PSN In "Final Testing Stages," Free ID Theft Protection Incoming
See Full ImageFor this piece of news, interpretations will vary.
Sony's latest update concerning the ongoing PlayStation Network outage has been posted at the PlayStation Blog, where we learn Sony is currently in the "final stages of internal testing of the new system." Now, that sounds like good news on the surface, but many will remember their claim that "some services" would come back this week...seems like they're a little late. Even so, we figure Sony should get this resurrection right the first time around.
In addition to this status update, it has also been announced that Sony plans to offer PSN users "free enrollment in an identity theft protection program." The electronics giant has teamed up with Debix, Inc. in order to provide all US-based PSN and Qriocity users with 12 months of coverage in the company's AllClearID Plus program. The cost? Free. You'll have until June 18 to sign up and Sony says users will start to see activation e-mails for the service "in the coming days." If you're in another country, Sony says they're pursuing other ID protection plans for you.
The AllClearID service features an insurance policy worth $1 million that covers the impact of identity theft. Sony will also "monitor criminal websites and data recovered by law enforcement" for users data; if they find your information where it shouldn't be, you'll receive a phone call or e-mail notifying you of the situation. You'll take advantage of that, right?
Tags: psn, psn outage, playstation network, sony
5/5/2011 8:43:53 PM Ben Dutka
Put this on your webpage or blog:
Email this to a friend
Follow PSX Extreme on Twitter
Comments (143 posts)
Clamedeus
Thursday, May 05, 2011 @ 10:07:08 PM
17 up, 1 down
AcHiLLiA
Friday, May 06, 2011 @ 9:38:34 AM
Last edited by AcHiLLiA on 5/6/2011 9:45:55 AM
3 up, 1 down
phade2blaq
Sunday, May 08, 2011 @ 12:19:02 PM
They are still selling faulty Playstation consoles i.e. (Freezing, Skipping, Disc Read Errors, and exclusive to the PS3 YLOD !
These problems have persisted for some 15 years now and Sony has never done the right thing regarding this !
With the PSN, giving us then taking away BC, not allowing PS3 owners the option to use the other OS and no cross game chat, Sony continues to drop the ball and they do not listen to what the consumers want !
Without loyal Playstation customers, their brand could be in serious jeopardy as other PS3 owners growing tired of the outage have already jumped ship !
Most PS3 games are not playable online so without the PSN the PS3 is rather useless unless you like watching movies which I have a stand alone blu-ray player for !
They need to get the PSN back up because the longer they take the more patience PS3 owners are losing not too mention folks will be skeptical of trusting Sony with their personal data !
This doesn't bode well for Sony which has allowed its stubborness yet again prevail over common sense !
0 up, 0 down
phade2blaq
Sunday, May 08, 2011 @ 12:19:07 PM
They are still selling faulty Playstation consoles i.e. (Freezing, Skipping, Disc Read Errors, and exclusive to the PS3 YLOD !
These problems have persisted for some 15 years now and Sony has never done the right thing regarding this !
With the PSN, giving us then taking away BC, not allowing PS3 owners the option to use the other OS and no cross game chat, Sony continues to drop the ball and they do not listen to what the consumers want !
Without loyal Playstation customers, their brand could be in serious jeopardy as other PS3 owners growing tired of the outage have already jumped ship !
Most PS3 games are not playable offline so without the PSN the PS3 is rather useless unless you like watching movies for which I have a stand alone blu-ray player for ! I buy game machines to lay games on not watch movies or videos !
They need to get the PSN back up because the longer they take the more patience PS3 owners are losing not too mention folks will be skeptical of trusting Sony with their personal data !
This doesn't bode well for Sony which has allowed its stubborness yet again prevail over common sense !
Last edited by phade2blaq on 5/8/2011 12:21:12 PM
1 up, 0 down
Highlander
Sunday, May 08, 2011 @ 10:36:51 PM
Oh, yeah, that's right Sony, what have they ever done for gaming right? My god, they're just leeches with no positive contributions right?
Reading your post was like reading some weird alternate history of gaming.
I've had the original PlayStation a PS1, a launch PS2, a slim PS2, my family has 3 PS3s between us, and three PSPs and you know, with the exception of DREs on the PS2 that developed about 4 years after purchase, and were fixed in 5 minutes, I've not had a major problem with PlayStation gear.
I note that the entire gaming industry we have today would be vastly different without Sony and their iconic and visionary PlayStation brand.
But you know when I read your post, I was reminded of Monty Python's life of Brian and the "What have the Romans ever done for us" skit. The point being that despite all the things that people found to be wrong with the Roman empire, we are still using some of their innovations and social services today, roads and public sanitation being two examples. Your posts kind of comes across as the same thing. Ignoring all the good things Sony has done for gaming and gamers, and exaggerating all the negatives.
Pretty biased if you ask me, do you have an agenda?
1 up, 0 down
ZettaiSeigi
Thursday, May 05, 2011 @ 9:39:35 PM
Reply
I also appreciate Sir Howard Stringer's letter that was shared in the PlayStation Blog and Kazuo Hirai has also expressed his apologies on behalf of Sony. Personally speaking, Sony has already done what they had to do with regards to the hacking of the PSN.
13 up, 0 down
FxTales
Thursday, May 05, 2011 @ 9:41:49 PM
Reply
9 up, 0 down
WorldEndsWithMe
Thursday, May 05, 2011 @ 9:43:49 PM
24 up, 2 down
Qubex
Friday, May 06, 2011 @ 12:12:05 AM
Q!
"play.experience.enjoy"
3 up, 0 down
WorldEndsWithMe
Thursday, May 05, 2011 @ 9:43:19 PM
Reply
3 up, 0 down
frylock25
Thursday, May 05, 2011 @ 10:03:31 PM
1 up, 0 down
WorldEndsWithMe
Thursday, May 05, 2011 @ 10:28:34 PM
2 up, 0 down
johnld
Thursday, May 05, 2011 @ 11:29:58 PM
2 up, 0 down
Dancemachine55
Friday, May 06, 2011 @ 12:03:12 AM
Had to call their customer service just to get auto-renewal of Live Gold turned off. Then found out I had to remove all my points to have my CC info removed from Live. Still didn't work so I found out that your Live Gold subscription had to expire before you could remove your CC info. HOW DUMB IS THAT!!!
Sure, Live has Cross game chat, but thats the only thing about Live thats better than PSN. Altering account info and removing payment options is FAAAAAAR easier on PSN than Live.
Anyone who says Live is better in every way is an Xbot fanboy and is ignorant of user-friendly services.
12 up, 0 down
Qubex
Friday, May 06, 2011 @ 12:13:58 AM
Q!
"play.experience.enjoy"
4 up, 1 down
BTNwarrior
Thursday, May 05, 2011 @ 9:46:16 PM
Reply
Last edited by BTNwarrior on 5/5/2011 9:46:46 PM
7 up, 0 down
Qubex
Friday, May 06, 2011 @ 12:15:21 AM
Honestly, I would have preferred a selection of free games...
Q!
"play.experience.enjoy"
0 up, 1 down
Highlander
Friday, May 06, 2011 @ 12:29:41 AM
3 up, 0 down
Highlander
Friday, May 06, 2011 @ 12:29:41 AM
0 up, 0 down
WorldEndsWithMe
Thursday, May 05, 2011 @ 9:48:11 PM
Reply
So Sony just ALLOWED this did they? *eyeroll at gamespot*
12 up, 0 down
FxTales
Thursday, May 05, 2011 @ 9:51:00 PM
6 up, 0 down
Ben Dutka PSXE [Administrator]
Thursday, May 05, 2011 @ 10:00:46 PM
7 up, 1 down
Killa Tequilla
Thursday, May 05, 2011 @ 10:18:02 PM
At this point they are in the denial stage.
Last edited by Killa Tequilla on 5/5/2011 10:19:16 PM
4 up, 0 down
Deleted User
Thursday, May 05, 2011 @ 10:20:44 PM
BTW, Ben, thanks for finally getting rid of the bots. I haven't seen one in a long time here.
4 up, 0 down
Ben Dutka PSXE [Administrator]
Thursday, May 05, 2011 @ 10:43:02 PM
9 up, 0 down
Highlander
Thursday, May 05, 2011 @ 11:01:27 PM
Last edited by Highlander on 5/5/2011 11:02:42 PM
4 up, 0 down
Qubex
Friday, May 06, 2011 @ 12:20:26 AM
Let's always keep a balance and consider all facts equally... Many people would say Sony are to blame for the most part and brought this upon themselves.
Whatever you want to believe always keep an open mind and don't be blind sided, it happens to often in this world, where emotional thought destroys any sense of logic or counter balance. Its important to retain some sense in all of this... each side will blame the other.
Personally I am neutral. I lost Other OS, caused me issues, but I like the Sony exclusives, and therefore I keep my PS3. Everything else is not of interest to me...
Q!
"play.experience.enjoy"
0 up, 0 down
Qubex
Friday, May 06, 2011 @ 12:24:49 AM
--------------------------------------------------------------------------
"In US congressional testimony Dr. Gene Spafford of Purdue University said that Sony was using outdated software on its servers and knew about it months in advance of the recent security breaches. According to Spafford, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which "was unpatched and had no firewall installed." The issue was "reported in an open forum monitored by Sony employees" two to three months prior to the recent security breaches, said Spafford.
So...
No firewall
No encryption
No software updates
No monitoring
No listening to their own forum
No to quality control on their hardware
Certainly trust in Sony is very lacking.
Makes you wonder how many *other* companies we do business with on a day to day basis are just as incompetent in their practices without us knowing it. Until something like this happens that is."
--------------------------------------------------------------------------
Q!
"its in your interest to know"
Last edited by Qubex on 5/6/2011 12:25:38 AM
2 up, 1 down
Highlander
Friday, May 06, 2011 @ 12:37:11 AM
Balance is definitely required and the possibility of an inside job definitely exists.
However your list needs correction.
So...
No firewall - at that particular server, I don't know about their specific architecture, but my current organization doesn't depend on firewalls on the application servers, they use a strong perimeter, whether the app server had a firewall or not, isn't an indication of whether there were perimeter defenses between the server and the outside world. I'm practically certain Sony has talked of firewalls at the perimeter of their network.
No encryption - CC data was encrypted and passwords were hashed. What's all this no encryption stuff eh?
No software updates - big mistake on their part.
No monitoring - they were monitoring, that's how they detected the attack. For instance, they saw that servers were restarting outisde their normal schedule.
No listening to their own forum - They may have listened, but not acted. We don't know.
No to quality control on their hardware - how do you work that one out?
6 up, 0 down
Highlander
Friday, May 06, 2011 @ 12:59:54 AM
BYW this Gene Spafford, doesn't he have a consultancy service that has worked for Microsoft - among others? Not that I'm saying that the Micrsoft work itself creates a conflict of interests, but Sony engaged 4 separate companies to aid int eh investigation of the attack, none of which were his. And yet here he is presenting as simply a professor at Purdue when in fact he's runs a computer security consultancy also. Perhaps a conflict of interest to be drumming up fears about computer network security when you stand to gain from the additional work?
Also, the monitoring of Internet forums. Your comment makes it sound like this forum was some kind of specific feedback forum, when in fact it's more like this;
"On a few of the security mailing lists that I read, there were discussions that individuals who work in security and participate in the Sony Network had discovered several months ago, while they were examining the protocols on the Sony Network to examine how the games worked, they had discovered that the [PlayStation] Network servers were hosted on Apache Web servers--that's that form of software. But they were running on very old versions of Apache software that were unpatched and had no firewall installed, and so these were potentially vulnerable. They had reported these in an open forum that was monitored by Sony employees, but had seen no response and no change or update to the software. … [And] that was two to three months from when the break-ins occurred."
Apart from some odd phrasing - "they had discovered that the [PlayStation] Network servers were hosted on Apache Web servers--that's that form of software. " What now? That's just plain awkward phrasing, and sounds almost like a non-technical person trying to sound technical. Either way, odd.
He's not talking about a Sony specific forum, he's talking about a public forum that he claims was monitored by Sony. Also, the other curious phrasing - "individuals who work in security and participate in the Sony Network had discovered several months ago, while they were examining the protocols on the Sony Network to examine how the games worked"
Um, if they work specifically for Sony or a Sony developer, they already know how the games work, it's in their SDK. If on the other hand they are those security researchers (as FailOverflow and others call themselves) who like to poke around and tinker with things, I'm not so sure I'll take their word as gospel. Seriously, if you participate in the Playstation Network, is he saying that they are developers of PSN games, or gamers? If they are developers they aren't going to be poking around that way, if they are gamers and they want to cheat or hack they will be.
As I said, some interesting phrasing in that comment by Dr Spafford. Some very inexact phrasing for someone so academic...
Ah, the other thought that occurs is that I wonder whether this might be the same forum where the supposed clear text CC details were claimed to be passed between PS3s and the web servers. Sadly, upon closer inspection the claimed sample was an obvious test packet, and had been decrypted since the actual data is sent through SSL, not open text. These discussion forums are chock full of "security researchers" making all sorts of claims.
Now, if Spafford and his firm of experts had done the checking on the servers and found the same things, I would be more prepared to take his word for it. But since he's relating a third hand account of a second hand conversation on a public Internet forum, you'll have to excuse me for being so skeptical.
Oh, people in the industry have a good idea of the extent of the problems, a lot of it just goes unreported in the public eye.
Last edited by Highlander on 5/6/2011 1:07:47 AM
9 up, 0 down
Qubex
Friday, May 06, 2011 @ 2:26:47 AM
Thanks for yours as always.
Q!
"play.experience.enjoy"
0 up, 0 down
Highlander
Friday, May 06, 2011 @ 3:14:30 AM
If Sony's systems were as insecure as he appears to allege, then during the course of the FBI/DHS investigations the findings of the various forensic teams and consultants engaged by Sony to investigate will supplement the investigations of the teams from the FBI and DHS, you'd expect one or more of those teams would have similar findings. So, presumably one day we will know for sure.
I read some more of Spafford's comments, I really hate it when academics start a consultancy and then pimp it's services like this quote from an article citing the good Doctor.
<<<The problem, according to Spafford, was that law enforcement was not adequately equipped to deal with the problem. He also said that most companies were not equipped with enough security measures because "investing in security measures affects the bottom line. They don't understand the risks involved by not investing in security. … So when they are hit, they pass that cost along to their customers, and to the rest of society." >>>
Remember he's testifying to Congress as an academic expert from Purdue, but at the same time runs a consultancy that specializes in offering security services to organizations with an online presence. He also indulges in a little bit of scaremongering claiming that the breach could cost up to $24 billion. All in all, any credibility he had at the outset was shot down by the end.
That's not to say that there is nothing to the discussion he mentioned about unpatched Apache, the servers were clearly not fully patched and Sony themselves revealed that the attack exploited a known vulnerability. So there is clearly something there. But I just don't think it's helpful for an academic to turn up at a congressional hearing and cite a third hand conversation between parties unknown on a relatively anonymous Internet forum as if it is indisputable fact. It doesn't feel like the kind of thing that an educator grounded in the scientific method would do.
2 up, 0 down
___________
Friday, May 06, 2011 @ 4:31:54 AM
by having outdated servers they literally gave them the keys!
they got warnings from so many people to update the software because there at risk of a security breach.
but did they listen?
hopefully they will learn from this, and update the nanosecond a new version is out!
patches are normally released for a reason!
1 up, 4 down
Pandacastro
Thursday, May 05, 2011 @ 11:41:16 PM
Edit:Accidently reply to the wrong person. It was meant for the people who reply to Naztycuts.
Last edited by Pandacastro on 5/5/2011 11:43:43 PM
0 up, 0 down
Naztycuts
Friday, May 06, 2011 @ 2:37:02 PM
0 up, 0 down
Naztycuts
Thursday, May 05, 2011 @ 10:02:12 PM
Reply
2 up, 0 down
WorldEndsWithMe
Thursday, May 05, 2011 @ 10:29:05 PM
7 up, 0 down
sticklife
Thursday, May 05, 2011 @ 10:29:16 PM
0 up, 0 down
WorldEndsWithMe
Thursday, May 05, 2011 @ 10:29:47 PM
1 up, 1 down
Clamedeus
Thursday, May 05, 2011 @ 10:35:56 PM
5 up, 2 down
Killa Tequilla
Thursday, May 05, 2011 @ 10:25:10 PM
Reply
What Sony is showing us is love.
6 up, 0 down
LittleBigMidget
Thursday, May 05, 2011 @ 10:58:54 PM
0 up, 13 down
Clamedeus
Thursday, May 05, 2011 @ 11:27:26 PM
The only compensation people need is if they have PS+ I could see that, but people without it don't really need any kind of compensation really. It's nice that Sony is doing it for everyone.
4 up, 0 down
Jawknee
Thursday, May 05, 2011 @ 11:46:00 PM
An argument could be made for paying PS+ customers but for rest who don't play? C'mon now, you know you aren't entitled compensation for something you never paid for to begin with.
5 up, 0 down
maxpontiac
Friday, May 06, 2011 @ 12:20:38 PM
1 up, 0 down
MyWorstNightmar
Friday, May 06, 2011 @ 2:58:44 PM
PSN is free, yes, but we all paid for it. Sony says "buy our system, it has free PSN". So I buy their system to use their free service. I also buy games with a MP component that for weeks have no value to me.
Now, the fact that it is free, buys Sony some time to get this thing rolling again, because of how we look at it. "Hey, it's free anyways, so we shouldn't get mad, or be too down on Sony for this". Well, I agree somewhat, I'm not too mad at Sony, and am being patient. But Sony does "owe" us compensation. Sorry, but they do. This is a fiasco, that not only renders some of our gaming "inventory" useless at this time, but it has also caused issues with our personal information being floated out there, whether it be birthdates, answers to person questions like mothers maiden names, etc. Whether we know/think that some of it or all of it was encrypted, come on people. We don't know for sure, and if you say you do, you DON'T!
Sony needs to offer good will gestures. This is a huge customer relations / P.R. disaster of the highest order. Time heals all wounds, but so do good will offerings. =)
0 up, 4 down
Jawknee
Thursday, May 05, 2011 @ 10:26:46 PM
Reply
0 up, 0 down
sawao_yamanaka
Friday, May 06, 2011 @ 4:30:44 AM
1 up, 0 down
Jawknee
Friday, May 06, 2011 @ 11:27:02 AM
0 up, 0 down
sticklife
Thursday, May 05, 2011 @ 10:35:36 PM
Reply
1 up, 1 down
Ben Dutka PSXE [Administrator]
Thursday, May 05, 2011 @ 10:45:23 PM
0 up, 0 down
sticklife
Thursday, May 05, 2011 @ 10:49:06 PM
1 up, 0 down
BikerSaint
Friday, May 06, 2011 @ 12:25:12 AM
Yeah, I had that same thing happen to my post once, late last year, it got the "hack detected" warning & then deleted my whole long post too.
I remember alerting Ben about it, but neither of us could figure out why.
So far it hasn't happened to me since....
"knock on wood"
1 up, 0 down
Highlander
Friday, May 06, 2011 @ 12:40:45 AM
2 up, 0 down
BikerSaint
Saturday, May 07, 2011 @ 1:16:15 AM
And if you didn't hit the submit button within that time period, it went into the hack warning, deleted your post & then went looking for your 1st born to flog.
But I could be wrong, LOL
0 up, 0 down
sticklife
Thursday, May 05, 2011 @ 10:44:26 PM
Reply
1 up, 0 down
Ben Dutka PSXE [Administrator]
Thursday, May 05, 2011 @ 10:45:09 PM
Reply
Anywho, troll gone. I'm actually really surprised we didn't get flooded with them during this whole mess. I think that was the first one.
4 up, 0 down
Jawknee
Thursday, May 05, 2011 @ 10:52:05 PM
2 up, 0 down
dkmrules
Thursday, May 05, 2011 @ 11:00:31 PM
0 up, 0 down
Naztycuts
Thursday, May 05, 2011 @ 11:08:09 PM
Is there a way to leave a blank profile or response there maybe to avoid confusion?
0 up, 0 down
Jawknee
Thursday, May 05, 2011 @ 11:13:45 PM
LOL! Funny story. My old boss from when I used to work at WellsFargo looked a bit like Butter Bean with a full beard was the best man at his best friends wedding. He was asked by the bride(whom he disliked) to shave for the wedding. He agreed. When he showed up at the wedding he had shaved his beard into a neard. LOL! She was pissed.
@Naztycutz, yea that comment was totally not meant for you. It was meant for the troll who was banished back to the depths of NG4.
Last edited by Jawknee on 5/5/2011 11:14:58 PM
2 up, 0 down
Naztycuts
Thursday, May 05, 2011 @ 11:28:51 PM
3 up, 0 down
LittleBigMidget
Thursday, May 05, 2011 @ 10:59:52 PM
Reply
0 up, 16 down
dkmrules
Thursday, May 05, 2011 @ 11:01:11 PM
10 up, 0 down
Killa Tequilla
Thursday, May 05, 2011 @ 11:05:58 PM
10 up, 0 down
Dancemachine55
Friday, May 06, 2011 @ 1:54:24 AM
I fail to see logic in buying a 360 JUST in case PSN goes down.
If the only game you had on PS3 was DC Universe, then fair enough. If you bought a 360 to play their exclusives or join all your friends who play 360, that's cool too.
But buying a 360 to have just in case the PSN goes down again? That has got to be the biggest excuse for waste of money I've ever seen.
7 up, 0 down
aaronisbla
Friday, May 06, 2011 @ 5:24:50 AM
3 up, 0 down
Highlander
Thursday, May 05, 2011 @ 11:04:03 PM
Reply
Sony is really doing everything it can here, which is excellent, but also expensive. What I would hope is that the various political persons such as state attorney generals do not take the punitive approach to score points. I mean, Sony is already paying through the nose thanks to this attack, they are the victim. It would be rather ridiculous to punish Sony when there are many US banks that have lost actual CC information to such attacks who haven't subsequently been gone after like this.
I think that the reason for the additional delay in getting PSN back up is the discovery of the attack on SOE. I suspect that after that discovery, either additional safeguards were put in place, or they decided to re-test everything in light of what they found there.
The thing is, Sony are completely re-engineering a global network that has to come back up, globally, in a relatively short time. As much as some people want to trivialize that task, it's a monumental task. I'll be seriously impressed if they get PSN back on by the weekend.
8 up, 0 down
Jawknee
Thursday, May 05, 2011 @ 11:18:12 PM
5 up, 0 down
tornado03
Thursday, May 05, 2011 @ 11:07:42 PM
Reply
2 up, 0 down
tornado03
Thursday, May 05, 2011 @ 11:16:02 PM
Reply
6 up, 1 down
johnld
Thursday, May 05, 2011 @ 11:34:03 PM
Reply
Last edited by johnld on 5/5/2011 11:37:53 PM
0 up, 0 down
Jawknee
Thursday, May 05, 2011 @ 11:48:14 PM
1 up, 0 down
WorldEndsWithMe
Thursday, May 05, 2011 @ 11:55:03 PM
0 up, 0 down
johnld
Friday, May 06, 2011 @ 12:51:53 AM
0 up, 0 down
WorldEndsWithMe
Friday, May 06, 2011 @ 9:01:08 AM
2 up, 0 down
Dancemachine55
Thursday, May 05, 2011 @ 11:53:02 PM
Reply
"We have a protection system called 'Phoenix' which monitors all credit card transactions and flags anything they might appear out of the ordinary. A simple phone call and we remove the charge from your card and issue you a new number.
The Xbox Live purchase you made recently was flagged because Xbox Live is prone to frequent hacking. You don't have to worry about your PSN account and card information, we received information and security measures several hours before any news sources received it.
I think it is a very good idea to go with pre-paid codes in the future, particularly with Xbox Live. Not many people outside of banks and Network companies know that Xbox Live is hacked far more frequently, it's just that this was a single but much larger occurrance for Sony so it just happens to be a much bigger deal than it really is."
Honestly, coming from one of the bank employees, one of the assistant manager's by the looks of it too, I feel far more relieved about the whole ordeal. Even with my name, address and contact number, the data thieves can't do a lot unless someone stupid enough believes one of their scams they send to them and trap 'em in.
As many have already said, Sony have gone far above and beyond the requirements of law by contacting all PSN and SOE customers warning of the threat, offering customers a series of actions to take to secure themselves AND Sony have even apologised and are offering further free content and services for people missing out on a service that was free in the first place!!!
As for these frequent Xbox Live hacks, what have MS done? How come I had to hear it from a bank manager and not MS themselves? Why is it so frequent? What data is at risk on my Live account? Why are MS not doing anything to tighten security? Or if they have, why haven't they told anyone about it?
After the knee-jerk reaction to all this, I hope people come to realise as I have today that Sony have done a far better job in handling this and informing their customers than most other entertainment companies. This was the biggest hack, but it was the ONLY hack to occur over the last several years of the PSN being up.
I'm more worried about my Live account than my PSN account now. Won't even let me remove my CC info until my Gold membership expires in June and I remove all points from my account. What kind of stupid requirement is that?!?!?! What if my Gold membership didn't expire til November and Live gets hacked next week? MS will just let the hackers get my credit card info!!! You can't remove it!!!
Now that PSN and Live prepaid cards are available in Australia, no more credit card transactions. Can't trust any online service these days.
12 up, 0 down
WorldEndsWithMe
Thursday, May 05, 2011 @ 11:57:18 PM
1 up, 0 down
Clamedeus
Friday, May 06, 2011 @ 12:10:58 AM
And I don't hear MS say anything that they get hacked, it's like they keep it in the dark or something, but when Sony says something the flood gates of hell have been opened and the true nature of people come out.
4 up, 0 down
Highlander
Friday, May 06, 2011 @ 12:20:38 AM
"We have a protection system called 'Phoenix' which monitors all credit card transactions and flags anything they might appear out of the ordinary. A simple phone call and we remove the charge from your card and issue you a new number.
I think it is a very good idea to go with pre-paid codes in the future, particularly with Xbox Live. Not many people outside of banks and Network companies know that Xbox Live is hacked far more frequently, it's just that this was a single but much larger occurrance for Sony so it just happens to be a much bigger deal than it really is."
Banks got wind of things before the press did, and they got sufficient information to track what was happening and prevent fraud. Sounds like Sony was very much *on* the ball, not dropping the ball as they have been accused.
You know, you have to wonder why so few outside of the banks and network security companies are aware of the numerous hacks mentioned? Perhaps an investigation is needed.
Last edited by Highlander on 5/6/2011 12:21:45 AM
5 up, 0 down
Qubex
Friday, May 06, 2011 @ 12:30:13 AM
Q!
"there are 2 sides to every story"
0 up, 0 down
kraygen
Friday, May 06, 2011 @ 12:24:53 AM
Reply
3 up, 0 down
Qubex
Friday, May 06, 2011 @ 12:28:41 AM
Most companies would have to offer some sort of compensation.
Q!
"play.experience.enjoy"
0 up, 1 down
kraygen
Friday, May 06, 2011 @ 2:27:22 PM
Psn is free and they didn't owe us anything.
1 up, 0 down
BikerSaint
Friday, May 06, 2011 @ 12:38:47 AM
Reply
But the only thing that worries me is that Sony NEVER sent me a email alert.
Granted, I've have never bought anything on the PSN yet & I've never posted my CC with Sony, but still, I have to figure that I was one of those 77 million email accounts & passwords that got hacked.
I mean, both Verizon, Abe's Books, & BestBuy, all sent me email alerts when the Epsilon email hack went down just a week or 2 prior to the PSN getting hacked.
Just saying
0 up, 0 down
Highlander
Friday, May 06, 2011 @ 1:09:07 AM
1 up, 0 down
Clamedeus
Friday, May 06, 2011 @ 1:16:26 AM
I think what happened is what Highlander said, it probably got filtered out by a spam blocker, because I had no issue getting the E-Mail.
0 up, 0 down
Beamboom
Friday, May 06, 2011 @ 8:11:02 AM
0 up, 0 down
Clamedeus
Friday, May 06, 2011 @ 1:59:27 PM
Mine was about the PSN being compromised, and they had numbers to call if you are worried or are a victim of identity theft. That's the one I got.
0 up, 0 down
Beamboom
Friday, May 06, 2011 @ 8:01:32 PM
0 up, 0 down
Highlander
Friday, May 06, 2011 @ 11:23:47 PM
It's simply a form letter email that repeats more or less verbatim one of the longer announcements from Seybold. I'll post the full text in the forum later tonight for you if you really want to see it.
0 up, 0 down
BikerSaint
Saturday, May 07, 2011 @ 1:28:16 AM
As far as I know it was still active as I never deleted or changed it, but since my PS3 got smashed, I'd have no way to check it.
BTW, I check my spam box at least 4 times daily.
But come to think of it, Sony has never sent me a email on anything, & I've always wondered why.
Last edited by BikerSaint on 5/7/2011 1:29:32 AM
0 up, 0 down
Beamboom
Saturday, May 07, 2011 @ 1:00:43 PM
0 up, 0 down
johnld
Friday, May 06, 2011 @ 12:48:56 AM
Reply
0 up, 0 down
Killa Tequilla
Friday, May 06, 2011 @ 1:47:49 AM
0 up, 0 down
Underdog15
Friday, May 06, 2011 @ 8:43:58 AM
I'm also always insulted when I visit here that I regularly get offered a dating service for geeks...
Imma nerd maybe... but a geek? How ruuuudde! Also, married. lol
1 up, 0 down
BIGRED15
Friday, May 06, 2011 @ 1:28:11 AM
Reply
I FREAKING HATE GOOGLE right now for te reason I hate Xbots. All i see when I google news "playstation network" are, headlines like "sony being blasted by congress," "Sony not doing their job," "Sony alienating its fans" yaddayadda. And guess who. Gamespot kotaku IGN etc are the culprit. This is just AH!!!! I have really gotta stop google newsing everything!
2 up, 0 down
Dancemachine55
Friday, May 06, 2011 @ 2:07:11 AM
Now, granted, Sony's protection wasn't very high to begin with. When compared to banks and government facilities, most hackers were able to get in, no problem. Same goes with Xbox Live, an everyday skilled hacker can get in with some time and patience.
However, while Sony's protection was fairly basic for most online serviced companies, (apparently sources say they didn't even have a firewall up at the time of the hack) I believe it is wrong of people to completely blame Sony altogether when it is the fault of hackers.
Sony is doing everything to make things right. The only reason people aren't blaming the hackers is because they are invisible and hidden from the public eye (a great argument from Cnet and other sources). If even one of the hackers involved was caught, Sony would be forgiven and all hatred would turn to the guilty hacker.
But no one has been caught. There is no name or face to place blame on from the hackers' side of things, so the public (wanting to blame someone or something) immediately target the victim, Sony, for not doing a good enough job protecting those accounts.
0 up, 0 down
Qubex
Friday, May 06, 2011 @ 2:32:30 AM
If you are happy with your product, and the company you have purchased the product from is treating you well, giving you the type of service you want and expect, and more importantly, having great fun with the product then stuff what other people say.
It is you that matters and your satisfaction with the product.
Becoming Mr Defender super hero won't get you anywhere, especially with xBots... they can only see darkness; with a good portion of them living in a deep dank dark hole - what can you expect?
Q!
"play.experience.enjoy"
Last edited by Qubex on 5/6/2011 2:34:57 AM
3 up, 0 down
Fane1024
Friday, May 06, 2011 @ 2:42:21 AM
Xbots are those who mindlessly parrot the company line, whether paid to do so or not.
Ben pretty much only bans actual trolls (i.e., those who post just to create conflict).
Last edited by Fane1024 on 5/6/2011 2:47:48 AM
3 up, 0 down
Highlander
Friday, May 06, 2011 @ 3:28:27 AM
I honestly don't believe that there were no firewalls in place on PSN. Was a firewall application installed on the Apache server itself? Probably not. Could it have been? Sure. But, I think that with PSN the firewalls are at the perimeter, they are dedicated standalone firewalls, rather than extra processes sharing production server space. I think it's also significant that the hackers had between 3 and 4 days with some level of access to PSN and SOE, and yet the only thing they were able to get was the basic personal information, password hashes and an old database with a very small subset of data in it from SOE (probably an old dev/test database that should have been deleted by was not). Incidentally, the firewall is only as good as the rules it's running. If someone has compromised an Admin level account, they can get behind the firewall and enable their own path through the firewall. The firewll is pretty darned useless once someone has an admin level account compromised.
Sony says that they noted the attack when their network team saw servers being rebooted when there was no scheduled reboot. To me that says that the hackers had control of several systems inside PSN and were attempting to reconfigure them in some fashion to further the attack. But again, after so many days with deep access to the systems, it seems that whatever the internal security is within PSN it was sufficient to foil the attempt to read the CC data.
Finally, you said of PSN security "When compared to banks and government facilities, most hackers were able to get in, no problem.". The truth is that banks and government facilities are hacked all the time, we just don't hear about it unless there's no way to avoid publishing.
Last edited by Highlander on 5/6/2011 3:28:51 AM
3 up, 0 down
Dancemachine55
Friday, May 06, 2011 @ 9:43:16 PM
Although, as far as I'm aware, hacking seems to be a much bigger problem in the US than here in Australia, cos I've never heard on the radio or read in the paper anything in a while about hackers getting into Aussie banks or government files.
As for the firewall thing, sounds to me like people from other sights are just trying to find excuses to hate Sony even more. If they knew as much about firewalls as you, perhaps they wouldn't be shouting from the rooftops about Sony having no protection at all when they actually did.
Come to think of it, the only wrongdoing on Sony's behalf was not updating their Apache software. They still had firewalls in other places (as you said, the perimeter) and passwords were hashed or encrypted.
The fact that my banker said I didn't need to bother changing my credit card number was also reassuring of the impact of this hack being rather low.
I guess it's just popular to hate Sony right now, which is incredibly unfair, cruel behaviour and childish from an editor's and journalist's point of view. (reference to Ben's article from 2 days ago about his disappointment in journalists)
0 up, 0 down
Highlander
Friday, May 06, 2011 @ 11:38:10 PM
I don't know the internal structure of PSN, but I think that PSN is probably partitioned internally. Each part of the network is likely firewalled from the others as well as the perimeter, but I bet they didn't pay as much attention to that as they did the perimeter.
In very broad terms, this kind of security architecture can be likened to an orange. Once you get past the peel, (perimeter defense) the nice sweet orange bits are still encased in the skin of each segment. That presents a minor barrier, but ensures separation of the segments.
Some are suggesting that the perimeter was not strong enough and that the individual servers should have been running a firewall. That might work in a smaller environment, but you do not want a web server serving millions of transactions or a database serving millions of transactions to be saddled with the additional load of a firewall, so you place the firewall on a dedicated system.
Obviously there is a lot more involved such as encryption, traffic monitoring, intrusion detection, performance monitoring and authentication all have to be done, and typically on systems not loaded with something else. I'm making a lot of educated guesses based on the information Sony has released, and the reports/rumors from various Internet sources. But it's still just an educated guess.
0 up, 0 down
Excelsior1
Friday, May 06, 2011 @ 4:04:12 AM
Reply
1 up, 4 down
___________
Friday, May 06, 2011 @ 4:46:02 AM
Reply
what, Asia, euro asia and europe were not hacked?
sigh......... im really starting to think SCEAU does not exist!
if they do i want a job there!
wish i could get payed for doing nothing!
sure beats carrying 100+KG condensing units on your shoulder up ladders all day!
0 up, 4 down
tes37
Friday, May 06, 2011 @ 5:19:56 AM
1 up, 0 down
Underdog15
Friday, May 06, 2011 @ 8:45:07 AM
3 up, 0 down
Highlander
Friday, May 06, 2011 @ 10:29:42 AM
"If you're in another country, Sony says they're pursuing other ID protection plans for you."
3 up, 0 down
tes37
Friday, May 06, 2011 @ 5:17:53 AM
Reply
2 up, 0 down
COBB
Friday, May 06, 2011 @ 8:41:27 AM
Reply
Report: Hackers plan third attack on Sony
By Wilson Rothman
Hackers are planning a third "major" attack on Sony websites, according to a Cnet report. The allegation comes from an observer in a chat channel used by hackers, who saw discussion of a plan to launch an attack this weekend. The witness relayed the info to the tech news site.
The hackers allegedly already have access to some of Sony's servers, and plan to go public with the personal information they find in their attack. It is not clear from the report whether or not these hackers are part of the Anonymous group. Whoever they are, it is not likely that they're acting as part of the group, as Anonymous has stated it was not involved in the recent attacks on PlayStation Network and Sony Online Entertainment servers
2 up, 0 down
Highlander
Friday, May 06, 2011 @ 10:18:08 AM
2 up, 0 down
bigrailer19
Friday, May 06, 2011 @ 10:45:49 AM
Last edited by bigrailer19 on 5/6/2011 10:47:08 AM
2 up, 0 down
Highlander
Friday, May 06, 2011 @ 11:13:46 AM
The approach that Sony seems to be taking - based on the extended downtime and 'rebuilding' from the ground up - is a scorched earth where each server is wiped and rebuilt with a fresh software stack. They're moving physical location and possibly using some different hardware too. No doubt all that software will be patched as completely as possible, and all new firewalls and firewall rules will have been put in place too, not to mention the additional precautions and safeguards that Sony has mentioned, and their 3rd party consultants are certainly advising/assisting with.
At this point, I honestly don't know, it could be bluster from hackers or hacker wannabes, much like the ones that claimed to have CC data including card verification numbers that Sony never collected, stored or requested from consumers. I'd guess that Sony has to take it seriously at this point.
Thinking on what has happened already, the SOE attack which appears to be part of the same overall attack on Sony/PSN went undetected until Sony and their audit teams discovered it. It's possible that the hackers behind that attack feel that they left behind one or more servers that are compromised and can be accesses again once everything comes back up.
However, since Sony is likely taking a scorched earth policy on the servers, those servers ought to be completely refreshed, and therefore safe. remember the safest way to deal with this kind of attack is to assume that nothing is safe, and refresh everything, reset all hardware to factory defaults and reconfigure from the ground up, reformat all discs, re-load all software, recreate all admin accounts with new passwords, put in place new firewalls with new rule sets, add new encryption levels and hashing with extra salt, and of course add even more monitoring systems to watch the network and spot suspect traffic. You literally have to assume that anything could be suspect including flash drives connected to PCs, and flash ROMs and flash RAM in systems that normally hold firmware and configuration data. All of it has to be fully reset, cleared and rebuilt.
Of course I'm assuming that Sony and their partners are taking that kind of pessimistic approach and all due care and attention - because I would. I guess we'll find out soon enough if they have or not.
4 up, 0 down
BikerSaint
Saturday, May 07, 2011 @ 1:43:59 AM
And when they do, it's a shame we can't the hunt to our Navy seal team.
And preferably, the very same member that gave osama his final Excedrin headache.
0 up, 0 down
BikerSaint
Saturday, May 07, 2011 @ 2:01:47 AM
In a statement from Patrick Seybold, Sony's senior director, Corporate Communications and Social Media, that's expected to be published on Sony's PlayStation blog, the company was using updated software and had "multiple security measures in place."
Here's the statement in full:
"The previous network for Sony Network Entertainment International and Sony Online Entertainment used servers that were patched and updated recently, and had multiple security measures in place, including firewalls."
Separately, Sony President Kaz Hirai sent a letter to Connecticut senator Richard Blumenthal containing a detailed timeline of the attack and Sony's response to it.
The letter contains previously undisclosed details about the attack and the hardware Sony uses to run its gaming services.
The letter, which is embedded below, says that the systems involved use 130 servers and 50 distinct software programs. Sony first noticed the attack on April 19, when its network team discovered that several PlayStation Network servers had rebooted themselves unexpectedly. Four servers were immediately taken offline in order to figure out what was going on. By the next day, it was clear that another six had been attacked, and they were taken offline as well. By April 23, computer forensic teams confirmed that intruders had used what Sony describes as "very sophisticated and aggressive techniques to obtain unauthorized access to the servers and hide their presence from the system administrators" and had deleted log files showing the footprints of where in the system they had been.
By April 24, Sony had hired three different computer security firms to investigate the attack.
By April 25, it had determined that the attack had involved some credit card accounts. Consumers were notified the next day, though Sony did not know initially that the credit card accounts had been compromised. The Wall Street Journal has a play-by-play.
The letter also says that Sony had stored approximately 12.3 million active and expired credit cards, approximately 5.6 million of which belonged to customers in the U.S.
"We of course deeply regret that this incident has occured and have apologized to our customers," Hirai wrote. "We believe we are taking aggressive action to right what you correctly perceive is a grievous wrong against our consumers: a wrong that is the result of a malicious, sophisticated and well orchestrated criminal attack on us and our consumers."
Earlier in the day, rumors of a third attack circulated in online chat rooms, but those reports couldn't be independently confirmed. Another attack couldn't come at a worse time for Sony. Analysts are estimating that cleaning up the damage from the first two could cost the company $1 billion or more before the incident is fully resolved.
Earlier this week people claiming to represent Anonymous denied any role in the theft of credit card numbers from Sony. However, Sony said in a letter to Congress that a text file containing a catch phrase often invoked by Anonymous and intended to taunt the company was left behind by the attackers. On Monday, Sony disclosed that the attack had involved not only its PlayStation Gaming Network, which has been offline since April 20, but also its Sony Online Entertainment division, which includes online games like Everquest and Star Wars: Galaxies.
Sony's letter to Sen. Blumenthal is here.....
http://news.cnet.com/8301-1009_3-20060661-83.html#ixzz1LeBODKBJ
0 up, 0 down
Dreno
Friday, May 06, 2011 @ 10:08:06 AM
Reply
That's link to an article on cnet. Apparently the hackers who hacked into the psn and took the cc and personal info are gonna hack the sony website and publicise the info the got. That's what 1 person who overheard/was a part of the convo told cnet. The link should take you to the full story
1 up, 0 down
Highlander
Friday, May 06, 2011 @ 10:28:55 AM
4 up, 0 down
Dreno
Friday, May 06, 2011 @ 10:39:15 AM
Reply
2 up, 0 down
spatenfloot
Friday, May 06, 2011 @ 11:46:17 AM
Reply
0 up, 0 down
Darwin1967
Friday, May 06, 2011 @ 11:55:36 AM
Reply
I was more than a little frustrated this AM when I started seeing news reports that the hackers intend to attack Sony again, very soon...as soon as this weekend?!
1 up, 0 down
Highlander
Friday, May 06, 2011 @ 12:32:16 PM
Well, if anything good can come out of all of this, perhaps it will be that law makers and law enforcement will finally begin to take this stuff seriously instead of leaving it to commercial organizations to defend against what might be called the indefensible. I'm really tired of hackers and hacker groups that think they can decide which laws to obey and which to break, that place themselves in judgement over others, and essentially harm millions in the process. Since these attacks are apparently designed specifically to hurt Sony by causing their customers to fear and mistrust Sony's networks, do they not meet the definition of terrorism, they are after all aimed at causing fear among the public. The attacks also are taking place internationally and affecting citizens of many countries, not to mention we don't know where the attackers are specifically, but we do know that they use proxies in multiple countries. Since it's not a domestic crime alone, can we please enable the anti-terrorist provisions of our laws, and unleash the CIA and NSA on these gits?
3 up, 0 down
Highlander
Friday, May 06, 2011 @ 12:38:29 PM
Reply
http://www.justice.gov/opa/pr/2009/August/09-crm-810.html
Oh, and while I remember, for anyone interested in single use credit card numbers for online purchases - including topping up a PSN wallet...Bank of America has a solution for US customers.
http://www.bankofamerica.com/privacy/index.cfm?template=learn_about_shopsafe
Last edited by Highlander on 5/6/2011 12:40:11 PM
2 up, 0 down
Highlander
Friday, May 06, 2011 @ 12:48:18 PM
http://usa.visa.com/personal/cards/prepaid/visa_gift_card.html
Last edited by Highlander on 5/6/2011 12:49:35 PM
2 up, 0 down
BikerSaint
Saturday, May 07, 2011 @ 2:18:59 AM
Actually I think the Epsilon hack, which happen just weeks before the PSN/SOE hack, is the biggest hack so far.....(and still almost no press on it)
Epsilon breach: hack of the century?
http://blogs.computerworld.com/18079/epsilon_breach_hack_of_the_century
Get ready to be spammed by phishing scams.
When it's all said and done, the Epsilon hack may be the largest name and email address breach in the history of the Internet.
Although Epsilon didn't name clients, it handles more than 40 billion emails annually and more than 2,200 global brands.
And if you are thinking you are safe because you opted-out of marketing emails, think again.
Epsilon is one of the world's largest providers of marketing-email services. Epsilon issued a statement, "On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only."
The scope of major corporations affected is somewhat mind-boggling.
Krebs on Security warned, "Among Epsilon's clients are three of the top ten U.S. banks - JP Morgan Chase, Citibank and U.S. Bank - as well as Barclays Bank and Capital One."
After searching through the many articles covering the Epsilon hack, these are the companies that have sent out warnings to their customers:
Best Buy, Capital One, JPMorgan, Citibank, Kroger, Barclays Bank of Delware, Visa, American Express, US Bank, TiVo Inc. and Walgreen Co, Robert Half, Kraft, Home Shopping Network, QFC, Marriott Rewards, Ritz-Carlton Rewards, Ameriprise Financial, LL Bean Visa Card, Brookstone, Dillons, the College Board, McKinsey & Company, New York & Company, Disney Vacations, Staples, TIAA-CREF, Verizon, Borders, Smith Brands, Abe Books, Lacoste.
TechEye reported that the largest traditional grocery retailer Kroger, "employs more than 338,000 associates with stores in 31 states under two dozen local banner names including Kroger, City Market, Dillons, Jay C, Food 4 Less, Fred Meyer, Fry's, King Soopers, QFC, Ralphs and Smith's. Potentially anyone who has given their email to any of these places could have had their data half inched."
PCWorld noted, "In some cases, more than just e-mail addresses and names were disclosed -- both Marriott Rewards and Ritz-Carlton Rewards had member rewards points disclosed, along with names and e-mail addresses. This could give scammers more leverage when they attempt a targeted campaign."
That doesn't exactly match up with Epsilon's statement of only names and email addresses, does it? What more I wonder will be disclosed in the next week or so?
According to Paul Ducklin of Sophos Naked Security, it is "moderately comforting" that only names and email addresses were stolen. "Epsilon is, if you like, a 'cloud provider' of electronic direct marketing services, so a security breach of the Epsilon system is, effectively, a breach of all its customers' systems, too."
Personally, I find the Epsilon hack moderately aggravating as there will be countless people duped by phishing attacks.
Reuters claimed "it could be one of the biggest such data breaches in US history". Indeed, it certainly appears to be one of the largest heists of its kind.
Be on the lookout for spear phishing campaigns and don't nibble on them. Keep your security software updated. If you feel like you really must open an email from one of these companies, then mouse over the link to see if the domain name matches the company. Check for HTTPS. Don't give out sensitive personal information unless you are 100% sure you are dealing directly with the company as these emails can open the way to identity theft.
Jonathan Zittrain, a professor of law at Harvard Law School and co-founder of the Berkman Center for Internet & Society, told Brian Krebs, Epsilon was lazy in its security. "Worse, customers who specifically asked to opt out of marketing emails were also affected. Opting out should mean genuine removal from the database, rather than retention in the database with a marker indicating that someone has opted out.”
More companies may come forward to alert customers of their names and email addresses being stolen.
This list keeps swelling and this may be the outsourcing hack from hell. It's ridiculous.
0 up, 0 down
BIGRED15
Friday, May 06, 2011 @ 1:08:09 PM
Reply
I really only get upset at all the incessant fanboy journalism becuase of the joy and pride i get outta using the ps3. Do you have any idea how bad it could be for sony if it werent for sites like these that actually try to set the record straight. Enough people would be enraged by it that sony could loose a large ammount of its fanbase and in this kind of economy sony is basically walking on eggshells. SO what im trying to say is that im more nervous for sony rather than enraged fanboys I guess
1 up, 0 down
Danny007
Friday, May 06, 2011 @ 2:18:18 PM
Reply
1 up, 0 down
Deathstriker
Friday, May 06, 2011 @ 4:29:55 PM
Reply
There most likely sitting at there computer's just doing whatever, not even rushing. Just straight chill....
"The action's of one man may sunder the world, but the diligence of many may rebuild it" - Lee Sin
4 up, 0 down
LittleBigMidget
Friday, May 06, 2011 @ 4:52:45 PM
0 up, 3 down
Excelsior1
Friday, May 06, 2011 @ 6:31:26 PM
Reply
Last edited by Excelsior1 on 5/6/2011 6:33:05 PM
3 up, 0 down
Lairfan
Friday, May 06, 2011 @ 7:11:00 PM
Reply
3 up, 0 down
playSTATION
Monday, May 09, 2011 @ 10:40:11 PM
Reply
0 up, 0 down
whosthedoc
Reply
Thursday, May 05, 2011 @ 9:09:31 PM