PS3 News: PSN In "Final Testing Stages," Free ID Theft Protection Incoming - PS3 News

Members Login: Register | Why sign up? | Forgot Password?

PSN In "Final Testing Stages," Free ID Theft Protection Incoming

For this piece of news, interpretations will vary.

Sony's latest update concerning the ongoing PlayStation Network outage has been posted at the PlayStation Blog, where we learn Sony is currently in the "final stages of internal testing of the new system." Now, that sounds like good news on the surface, but many will remember their claim that "some services" would come back this week...seems like they're a little late. Even so, we figure Sony should get this resurrection right the first time around.

In addition to this status update, it has also been announced that Sony plans to offer PSN users "free enrollment in an identity theft protection program." The electronics giant has teamed up with Debix, Inc. in order to provide all US-based PSN and Qriocity users with 12 months of coverage in the company's AllClearID Plus program. The cost? Free. You'll have until June 18 to sign up and Sony says users will start to see activation e-mails for the service "in the coming days." If you're in another country, Sony says they're pursuing other ID protection plans for you.

The AllClearID service features an insurance policy worth $1 million that covers the impact of identity theft. Sony will also "monitor criminal websites and data recovered by law enforcement" for users data; if they find your information where it shouldn't be, you'll receive a phone call or e-mail notifying you of the situation. You'll take advantage of that, right?

Tags: psn, psn outage, playstation network, sony

5/5/2011 8:43:53 PM Ben Dutka

Put this on your webpage or blog:
Email this to a friend
Follow PSX Extreme on Twitter

Share on Twitter Share on Facebook Share on Google Share on MySpace Share on Delicious Share on Digg Share on Google Buzz Share via E-Mail Share via Tumblr Share via Posterous

Comments (143 posts)

whosthedoc
Thursday, May 05, 2011 @ 9:09:31 PM
Reply

Sounds like Sony is trying to do it right. Sony is on a slippery slope right now, and if they don't fix things right the first time, people might loose all confidence in them. I think they are at a real pivitol time, with the PS3 finally hitting full steam, and trying to launch a new system. If things go bad now we could see the beginnings of Sega. Sometimes in this business, 2 strikes and you are out.

Agree with this comment 3 up, 10 down Disagree with this comment

Clamedeus
Thursday, May 05, 2011 @ 10:07:08 PM

It's going to take more than this to take Sony out of the game, they have other source of revenue to keep them floating.

Agree with this comment 17 up, 1 down Disagree with this comment

AcHiLLiA
Friday, May 06, 2011 @ 9:38:34 AM

whosthedoc, Nonsense!

Last edited by AcHiLLiA on 5/6/2011 9:45:55 AM

Agree with this comment 3 up, 1 down Disagree with this comment

maxpontiac
Friday, May 06, 2011 @ 12:17:03 PM

You are joking, right doc??

Agree with this comment 2 up, 1 down Disagree with this comment

phade2blaq
Sunday, May 08, 2011 @ 12:19:02 PM

Well I agree with you to a point ! Sony since they joined the video game business in the mid 1990s has time and time again dropped the ball !

They are still selling faulty Playstation consoles i.e. (Freezing, Skipping, Disc Read Errors, and exclusive to the PS3 YLOD !

These problems have persisted for some 15 years now and Sony has never done the right thing regarding this !

With the PSN, giving us then taking away BC, not allowing PS3 owners the option to use the other OS and no cross game chat, Sony continues to drop the ball and they do not listen to what the consumers want !

Without loyal Playstation customers, their brand could be in serious jeopardy as other PS3 owners growing tired of the outage have already jumped ship !

Most PS3 games are not playable online so without the PSN the PS3 is rather useless unless you like watching movies which I have a stand alone blu-ray player for !

They need to get the PSN back up because the longer they take the more patience PS3 owners are losing not too mention folks will be skeptical of trusting Sony with their personal data !

This doesn't bode well for Sony which has allowed its stubborness yet again prevail over common sense !

Agree with this comment 0 up, 0 down Disagree with this comment

phade2blaq
Sunday, May 08, 2011 @ 12:19:07 PM

Well I agree with you to a point ! Sony since they joined the video game business in the mid 1990s has time and time again dropped the ball !

They are still selling faulty Playstation consoles i.e. (Freezing, Skipping, Disc Read Errors, and exclusive to the PS3 YLOD !

These problems have persisted for some 15 years now and Sony has never done the right thing regarding this !

With the PSN, giving us then taking away BC, not allowing PS3 owners the option to use the other OS and no cross game chat, Sony continues to drop the ball and they do not listen to what the consumers want !

Without loyal Playstation customers, their brand could be in serious jeopardy as other PS3 owners growing tired of the outage have already jumped ship !

Most PS3 games are not playable offline so without the PSN the PS3 is rather useless unless you like watching movies for which I have a stand alone blu-ray player for ! I buy game machines to lay games on not watch movies or videos !

They need to get the PSN back up because the longer they take the more patience PS3 owners are losing not too mention folks will be skeptical of trusting Sony with their personal data !

This doesn't bode well for Sony which has allowed its stubborness yet again prevail over common sense !

Last edited by phade2blaq on 5/8/2011 12:21:12 PM

Agree with this comment 1 up, 0 down Disagree with this comment

Highlander
Sunday, May 08, 2011 @ 10:36:51 PM

@phade2blaq

Oh, yeah, that's right Sony, what have they ever done for gaming right? My god, they're just leeches with no positive contributions right?

Reading your post was like reading some weird alternate history of gaming.

I've had the original PlayStation a PS1, a launch PS2, a slim PS2, my family has 3 PS3s between us, and three PSPs and you know, with the exception of DREs on the PS2 that developed about 4 years after purchase, and were fixed in 5 minutes, I've not had a major problem with PlayStation gear.

I note that the entire gaming industry we have today would be vastly different without Sony and their iconic and visionary PlayStation brand.

But you know when I read your post, I was reminded of Monty Python's life of Brian and the "What have the Romans ever done for us" skit. The point being that despite all the things that people found to be wrong with the Roman empire, we are still using some of their innovations and social services today, roads and public sanitation being two examples. Your posts kind of comes across as the same thing. Ignoring all the good things Sony has done for gaming and gamers, and exaggerating all the negatives.

Pretty biased if you ask me, do you have an agenda?

Agree with this comment 1 up, 0 down Disagree with this comment

ZettaiSeigi
Thursday, May 05, 2011 @ 9:39:35 PM
Reply

While the identity theft protection thing is not applicable to me, I'm glad that Sony seems to be doing everything within its power to prevent a similar incident from happening again. It's also good to know that we can expect the PSN to be back online soon, and that would make a lot of gamers happy.

I also appreciate Sir Howard Stringer's letter that was shared in the PlayStation Blog and Kazuo Hirai has also expressed his apologies on behalf of Sony. Personally speaking, Sony has already done what they had to do with regards to the hacking of the PSN.

Agree with this comment 13 up, 0 down Disagree with this comment

FxTales
Thursday, May 05, 2011 @ 9:41:49 PM
Reply

They'll be fine. They'll just suffer from the usual criticisms but further on up it'll be but a fart in the wind.

Agree with this comment 9 up, 0 down Disagree with this comment

WorldEndsWithMe
Thursday, May 05, 2011 @ 9:43:49 PM

So long as Xbots are downwind I'm okay with that.

Agree with this comment 24 up, 2 down Disagree with this comment

Qubex
Friday, May 06, 2011 @ 12:12:05 AM

That's very good World :)

Q!

"play.experience.enjoy"

Agree with this comment 3 up, 0 down Disagree with this comment

WorldEndsWithMe
Thursday, May 05, 2011 @ 9:43:19 PM
Reply

My only problem with all this is I foresee that the free PSPlus and now the ID theft thing will both come with automatically renewing services. Those are things I hate with a passion and will not get myself into under any circumstances.

Agree with this comment 3 up, 0 down Disagree with this comment

frylock25
Thursday, May 05, 2011 @ 10:03:31 PM

its not that hard to deactivate everything in your menu. i went and turned off everything for auto renewal. just go into your services list in the account management.

Agree with this comment 1 up, 0 down Disagree with this comment

WorldEndsWithMe
Thursday, May 05, 2011 @ 10:28:34 PM

Well that's a little better, having to call someone and tell them to take you off never actually seems to work in my past experiences with autorenawal programs.

Agree with this comment 2 up, 0 down Disagree with this comment

johnld
Thursday, May 05, 2011 @ 11:29:58 PM

if you use psn cards then it wont auto renew your psn plus. as for the protection, thats what i kept thinking too.

Agree with this comment 2 up, 0 down Disagree with this comment

Dancemachine55
Friday, May 06, 2011 @ 12:03:12 AM

I wish so much that Xbox Live made it that easy for their customers.

Had to call their customer service just to get auto-renewal of Live Gold turned off. Then found out I had to remove all my points to have my CC info removed from Live. Still didn't work so I found out that your Live Gold subscription had to expire before you could remove your CC info. HOW DUMB IS THAT!!!

Sure, Live has Cross game chat, but thats the only thing about Live thats better than PSN. Altering account info and removing payment options is FAAAAAAR easier on PSN than Live.

Anyone who says Live is better in every way is an Xbot fanboy and is ignorant of user-friendly services.

Agree with this comment 12 up, 0 down Disagree with this comment

Qubex
Friday, May 06, 2011 @ 12:13:58 AM

Its M$ you're talking about... anally retentive!

Q!

"play.experience.enjoy"

Agree with this comment 4 up, 1 down Disagree with this comment

maxpontiac
Friday, May 06, 2011 @ 12:18:08 PM

Dancemachine... True!

Agree with this comment 1 up, 0 down Disagree with this comment

BTNwarrior
Thursday, May 05, 2011 @ 9:46:16 PM
Reply

now thats the sony I love, making things more right than they need to be

Last edited by BTNwarrior on 5/5/2011 9:46:46 PM

Agree with this comment 7 up, 0 down Disagree with this comment

Qubex
Friday, May 06, 2011 @ 12:15:21 AM

It helps but its a little bit of a gimmick. These corporates know that retaining their market share is what keeps them afloat, otherwise it is game over. They are so deeply worried that people will convert over to the dark side of the force they need to be seen to be doing something.

Honestly, I would have preferred a selection of free games...

Q!

"play.experience.enjoy"

Agree with this comment 0 up, 1 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 12:29:41 AM

agreed Qubex, but I suspect that's true for most people, but this will look better to the various politicians looking to score points, and State AGs with career plans...

Agree with this comment 3 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 12:29:41 AM

agreed Qubex, but I suspect that's true for most people, but this will look better to the various politicians looking to score points, and State AGs with career plans...

Agree with this comment 0 up, 0 down Disagree with this comment

WorldEndsWithMe
Thursday, May 05, 2011 @ 9:48:11 PM
Reply

So fanboysim at gamespot is gone huh Ben? The source says "By allowing millions of PlayStation Network users' personal info to be stolen, Sony caused no shortage of consternation and concern among its customers."

So Sony just ALLOWED this did they? *eyeroll at gamespot*

Agree with this comment 12 up, 0 down Disagree with this comment

FxTales
Thursday, May 05, 2011 @ 9:51:00 PM

Agreed. I was just on there earlier, they can't help themselves.

Agree with this comment 6 up, 0 down Disagree with this comment

Ben Dutka PSXE [Administrator]
Thursday, May 05, 2011 @ 10:00:46 PM

Well, relatively speaking, that's minor. :)

Agree with this comment 7 up, 1 down Disagree with this comment

Killa Tequilla
Thursday, May 05, 2011 @ 10:18:02 PM

I think that what Sony is doing for us - more than shut websites big mouths, like Kotaku. O_o

At this point they are in the denial stage.

Last edited by Killa Tequilla on 5/5/2011 10:19:16 PM

Agree with this comment 4 up, 0 down Disagree with this comment

Deleted User
Thursday, May 05, 2011 @ 10:20:44 PM

As long as Justin "Xbot" Calvert is there, GameSpot is another website run by his ilk.

BTW, Ben, thanks for finally getting rid of the bots. I haven't seen one in a long time here.

Agree with this comment 4 up, 0 down Disagree with this comment

Ben Dutka PSXE [Administrator]
Thursday, May 05, 2011 @ 10:43:02 PM

Can't get rid of them forever. They'll always be around but as soon as I see one, the bot and all its posts disappear. It's the best we can do.

Agree with this comment 9 up, 0 down Disagree with this comment

Highlander
Thursday, May 05, 2011 @ 11:01:27 PM

Oh yeah, they just allowed it. Didn't you know, global networks are trivially easy to protect...or at least they are according to gaming journalists and a legion of Internet commentary.

Last edited by Highlander on 5/5/2011 11:02:42 PM

Agree with this comment 4 up, 0 down Disagree with this comment

Qubex
Friday, May 06, 2011 @ 12:20:26 AM

Just a reminder gents that the very plausible theory of it being an inside job after the mass firing of 1/3rd of Sony network employees, 2 weeks prior to the PSN take down, is something that cannot go unnoticed.

Let's always keep a balance and consider all facts equally... Many people would say Sony are to blame for the most part and brought this upon themselves.

Whatever you want to believe always keep an open mind and don't be blind sided, it happens to often in this world, where emotional thought destroys any sense of logic or counter balance. Its important to retain some sense in all of this... each side will blame the other.

Personally I am neutral. I lost Other OS, caused me issues, but I like the Sony exclusives, and therefore I keep my PS3. Everything else is not of interest to me...

Q!

"play.experience.enjoy"

Agree with this comment 0 up, 0 down Disagree with this comment

Qubex
Friday, May 06, 2011 @ 12:24:49 AM

Gents, to add further balance to our discussions, I decided to paste in a comment made on Eurogamer by Games Producer - Alan Botvinick
--------------------------------------------------------------------------
"In US congressional testimony Dr. Gene Spafford of Purdue University said that Sony was using outdated software on its servers and knew about it months in advance of the recent security breaches. According to Spafford, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which "was unpatched and had no firewall installed." The issue was "reported in an open forum monitored by Sony employees" two to three months prior to the recent security breaches, said Spafford.

So...
No firewall
No encryption
No software updates
No monitoring
No listening to their own forum
No to quality control on their hardware

Certainly trust in Sony is very lacking.

Makes you wonder how many *other* companies we do business with on a day to day basis are just as incompetent in their practices without us knowing it. Until something like this happens that is."
--------------------------------------------------------------------------

Q!

"its in your interest to know"

Last edited by Qubex on 5/6/2011 12:25:38 AM

Agree with this comment 2 up, 1 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 12:37:11 AM

Qubex,

Balance is definitely required and the possibility of an inside job definitely exists.

However your list needs correction.

So...
No firewall - at that particular server, I don't know about their specific architecture, but my current organization doesn't depend on firewalls on the application servers, they use a strong perimeter, whether the app server had a firewall or not, isn't an indication of whether there were perimeter defenses between the server and the outside world. I'm practically certain Sony has talked of firewalls at the perimeter of their network.
No encryption - CC data was encrypted and passwords were hashed. What's all this no encryption stuff eh?
No software updates - big mistake on their part.
No monitoring - they were monitoring, that's how they detected the attack. For instance, they saw that servers were restarting outisde their normal schedule.
No listening to their own forum - They may have listened, but not acted. We don't know.
No to quality control on their hardware - how do you work that one out?

Agree with this comment 6 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 12:59:54 AM

Sorry for the double posts by the way, my PC seems to be behaving oddly - double clicking instead of single....

BYW this Gene Spafford, doesn't he have a consultancy service that has worked for Microsoft - among others? Not that I'm saying that the Micrsoft work itself creates a conflict of interests, but Sony engaged 4 separate companies to aid int eh investigation of the attack, none of which were his. And yet here he is presenting as simply a professor at Purdue when in fact he's runs a computer security consultancy also. Perhaps a conflict of interest to be drumming up fears about computer network security when you stand to gain from the additional work?

Also, the monitoring of Internet forums. Your comment makes it sound like this forum was some kind of specific feedback forum, when in fact it's more like this;

"On a few of the security mailing lists that I read, there were discussions that individuals who work in security and participate in the Sony Network had discovered several months ago, while they were examining the protocols on the Sony Network to examine how the games worked, they had discovered that the [PlayStation] Network servers were hosted on Apache Web servers--that's that form of software. But they were running on very old versions of Apache software that were unpatched and had no firewall installed, and so these were potentially vulnerable. They had reported these in an open forum that was monitored by Sony employees, but had seen no response and no change or update to the software. … [And] that was two to three months from when the break-ins occurred."

Apart from some odd phrasing - "they had discovered that the [PlayStation] Network servers were hosted on Apache Web servers--that's that form of software. " What now? That's just plain awkward phrasing, and sounds almost like a non-technical person trying to sound technical. Either way, odd.

He's not talking about a Sony specific forum, he's talking about a public forum that he claims was monitored by Sony. Also, the other curious phrasing - "individuals who work in security and participate in the Sony Network had discovered several months ago, while they were examining the protocols on the Sony Network to examine how the games worked"

Um, if they work specifically for Sony or a Sony developer, they already know how the games work, it's in their SDK. If on the other hand they are those security researchers (as FailOverflow and others call themselves) who like to poke around and tinker with things, I'm not so sure I'll take their word as gospel. Seriously, if you participate in the Playstation Network, is he saying that they are developers of PSN games, or gamers? If they are developers they aren't going to be poking around that way, if they are gamers and they want to cheat or hack they will be.

As I said, some interesting phrasing in that comment by Dr Spafford. Some very inexact phrasing for someone so academic...

Ah, the other thought that occurs is that I wonder whether this might be the same forum where the supposed clear text CC details were claimed to be passed between PS3s and the web servers. Sadly, upon closer inspection the claimed sample was an obvious test packet, and had been decrypted since the actual data is sent through SSL, not open text. These discussion forums are chock full of "security researchers" making all sorts of claims.

Now, if Spafford and his firm of experts had done the checking on the servers and found the same things, I would be more prepared to take his word for it. But since he's relating a third hand account of a second hand conversation on a public Internet forum, you'll have to excuse me for being so skeptical.

Oh, people in the industry have a good idea of the extent of the problems, a lot of it just goes unreported in the public eye.

Last edited by Highlander on 5/6/2011 1:07:47 AM

Agree with this comment 9 up, 0 down Disagree with this comment

Qubex
Friday, May 06, 2011 @ 2:26:47 AM

Yip, fair enough... just wanted to highlight that I simply pasted in the words of the producer, so none of it between the dotted lines was from me. I just thought it may bring some additional discussion points.

Thanks for yours as always.

Q!

"play.experience.enjoy"

Agree with this comment 0 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 3:14:30 AM

Hey, I'm not totally discounting what he said, I read some of the posts on a couple of forums discussing exactly the things he's talking about, but the folks doing the discussing were not what I would call reputable security professionals - if you get my drift.

If Sony's systems were as insecure as he appears to allege, then during the course of the FBI/DHS investigations the findings of the various forensic teams and consultants engaged by Sony to investigate will supplement the investigations of the teams from the FBI and DHS, you'd expect one or more of those teams would have similar findings. So, presumably one day we will know for sure.

I read some more of Spafford's comments, I really hate it when academics start a consultancy and then pimp it's services like this quote from an article citing the good Doctor.

<<<The problem, according to Spafford, was that law enforcement was not adequately equipped to deal with the problem. He also said that most companies were not equipped with enough security measures because "investing in security measures affects the bottom line. They don't understand the risks involved by not investing in security. … So when they are hit, they pass that cost along to their customers, and to the rest of society." >>>

Remember he's testifying to Congress as an academic expert from Purdue, but at the same time runs a consultancy that specializes in offering security services to organizations with an online presence. He also indulges in a little bit of scaremongering claiming that the breach could cost up to $24 billion. All in all, any credibility he had at the outset was shot down by the end.

That's not to say that there is nothing to the discussion he mentioned about unpatched Apache, the servers were clearly not fully patched and Sony themselves revealed that the attack exploited a known vulnerability. So there is clearly something there. But I just don't think it's helpful for an academic to turn up at a congressional hearing and cite a third hand conversation between parties unknown on a relatively anonymous Internet forum as if it is indisputable fact. It doesn't feel like the kind of thing that an educator grounded in the scientific method would do.

Agree with this comment 2 up, 0 down Disagree with this comment

___________
Friday, May 06, 2011 @ 4:31:54 AM

well...... yea they kinda did!
by having outdated servers they literally gave them the keys!
they got warnings from so many people to update the software because there at risk of a security breach.
but did they listen?
hopefully they will learn from this, and update the nanosecond a new version is out!
patches are normally released for a reason!

Agree with this comment 1 up, 4 down Disagree with this comment

The Doom
Thursday, May 05, 2011 @ 9:51:21 PM
Reply

Alright! Make it happen!

Agree with this comment 0 up, 0 down Disagree with this comment

Pandacastro
Thursday, May 05, 2011 @ 11:41:16 PM

Who are you guys taking to?

Edit:Accidently reply to the wrong person. It was meant for the people who reply to Naztycuts.

Last edited by Pandacastro on 5/5/2011 11:43:43 PM

Agree with this comment 0 up, 0 down Disagree with this comment

Naztycuts
Friday, May 06, 2011 @ 2:37:02 PM

@Panda It was a misunderstanding, there was a troll and Ben kicked him and deleted all of his posts. LOL at least I wasnt the only one confused.

Agree with this comment 0 up, 0 down Disagree with this comment

Naztycuts
Thursday, May 05, 2011 @ 10:02:12 PM
Reply

I like the ID theft program definitely didn't see that coming. Sony is either really confident that the data isn't going to be exploited or they are in 'Oh $#*%! we have to make this right' mode. I'm not worried either way I just hope whoever hacked PSN got their jollies and wont go fooling with it again once it's back up and running.


Agree with this comment 2 up, 0 down Disagree with this comment

WorldEndsWithMe
Thursday, May 05, 2011 @ 10:29:05 PM

I hope they shoot them in the EYE!

Agree with this comment 7 up, 0 down Disagree with this comment

Naztycuts
Thursday, May 05, 2011 @ 11:03:55 PM

@World- totally

@everyone else- wut?

Agree with this comment 0 up, 0 down Disagree with this comment

Killa Tequilla
Thursday, May 05, 2011 @ 10:15:56 PM

ok

Agree with this comment 0 up, 0 down Disagree with this comment

Jawknee
Thursday, May 05, 2011 @ 10:27:26 PM

No thanks. Now begone troll!

Agree with this comment 1 up, 5 down Disagree with this comment

sticklife
Thursday, May 05, 2011 @ 10:29:16 PM

Wait how come you came back here? Oh wait, you must own a psp also.

Agree with this comment 0 up, 0 down Disagree with this comment

WorldEndsWithMe
Thursday, May 05, 2011 @ 10:29:47 PM

lol, why would an intelligent person do that? Oh yeah they wouldn't.

Agree with this comment 1 up, 1 down Disagree with this comment

Clamedeus
Thursday, May 05, 2011 @ 10:35:56 PM

No games on 360 that I like, all of the games I love are on PS3.

Agree with this comment 5 up, 2 down Disagree with this comment

Killa Tequilla
Thursday, May 05, 2011 @ 10:25:10 PM
Reply

For us Playstation users, we get a free service and yet when Sony gets hacked they go out of their way to compensate us when they really dont need to. What does Xbox do? They un-ban everyone right?

What Sony is showing us is love.

Agree with this comment 6 up, 0 down Disagree with this comment

LittleBigMidget
Thursday, May 05, 2011 @ 10:58:54 PM

We don't need compensation? WOW Get real, man.

Agree with this comment 0 up, 13 down Disagree with this comment

Clamedeus
Thursday, May 05, 2011 @ 11:27:26 PM

@LittleBigMidget

The only compensation people need is if they have PS+ I could see that, but people without it don't really need any kind of compensation really. It's nice that Sony is doing it for everyone.

Agree with this comment 4 up, 0 down Disagree with this comment

Jawknee
Thursday, May 05, 2011 @ 11:46:00 PM

Wow, naive and a sense of entitlement.

An argument could be made for paying PS+ customers but for rest who don't play? C'mon now, you know you aren't entitled compensation for something you never paid for to begin with.

Agree with this comment 5 up, 0 down Disagree with this comment

maxpontiac
Friday, May 06, 2011 @ 12:20:38 PM

Come on midget. Not everything deserves a "here, let me give you this because of"..

Agree with this comment 1 up, 0 down Disagree with this comment

MyWorstNightmar
Friday, May 06, 2011 @ 2:58:44 PM

Actually, I agree with LittleMidget on this one.

PSN is free, yes, but we all paid for it. Sony says "buy our system, it has free PSN". So I buy their system to use their free service. I also buy games with a MP component that for weeks have no value to me.

Now, the fact that it is free, buys Sony some time to get this thing rolling again, because of how we look at it. "Hey, it's free anyways, so we shouldn't get mad, or be too down on Sony for this". Well, I agree somewhat, I'm not too mad at Sony, and am being patient. But Sony does "owe" us compensation. Sorry, but they do. This is a fiasco, that not only renders some of our gaming "inventory" useless at this time, but it has also caused issues with our personal information being floated out there, whether it be birthdates, answers to person questions like mothers maiden names, etc. Whether we know/think that some of it or all of it was encrypted, come on people. We don't know for sure, and if you say you do, you DON'T!

Sony needs to offer good will gestures. This is a huge customer relations / P.R. disaster of the highest order. Time heals all wounds, but so do good will offerings. =)

Agree with this comment 0 up, 4 down Disagree with this comment

Jawknee
Thursday, May 05, 2011 @ 10:26:46 PM
Reply

Nice gesture. I'm signing up me and my family for Life Lock soon here anyway so I'll pass on this.

Agree with this comment 0 up, 0 down Disagree with this comment

sawao_yamanaka
Friday, May 06, 2011 @ 4:30:44 AM

Oh no Lifelock is bad jawknee. The president got his identity stolen after posting his ssn on tv.

Agree with this comment 1 up, 0 down Disagree with this comment

Jawknee
Friday, May 06, 2011 @ 11:27:02 AM

Ha, yea I read about that. From the get go I wasn't sure it was a smart thing for him to be posting his SSN everywhere. But the people I know who use the service seem quite happy with it. I'll do some more research. Maybe I can take advantage of this free service offered by Sony and then just sign a policy for my wife and kid.

Agree with this comment 0 up, 0 down Disagree with this comment

sticklife
Thursday, May 05, 2011 @ 10:35:36 PM
Reply

I just wrote a comment and it says "detected hacking attempt". Anyone else get that?

Agree with this comment 1 up, 1 down Disagree with this comment

Ben Dutka PSXE [Administrator]
Thursday, May 05, 2011 @ 10:45:23 PM

...what are you talking about?

Agree with this comment 0 up, 0 down Disagree with this comment

sticklife
Thursday, May 05, 2011 @ 10:49:06 PM

Just a minute ago, I wrote something about best part of this whole ordeal being over is not having to hear about it in podcast. Then when i clicked submit all the comments vanished and it said "hacking attempt detected". I closed the page and re opened it and everything was back but my comment I had wrote was not.

Agree with this comment 1 up, 0 down Disagree with this comment

BikerSaint
Friday, May 06, 2011 @ 12:25:12 AM

sticklife,
Yeah, I had that same thing happen to my post once, late last year, it got the "hack detected" warning & then deleted my whole long post too.
I remember alerting Ben about it, but neither of us could figure out why.

So far it hasn't happened to me since....

"knock on wood"

Agree with this comment 1 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 12:40:45 AM

Was the comment a super long one? I'm wondering whether the comment editor has a comment size limit and when you go past the limit by a certain amount, perhaps it sees that as an attempt at generating an overflow error and warns of a possible hacking attempt because of that? Either that or....perhaps you're already hacked! By the NSA! Oh nos!

Agree with this comment 2 up, 0 down Disagree with this comment

sticklife
Friday, May 06, 2011 @ 12:44:23 PM

Thanks, yeah it was kinda long.

Agree with this comment 1 up, 0 down Disagree with this comment

BikerSaint
Saturday, May 07, 2011 @ 1:16:15 AM

Yeah, my post was a long one too, but when mine got the hack warning, I wound up thinking that maybe there was a time-constraint on making a post.

And if you didn't hit the submit button within that time period, it went into the hack warning, deleted your post & then went looking for your 1st born to flog.

But I could be wrong, LOL

Agree with this comment 0 up, 0 down Disagree with this comment

sticklife
Thursday, May 05, 2011 @ 10:44:26 PM
Reply

Yeah everywhere can be hacked if someone wants to hack it.

Agree with this comment 1 up, 0 down Disagree with this comment

Ben Dutka PSXE [Administrator]
Thursday, May 05, 2011 @ 10:45:09 PM
Reply

Jawknee: You know a troll when you see one.

Anywho, troll gone. I'm actually really surprised we didn't get flooded with them during this whole mess. I think that was the first one.

Agree with this comment 4 up, 0 down Disagree with this comment

Jawknee
Thursday, May 05, 2011 @ 10:52:05 PM

LOL! Sorry Ben, I couldn't resist. I'll ignore him next time and let you work your banning magic. ;)

Agree with this comment 2 up, 0 down Disagree with this comment

dkmrules
Thursday, May 05, 2011 @ 11:00:31 PM

Probably because you have to make an account. Fat neckbeard trolls are too lazy to do that

Agree with this comment 0 up, 0 down Disagree with this comment

Naztycuts
Thursday, May 05, 2011 @ 11:08:09 PM

Oh man that can be confusing when you delete someone and all their posts, it looked like 7 people replied to what I said. I thought Jawknee called me a troll I was like wtf haha

Is there a way to leave a blank profile or response there maybe to avoid confusion?

Agree with this comment 0 up, 0 down Disagree with this comment

Jawknee
Thursday, May 05, 2011 @ 11:13:45 PM

"Fat neckbeard trolls are too lazy to do that"

LOL! Funny story. My old boss from when I used to work at WellsFargo looked a bit like Butter Bean with a full beard was the best man at his best friends wedding. He was asked by the bride(whom he disliked) to shave for the wedding. He agreed. When he showed up at the wedding he had shaved his beard into a neard. LOL! She was pissed.

@Naztycutz, yea that comment was totally not meant for you. It was meant for the troll who was banished back to the depths of NG4.

Last edited by Jawknee on 5/5/2011 11:14:58 PM

Agree with this comment 2 up, 0 down Disagree with this comment

Naztycuts
Thursday, May 05, 2011 @ 11:28:51 PM

Good times Jawknee, I didn't think you'd have called me a troll. I'm just glad I'm observant and I'm not quick to overreact. Oh yeah thats right we are ps3 users those are the side effects it says it right on the box! Warning- May cause maturity and increase your powers of reason and observation :P besides you already know I bleed PS3 black.

Agree with this comment 3 up, 0 down Disagree with this comment

LittleBigMidget
Thursday, May 05, 2011 @ 10:59:52 PM
Reply

At least they're trying to make it right, I bought an Xbox today just to be prepared for something like this if it happens again, which it most likely will.

Agree with this comment 0 up, 16 down Disagree with this comment

dkmrules
Thursday, May 05, 2011 @ 11:01:11 PM

Imagine the games you could have bought with that money.... I am dissapoint

Agree with this comment 10 up, 0 down Disagree with this comment

Killa Tequilla
Thursday, May 05, 2011 @ 11:05:58 PM

You could have saved that money for the NGP. But then again I think you are lying.

Agree with this comment 10 up, 0 down Disagree with this comment

Dancemachine55
Friday, May 06, 2011 @ 1:54:24 AM

So... the network goes down meaning you can't play ANY games on your PS3?

I fail to see logic in buying a 360 JUST in case PSN goes down.

If the only game you had on PS3 was DC Universe, then fair enough. If you bought a 360 to play their exclusives or join all your friends who play 360, that's cool too.

But buying a 360 to have just in case the PSN goes down again? That has got to be the biggest excuse for waste of money I've ever seen.

Agree with this comment 7 up, 0 down Disagree with this comment

aaronisbla
Friday, May 06, 2011 @ 5:24:50 AM

your post reeks of bullspit. Why anyone would buy a 360 JUST in case psn goes down again is beyond me. If you got it simply for some games that it offers, fine, welcome to the multiconsole ownership club. Thats cool. But just in case of psn going down? sure dude, whatever

Agree with this comment 3 up, 0 down Disagree with this comment

maxpontiac
Friday, May 06, 2011 @ 12:22:41 PM

littlebigflamebait.

Agree with this comment 4 up, 0 down Disagree with this comment

Highlander
Thursday, May 05, 2011 @ 11:04:03 PM
Reply

The ID protection is an awesome thing for Sony to do, it really goes above and beyond anything I've seen other companies that have been attacked doing.

Sony is really doing everything it can here, which is excellent, but also expensive. What I would hope is that the various political persons such as state attorney generals do not take the punitive approach to score points. I mean, Sony is already paying through the nose thanks to this attack, they are the victim. It would be rather ridiculous to punish Sony when there are many US banks that have lost actual CC information to such attacks who haven't subsequently been gone after like this.

I think that the reason for the additional delay in getting PSN back up is the discovery of the attack on SOE. I suspect that after that discovery, either additional safeguards were put in place, or they decided to re-test everything in light of what they found there.

The thing is, Sony are completely re-engineering a global network that has to come back up, globally, in a relatively short time. As much as some people want to trivialize that task, it's a monumental task. I'll be seriously impressed if they get PSN back on by the weekend.

Agree with this comment 8 up, 0 down Disagree with this comment

Jawknee
Thursday, May 05, 2011 @ 11:18:12 PM

Yea these office holders are pissing me off with all their chest thumping. Instead of berating Sony and treating them like the bad guy they need to help them find who did this then prosecute them.

Agree with this comment 5 up, 0 down Disagree with this comment

tornado03
Thursday, May 05, 2011 @ 11:07:42 PM
Reply

Excellent! For a second there I thought the government shut there network down.

Agree with this comment 2 up, 0 down Disagree with this comment

tornado03
Thursday, May 05, 2011 @ 11:16:02 PM
Reply

The Only way I'll purchase a 360 is winning a bid on ebay for 4 bucks that's about how much it's worth to me.

Agree with this comment 6 up, 1 down Disagree with this comment

johnld
Thursday, May 05, 2011 @ 11:34:03 PM
Reply

they say its in the final testing stage but still cant give us an ETA on when its going back up. they should also take off the psn id requirement for netflix. since i beaten all my games and beat superhuman and elite on socom and crysis, i have no use for my ps3 the past 3 days. i dont want to turn it on yet though since the video went out while i was using the ps3 browser. i tried holding the power button and my ps3 didnt turn off for a while. i want to sync my trophies because it took some work getting all of them.

Last edited by johnld on 5/5/2011 11:37:53 PM

Agree with this comment 0 up, 0 down Disagree with this comment

Jawknee
Thursday, May 05, 2011 @ 11:48:14 PM

Netflix still works. You just have to keep trying to sign in until it's finished loading then hit circle once your movie list is visible.

Agree with this comment 1 up, 0 down Disagree with this comment

WorldEndsWithMe
Thursday, May 05, 2011 @ 11:55:03 PM

if you finagle that PSN login thing away a few times then you can watch netflix.

Agree with this comment 0 up, 0 down Disagree with this comment

johnld
Friday, May 06, 2011 @ 12:51:53 AM

i did try but netflix just wont load any shows. i can get to the main screen but then it keeps telling me to sign in on psn. then when i start the movie it asks me to sign in again, then the download stops and a pop up tells me i "require" a psn connection to play. i tried to get it to work for a long time since i keep hearing people can still use it but it never worked for me.

Agree with this comment 0 up, 0 down Disagree with this comment

WorldEndsWithMe
Friday, May 06, 2011 @ 9:01:08 AM

If you humor it and click sign in, then exit out of the maintenance warning, then you don't get that sign in required screen anymore.

Agree with this comment 2 up, 0 down Disagree with this comment

Dancemachine55
Thursday, May 05, 2011 @ 11:53:02 PM
Reply

Just been to the bank, and this is what they had to say about why I didn't have to bother changing my credit card number.

"We have a protection system called 'Phoenix' which monitors all credit card transactions and flags anything they might appear out of the ordinary. A simple phone call and we remove the charge from your card and issue you a new number.

The Xbox Live purchase you made recently was flagged because Xbox Live is prone to frequent hacking. You don't have to worry about your PSN account and card information, we received information and security measures several hours before any news sources received it.

I think it is a very good idea to go with pre-paid codes in the future, particularly with Xbox Live. Not many people outside of banks and Network companies know that Xbox Live is hacked far more frequently, it's just that this was a single but much larger occurrance for Sony so it just happens to be a much bigger deal than it really is."

Honestly, coming from one of the bank employees, one of the assistant manager's by the looks of it too, I feel far more relieved about the whole ordeal. Even with my name, address and contact number, the data thieves can't do a lot unless someone stupid enough believes one of their scams they send to them and trap 'em in.

As many have already said, Sony have gone far above and beyond the requirements of law by contacting all PSN and SOE customers warning of the threat, offering customers a series of actions to take to secure themselves AND Sony have even apologised and are offering further free content and services for people missing out on a service that was free in the first place!!!

As for these frequent Xbox Live hacks, what have MS done? How come I had to hear it from a bank manager and not MS themselves? Why is it so frequent? What data is at risk on my Live account? Why are MS not doing anything to tighten security? Or if they have, why haven't they told anyone about it?

After the knee-jerk reaction to all this, I hope people come to realise as I have today that Sony have done a far better job in handling this and informing their customers than most other entertainment companies. This was the biggest hack, but it was the ONLY hack to occur over the last several years of the PSN being up.

I'm more worried about my Live account than my PSN account now. Won't even let me remove my CC info until my Gold membership expires in June and I remove all points from my account. What kind of stupid requirement is that?!?!?! What if my Gold membership didn't expire til November and Live gets hacked next week? MS will just let the hackers get my credit card info!!! You can't remove it!!!

Now that PSN and Live prepaid cards are available in Australia, no more credit card transactions. Can't trust any online service these days.

Agree with this comment 12 up, 0 down Disagree with this comment

WorldEndsWithMe
Thursday, May 05, 2011 @ 11:57:18 PM

Damn man, I want to interview that guy.

Agree with this comment 1 up, 0 down Disagree with this comment

Clamedeus
Friday, May 06, 2011 @ 12:10:58 AM

For some reason I'm not surprised by this, I think it's funny that people blow this situation up more than what it should be.

And I don't hear MS say anything that they get hacked, it's like they keep it in the dark or something, but when Sony says something the flood gates of hell have been opened and the true nature of people come out.

Agree with this comment 4 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 12:20:38 AM

I want to quote this again, especially that second paragraph...

"We have a protection system called 'Phoenix' which monitors all credit card transactions and flags anything they might appear out of the ordinary. A simple phone call and we remove the charge from your card and issue you a new number.

I think it is a very good idea to go with pre-paid codes in the future, particularly with Xbox Live. Not many people outside of banks and Network companies know that Xbox Live is hacked far more frequently, it's just that this was a single but much larger occurrance for Sony so it just happens to be a much bigger deal than it really is."

Banks got wind of things before the press did, and they got sufficient information to track what was happening and prevent fraud. Sounds like Sony was very much *on* the ball, not dropping the ball as they have been accused.

You know, you have to wonder why so few outside of the banks and network security companies are aware of the numerous hacks mentioned? Perhaps an investigation is needed.

Last edited by Highlander on 5/6/2011 12:21:45 AM

Agree with this comment 5 up, 0 down Disagree with this comment

Qubex
Friday, May 06, 2011 @ 12:30:13 AM

I posted two posts as reply's to one of World's posts above - middle. Generic comments really, but interesting what Producer Alan Botvinick wrote!

Q!

"there are 2 sides to every story"

Agree with this comment 0 up, 0 down Disagree with this comment

kraygen
Friday, May 06, 2011 @ 12:24:53 AM
Reply

Big surprise Sony is awesome. Who knew? Are not required to do anything and really didn't need to do anything but restore lost days to plus members at most, but instead, Sony does it all and more.

Agree with this comment 3 up, 0 down Disagree with this comment

Qubex
Friday, May 06, 2011 @ 12:28:41 AM

They had no choice... their market is reeling... it's not like a eurika moment. Lets keep our heads!

Most companies would have to offer some sort of compensation.

Q!

"play.experience.enjoy"

Agree with this comment 0 up, 1 down Disagree with this comment

kraygen
Friday, May 06, 2011 @ 2:27:22 PM

I disagree completely. How often have you lost internet service or has your cable gone out. They never give you a discount or provide you with free stuff and you pay for their service.

Psn is free and they didn't owe us anything.

Agree with this comment 1 up, 0 down Disagree with this comment

BikerSaint
Friday, May 06, 2011 @ 12:38:47 AM
Reply

Sony's really looking out for us gamers!!!!


But the only thing that worries me is that Sony NEVER sent me a email alert.

Granted, I've have never bought anything on the PSN yet & I've never posted my CC with Sony, but still, I have to figure that I was one of those 77 million email accounts & passwords that got hacked.

I mean, both Verizon, Abe's Books, & BestBuy, all sent me email alerts when the Epsilon email hack went down just a week or 2 prior to the PSN getting hacked.

Just saying

Agree with this comment 0 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 1:09:07 AM

Is the email address on your account still active? Do you still get the emails? Is it possible that it was filtered out by a spam blocker?

Agree with this comment 1 up, 0 down Disagree with this comment

Clamedeus
Friday, May 06, 2011 @ 1:16:26 AM

I know I got my E-Mail from Sony when they said they are notifying everyone what's going on.

I think what happened is what Highlander said, it probably got filtered out by a spam blocker, because I had no issue getting the E-Mail.

Agree with this comment 0 up, 0 down Disagree with this comment

Beamboom
Friday, May 06, 2011 @ 8:11:02 AM

I've not received any email either, as far as I can tell. Gmail is my only spam blocker and they usually are quite good, but nevertheless I always browse through the mails before I empty the spam bin. One can never be 100% sure of course, but what was the topic of the mail you guys received from them?

Agree with this comment 0 up, 0 down Disagree with this comment

Clamedeus
Friday, May 06, 2011 @ 1:59:27 PM

@Beamboom

Mine was about the PSN being compromised, and they had numbers to call if you are worried or are a victim of identity theft. That's the one I got.

Agree with this comment 0 up, 0 down Disagree with this comment

Beamboom
Friday, May 06, 2011 @ 8:01:32 PM

Thanks, Clamedeus. Nope I would have spotted it if I received anything like that, I'm pretty sure it never has arrived in my inbox.

Agree with this comment 0 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 11:23:47 PM

Beamboom,

It's simply a form letter email that repeats more or less verbatim one of the longer announcements from Seybold. I'll post the full text in the forum later tonight for you if you really want to see it.

Agree with this comment 0 up, 0 down Disagree with this comment

BikerSaint
Saturday, May 07, 2011 @ 1:28:16 AM

TheHighlander,

As far as I know it was still active as I never deleted or changed it, but since my PS3 got smashed, I'd have no way to check it.
BTW, I check my spam box at least 4 times daily.

But come to think of it, Sony has never sent me a email on anything, & I've always wondered why.

Last edited by BikerSaint on 5/7/2011 1:29:32 AM

Agree with this comment 0 up, 0 down Disagree with this comment

Beamboom
Saturday, May 07, 2011 @ 1:00:43 PM

Thanks High, but I've received the mail now, got it yesterday!

Agree with this comment 0 up, 0 down Disagree with this comment

johnld
Friday, May 06, 2011 @ 12:48:56 AM
Reply

is that just a coincidence that sony is going to offer enrollment to ALLCLEARID and ads by google is showing the link to ALLCLEARID on the psxextreme site on the same article?

Agree with this comment 0 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 1:09:31 AM

Context sensitive advertizing?

Agree with this comment 0 up, 0 down Disagree with this comment

Killa Tequilla
Friday, May 06, 2011 @ 1:47:49 AM

Yea, I was wondering about that too...

Agree with this comment 0 up, 0 down Disagree with this comment

Underdog15
Friday, May 06, 2011 @ 8:43:58 AM

Google ads is always context sensitive.

I'm also always insulted when I visit here that I regularly get offered a dating service for geeks...

Imma nerd maybe... but a geek? How ruuuudde! Also, married. lol

Agree with this comment 1 up, 0 down Disagree with this comment

BIGRED15
Friday, May 06, 2011 @ 1:28:11 AM
Reply

so seeing that im relatively new, Ben, i have a relatively sipmle and off topic question. Have you come across an Xbot that didn't have his head up his a**. therefore not having to delete that individual, or is the generalization that xbot's are this way a spot on generalization?

I FREAKING HATE GOOGLE right now for te reason I hate Xbots. All i see when I google news "playstation network" are, headlines like "sony being blasted by congress," "Sony not doing their job," "Sony alienating its fans" yaddayadda. And guess who. Gamespot kotaku IGN etc are the culprit. This is just AH!!!! I have really gotta stop google newsing everything!

Agree with this comment 2 up, 0 down Disagree with this comment

Dancemachine55
Friday, May 06, 2011 @ 2:07:11 AM

I came across the same with Google News. Everyone seems to be targeting Sony, completely going on bias views that it is completely Sony's fault for letting this happen.

Now, granted, Sony's protection wasn't very high to begin with. When compared to banks and government facilities, most hackers were able to get in, no problem. Same goes with Xbox Live, an everyday skilled hacker can get in with some time and patience.

However, while Sony's protection was fairly basic for most online serviced companies, (apparently sources say they didn't even have a firewall up at the time of the hack) I believe it is wrong of people to completely blame Sony altogether when it is the fault of hackers.

Sony is doing everything to make things right. The only reason people aren't blaming the hackers is because they are invisible and hidden from the public eye (a great argument from Cnet and other sources). If even one of the hackers involved was caught, Sony would be forgiven and all hatred would turn to the guilty hacker.

But no one has been caught. There is no name or face to place blame on from the hackers' side of things, so the public (wanting to blame someone or something) immediately target the victim, Sony, for not doing a good enough job protecting those accounts.

Agree with this comment 0 up, 0 down Disagree with this comment

Qubex
Friday, May 06, 2011 @ 2:32:30 AM

BIGRED, it is time to calm down. Don't fall victim to the IGN gibberish! If you are getting upset about it then they have won. Don't let them.

If you are happy with your product, and the company you have purchased the product from is treating you well, giving you the type of service you want and expect, and more importantly, having great fun with the product then stuff what other people say.

It is you that matters and your satisfaction with the product.

Becoming Mr Defender super hero won't get you anywhere, especially with xBots... they can only see darkness; with a good portion of them living in a deep dank dark hole - what can you expect?

Q!

"play.experience.enjoy"

Last edited by Qubex on 5/6/2011 2:34:57 AM

Agree with this comment 3 up, 0 down Disagree with this comment

Fane1024
Friday, May 06, 2011 @ 2:42:21 AM

Personally, I would only use "Xbot" in reference to an irrational fanboy. Not all 360 users (even fans) are Xbots, just as not all fanboys are trolls (an overused epithet).

Xbots are those who mindlessly parrot the company line, whether paid to do so or not.

Ben pretty much only bans actual trolls (i.e., those who post just to create conflict).


Last edited by Fane1024 on 5/6/2011 2:47:48 AM

Agree with this comment 3 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 3:28:27 AM

Dancemachine,

I honestly don't believe that there were no firewalls in place on PSN. Was a firewall application installed on the Apache server itself? Probably not. Could it have been? Sure. But, I think that with PSN the firewalls are at the perimeter, they are dedicated standalone firewalls, rather than extra processes sharing production server space. I think it's also significant that the hackers had between 3 and 4 days with some level of access to PSN and SOE, and yet the only thing they were able to get was the basic personal information, password hashes and an old database with a very small subset of data in it from SOE (probably an old dev/test database that should have been deleted by was not). Incidentally, the firewall is only as good as the rules it's running. If someone has compromised an Admin level account, they can get behind the firewall and enable their own path through the firewall. The firewll is pretty darned useless once someone has an admin level account compromised.

Sony says that they noted the attack when their network team saw servers being rebooted when there was no scheduled reboot. To me that says that the hackers had control of several systems inside PSN and were attempting to reconfigure them in some fashion to further the attack. But again, after so many days with deep access to the systems, it seems that whatever the internal security is within PSN it was sufficient to foil the attempt to read the CC data.

Finally, you said of PSN security "When compared to banks and government facilities, most hackers were able to get in, no problem.". The truth is that banks and government facilities are hacked all the time, we just don't hear about it unless there's no way to avoid publishing.

Last edited by Highlander on 5/6/2011 3:28:51 AM

Agree with this comment 3 up, 0 down Disagree with this comment

Dancemachine55
Friday, May 06, 2011 @ 9:43:16 PM

Interesting. Thanks Highlander.

Although, as far as I'm aware, hacking seems to be a much bigger problem in the US than here in Australia, cos I've never heard on the radio or read in the paper anything in a while about hackers getting into Aussie banks or government files.

As for the firewall thing, sounds to me like people from other sights are just trying to find excuses to hate Sony even more. If they knew as much about firewalls as you, perhaps they wouldn't be shouting from the rooftops about Sony having no protection at all when they actually did.

Come to think of it, the only wrongdoing on Sony's behalf was not updating their Apache software. They still had firewalls in other places (as you said, the perimeter) and passwords were hashed or encrypted.

The fact that my banker said I didn't need to bother changing my credit card number was also reassuring of the impact of this hack being rather low.

I guess it's just popular to hate Sony right now, which is incredibly unfair, cruel behaviour and childish from an editor's and journalist's point of view. (reference to Ben's article from 2 days ago about his disappointment in journalists)

Agree with this comment 0 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 11:38:10 PM

A lot of people are criticizing Sony for relying on the perimeter defenses though. I can sort of see their point, because if you rely 100% on the perimeter, if an attacker get's past that, they have unfettered access. However, Since SOny has CC and personal data on different systems, and there is clearly some level of security inside PSN's borders, it's not quite that simple.

I don't know the internal structure of PSN, but I think that PSN is probably partitioned internally. Each part of the network is likely firewalled from the others as well as the perimeter, but I bet they didn't pay as much attention to that as they did the perimeter.

In very broad terms, this kind of security architecture can be likened to an orange. Once you get past the peel, (perimeter defense) the nice sweet orange bits are still encased in the skin of each segment. That presents a minor barrier, but ensures separation of the segments.

Some are suggesting that the perimeter was not strong enough and that the individual servers should have been running a firewall. That might work in a smaller environment, but you do not want a web server serving millions of transactions or a database serving millions of transactions to be saddled with the additional load of a firewall, so you place the firewall on a dedicated system.

Obviously there is a lot more involved such as encryption, traffic monitoring, intrusion detection, performance monitoring and authentication all have to be done, and typically on systems not loaded with something else. I'm making a lot of educated guesses based on the information Sony has released, and the reports/rumors from various Internet sources. But it's still just an educated guess.

Agree with this comment 0 up, 0 down Disagree with this comment

Excelsior1
Friday, May 06, 2011 @ 4:04:12 AM
Reply

notice no mention of the reports about sony not running the latest security updates or even having a firewall installed on psn. noticed it up on cvg, the sixth axis, and gamespot yestersay.





Agree with this comment 1 up, 4 down Disagree with this comment

___________
Friday, May 06, 2011 @ 4:46:02 AM
Reply

US only as usual!
what, Asia, euro asia and europe were not hacked?
sigh......... im really starting to think SCEAU does not exist!
if they do i want a job there!
wish i could get payed for doing nothing!
sure beats carrying 100+KG condensing units on your shoulder up ladders all day!

Agree with this comment 0 up, 4 down Disagree with this comment

tes37
Friday, May 06, 2011 @ 5:19:56 AM

You either don't pay attention or you didn't read the article. Instead of correcting you, how about you read the article again.

Agree with this comment 1 up, 0 down Disagree with this comment

Underdog15
Friday, May 06, 2011 @ 8:45:07 AM

They don't hire people unless they can spell, anyways. No harm no foul, right?

Agree with this comment 3 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 10:29:42 AM

From the article...

"If you're in another country, Sony says they're pursuing other ID protection plans for you."

Agree with this comment 3 up, 0 down Disagree with this comment

tes37
Friday, May 06, 2011 @ 5:17:53 AM
Reply

I am extremely grateful for everything Sony is doing for us. I can't think of any other company that would go to such great lengths to restore confidence. It feels more like we being treated like family and not some account number on their registry.

Agree with this comment 2 up, 0 down Disagree with this comment

COBB
Friday, May 06, 2011 @ 8:41:27 AM
Reply

MSN Article this morning.....


Report: Hackers plan third attack on Sony

By Wilson Rothman

Hackers are planning a third "major" attack on Sony websites, according to a Cnet report. The allegation comes from an observer in a chat channel used by hackers, who saw discussion of a plan to launch an attack this weekend. The witness relayed the info to the tech news site.

The hackers allegedly already have access to some of Sony's servers, and plan to go public with the personal information they find in their attack. It is not clear from the report whether or not these hackers are part of the Anonymous group. Whoever they are, it is not likely that they're acting as part of the group, as Anonymous has stated it was not involved in the recent attacks on PlayStation Network and Sony Online Entertainment servers

Agree with this comment 2 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 10:18:08 AM

Cue the full attention of the FBI, DHS and NSA....

Agree with this comment 2 up, 0 down Disagree with this comment

bigrailer19
Friday, May 06, 2011 @ 10:45:49 AM

Just so we are clear, anyone willing to plan an attack this soon, let alone this weekend are asking to be caught. I find it hard to believe they have access to some of Sony's servers, Sony said they moved them. But that's beside te point and maybe highlander can clear that up. Point is Sony an other agencies are monitoring this with a fine tooth comb.


Last edited by bigrailer19 on 5/6/2011 10:47:08 AM

Agree with this comment 2 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 11:13:46 AM

Sony says that they have physically moved data centers, and they are rebuilding from the ground up. If the 'hackers' have control of one or more Sony servers, then there pretty much has to be an insider at this point.

The approach that Sony seems to be taking - based on the extended downtime and 'rebuilding' from the ground up - is a scorched earth where each server is wiped and rebuilt with a fresh software stack. They're moving physical location and possibly using some different hardware too. No doubt all that software will be patched as completely as possible, and all new firewalls and firewall rules will have been put in place too, not to mention the additional precautions and safeguards that Sony has mentioned, and their 3rd party consultants are certainly advising/assisting with.

At this point, I honestly don't know, it could be bluster from hackers or hacker wannabes, much like the ones that claimed to have CC data including card verification numbers that Sony never collected, stored or requested from consumers. I'd guess that Sony has to take it seriously at this point.

Thinking on what has happened already, the SOE attack which appears to be part of the same overall attack on Sony/PSN went undetected until Sony and their audit teams discovered it. It's possible that the hackers behind that attack feel that they left behind one or more servers that are compromised and can be accesses again once everything comes back up.

However, since Sony is likely taking a scorched earth policy on the servers, those servers ought to be completely refreshed, and therefore safe. remember the safest way to deal with this kind of attack is to assume that nothing is safe, and refresh everything, reset all hardware to factory defaults and reconfigure from the ground up, reformat all discs, re-load all software, recreate all admin accounts with new passwords, put in place new firewalls with new rule sets, add new encryption levels and hashing with extra salt, and of course add even more monitoring systems to watch the network and spot suspect traffic. You literally have to assume that anything could be suspect including flash drives connected to PCs, and flash ROMs and flash RAM in systems that normally hold firmware and configuration data. All of it has to be fully reset, cleared and rebuilt.

Of course I'm assuming that Sony and their partners are taking that kind of pessimistic approach and all due care and attention - because I would. I guess we'll find out soon enough if they have or not.

Agree with this comment 4 up, 0 down Disagree with this comment

BikerSaint
Saturday, May 07, 2011 @ 1:43:59 AM

Effing douches!

And when they do, it's a shame we can't the hunt to our Navy seal team.

And preferably, the very same member that gave osama his final Excedrin headache.

Agree with this comment 0 up, 0 down Disagree with this comment

BikerSaint
Saturday, May 07, 2011 @ 2:01:47 AM

Sony denied assertions by computer security expert Gene Spafford during a Congressional hearing Thursday that it had been running outdated versions of Web server software and had not been using a firewall on its servers.

In a statement from Patrick Seybold, Sony's senior director, Corporate Communications and Social Media, that's expected to be published on Sony's PlayStation blog, the company was using updated software and had "multiple security measures in place."

Here's the statement in full:

"The previous network for Sony Network Entertainment International and Sony Online Entertainment used servers that were patched and updated recently, and had multiple security measures in place, including firewalls."

Separately, Sony President Kaz Hirai sent a letter to Connecticut senator Richard Blumenthal containing a detailed timeline of the attack and Sony's response to it.

The letter contains previously undisclosed details about the attack and the hardware Sony uses to run its gaming services.

The letter, which is embedded below, says that the systems involved use 130 servers and 50 distinct software programs. Sony first noticed the attack on April 19, when its network team discovered that several PlayStation Network servers had rebooted themselves unexpectedly. Four servers were immediately taken offline in order to figure out what was going on. By the next day, it was clear that another six had been attacked, and they were taken offline as well. By April 23, computer forensic teams confirmed that intruders had used what Sony describes as "very sophisticated and aggressive techniques to obtain unauthorized access to the servers and hide their presence from the system administrators" and had deleted log files showing the footprints of where in the system they had been.

By April 24, Sony had hired three different computer security firms to investigate the attack.

By April 25, it had determined that the attack had involved some credit card accounts. Consumers were notified the next day, though Sony did not know initially that the credit card accounts had been compromised. The Wall Street Journal has a play-by-play.

The letter also says that Sony had stored approximately 12.3 million active and expired credit cards, approximately 5.6 million of which belonged to customers in the U.S.

"We of course deeply regret that this incident has occured and have apologized to our customers," Hirai wrote. "We believe we are taking aggressive action to right what you correctly perceive is a grievous wrong against our consumers: a wrong that is the result of a malicious, sophisticated and well orchestrated criminal attack on us and our consumers."

Earlier in the day, rumors of a third attack circulated in online chat rooms, but those reports couldn't be independently confirmed. Another attack couldn't come at a worse time for Sony. Analysts are estimating that cleaning up the damage from the first two could cost the company $1 billion or more before the incident is fully resolved.

Earlier this week people claiming to represent Anonymous denied any role in the theft of credit card numbers from Sony. However, Sony said in a letter to Congress that a text file containing a catch phrase often invoked by Anonymous and intended to taunt the company was left behind by the attackers. On Monday, Sony disclosed that the attack had involved not only its PlayStation Gaming Network, which has been offline since April 20, but also its Sony Online Entertainment division, which includes online games like Everquest and Star Wars: Galaxies.

Sony's letter to Sen. Blumenthal is here.....

http://news.cnet.com/8301-1009_3-20060661-83.html#ixzz1LeBODKBJ

Agree with this comment 0 up, 0 down Disagree with this comment

Dreno
Friday, May 06, 2011 @ 10:08:06 AM
Reply

http://m.cnet.com/Article.rbml?nid=20060227&cid=null&bcid=&bid=-260

That's link to an article on cnet. Apparently the hackers who hacked into the psn and took the cc and personal info are gonna hack the sony website and publicise the info the got. That's what 1 person who overheard/was a part of the convo told cnet. The link should take you to the full story

Agree with this comment 1 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 10:28:55 AM

And this is why people should be going after the hackers rather than the victims...

Agree with this comment 4 up, 0 down Disagree with this comment

Dreno
Friday, May 06, 2011 @ 10:39:15 AM
Reply

I agree completely highlander. The hackers are whom people need to focus on. The blame rests squarely on their shoulders.

Agree with this comment 2 up, 0 down Disagree with this comment

spatenfloot
Friday, May 06, 2011 @ 11:46:17 AM
Reply

I placed a security freeze on my credit reports. With all the companies out there with my info, it's only a matter of time before it gets stolen again anyway. No point in worrying or panicking over it.

Agree with this comment 0 up, 0 down Disagree with this comment

Darwin1967
Friday, May 06, 2011 @ 11:55:36 AM
Reply

That's all well and good ( I wonder what kind of kickbacks Sony will get for the customers who might choose to continue with the Identity theft protection).

I was more than a little frustrated this AM when I started seeing news reports that the hackers intend to attack Sony again, very soon...as soon as this weekend?!

Agree with this comment 1 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 12:32:16 PM

Indeed, imagine how they feel about it.

Well, if anything good can come out of all of this, perhaps it will be that law makers and law enforcement will finally begin to take this stuff seriously instead of leaving it to commercial organizations to defend against what might be called the indefensible. I'm really tired of hackers and hacker groups that think they can decide which laws to obey and which to break, that place themselves in judgement over others, and essentially harm millions in the process. Since these attacks are apparently designed specifically to hurt Sony by causing their customers to fear and mistrust Sony's networks, do they not meet the definition of terrorism, they are after all aimed at causing fear among the public. The attacks also are taking place internationally and affecting citizens of many countries, not to mention we don't know where the attackers are specifically, but we do know that they use proxies in multiple countries. Since it's not a domestic crime alone, can we please enable the anti-terrorist provisions of our laws, and unleash the CIA and NSA on these gits?

Agree with this comment 3 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 12:38:29 PM
Reply

Incidentally, the next time someone smarts off about this being the biggest ever data theft/hack. Throw this link at them, it details the indictment of a hacker behind the theft of credit/debit card details for over 130 million card holders. That kind of dwarfs Sony's troubles.

http://www.justice.gov/opa/pr/2009/August/09-crm-810.html

Oh, and while I remember, for anyone interested in single use credit card numbers for online purchases - including topping up a PSN wallet...Bank of America has a solution for US customers.

http://www.bankofamerica.com/privacy/index.cfm?template=learn_about_shopsafe

Last edited by Highlander on 5/6/2011 12:40:11 PM

Agree with this comment 2 up, 0 down Disagree with this comment

Highlander
Friday, May 06, 2011 @ 12:48:18 PM

Also, for any who want to go the pre-paid Visa gift card route, here is a link to visa's pre-paid card information. With some financial institutions you can order on online, and it will be sent to you, but you can also buy the pre-paid visa at a great many retail outlets, Visa helpfully includes a map to help you find one near you. Once again, this is a US only service, but there may be similar services in your local market.

http://usa.visa.com/personal/cards/prepaid/visa_gift_card.html

Last edited by Highlander on 5/6/2011 12:49:35 PM

Agree with this comment 2 up, 0 down Disagree with this comment

BikerSaint
Saturday, May 07, 2011 @ 2:18:59 AM

Highlander,

Actually I think the Epsilon hack, which happen just weeks before the PSN/SOE hack, is the biggest hack so far.....(and still almost no press on it)


Epsilon breach: hack of the century?

http://blogs.computerworld.com/18079/epsilon_breach_hack_of_the_century



Get ready to be spammed by phishing scams.

When it's all said and done, the Epsilon hack may be the largest name and email address breach in the history of the Internet.

Although Epsilon didn't name clients, it handles more than 40 billion emails annually and more than 2,200 global brands.

And if you are thinking you are safe because you opted-out of marketing emails, think again.

Epsilon is one of the world's largest providers of marketing-email services. Epsilon issued a statement, "On March 30th, an incident was detected where a subset of Epsilon clients' customer data were exposed by an unauthorized entry into Epsilon's email system. The information that was obtained was limited to email addresses and/or customer names only."

The scope of major corporations affected is somewhat mind-boggling.

Krebs on Security warned, "Among Epsilon's clients are three of the top ten U.S. banks - JP Morgan Chase, Citibank and U.S. Bank - as well as Barclays Bank and Capital One."

After searching through the many articles covering the Epsilon hack, these are the companies that have sent out warnings to their customers:

Best Buy, Capital One, JPMorgan, Citibank, Kroger, Barclays Bank of Delware, Visa, American Express, US Bank, TiVo Inc. and Walgreen Co, Robert Half, Kraft, Home Shopping Network, QFC, Marriott Rewards, Ritz-Carlton Rewards, Ameriprise Financial, LL Bean Visa Card, Brookstone, Dillons, the College Board, McKinsey & Company, New York & Company, Disney Vacations, Staples, TIAA-CREF, Verizon, Borders, Smith Brands, Abe Books, Lacoste.

TechEye reported that the largest traditional grocery retailer Kroger, "employs more than 338,000 associates with stores in 31 states under two dozen local banner names including Kroger, City Market, Dillons, Jay C, Food 4 Less, Fred Meyer, Fry's, King Soopers, QFC, Ralphs and Smith's. Potentially anyone who has given their email to any of these places could have had their data half inched."

PCWorld noted, "In some cases, more than just e-mail addresses and names were disclosed -- both Marriott Rewards and Ritz-Carlton Rewards had member rewards points disclosed, along with names and e-mail addresses. This could give scammers more leverage when they attempt a targeted campaign."

That doesn't exactly match up with Epsilon's statement of only names and email addresses, does it? What more I wonder will be disclosed in the next week or so?

According to Paul Ducklin of Sophos Naked Security, it is "moderately comforting" that only names and email addresses were stolen. "Epsilon is, if you like, a 'cloud provider' of electronic direct marketing services, so a security breach of the Epsilon system is, effectively, a breach of all its customers' systems, too."

Personally, I find the Epsilon hack moderately aggravating as there will be countless people duped by phishing attacks.

Reuters claimed "it could be one of the biggest such data breaches in US history". Indeed, it certainly appears to be one of the largest heists of its kind.

Be on the lookout for spear phishing campaigns and don't nibble on them. Keep your security software updated. If you feel like you really must open an email from one of these companies, then mouse over the link to see if the domain name matches the company. Check for HTTPS. Don't give out sensitive personal information unless you are 100% sure you are dealing directly with the company as these emails can open the way to identity theft.

Jonathan Zittrain, a professor of law at Harvard Law School and co-founder of the Berkman Center for Internet & Society, told Brian Krebs, Epsilon was lazy in its security. "Worse, customers who specifically asked to opt out of marketing emails were also affected. Opting out should mean genuine removal from the database, rather than retention in the database with a marker indicating that someone has opted out.”

More companies may come forward to alert customers of their names and email addresses being stolen.

This list keeps swelling and this may be the outsourcing hack from hell. It's ridiculous.

Agree with this comment 0 up, 0 down Disagree with this comment

BIGRED15
Friday, May 06, 2011 @ 1:08:09 PM
Reply

@Q

I really only get upset at all the incessant fanboy journalism becuase of the joy and pride i get outta using the ps3. Do you have any idea how bad it could be for sony if it werent for sites like these that actually try to set the record straight. Enough people would be enraged by it that sony could loose a large ammount of its fanbase and in this kind of economy sony is basically walking on eggshells. SO what im trying to say is that im more nervous for sony rather than enraged fanboys I guess

Agree with this comment 1 up, 0 down Disagree with this comment

Danny007
Friday, May 06, 2011 @ 2:18:18 PM
Reply

Okay lets test this thing and get it the hell back online.

Agree with this comment 1 up, 0 down Disagree with this comment

Deathstriker
Friday, May 06, 2011 @ 4:29:55 PM
Reply

Sony is pro, nothing can hold them back.

There most likely sitting at there computer's just doing whatever, not even rushing. Just straight chill....

"The action's of one man may sunder the world, but the diligence of many may rebuild it" - Lee Sin

Agree with this comment 4 up, 0 down Disagree with this comment

LittleBigMidget
Friday, May 06, 2011 @ 4:52:45 PM

You are referring to the Sony employees right? If they are sitting on their asses just "chilling" then that is BAD.

Agree with this comment 0 up, 3 down Disagree with this comment

Excelsior1
Friday, May 06, 2011 @ 6:31:26 PM
Reply

as we approach the end of this psn outage i find myself feeling a little nervous for sony. i just hope everything goes smoothly and people can move past this. including myself. it's just been very frustrating to go without online gaming and watch sony take a beatdown at the same time. i guess the frustration stems from not being able to do anything about the situation except sit back and watch events unfold at what seems like a snails pace. it kind of feels like a loved one has gotten tangled up something bad that you can't do anything about.

Last edited by Excelsior1 on 5/6/2011 6:33:05 PM

Agree with this comment 3 up, 0 down Disagree with this comment

Lairfan
Friday, May 06, 2011 @ 7:11:00 PM
Reply

I keep hearing about a third attack in the works, and if I didn't know any better, I'd say this is cyber-terrorism going on here. And if our federal government was actually worth a damn, they'd be putting a lot of resources into finding these guys and putting them on trial, or at the very least editing the existing laws to protect corporations like Sony from these kinds of situations. But of course they're not gonna do that. That would actually be getting work done, which is what politicians don't like to do.

Agree with this comment 3 up, 0 down Disagree with this comment

DeathOfChaos
Monday, May 09, 2011 @ 5:27:25 PM
Reply

Eh, whatever.

Agree with this comment 0 up, 0 down Disagree with this comment

playSTATION
Monday, May 09, 2011 @ 10:40:11 PM
Reply

dont forget abt us canadians sony. i have stuck with sony since ps1 days and i have no intention to going 2 another camp. sony will b back stronger than evr.

Agree with this comment 0 up, 0 down Disagree with this comment

Spanky
Tuesday, May 10, 2011 @ 4:21:33 PM
Reply

...so I started my anti-depressants yesterday...how long before they kick in?

Agree with this comment 0 up, 0 down Disagree with this comment

Leave a Comment

Please login or register to leave a comment.

Our Poll

Do you regret buying the PS4 so early?
Nope, I love it!
Not really; I still play it plenty.
A little, I was hoping for more games.
Yes, I could've waited.

Previous Poll Results