• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

PSN Hack Update: FAQs in OP, Read before posting

Status
Not open for further replies.
Cth said:
5659494926_07070655ca_z.jpg
2nlemc2.jpg
 
donkey show said:

amazing work dude.

Four_Chamber said:
http://www.bbc.co.uk/news/technology-13192359 (BBC)

"
In the following days, Sony issued three brief statements asking users to be patient while it investigated an "external intrusion", or hack.

However, the fact that it took almost seven days for the company to reveal that data had been taken has angered some gamers.

Commenting on the Sony blog, Tacotaskforce wrote: "You waited a week to tell us our personal information was compromised? That should have been said last Thursday."

Another user Sid4peeps wrote: "This update is about 6 days late. I think it is time to move to the other network, no regard for customers here."

But some PlayStation users appeared to be happy with Sony's handling of the matter. Ejsponge61 commented: "Wow, this is alot of info. Thanks, this is very much appreciated by all of us PlayStation fans."

"

I don't even. . . I can't smh hard enough.
 

Paches

Member
-viper- said:
I think this really is going to be a punishing blow to Sony though.

It's a shame, because I have enjoyed using their services. Free PSN has been fantastic. PS3 has been the best console I have ever used. Most importantly... WHAT WILL HAPPEN TO THE FIRST PARTY TITLES?

DOOOOOM.

Holy shit, i wouldn't be surprised if Sony file for bankruptcy over the PSN hack.

My credit card details are completely safe thankfully as my email. I've got a completely random password so it's all cool.

Are you a real person? Or one of those created personalities made by software?
 

No45

Member
Mama Robotnik said:
People who are blaming the hackers for opening up the hardware and defending Sony's actions - a question:

If opening up hardware leads to hacks like this, then why hasn't Steam been hacked a billion times by now and its personal customer data plastered all over the net?

The answer is because Valve is competent.
People assumed the same of Sony, until someone had a REAL try. As with most I'm not entirely defending their actions here (because they've made some ridiculous mistakes, both on the security and PR front), but with the right amount of motivation I think you'd be surprised who/what can be compromised.
 
Noshino said:
What is your current OS? What about your browser?
Yes, Microsoft's extensively documented security fuck ups from a decade ago are absolutely in the same realm as every PSN user's account being compromised.
 

Zutroy

Member
I don't know what the big fuss is, nothing but good has come from this. So far there are no reports of cards actually being used, and now some gaffer is giving $400 to charity. A good day overall I'd say =P
 

borghe

Loves the Greater Toronto Area
obonicus said:
I don't think that's the 'hack log'. Someone was trying to access their webserver, but that's not news. You can see a bunch of invalid requests, but it doesn't seem like any of them worked. In fact, it kind of looks like someone who didn't know what they were doing were just tossing out random exploits, unless I'm missing something.
no, you are correct. someone tried accessing the system and tried doing directory recursion and such that all failed. Nothing in that log actually shows any access of sensitive information, or success of any access besides standard pages with 200 status.

fwiw, when I was running my store those logs don't look much different. I was accessed all the time by would=be hackers. It becomes even more fun because I was running on an open platform (oscommerce) so you would see them accessing the site with long since patched vulnerability flaws. I'm not saying there aren't logs floating around of the hack... I'm just saying that sure isn't that log.

edit - for more info on reading web logs, every 404 you see on there means page not served. Every 200 you see means page served. Nothing with a 200 message shows a single interesting thing.
 
Stumpokapow said:
I'm not really sure how the two are connected.

You purport, in your post, that other companies are also subject to cyber attacks that result in data theft. Who cause those attacks? Basement dwellers? Chinese cyber-terrorists? Eastern european mafia types? Sleek, experienced western black market types?

With a DDoS you can be relatively sure that the person doing it has a specific beef with you, and in the case of modern tools like LOIC you can be reasonably sure that it's a group of many non-technical people who are pissed at you for whatever reason. But with an account breach, I'm not sure why parsimony would suggest that option over full time, for-profit fraudsters?
Of course, these attacks are definitely not random and require careful planning and a good motivator for the hackers (or maybe just the lulz coefficient should be high). GeoHot battle gave the hackers a pretty good enough reason to go after Sony. The fact that it happened so immediately after the GeoHot settlement and Anonymous led attacks on PSN is important clue on why it came to pass in the first place. Who knows when Valve may piss them off and they go after Steam? My point about hackers is that they are not a force of nature, unlike storms or tornados. They shouldn't be treated as an entity lacking moral predisposition, like for example a tornado rips through a data center and no one would blame the tornado. It's not the case here and I want the hackers to receive just the same if not more scorn than Sony.

That basement-dwelling phrase is just there to express my disgust with all forms of hacking, didn't mean any disrespect to basement-dwelling non-hackers out there :p
 

Snuggles

erotic butter maelstrom
It's pretty much everywhere now. It came up on CNBC earlier today (I'm at work) and some old ass dude even knew about it. There definitely isn't a lack of exposure.
 
CRD90 said:
I don't know what the big fuss is, nothing but good has come from this.

I don't understand your words. I'm sorry if my sarcasm detector isn't pinging with wild abandon like it should, but I really don't understand your words.
 

Knoxcore

Member
I'm really shocked. Over the last few months we have seen the unraveling the PlayStation 3's security. What was once an unhackable console is now susceptible to easy intrusion to the point where we now have the possibility that millions of consumers personal information may have been exposed or stolen. It really is amazing how things have turned around in such a short period of time. Hopefully Sony can get back on track.
 

Paches

Member
DenogginizerOS said:
The story made the CBS Evening News.

Last night Bryan Williams was reporting on the reappearance of Puppy Cam, so I would hope this story would be of more relevance to the general public.

Yes I know Bryan Williams is on NBC, but you get my point.
 

The Lamp

Member
IchigoSharingan said:
Fuck their incompetent network engineers. Fuck their security team. Fire them all. Every last one of them. No wonder they're bringing in a 3rd party security firm.

With a free network I'm sure they wanted to cut costs somewhere...maybe that included security measures or quality network engineer employees...lol...:(
 

Kalnos

Banned
iapetus said:
If the system was implemented by cretins.

Man, some of the places I have worked at have had next to 0 security with their databases. All it would take is one disgruntled employee who halfway knew what they were doing and they would be fucked.
KuGsj.gif
 
Full Metal Jacket said:
MS is going to capitalize off of this
Shouldn't they be defending Sony? Afterall, it's their industry being attacked.

This should be a big detriment to a DD only future.

Hackers/CFWers are such fucking scum. "WAH I bought the machine, I can do what I want with." That's what your PC is for. It's an open box capable of accessing a vast amount software, hardware, programs, and networks. A console is a closed little box with functions the developers give you access to. YOU DON'T NEED ANOTHER MACHINE TO CONTAIN YOUR DOWNLOADED SNES ROMS YOU POCK MARKED REJECT! lmao.
 

farco1212

Neo Member
This is some bad ish. My condolences go out to you all who had your CC information tied to your accounts.

It's sad that we, the gamers, are bystanders in this war between Sony and the hackers.
 

LiK

Member
Kolgar said:
And I still can't get in to change my password and delete CC info?

Goddamnit, Sony.

nope, gotta wait for it to be back up. SO STUPID. they better reset the pws for us.
 

Stumpokapow

listen to the mad man
RustyNails said:
Of course, these attacks are definitely not random and require careful planning and a good motivator for the hackers (or maybe just the lulz coefficient should be high). GeoHot battle gave the hackers a pretty good enough reason to go after Sony. The fact that it happened so immediately after the GeoHot settlement and Anonymous led attacks on PSN is important clue on why it came to pass in the first place. Who knows when Valve may piss them off and they go after Steam? My point about hackers is that they are not a force of nature, unlike storms or tornados. They shouldn't be treated as an entity lacking moral predisposition, like for example a tornado rips through a data center and no one would blame the tornado. It's not the case here and I want the hackers to receive just the same if not more scorn than Sony.

That basement-dwelling phrase is just there to express my disgust with all forms of hacking, didn't mean any disrespect to basement-dwelling non-hackers out there :p

Sure, I'm just saying I'm pretty sure these were Chinese or Eastern European professional credit card / account detail intruders, and that it's better to compare this attack to similar attacks against other eCommerce entities, rather than to a group known for DDoSing.
 
Wario64 said:
Will we ever know if they did or not?
They sure as fuck should clarify if they did. If it was just hashes (like the Gawker leak) anyone who used an uncommon password should be OK (if I understand this correctly) but if it was plaintext we're all fucked. Someone who knows more about security correct me if I'm wrong.
 

Zutroy

Member
Mama Robotnik said:
I don't understand your words. I'm sorry if my sarcasm detector isn't pinging like it should, but I really don't understand your words.
Its a bit of sarcasm and a bit of lolling at the over reactions from some. However, the main point of the post is to remind everyone of the charitable gaffer. If only PSN came back online, it would have been $1000!
 
I want the next Sony system to be completely air-tight, no mods, no CFW, I want them to set the system to auto-destruct in case of any kind of tempering.
 
Did they just get current information or what? I changed my PSN password to something completely different from any of my other passwords after the Gawker thing, and deleted my card info from the PSN a little while back as well. Are they able to see all the passwords I've used, or just the current one?
 

J-Rzez

Member
I really hate people. Now I have to call up my bank, get a new card/number tomorrow. I'm not worried about them as much trying to open new credit lines because I already have it set up to take more steps in the process, and they don't have my social obviously. All I know is they, and other companies need to change their process that they have so much of your personal information, as no matter how secure you think your system is, there's always someone out there smarter than the people you had design it in the first place.

But man has Sony had a rough gen. I'd expect them to get something new out quicker than they would have liked to now to try and forget this gen all together.

I didn't agree with the people that said it before, but I do now. This gen, on all platforms, blows.
 

chubigans

y'all should be ashamed
Kolgar said:
And I still can't get in to change my password and delete CC info?

Goddamnit, Sony.
At this point that doesn't really matter at all. Hackers already have all that, and by the time PSN comes back up it's be a rebuilt system.
 

Blimblim

The Inside Track
iapetus said:
If the system was implemented by cretins.
Unless they are using prepared statements in every single SQL queries for PSN, forgetting about one single escaping in a query is enough to get a nice security issue like this one. People make mistakes, but what's not acceptable is that code handling 77 millions account (many of these bogus, but whatever) and credit card information doesn't seem to have been audited by a 3rd party company. Isn't PCI-DSS level 1 mandatory for such big payment processors? Level 1 means:
Validation for Level 1 PCI Merchants
Annual On-Site Security Audit and Quarterly Network Scans must be performed by an independent Qualified Security Assessor (QSA), independant Approved Scan Vendor or internal audit if signed by an Officer of the Company.
 

herod

Member
gofreak said:
That's fair enough, but I can more or less remove the stress for me by changing my payment method and removing my personal details. I'll be driven by my content wants and not a 'oh i couldn't deal with such an incompetent company' blanket approach to things. I'm not going to avoid - I dunno, say, Journey - because I won't switch to prepaid cards.

I'm not into rewarding incompetence fiscally, it's just a silly value of mine. There is more than enough content elsewhere anyway for me.
 

Mrbob

Member
Kolgar said:
And I still can't get in to change my password and delete CC info?

Goddamnit, Sony.

Not like it matters at this point. Whatever info which was stolen is gone and the network is down so no one else can access it.

This whole ordeal is making me think twice about picking up a PSP2, if I'm willing to lock my account down to an unreliable network for digital content.
 

Dr. Malik

FlatAss_
So if I tell my bank that I lost my debit card they will issue me a new one with a new #?
I was chatting with their customer service and they told me that I couldn't change the number.
 
Status
Not open for further replies.
Top Bottom