,505
- 126
American Gunner
Platinum Member
- Aug 26, 2010
- 2,399
- 0
- 71
RedRooster
Diamond Member
- Sep 14, 2000
- 6,596
- 0
- 76
Gheris
Senior member
- Oct 24, 2005
- 305
- 0
- 0
Bum Bum Ba Bum
Wherrrrrrrr
How is that?
Saw the Cleartext thing.....wow...just wow. I mean how do you have such poor security on such a huge a network? It's mind boggling. As a computer professional I am absolutely astonished by this. Sony this is truely pathetic. It's too late to build the system from the ground up now, the damage has already been done.
Last edited:
American Gunner
Platinum Member
- Aug 26, 2010
- 2,399
- 0
- 71
Maybe they should have spent less time and money having a douche do commercials about how great their machine is and protected the users.
gorcorps
aka Brandon
- Jul 18, 2004
- 30,741
- 456
- 126
How many xboxes have you had? I hope your answer is more than none, because people who judge shit they haven't used for any length of time are the most annoying pricks on the planet.
Gheris
Senior member
- Oct 24, 2005
- 305
- 0
- 0
No shite. I was actually thinking about getting one of those "Playstation tablets" as well, but after this Sony is not getting any more business from me. I thought the whole "Sony being beat by a sharpie" thing was funny back in the day. Should have seen it as a sign of things to come.
Duder1no
Senior member
- Nov 1, 2010
- 866
- 1
- 0
the shit keeps piling over sor Sony lol
Sony Sued Over PlayStation Network Hack
A class action lawsuit charges that Sony failing to protect personal information and credit card numbers of up to 77 million users.
Sony faces public condemnation as its PlayStation Network (PSN) outage enters its seventh day, combined with a security breach of users' personal information that may have exposed the credit card details of up to 77 million customers.
On Wednesday, Kristopher Johns, 36, of Birmingham, Ala., filed the first class action lawsuit, on behalf of all PSN users, in the U.S. District Court for the Northern District of California. The lawsuit alleges that Sony "failed to encrypt data and establish adequate firewalls to handle a server intrusion contingency, failed to provide prompt and adequate warnings of security breaches, and unreasonably delayed in bringing the PSN service back on line." It also accused Sony of violating the Payment Card Industry (PCI) security standard, which prohibits companies from storing cardholder data.
Sony pulled the plug on PSN and its Qriocity music service on Friday, three days after it discovered "an external intrusion," according to a blog post from Patrick Seybold, Sony's senior director of corporate communications and social media. The outage blocks users from playing online games or accessing multiple services, including Netflix and Hulu Plus. At the time, Seybold said that Sony was attempting to resolve the situation quickly.
By Tuesday, Sony said that the PSN outage was continuing while it attempted to address a situation that was worse than it originally suspected. Namely, Sony's forensic investigation had discovered that a hacker had compromised the personal information of up to 77 million users.
In a letter sent to all PSN and Qriocity account holders, Sony said that "although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birth date, PlayStation Network/Qriocity password and login, and handle/PSN online ID." In addition, the attacker may also have stolen users' purchase history, billing address, and password security questions.
Most alarmingly, however, "while there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," said the Sony letter. "Out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."
What should Sony's customers do to protect themselves? "If you have used the same username/e-mail address with the same password in some other service, change the password now. When PSN comes back online, change your password there as well," said Mikko Hypponen, chief research officer at F-Secure, in an email. Security experts also recommend canceling any potentially compromised credit cards.
In response to the breach, Sony said it had engaged a major security firm to investigate the intrusion and that it was going to "strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information." According to Sony, "our teams are working around the clock on this, and services will be restored as soon as possible."
What exactly might Sony be rebuilding? "Details of the 'rebuild' are not forthcoming so it's hard to identify exactly what they are changing. In my experience with such security issues, however, I would note that complex systems that are built lacking security are often incredibly difficult to debug and patch with security if they aren't built on good foundations," said James Lyne, director of technology strategy at Sophos, in an email interview. "Often, security with such large-scale data processing systems needs to be built into the architecture," and if it isn't, he said, the simplest way to create a secure approach is to simply start from scratch.
On the other hand, "time is of the essence" for Sony, hence "tactical patching in the existing infrastructure--to avoid additional exploits--followed by a complete design review, is a good strategy," he said.
Sony has no doubt started by addressing how a hacker managed to--potentially--steal credit card details for up to 77 million people, which puts it in apparent violation of PCI. Regardless, Lyne said that companies can do better. "The practices required by standards such as PCI are 'decent practices' but I would argue a great deal more could be done to avoid extensive exposure of credit card information," he said. "It's time to apply the lessons learned over the past few years and raise the bar."
Applying lessons learned may not, however, be Sony's strong suit, owing to its reputation for security incidents that spiral into PR disasters, owing to a lack of transparency. Notably, Sony earned mass condemnation--and saw at least one class action lawsuit--in 2005, when it installed a hidden rootkit on users' PCs to block them from copying Sony music CDs. Antivirus firms quickly designated the software, which was extremely difficult to uninstall, as spyware, and set their software to nuke it.
http://www.informationweek.com/news/security/attacks/229402362
Sony Sued Over PlayStation Network Hack
A class action lawsuit charges that Sony failing to protect personal information and credit card numbers of up to 77 million users.
Sony faces public condemnation as its PlayStation Network (PSN) outage enters its seventh day, combined with a security breach of users' personal information that may have exposed the credit card details of up to 77 million customers.
On Wednesday, Kristopher Johns, 36, of Birmingham, Ala., filed the first class action lawsuit, on behalf of all PSN users, in the U.S. District Court for the Northern District of California. The lawsuit alleges that Sony "failed to encrypt data and establish adequate firewalls to handle a server intrusion contingency, failed to provide prompt and adequate warnings of security breaches, and unreasonably delayed in bringing the PSN service back on line." It also accused Sony of violating the Payment Card Industry (PCI) security standard, which prohibits companies from storing cardholder data.
Sony pulled the plug on PSN and its Qriocity music service on Friday, three days after it discovered "an external intrusion," according to a blog post from Patrick Seybold, Sony's senior director of corporate communications and social media. The outage blocks users from playing online games or accessing multiple services, including Netflix and Hulu Plus. At the time, Seybold said that Sony was attempting to resolve the situation quickly.
By Tuesday, Sony said that the PSN outage was continuing while it attempted to address a situation that was worse than it originally suspected. Namely, Sony's forensic investigation had discovered that a hacker had compromised the personal information of up to 77 million users.
In a letter sent to all PSN and Qriocity account holders, Sony said that "although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birth date, PlayStation Network/Qriocity password and login, and handle/PSN online ID." In addition, the attacker may also have stolen users' purchase history, billing address, and password security questions.
Most alarmingly, however, "while there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," said the Sony letter. "Out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."
What should Sony's customers do to protect themselves? "If you have used the same username/e-mail address with the same password in some other service, change the password now. When PSN comes back online, change your password there as well," said Mikko Hypponen, chief research officer at F-Secure, in an email. Security experts also recommend canceling any potentially compromised credit cards.
In response to the breach, Sony said it had engaged a major security firm to investigate the intrusion and that it was going to "strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information." According to Sony, "our teams are working around the clock on this, and services will be restored as soon as possible."
What exactly might Sony be rebuilding? "Details of the 'rebuild' are not forthcoming so it's hard to identify exactly what they are changing. In my experience with such security issues, however, I would note that complex systems that are built lacking security are often incredibly difficult to debug and patch with security if they aren't built on good foundations," said James Lyne, director of technology strategy at Sophos, in an email interview. "Often, security with such large-scale data processing systems needs to be built into the architecture," and if it isn't, he said, the simplest way to create a secure approach is to simply start from scratch.
On the other hand, "time is of the essence" for Sony, hence "tactical patching in the existing infrastructure--to avoid additional exploits--followed by a complete design review, is a good strategy," he said.
Sony has no doubt started by addressing how a hacker managed to--potentially--steal credit card details for up to 77 million people, which puts it in apparent violation of PCI. Regardless, Lyne said that companies can do better. "The practices required by standards such as PCI are 'decent practices' but I would argue a great deal more could be done to avoid extensive exposure of credit card information," he said. "It's time to apply the lessons learned over the past few years and raise the bar."
Applying lessons learned may not, however, be Sony's strong suit, owing to its reputation for security incidents that spiral into PR disasters, owing to a lack of transparency. Notably, Sony earned mass condemnation--and saw at least one class action lawsuit--in 2005, when it installed a hidden rootkit on users' PCs to block them from copying Sony music CDs. Antivirus firms quickly designated the software, which was extremely difficult to uninstall, as spyware, and set their software to nuke it.
http://www.informationweek.com/news/security/attacks/229402362
I don't see why. Arguably Monoprice and Gawker are much more of a computer company than Sony. Monoprice and Gawker entire business revolves around their WWW sites. Sony a big consumer electronic company who's Internet precence is much smaller part of their overall business.
In any case, Sony hires from the same pool of Web designers, DBA's, sysadmins, security experts, etc... as anyone else. The use the same software, the same routers and firewalls and what not. The sad fact is most sites on the Internet can be compromised by an experienced knowlegable and determined hacker. The script kiddies find holes all the time, and they don't have a clue what they're doing.
I feel for your PSN users, I hope it won't effect any of you personally. Im also hoping that Microsoft watches closely, and is already working to make sure it doesnt happen to them as well.
zerocool84
Lifer
- Nov 11, 2004
- 36,041
- 472
- 126
Same here. Thankfully I haven't heard of anybody getting bogus CC charges or having other accounts hacked into.
Wyndru
Diamond Member
- Apr 9, 2009
- 7,318
- 4
- 76
I wish I could, It's been months since I logged in, I don't even remember which pw I used, and now I can't check until the network is back up :\
I didn't get an email notice from playstation about this, I wonder if my account got disabled due to inactivity or something.
I was going to say I hadn't gotten an e-mail about this either, but I just checked and there it was. It'll probably take some time for all the e-mail to go out. There's apparently a lot of it to send.
I can't remember which password I used as well, but since I didn't have anything of value connected with the account, no credit card info, no purchased games, I was using one of my "low security" passwords. So the worst the hackers can do is embarass me with a forged post on these boards or something like that.
NikolaeVarius
Lifer
- Oct 25, 2006
- 11,036
- 11
- 91
http://www.engadget.com/2011/04/27/sony-update-on-psn-qriocity-outage-some-services-up-and-runn/
Everyone calm the fuck down.
"When it comes to the most important personal information like credit card numbers, there are assurances that the credit card database was encrypted and there is no evidence anything was taken, but that's a possibility that still cannot be ruled out completely. To keep things secure, Gamasutra reports game developers are getting new SDKs with updated security features as well."
Everyone calm the fuck down.
"When it comes to the most important personal information like credit card numbers, there are assurances that the credit card database was encrypted and there is no evidence anything was taken, but that's a possibility that still cannot be ruled out completely. To keep things secure, Gamasutra reports game developers are getting new SDKs with updated security features as well."
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 22K
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 384
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
Facebook
Twitter