PSN Status Update: Stolen Information Detailed, more

[Kouen Hasuki]

Im just glad things are getting sorted out

[Ivolt]

The reason this stands out more is because Sony has been under fire for the last couple months for basically everything. This is like the shit cherry on top of a shit sundae for us.

[Passionate Groin]

meh im grabbing a PS3 tomorrow anyway, from what i read someone tampered with their PS3 and made it appear as a Dev to the network, it's easy in hindsight to point out mistakes but it's unfair to crack the shits with Sony.

When you choose to shop online you take some risks, best not to use an actual Credit Card, either grab a pre-paid or make a seperate bank account for use only with pay-pal and only place funds in it when you want to purchase something.

[Cosmic]

Not exactly the analogy I'd use, but I see your point. I admit I should've worded that much better (10:32 AM here), as well. Although using your analogy, it'd be saying they had NO security AT ALL, (not even a firewall) no? Obviously not the case since it apparently took a while for said hacker to get in. It'd be more like "I'm not going to get a security system because they'll break in anyway.".

Really, the only reasons I put it like that are because of all the people saying "I'll just use Xbox LIVE, it's unhackable!" when it was hacked several years before (I mentioned earlier in the thread that, if what I read was correct, somebody actually got quite a bit of money off all the Live accounts back in 2007) and a lot of the complaints essentially wanting an unbreakable security (I believe quite a few used those exact words, though I may be wrong). (Like I said, I see your point even if I don't really think the analogy was an entirely accurate one.)

Not going to argue that it should've been encrypted, because, like I said, I agree there.

I still think they waited to confirm that at least some info had, without a doubt, been compromised. I could be wrong, and it wouldn't be the first time. I'd actually like to see proof either way.

Or it could just be that nobody where I lives really cares about such. When the government here was hacked and a bunch of SSN numbers stolen (perhaps I'm wrong and/or locating bad info (or thinking of a different hack all together), but a brief search says this occured in 2006.), nobody, and I mean NOBODY around here said a thing about it. Almost EVERYBODY around here is complaining about the PSN hack.

Overall, I do agree with you on most of it, but the way I'm reading it (again, 11 AM, haven't slept, so I'm likely misreading), it sounds like you're saying Sony's the only one at fault here. That's actually the main thing I'm really disagreeing with.

OK. How about this: "I'm locking the door but I'm leaving the key under the mat, and behind the door there's an envelope containing either my credit card details or the complete works of Edgar Allen Poe translated into Swahili, I forget which."

I agree with you though. Sony are by no means the only company to ever have this happen to them. I wasn't trying to say that, apologies if it came across that way. Saying it happens to others doesn't absolve them of blame though. They messed up big time. If we were discussing any other company, agency or government that seemingly shunned basic methods of data protection and had a leak comparable to this I'd be saying the same thing. I accept that hindsight is 20/20, but when developing or maintaining any sort of computer security system it's essential to learn from others' mistakes. "How did this happen? How can we prevent it from happening to us and our customers?" Even if they dismissed the various breaches that have affected governments and online shopping sites, I genuinely believe this could have been avoided if back in 2007 Sony had said to themselves "Gosh, looks like Live got compromised! Time to stop storing that database in plain text, right boys?" Instead they spent another three years swearing up and down that the PS3 was unhackable, and it's obviously that arrogance that lead them to ignore simple security measures on the server side. That's the only explanation I can think of outside of sheer laziness. This is basic, beginner protocol anyone handling sensitive data should know to adhere to, and if they can't do that, they have no business holding that information in the first place.

Will I be using PSN again? Absolutely. The one good thing to come out of all this is that Sony have finally been forced to review their security policies. There's no excuse for the lax attitude that lead to the hack but you can bet they'll be locking that shit down tighter than Fort Knox from now on. I'm not fussed about free games or a free month of PSN+ or whatever else they promise, although it's a nice gesture. I just want them to pay more attention to security for the sake of their customers. As long as they do that (which you know they will after this mess) I'll continue to enjoy my console.

[Quiji]

To be honest, I don't get why people are complaining more about PSN being hacked than they did when governments are

I'm pretty sure the reasoning for this is that the information is so secretive that almost no one knows when it happens. I bet hacking happens everyday, but why tell the public? PSN is a public service, and when they screw up, you hear it about it with details. Doesn't seem fair, but it's just the way it is.

[Sprung]

So all we're getting is a month's free PSN+? Ew. I'd rather just have a game or two I can actually keep, not a few pieces of rubbish that I'll lose in a month's time.

This was what I was thinking.

[Majinkura]

You know what I think? This is what we get for wanting to pirate and use homebrew.

Actually....wouldn't that want to make ppl want to pirate/homebrew their systems even more??
(no one will trust sony anymore..)

[Supreme Warrior]

Actually....wouldn't that want to make ppl want to pirate/homebrew their systems even more??
(no one will trust sony anymore..)

Fools and their money are Soon Parted

[Raype]

Fools and their money are Soon Parted

I prefer "don't shit where you eat", personally.

[crusher]

While it sounds like common sense to encrypt user info you shouldn't expect it. From what I understand there are no set standards how such data should be handled. And encrypting/decrypting data is very performance-costly. I think vBulletin stores the user info, yes even passwords, in plain text.

[Bennieboi20]

While it sounds like common sense to encrypt user info you shouldn't expect it. From what I understand there are no set standards how such data should be handled. And encrypting/decrypting data is very performance-costly. I think vBulletin stores the user info, yes even passwords, in plain text.

But you have to admit Vbulletin doesnt store your credit card details, and other various user sensitive information does it? Although you are right to a degree on how much time and effort it takes to encrypt and decrypt user data for millions of users, if your going to run a service such as PSN surely you would take some extra pre-cautions to protect your customers and therefore protect your revenue?

[Cookie Monster]

But you have to admit Vbulletin doesnt store your credit card details, and other various user sensitive information does it? Although you are right to a degree on how much time and effort it takes to encrypt and decrypt user data for millions of users, if your going to run a service such as PSN surely you would take some extra pre-cautions to protect your customers and therefore protect your revenue?

Ideally, in a perfect word where you could foresee any problem and prevent it from happening, I guess so. Then again, I don't know how personal details are stored by other companies or services before these events..

[Kouen Hasuki]

meh im grabbing a PS3 tomorrow anyway, from what i read someone tampered with their PS3 and made it appear as a Dev to the network, it's easy in hindsight to point out mistakes but it's unfair to crack the shits with Sony.

When you choose to shop online you take some risks, best not to use an actual Credit Card, either grab a pre-paid or make a seperate bank account for use only with pay-pal and only place funds in it when you want to purchase something.

For once Bayer posted something of true sense... and more scary something I could agree with

[Chocobolicious]

...Ironically.

The cell processor co-created by Sony is able to encrypt and decrypt at amazing speeds. They can pull off a 256bit SHA-2 hash in roughly 20 seconds using a cell, against a standard 2~ish minutes with a less math intensive processor.

In all seriousness, Sony should, more than anyone, be able to encrypt everything under this green earth if they felt like it. It isn't like they aren't pumping out the perfect encryption processor on a minute by minute basis.

[Dr. Ivo Robotnik]

At this point, I'm actually sorta glad I rarely have my PS3 online in any case. It DOES suck that these issues are currently severely affecting many PS3 owners, but frankly, PS3 has just had an enormously shitty couple of months, so I can deal with a few weeks without access to my PSN. (Yes, I had a few games I wanted to buy off it, but I'll hold).

Only the future can tell how this issue will develop, and Sony's clearly working extremely hard to make sure stuff like this doesn't happen again. Sure, they might have been able to prevent it, but on the other hand - how far can you go before you turn into a raving paranoid, seeing attacks and hacks from absolutely bloody everywhere? Nothing wrong with a bit of paranoia, but you can take things too far. And eventually, your security will get cracked, and you'll update it accordingly, all the while listening to the dulcet notes of the complainers squealing in agony over the loss of their access.