Support NeoGAF

[Diablos]

I demand a free SD movie rental of School of Rock

Fuck that, I want a redeemable code worth $50. ;P

 

[SmithnCo]

How can you lose trophies when they are stored locally?

Worst case scenario you have to resync everything which could take a few minutes.

Or a few hours based on how slow the trophies sync for me lately.

 

[chubigans]

 

[Grinchy]

Rebuilding the entire system???

Well I guess there's no question anymore whether customer information was compromised. I really wish I could remove mine.

 

[lowrider007]

I was thinking about that today, kinda sad to think the place is deserted atm.

 

[Professor Beef]

http://www.vertigogaming.net/HUD/homeps3empty.jpg[MG][/QUOTE]
:lol

 

[Nekofrog]

I can't believe this happened on the one weekend I was going to buy MM9 and MM10 and relive my childhood through 'em. Yeah, I know, LTTP, but still...

 

[Dr. Malik]

http://www.vertigogaming.net/HUD/homeps3empty.jpg

Was this taken before PSN went down?

 

[Wario64]

http://www.vertigogaming.net/HUD/homeps3empty.jpg[IMG][/QUOTE]

BE STUPID

 

[Persona7]

I can't believe this happened on the one weekend I was going to buy MM9 and MM10 and relive my childhood through 'em. Yeah, I know, LTTP, but still...

You don't have a Xbox Or Wii you can buy them on?

 

[The_Reckoning]

50,000 people used to live here, now it's a ghost town.

 

[angelfly]

What are your worst case scenarios?

A. Credit card info compromised (I doubt it since they haven't told people to contact their banks).

B. PSN store purchased content licenses gone.

C. Existing wallet funds gone.

D. Trophies gone.

E. Everything comes back up as normal eventually, and they don't tell us a damn thing. Leads to a total loss of trust in PSN and future business.

B in my case. Would be $300+ down the drain. I'd be happy with D though

 

[RyanDG]

Rebuilding the entire system???

Well I guess there's no question anymore whether customer information was compromised. I really wish I could remove mine.

I completely disagree here. Another notification from sony without any mention of potentially compromised information (especially since it's been offline since the 21st) is a good re-assurance that at this point more than likely no PII was actually compromised and that the attack was related to something else. (I mentioned before, Sony has a legal timeline (according to most states in the US) they must meet if they have PII compromised and most companies will do this with a blanket notification of how to protect your privacy before sending more specific notifications to individual customers).

 

[Blimblim]

That's pretty hardcore, what is your guestimate for how long it would take Sony to replace their entire network?

I have no idea, it really depends on what type of architecture they are using. If it's all based on physical servers (and since PSN is quite "old" now, I don't think it's built on a virtualization technology) then buiding and deploying new images on each and every servers is a highly time consuming task, pretty much linearly dependent on how many people are working on the restoration process. And considering how many physical locations there are for these servers (US / Europe / Japan and maybe more than that?), it must be a logistical nightmare.

 

[Relix]

Yeah I am starting to get pissed... Hulu won't work without PSN at least. Can't play KZ3. etc. I am getting sightly irritated by now

 

[Raoh]

I've been thinking about what could have happened while on train back home, and I think this could be a likely scenario. Keep in mind that this is all pure speculation, I of course know nothing about what's really happening, but the time table at least makes sense.

My guess would be that Sony was totally confident about the client side (the PS3 itself) and never really checked deeply into the server side security of PSN. All important transaction on PSN is handled via HTTPS requests, which are basically impossible to decrypt (even with a proxy setup on the PS3), unless the SSL chain of trust is cracked. So unless something happens with the client side, no one can know exactly what's the parameters called inside a PSN HTTPs query.
So far so good, as long as the PS3 hasn't been cracked, it's safe (security through obscurity).

But starting a few months ago, custom firmwares appear, allowing people to change their client side SSL handling and create proxy servers that are able to actually decrypt all the traffic to the PSN servers (see simple PSN Proxy for example, who will patch all https queries to spoof whatever firmware version you want). Security through obscurity is now broken, and almost anyone now knows all about the secure PSN protocol.

Until now, this is all public stuff, and I'm moving to pure speculation mode. My guess is that Sony never really bothered with checking all their https webservices for SQL injections or even bothered to check if the PSN ID/Console ID pairing is right for payments. Now our little hacker does what it does best and brute forces all existing parameters to check for unusual replies (WAS scans, I do these all the time to check for injections on our various sites at work, many tools to do this). He then finds something, and manages to exploit it, either by getting credit card for any valid PSN ID he enters, or buy forcing credit card transactions on accounts, or whatever (this is what seemed to be happening before PSN went black).

Then Sony notices people are seeing strange messages on their consoles, their engineers take a look at what's going on and they have no choice but to put the plug until they find exactly where the security issue is, and what the hacker managed to do. If he actually managed to find a way to open shells on the PSN servers, nothing short of formatting/reinstalling every single servers from scratch (backups could be corrupted) and restoring all databases will do.

That's my take on what has been going on, and as a system administrator myself I certainly know quite a bit about being on the receiving side of such attacks.

Interesting.


I had always made jokes that sony had a mole in the company. Things just leaked randomly all the time.

They hire that company to help with Anon attacks. And in an inspection of their security, they discover a back door in their network.

 

[Shin Dynamo X]

Wonder if it is Anonymous or some other hacker group.

One one hand, you'd think Anon would be gloating, but then again, maybe they are purposely doing it stealthily.

http://www.psu.com/PSN-hackers-attac...a011425-p0.php

PSN hackers attacked Admin Dev accounts, services returning in a day or two, SCEE source claims

* Posted April 24th, 2011 at 04:06 EDT by Adam Dolge
* 6 Comments

A source with close connections to Sony Computer Entertainment Europe reports that the attack to the PlayStation Network may be a bit deeper than originally reported by Sony. According to the source, who wishes to remain anonymous, the PSN sustained a LOIC attack (which created a denial-of-service attack) that damaged the server. There was also a concentrated attack on the PlayStation servers holding account information. In addition, “Admin Dev accounts were breached.”

As a result, “Sony then shut down the PSN and [is] currently in the process of restoring backups to new servers with new admin dev accounts.” The SCEE source said Japanese servers may be restored tomorrow while the U.S. and E.U. servers will likely be operational the following day.

While this information is only corroborated via a series of Facebook messages, it is certainly not a stretch. Sony Computer Entertainment America recently confirmed that it pulled down the PSN because of an “external intrusion.” This essentially means that hackers were to blame. Sony is officially conducting a thorough investigation. The PSN and Qriocity services were pulled offline by Sony on Wednesday, April 20.

There was plenty of speculation late this week that the Anonymous hackers group was to blame for the PSN downtime. The group previously targeted Sony in retaliation to the legal action against another hacker. Anonymous has since denied involvement in the current PSN downtime.

Again, this information is from a source who claims to have a very close connection with someone at SCEE. We take these reports for what they are at this time, but it is certainly a possibility. If you have information to share, please do so.

"Everyone deserves the right to know what’s been going on," the source wrote in an email.

 

[Wario64]

Yeah I am starting to get pissed... Hulu won't work without PSN at least. Can't play KZ3. etc. I am getting sightly irritated by now

At least you can play single player. Just think of those Final Fight/Bionic Commando Rearmed 2 owners...

 

[Pinko Marx]

This entire thread should go on WhiteWhine.

 

[graywolf323]

What are your worst case scenarios?

A. Credit card info compromised (I doubt it since they haven't told people to contact their banks).

B. PSN store purchased content licenses gone.

C. Existing wallet funds gone.

D. Trophies gone.

E. Everything comes back up as normal eventually, and they don't tell us a damn thing. Leads to a total loss of trust in PSN and future business.

B but I would think they'd be able to fix that

 

[CitizenCope]

When PSN goes up, maybe people will finally be able to use their credit cards to purchase stuff on PSN

Wait has this been an issue for a while? On Tuesday I tried to make my first PSN purchase(flower) and I kept getting an error message.

 

[bangai-o]

all my curtains and furniture and stuff better still be in my Home when i get back.

 

[Kagari]

People expecting to receive something after PSN goes back up need a wake up call. Probably won't happen and even if it does it won't be anything special, so stop whining about it. You should be happy they already offer the service for free. Now if they charged monthly, I could see why those complaining would want something in return, as they wouldn't be able to use something they paid for.

 

[Chaplain]

Wait has this been an issue for a while? On Tuesday I tried to make my first PSN purchase(flower) and I kept getting an error message.

The PSN went down for me and others starting last Sunday or Saturday. So the problem happened before Wednesday.

 

[Professor Beef]

all my curtains and furniture and stuff better still be in my Home when i get back.

Security is down = time to loot. Your stuff is long gone.

 

[patsu]

People expecting to receive something after PSN goes back up need a wake up call. Probably won't happen and even if it does it won't be anything special, so stop whining about it. You should be happy they already offer the service for free. Now if they charged monthly, I could see why those complaining would want something in return, as they wouldn't be able to use something they paid for.

Well... It wouldn't hurt if they plan something to celebrate if PSN sustains beyond 3 months. ^_^

 

[Raoh]

all my curtains and furniture and stuff better still be in my Home when i get back.

Security is down = time to loot. Your stuff is long gone.

LMFAO

 

[CitizenCope]

The PSN went down for me and others starting last Sunday or Saturday. So the problem happened before Wednesday.

Ok I had issues too. Tues. was the only day I could get on in the last week. I'm new to the PS3 so I didn't know wtf was going on.

 

[Philthy]

People expecting to receive something after PSN goes back up need a wake up call. Probably won't happen and even if it does it won't be anything special, so stop whining about it. You should be happy they already offer the service for free. Now if they charged monthly, I could see why those complaining would want something in return, as they wouldn't be able to use something they paid for.

this is like twisting the knife after we've been stabbed

 

[malingenie]

Wait has this been an issue for a while? On Tuesday I tried to make my first PSN purchase(flower) and I kept getting an error message.

I bought 3 games (for psp go ) tuesday, no problems.

 

[Dead Man]

People expecting to receive something after PSN goes back up need a wake up call. Probably won't happen and even if it does it won't be anything special, so stop whining about it. You should be happy they already offer the service for free. Now if they charged monthly, I could see why those complaining would want something in return, as they wouldn't be able to use something they paid for.

I can see people's frustration though. If you buy a MP only, or MP focussed game, part of the price includes PSN access, since it is pretty worthless out that. So it's not really free, it's just not a discrete charge. But yeah, I wouldn't hold my breath for any swag or anything.

This entire thread should go on WhiteWhine.

I hate that phrase so much. Should it not be First World Problems or something? I know it's not as catchy, but fuck the inherent racism in the phrase. Either white people have no problems, or non white people can't be decadent and successful. Either one sucks.

In before 'This post should go on WhiteWhine'

 

[shintoki]

People expecting to receive something after PSN goes back up need a wake up call. Probably won't happen and even if it does it won't be anything special, so stop whining about it. You should be happy they already offer the service for free. Now if they charged monthly, I could see why those complaining would want something in return, as they wouldn't be able to use something they paid for.

Wouldn't the cost of the online be included in the purchasing of the system and/or game.

Steam is free too, but if it goes down. Then all the content I paid for, I wouldn't be able to access.

 

[DR2K]

People expecting to receive something after PSN goes back up need a wake up call. Probably won't happen and even if it does it won't be anything special, so stop whining about it. You should be happy they already offer the service for free. Now if they charged monthly, I could see why those complaining would want something in return, as they wouldn't be able to use something they paid for.

What if you bought the system because of the free online? What about all the things locked to PSN that consumers have lost access to?

 

[daffy]

eatin some cheese snacks

waitin for PSN to go back up

 

[CitizenCope]

Glad I passed on Socom 4 even though I preordered it. Went with GoW3 for $20 instead.

 

[brucewaynegretzky]

What if you bought the system because of the free online? What about all the things locked to PSN that consumers have lost access to?

That's just an unreasonable expectation. That's why they have the license agreement that you pick "agree" on. There's no possible way a consumer can expect a system without ANY flaws or mishaps. It's just nuts. If Sony does anything it will be out of goodwill. This falls under "shit happens."

 

[bangai-o]

I hate that phrase so much. Should it not be First World Problems or something? I know it's not as catchy, but fuck the inherent racism in the phrase. Either white people have no problems, or non white people can't be decadent and successful. Either one sucks.

In before 'This post should go on WhiteWhine'

never heard that phrase. i thought it had something to do with Chardonnay or Whit Zinn. And we are all whining so much we need more cheese something something.

 

[Dr. Malik]

never heard that phrase. i thought it had something to do with Chardonnay or Whit Zinn. And we are all whining so much we need more cheese something something.

http://whitewhine.com/

 

[baekshi]

what about our cloud saves?

 

[Rockman-X]

What if you bought the system because of the free online?

Expect the same treatment they gave to those who acquired a PS3 for Linux.

 

[Diablos]

People expecting to receive something after PSN goes back up need a wake up call. Probably won't happen and even if it does it won't be anything special, so stop whining about it. You should be happy they already offer the service for free. Now if they charged monthly, I could see why those complaining would want something in return, as they wouldn't be able to use something they paid for.

I paid for Plus. I don't see why a free month added on or some kind of discount is such a terrible thing to ask for. The network has been down for a while, and over a holiday weekend. People can't play MP games such as MK which just came out, and if you are also paying for something such as Hulu, you have no access on your PS3 (my preferred method of viewing). It's a huge inconvenience. As far as free games go, obviously no one should be expecting a free copy of Infamous or something. Perhaps a game worth $5 or $10 wouldn't be that big of a deal.

 

[Gekko87]

Well thankfully I deleted my CC info before this all happend. I'm a lot more worried about my saves in the cloud.

 

[SykoTech]

Played through all of Jak II (good game but running back and forth through the city was repetitive), and thought for sure PSN would be back up by now. This "re-building the network" talk makes me think I can forget about it being fixed this weekend. So much for catching up on LBP2 levels.

Welp, on to Jak 3.

 

[Kagari]

I paid for Plus. I don't see why a free month added on or some kind of discount is such a terrible thing to ask for. The network has been down for a while, and over a holiday weekend. People can't play MP games, and if you are also paying for something such as Hulu, you have no access on your PS3 (my preferred method of viewing). It's a huge inconvenience. As far as free games go, obviously no one should be expecting a free copy of Infamous or something. Perhaps a game worth $5 or $10 wouldn't be that big of a deal.

I could see them offering a free month of PS+, but not a full game. And I'm actually surprised you signed up for that

 

[DR2K]

That's just an unreasonable expectation. That's why they have the license agreement that you pick "agree" on. There's no possible way a consumer can expect a system without ANY flaws or mishaps. It's just nuts. If Sony does anything it will be out of goodwill. This falls under "shit happens."

I doubt when either party agreed to the terms a total shut down for several days was in mind.

For the sake of good PR, Sony is obligated to making up this huge fuck up to the consumer.

 

[Diablos]

I could see them offering a free month of PS+, but not a full game. And I'm actually surprised you signed up for that

Plus is a really good deal, especially since I got another 3 months on top of it. Free episodes of Qore too, plus the KZ3 open beta was awesome and I look forward to more things like that. MS needs to learn from Sony; this is how you do a paid console network service.

Free month of Plus for every man, woman and child plus a cheapo game throw-in sounds reasonable to me.

 

[CrushDance]

Speaking generally, the things hackers are capable of getting away with is worrisome.

Like I said before, cyber crime laws are going to be passed hard in the next few years.

 

[Lonely1]

Like I said before, cyber crime laws are going to be passed hard in the next few years.

What if the hacker is located where none gives a dam?

 

[Diablos]

Like I said before, cyber crime laws are going to be passed hard in the next few years.

Simultanously the telecoms will get the last laugh and we'll all be capped and throttled to death. But that's for a different thread. The future on online networks is a dismal one, but it'll me made a reality in the name of security and corporations protecting their own interests above anyone/thing else's.

 

[Phonomezer]

http://whitewhine.com/

oh my