• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
  • The Politics forum has been nuked. Please do not bring political discussion to the rest of the site, or you will be removed. Thanks.

PSN Hack Update: FAQs in OP, Read before posting

Status
Not open for further replies.
Mar 17, 2010
76,582
1
0
36
The Digital World
twitter.com
Mama Robotnik said:
About a hundred pages ago, a Sony enthusiast compared the company to a rape victim. I was speechless.

It was also an unfortunate reminder of one of the Geohot threads, in which another enthusiast described the rape they'd want George Hotz to endure as punishment for his disrespect towards the corporation.

Its shocking sometimes.
This thread is full of twists and turns. It's a hell of a toboggan ride, though!
 

chris0701

Member
Jun 28, 2007
1,415
0
0
Metalmurphy said:
I need a clearer English. And you missed my edit.

I gave several examples how any system could be compromised, if one of them is wrong it doesn't disprove my point.

To be simple, the XBOX live thing you provided is something jackpot from desperating id/pw combination.

You can use this trick on google account,twitter or something. Such case happens everyday on every network system, so it would never be an news.

The PSN case looks lke some security breach on data center,hacker can access considerable personal data and bypass the normal identity authentication.

Tbh,the official email has revealed such thing if you see them more carefully.
 

A.R.K

Member
Dec 5, 2008
1,763
0
0
ps3themecreator.webs.com
Metalmurphy said:
Once again...

"I gave several examples how any system could be compromised, if one of them is wrong it doesn't disprove my point."

dude stop talking sense...you'll be accused of being paid by Sony like I was...

I just wish PSN is up soon and this carnival of stupids gets locked

Also the hackers get caught so the real culprit get punished in this whole scenario
 

Metalmurphy

Member
Jan 17, 2007
32,670
1
0
Portugal
steamcommunity.com
chris0701 said:
To be simple, the XBOX live thing you provided is something jackpot from desperating id/pw combination.

You can use this trick on google account,twitter or something. Such case happens everyday on every network system, so it would never be an news.

The PSN case looks lke some security breach on data center,hacker can access considerable pseronal data bypass the normal identity authentication. This is what we could call epic fail on network infrastructure.

Dude... You don't have to repeat yourself 3 times. I got it the first time. You however seem to be missing the point every time.
 

chris0701

Member
Jun 28, 2007
1,415
0
0
Let alone XBOX live hack case,it is only social engineering. I could hack my sister's facebook account,but no one would take my achivement to CNN:(

For some system or organization,we usually have faith that we believe they should't be broken.

FBI was hacked,then we doubt why FBI could be hacked.
PSN hacked,then we doubt Sony's ability.
 

FINALBOSS

Banned
Apr 23, 2010
3,801
0
0
Paris
A.R.K said:
dude stop talking sense...you'll be accused of being paid by Sony like I was...

I just wish PSN is up soon and this carnival of stupids gets locked

Also the hackers get caught so the real culprit get punished in this whole scenario



He is being paid by Sony...me too!!!
 

Kyoufu

Member
Jul 26, 2007
72,197
6
0
London
twitter.com
Mama Robotnik said:
About a hundred pages ago, a Sony enthusiast compared the company to a rape victim. I was speechless.

It was also an unfortunate reminder of one of the Geohot threads, in which another enthusiast described the rape they'd want George Hotz to endure as punishment for his disrespect towards the corporation.

Its shocking sometimes.

Almost as shocking as donating to Hotz.
 

chris0701

Member
Jun 28, 2007
1,415
0
0
Chrange said:
But ZDNet said a Microsoft Tech said "Hackers have control of Xbox live and there is nothing we can do about it." so who do we really believe?

How could you prevent social engineering hack through id/pw combination?

captcha on consoles ?
 

obonicus

Member
Dec 5, 2008
3,175
0
0
chris0701 said:
For some system or organization,we usually have faith that we believe they should't be broken.

That's misplaced faith, though. These systems or organizations don't guarantee you complete security. They don't even really do a great job apologizing most of the time when they fail you.

Sony did fuck up. If I put my valuables in a safety deposit box, because the bank tells me it's safe, and the bank is robbed and my valuables taken (something not necessarily covered by insurance), I get to blame both the bank and the robbers. The bank for failing to protect my valuables and the robbers for obvious reasons. The bank fucked up. I probably shouldn't call the bank incompetent unless I know otherwise, though.

Sony might've had huge gaping holes in their security, they might've had a reasonably secure system. Outside of speculatory pasties we don't know right now. Maybe Kaz will come clean in a few hours, but I doubt it.
 

Mama Robotnik

Member
Apr 11, 2008
7,999
15
985
Kyoufu said:
Almost as shocking as donating to Hotz.

If my miniscule contribution to try and prevent the eradication of (future) region-free gaming and homebrew, offends you more than those wishing sex-crimes towards a hacker who exposed a fundementally-flawed security structure, then I don't see how we're going to see eye to eye on this.
 

Kyoufu

Member
Jul 26, 2007
72,197
6
0
London
twitter.com
Mama Robotnik said:
If my miniscule contribution to try and prevent the eradication of region-free gaming and homebrew, offends you more than those wishing sex-crimes towards a hacker who exposed a fundementally-flawed security structure, then I don't see how we're going to see eye to eye on this.

Hey my PS3 is region-free I don't know what you're talking about!
 

chris0701

Member
Jun 28, 2007
1,415
0
0
The question is very simple. I trust you but you failed to meet my expection.
Only when I trust Sony so I would put my CC and personal info into PSN.

If Sony one day declare their data center is outsourced by one infamous company and not take any responsibillity on data leak or system breakdown on EULA, I think you would never want to use them at all.
 

Mama Robotnik

Member
Apr 11, 2008
7,999
15
985
Metalmurphy said:

Future region free, as in the right to hack future consoles (or existing ones) to run homebrew and software without region restrictions. Had Sony won then this (among any other modifications) would have been cemented as illegal.

Kyoufu said:
Hey my PS3 is region-free I don't know what you're talking about!

Yes but will the next wave of consoles be? Not to mention handhelds and existing hardware.
 

Metalmurphy

Member
Jan 17, 2007
32,670
1
0
Portugal
steamcommunity.com
Mama Robotnik said:
Future region free, as in the right to hack future consoles (or existing ones) to run homebrew and software without region restrictions. Had Sony won then this (among any other modifications) would have been cemented as illegal.
I don't think that's what the case was about. It was about sharing the keys and hacks online.
 

Combichristoffersen

Combovers don't work when there is no hair
Jun 26, 2009
23,334
2
1,030
Norway
Metalmurphy said:
It's amazing how I keep hearing "Sony fucked up" "Sony fucked up" "Sony fucked up" yet no one can say how exactly they fucked up. Sony being hacked = them fucking up?

What kind of fucked up logic is that?

Bank gets robbed, bankers fucked up?
NASA gets hacked, NASA fucked up?
Pentagon gets hacked, Pentagon fucked up?
Mastercard gets hacked, Mastercard fucked up?
oO

I can understand being mad at Sony cause it's their responsibility, and if we have to complain to someone, it's obviously to them and not the Hacker. But your anger seems to be missplaced. Saying they fucked up is like saying they just gave the data away or something.

Obviously the hackers are at fault for breaching Sony's network and stealing the PSN account information (hackers gonna hack), but I'm not letting Sony off the hook for their debatable security. If you're storing information about 77 million user accounts, you damn well better be sure it's stored somewhere that's as good as impenetrable. So, yeah, Sony kinda fucked up, but they shouldn't be taking all of the blame.

Fuck Sony.
 

Cruzader

Banned
Jul 23, 2007
5,894
0
0
Somewhere...
Mama Robotnik said:
Future region free, as in the right to hack future consoles (or existing ones) to run homebrew and software without region restrictions. Had Sony won then this (among any other modifications) would have been cemented as illegal.



Yes but will the next wave of consoles be? Not to mention handhelds and existing hardware.

Im positive hackers have done more harm to future PS products this gen. All the 'openess' of the PS3 is saying bye bye on PS4 for sure.

Also the case was never to make it illegal to mod your console for homebrew. Sharing security keys to the open was and they way Geo went about things.
 

Metalmurphy

Member
Jan 17, 2007
32,670
1
0
Portugal
steamcommunity.com
Combichristoffersen said:
Obviously the hackers are at fault for breaching Sony's network and stealing the PSN account information (hackers gonna hack), but I'm not letting Sony off the hook for their debatable security. If you're storing information about 77 million user accounts, you damn well better be sure it's stored somewhere that's as good as impenetrable. So, yeah, Sony kinda fucked up, but they shouldn't be taking all of the blame.

Fuck Sony.
There's no such thing.
 

TTP

Have a fun! Enjoy!
Jun 10, 2004
24,539
3
1,560
Italy
www.iwagglevr.com
Combichristoffersen said:
Obviously the hackers are at fault for breaching Sony's network and stealing the PSN account information (hackers gonna hack), but I'm not letting Sony off the hook for their debatable security. If you're storing information about 77 million user accounts, you damn well better be sure it's stored somewhere that's as good as impenetrable. So, yeah, Sony kinda fucked up, but they shouldn't be taking all of the blame.

Fuck Sony.

This is what I don't understand. The assumption that being hacked means you have "debatable security". Considering shit like this happens all the time, do we have any proof that Sony security was more lacking compared to those adopted by the likes of Amazon, Google, Play.com etc? I guess this is for the authorities investigating the issue to decide no?
 

Combichristoffersen

Combovers don't work when there is no hair
Jun 26, 2009
23,334
2
1,030
Norway
Metalmurphy said:
There's no such thing.

No. But they should do their best to make it as close to impenetrable as possible. And apparently they didn't.

TTP said:
This is what I don't understand. The assumption that being hacked means you have "debatable security". Considering shit like this happens all the time, do we have any proof that Sony security was more lacking compared to those adopted by the likes of Amazon, Google, Play.com etc? I guess this is for the authorities investigating the issue to decide no?

It's Sony. Considering how bad they've been this gen it wouldn't surprise me if they considered the free version of Avast to be acceptable security :p
 

iNvid02

Member
Aug 16, 2009
18,397
236
1,320
wow this thread still going strong

1. hacker(s) are to blame mostly as they're the scum who did this
2. sony must share the blame because it seems their security was not up to par
3. the way sony dealt with this thing is truly abysmal
4. everyone on PSN should be compensated in some way, mainly because of the way sony dealt with this situation, not because they were hacked.
5. my bet still stands for 4th may
 

Lothars

Member
Dec 5, 2008
10,594
0
0
Regina SK Canada
Combichristoffersen said:
No. But they should do their best to make it as close to impenetrable as possible. And apparently they didn't.



It's Sony. Considering how bad they've been this gen it wouldn't surprise me if they considered the free version of Avast to be acceptable security :p

Yeah ok, Sony has been as bad as any other company but you don't know if the security was actually really bad or not, There's alot we don't know but to say they automatically have bad security really doesn't make sense until we know exactly what kind of security they had.

iNvidious01 said:
wow this thread still going strong

1. hacker(s) are to blame mostly as they're the scum who did this
2. sony must share the blame because it seems their security was not up to par
3. the way sony dealt with this thing is truly abysmal
4. everyone on PSN should be compensated in some way, mainly because of the way sony dealt with this situation, not because they were hacked.
5. my bet still stands for 4th may

I agree with some of your points but we don't know if there security was up to par, it wasn't abysmal, it could have been handled better but wasn't horrible,

I agree as well, We should be compensated because of PSN being down for so long.
 

TTP

Have a fun! Enjoy!
Jun 10, 2004
24,539
3
1,560
Italy
www.iwagglevr.com
Combichristoffersen said:
It's Sony. Considering how bad they've been this gen it wouldn't surprise me if they considered the free version of Avast to be acceptable security :p

It wouldn't surprise me either, but that's still an assumption.

Besides, aren't there regulations about how this server stuff is supposed to be set up? Aren't there 3rd party organizations periodically checking if companies dealing with personal info adhere to some security guidelines?

I think I read it somewhere you can't simply set up your server and go business without some sort of seal of approval. This is not to protect Company X, but the whole online business thing. If Company X security fails, every company working in the field is affected to some degree (people less willing to share personal data, CC info etc).
 

Combichristoffersen

Combovers don't work when there is no hair
Jun 26, 2009
23,334
2
1,030
Norway
Metalmurphy said:
And you know this how?

Obviously I don't know it, but if they rumours of Sony storing information in plain text are true, it's unacceptable. I mean, I love Sony, I've bought all of their consoles, even the PSP. But they've spent the last five years making dumb decision after dumb decision, so I wouldn't be surprised at all if poor security was another dumb decision of theirs. Not to mention their abysmal job at communicating with their users at the beginning of this brouhaha.

TTP said:
Besides, aren't there regulations about how this server stuff is supposed to be set up? Aren't there 3rd party organizations periodically checking if companies dealing with personal info adhere to some security guidelines?

I think I read it somewhere you can't simply set up your server and go business without some sort of seal of approval. This is not to protect Company X, but the whole online business thing.

You're probably thinking of the PCI DSS
 

mrkgoo

Member
Jul 7, 2004
24,605
56
1,610
Lothars said:
Yeah ok, Sony has been as bad as any other company but you don't know if the security was actually really bad or not, There's alot we don't know but to say they automatically have bad security really doesn't make sense until we know exactly what kind of security they had.



I agree with some of your points but we don't know if there security was up to par, it wasn't abysmal, it could have been handled better but wasn't horrible,

I agree as well, We should be compensated because of PSN being down for so long.

An encrypted password would be nice. Yes, we don't know it wasn't, but if it was, we assume they would've mentioned it.
 

TTP

Have a fun! Enjoy!
Jun 10, 2004
24,539
3
1,560
Italy
www.iwagglevr.com
Combichristoffersen said:
Obviously I don't know it, but if they rumours of Sony storing information in plain text are true, it's unacceptable.

How is that unacceptable? I'm not expert by any means, but you seem to be sure such info (not the CC one, but just the personal data one) is encrypted everywhere else. Is it so?
 

Massa

Member
Jan 16, 2009
16,846
1
0
TTP said:
How is that unacceptable? I'm not expert by any means, but you seem to be sure such info (not the CC one, but just the personal data one) is encrypted everywhere else. Is it so?

Password and security anwer should have been encrypted.


Mr Pockets said:
So we now know exactly what type of security system Sony had and how good/bad it was?

And we also know exactly how it was hacked?

I missed that, can someone link?

We've no idea.
 

DoctorButt

Member
Sep 27, 2010
805
0
0
Mr Pockets said:
So we now know exactly what type of security system Sony had and how good/bad it was?

And we also know exactly how it was hacked?

I missed that, can someone link?


there is no link to credible info to be had in this thread, just babbling idiots
 

RustyNails

Member
Aug 31, 2009
47,584
0
1,115
mrkgoo said:
An encrypted password would be nice. Yes, we don't know it wasn't, but if it was, we assume they would've mentioned it.
Encrypting just passwords means encrypting an entire column of 77 million rows. We don't know how many rows of CC info were there in the CC table, but all indicators point to being about 2.2 million so it's more manageable to encrypt that. Besides, companies are under extra scrutiny to make CC info and SSN info as secure as possible especially e-businesses.
 

Combichristoffersen

Combovers don't work when there is no hair
Jun 26, 2009
23,334
2
1,030
Norway
TTP said:
How is that unacceptable? I'm not expert by any means, but you seem to be sure such info (not the CC one, but just the personal data one) is encrypted everywhere else. Is it so?

Depends. I think someone earlier ITT mentioned at least birthdates and passwords were usually encrypted, while postal addresses and names were not necessarily encrypted (due to.. storage concerns or CPU use or something). Names, postal addresses and e-mails are more or less freely available on the web separately, but when you've stored most of that information (barring CC information), especially passwords, at the same place, you really should have some sort of encryption on it.
 

ClosingADoor

Member
Apr 6, 2009
16,923
0
0
Amsterdam
RustyNails said:
Encrypting just passwords means encrypting an entire column of 77 million rows. We don't know how many rows of CC info were there in the CC table, but all indicators point to being about 2.2 million so it's more manageable to encrypt that. Besides, companies are under extra scrutiny to make CC info and SSN info as secure as possible especially e-businesses.
And how is it a problem to encrypt 77 million passwords (not rows, since the row would probably include the username and other info as well).

Passwords should always be encrypted. I don't think companies like Facebook and Google save your password unencrypted and those handle a lot more passwords than 77 million.

But do we even know if passwords were saved unencrypted? Since that would be very illogical to do.

Combichristoffersen said:
Depends. I think someone earlier ITT mentioned at least birthdates and passwords were usually encrypted, while postal addresses and names were not necessarily encrypted (due to.. storage concerns or CPU use or something). Names, postal addresses and e-mails are more or less freely available on the web separately, but when you've stored most of that information (barring CC information), especially passwords, at the same place, you really should have some sort of encryption on it.
Most systems only encrypt passwords. The other info can easily be gotten anywhere or isn't private anyway. Encrypting a username for example is just useless.
 

RuGalz

Member
Jun 8, 2004
5,201
0
1,440
ClosingADoor said:
But do we even know if passwords were saved unencrypted? Since that would be very illogical to do.

All things point to they didn't encrypt password. While I think a company that handles user base as big as this probably should have done it, you are kidding yourself if you think most of the sites have updated their security to have password encrypted.
 

Acquiescence

Member
Mar 5, 2011
26,037
31
875
Kyoufu said:
Hey my PS3 is region-free I don't know what you're talking about!

Mama Robotnik said:
Yes but will the next wave of consoles be? Not to mention handhelds and existing hardware.

Well, if the PS4 is locked down tighter than the Queen's clacker then we'll know who to blame won't we!

*cough*GeoHot*cough* (if it wasn't obvious enough)
 

LowParry

Member
Nov 30, 2007
21,051
3
1,365
Utah
Ya know, if the hacker/s are capable of doing what they did to Sony, I'm pretty sure they are capable of doing this kind of damage to other companies easily. There's no such thing as a perfect security system.
 

TTP

Have a fun! Enjoy!
Jun 10, 2004
24,539
3
1,560
Italy
www.iwagglevr.com
ClosingADoor said:
But do we even know if passwords were saved unencrypted? Since that would be very illogical to do.

They said "the personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack".

I guess passwords are part of the personal data table.
 

ClosingADoor

Member
Apr 6, 2009
16,923
0
0
Amsterdam
RuGalz said:
All things point to they didn't encrypt password. While I think a company that handles user base as big as this probably should have done it, you are kidding yourself if you think most of the sites have updated their security to have password encrypted.
What points to that? I haven't seen anything that would point to Sony not encrypting the passwords.

And hasn't encryption been pretty standard for at least ten years if not longer?

TTP said:
They said "the personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack".

I guess passwords are part of the personal data table.
Depends. You can just as easily have a username + password table and a user info table, since the user info would be called on more often than the password would.
 

surly

Banned
Aug 13, 2009
3,094
0
0
CcrooK said:
Ya know, if the hacker/s are capable of doing what they did to Sony, I'm pretty sure they are capable of doing this kind of damage to other companies easily. There's no such thing as a perfect security system.
I agree with your last sentence, but Sony are working to make the security of PSN stronger and they're aiming to have done that within 2 weeks. Why not make it that strong to begin with? Why didn't they salt and hash passwords? Why did they have a bunch of user data completely unencrypted? Other companies may do the same things, but that doesn't get Sony off the hook - it only makes those other companies as bad as Sony.
 

GodofWine

Member
May 8, 2008
7,382
2
0
OK...I wanna play something online...badly...couldn't they just wipe the data out, and at least open the ability to sign in to play games again? No store / no transactions, nothing like that open...and when they have the new network built, push it out as an update.

I don't know anything about this kinda stuff, but it seems plausible to temporarily be a online gaming only portal?

...Im about to plug in my ps2 to play GTA3, and remember the good old days.
 

tenchir

Member
Jun 6, 2004
3,006
0
1,430
Wow, some people don't really grasp how hard it is to secure digital data this day and age. Much like achilles heel, no matter how strong your security is, a hacker just need a flaw in the system to exploit it. If a security company like SecureID(they make the RSA dongle) can get hacked, then don't any security system to be safe. Raging against Sony for their "weak" security system is just idiotic, especially when we don't know how the hack was done or how they secured it.
 

TTP

Have a fun! Enjoy!
Jun 10, 2004
24,539
3
1,560
Italy
www.iwagglevr.com
ClosingADoor said:
Depends. You can just as easily have a username + password table and a user info table, since the user info would be called on more often than the password would.


I see. Well, I dunno. In the first detailed update they said:

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained.
 

ClosingADoor

Member
Apr 6, 2009
16,923
0
0
Amsterdam
surly said:
Why did they have a bunch of user data completely unencrypted?
No one is going to encrypt stuff like names and locations, what would be the use? That stuff can be found everywhere and if you want that info you can just buy a database filled with that info from legal sources.

TTP said:
I see. Well, I dunno. In the first detailed update they said:
I'm not saying it is impossible that they did that. I just wouldn't understand why on earth someone would save passwords unencrypted. If someone does that, they deserve to be fired immadiatly.
 

DXB-KNIGHT

Member
Jun 1, 2007
8,627
1
0
Metalmurphy said:
Bank gets robbed, bankers fucked up?
Lets say that if your account was robbed and the bank simply didn't inform you and haven't compensated you and told you its the thieves fault not ours.
What would you do?
 

Rebel Leader

THE POWER OF BUTTERSCOTCH BOTTOMS
Jan 21, 2007
29,475
3
1,300
GodofWine said:
...Im about to plug in my ps2 to play GTA3, and remember the good old days.

The good old days for me are

with a certain guy
that's very short
with a bowler hat
 

Zoe

Member
Jan 3, 2007
45,101
2
1,075
39
Austin
ClosingADoor said:
Depends. You can just as easily have a username + password table and a user info table, since the user info would be called on more often than the password would.

Other way around actually. Real name + address rarely needs to be called, but your account is authenticated frequently.
 
Status
Not open for further replies.