Sections

QUEEN’S RUBBER DUCK – Moving past PSN melodrama

Thursday, 28th April 2011 06:38 GMT By Brenna Hillier

Oh, the humanity. Sony has taken a lot of flack over PSN-gate – some deserved, much more unwarranted. Let’s give the Japanese giant some credit for a nasty job done right.

Disaster Timeline

The PlayStation Network went down April 16

On April 23, Sony announced an “external intrusion”

Developers were warned of “emergency maintenance” by April 26

More than ten days after the initial shutdown, Sony announced user data had been compromised

No, the world hasn’t ended. You can stop vomiting. PSN was taken down last Wednesday after being hacked. It’ll be back up again in a few days. Here’s why you should be getting on with your lives.

What did Sony do right?
Practically everything. Sony’s reaction to the detection of a network security breach was picture-perfect, beginning with: shutting PSN down without warning.

Think about it. In whose interest is it to shut the PSN down? Sony did not, at the time the breach was detected, understand that the hackers had penetrated far enough into its systems to compromise user data. According to industry and hacker rumour, Sony was first alerted to a problem when those scoring free games and account credit through a custom firmware-enabled exploit of the developer-only network got a little too greedy. Keeping PSN up and stalking its prey would have been a tempting option.

But Sony played by the rules. Acknowledging the risks, it slammed the doors shut, called in outside expertise, and prepared for a total overhaul of the system if necessary. Closing PSN for a week over a holiday weekend is, clearly, a nightmare for the platform, even putting aside lost revenue. But against the possibility of letting hackers have their way with user data? It’s nothing to Sony. It takes security seriously.

No really, it does. Put aside what you’ve been told by some bloke in the pub for a minute, and pay attention to reality. Every network in the world can be hacked, with enough time, skill, and patience.

There’s been some loose talk about the fact that console and social networks are easier targets for hackers than, say, banks, but that doesn’t make it easy. Next time a major financial institution is compromised, you can bet your bottom lip someone will find something to describe as inadequate in its security. Xbox Live got caught with a phishing scam just yesterday. That’s the state of network security in 2011: inadequate.

Although requirements vary between international jurisdictions, there are very few territories in the world with strict legislation as to what preventative measures companies storing personal data must use. The ICO is investigating Sony, yes, and if found negligent, the company will face massive backlash in multiple countries. But there’s a strong likelihood the PlayStation Network will be found to meet minimum standards.

That’s the state of network security in 2011: inadequate.

In the face of so much bad press, Sony has to be lauded for sucking in its gut and telling us what we needed to know, almost as soon as it knew – that the personal data of account holders had been compromised.

Note: compromised, not stolen. Sony has no evidence that anything has actually been taken.

Here’s an analogy – PlayStation Network is a locked box, divided into compartments, each of which has its own additional locking mechanism. When Sony noticed the external lock had been tampered with, it shooed everyone out of the room to figure out what had happened, and fit a better lock.

Soon after, with a sinking heart, it noticed scratches around the lock on the compartment marked “user data”. It’s had a look in there, and nothing seems to have been shifted, but until it can dust for fingerprints and run one of those UV lights over it, it can’t yet be 100 percent certain the information inside wasn’t copied – just 99 percent.

So, knowing the media would jump all over it, knowing the panic it would cause, Sony responsibly admitted the possibility. It’s taking the PR hit stoically.

What Sony did wrong?
It’s a short list: it didn’t communicate.

I received an email this morning informing me of the outage, the security breach, and the possible compromise of my personal data. Each of these facts were known to me days before – I first read (and indeed, wrote) of the outage over a week ago.

This long-lasting silence is Sony’s biggest failing, not just because it shows disrespect for users, but also because it left time for misinformation, rumour, speculation and lies – the four horsemen of the PR disaster apocalypse – to get their spurs on, and whip the informed gaming world into a frenzy.

If Sony takes one lesson from this mess, it’s that those mail-outs needed to happen within the hour. We’re a lot more forgiving when we feel like we’ve involved, not standing on the edge of the crowd, clueless and angry.

More Information

Primary coverage of events and repurcussions

Official Sony Support FAQ

PSN Outage Q&A

SOE says none of its user data has been lost – as far as we know

Sony’s T&C’s protect the company in case of security breach

The ICO announces an investigation

US Senator attacks Sony for lack of communication

Anonymous denies responsibility

Purported hacker logs claim gaping security holes

Data security research firms estimates costs of $24 billion

What about me?
You should cancel your credit card. However slim the possibility that your data has been compromised is, you shouldn’t gamble your financial security on it.

But while you’re at it, you should get in touch with your bank, your work place, your social network, your MMO – any identity you log into, and which you’d be troubled by the loss of – and set up additional security measures, including double authentication, hard-to-remember passwords, and better secret questions. And not grumble about what a hassle it is.

The information stored on PSN – your name and address, date of birth, a few other bits and bobs alongside your credit card details – is all a fraudster needs to access most of your life. You very likely type most of it into every website you register for, send it off over the insecure HTTP protocol, and trust it to be used safely.

Have you ever called your bank and forgotten your PIN? What security questions did they ask you? Could your partner or a friend (or your neighbour, or somebody with a pile of print-outs taken from your recycling crate) have answered those questions, changed your contact details, and usurped your identity?

You’re a weak link here. You’re not aware of how much you give away about yourself. You trust, foolishly, that nobody can breach the walls society puts around you. You’re wrong. You can’t blame PSN for that; it doesn’t store anything you wouldn’t hand over anyway.

The PlayStation Network is likely to be back up and running within a week, very probably with all your trophies, saves, and data intact. We know Sony has new security features in mind – it’s in the process of migrating servers even now, and don’t be surprised if an optional double-authentication app turns up next month.

We’ll forget all about this, then. What doesn’t kill you makes you stronger. Treat yourself to an extra rubber duck for your bath.

Latest

79 Comments

  1. Kabby

    Are you the Anti-Pat?

    #1 3 years ago
  2. Syrok

    Finally a calmer perspective on the whole thing…

    #2 3 years ago
  3. JimFear-666

    Finally something different on the psn-gate. Its always good a breath of fresh air

    #3 3 years ago
  4. Brenna Hillier

    @Kabby. Yes.

    #4 3 years ago
  5. Dean

    What Syrok said.

    #5 3 years ago
  6. dragonsight

    i wonder how happy the people who supported the hackers on the geohot thing are right now. nothing bad could have happened with the info that he made public for is own e-fame. didnt they always say information should be free. but when it comes to their information they get complain that it is sonys fault.
    to all the people who say, “get an xbox”. i say, “you didnt buy a ps3 after your 5th xbox. why didnt you by a ps3 then?”
    to me this situation just shows me how lax i have become in trusting anybody with my personal information.

    #6 3 years ago
  7. onyxbox

    Nice to see some maturity… Pat hasn’t been very helpful at all during this nightmare.

    #7 3 years ago
  8. Myth

    Think VG247 are the ones who listened too much to the incompetent bloke in the bar. According to your own coverage, Sony’s PSN had staffering vulnerabilities, such as cleartext saving passswords or client-defined pricing – those are HUGE no gos for any Web solutions, simple web shops to large solutions, since around 2000!

    It seems like a system defined wthout any serious thoughts about its own vulnerabity – a judgment you’d have to make regardless of hindsight.

    #8 3 years ago
  9. Freek

    The whole everything can be hacked line doesn’t hold allot of water if PSN security is found to be inadequate, wich is evidence is pointing to.

    Neither is saying that security in general is lacks, that simply isn’t the case.

    Phising is just sending out message asking for people personal info, that isn’t on the same level as breaking into the server.

    And bank security is good. Just changing adress meant I was no longer able to use my credit card for a while. I had to resubmit proof that I was who I said I was after ordering something from the internet.
    Merely the act of ordering something to a different adress then registerd on the card set off security flags.

    And no, I won’t be just forgetting about this. Sony has proved itself to be unreliable and I won’t be doing credit card purchases with them in the future.

    And nobody just casually sends off adress and creditcard details to every site you register too.
    At most an e-mail adress and a user name.

    #9 3 years ago
  10. Patrick Garratt

    There was a good piece on the BBC yesterday explaining why security for entertainment services like PSN and Live can’t be as strong as internet banking. It’s a toss up between rock-hard security – card readers, multiple passwords, multiple ID numbers, multiple encryption processes, etc – and ease of use.

    Hang on, I’ll find it.

    #10 3 years ago
  11. Patrick Garratt

    Here: http://www.bbc.co.uk/news/technology-13213632

    #11 3 years ago
  12. MarissaG1

    WTF is this site smoking, did you get a nice call from the Sony “have bags of money and shut up department”. The fact that the hackers were able to get *ALL* of the PSN customer database points at a massive FAIL on Sony’s part. Why wasn’t the data segregated in separated systems, behind separate firewalls?

    BTW copying 77 million accounts and their related info is not a fast process. What kind of network monitoring do this people have that didn’t detect massive amounts of customer data being accessed/transferred?

    Sony is 100% on the hook for this, because in the end it is their responsibility to protect our data, THEY FAILED, and what’s more they seem to have been irresponsible about it.

    People are already starting to report fraud related to this. It is serious and as consumers we can’t let Sony off easy.

    #12 3 years ago
  13. Zurtech

    “What did Sony do right?
    Practically everything. Sony’s reaction to the detection of a network security breach was picture-perfect, beginning with: shutting PSN down without warning.”
    “What about me?
    You should cancel your credit card. However slim the possibility that your data has been compromised is, you shouldn’t gamble your financial security on it.”

    That does say they’ve not done “practically everything” right. If they had done everything right, the moment Hotz published the root key they should have taken PSN down then and fixed the breach before it became a problem.
    Whilst I think Sony were right to take Hotz to court cos you can make an educated guess without the root key he published none of what’s happened over Easter would have happened at all. but you have to look back to how long ago he published it, and that Sony needed to’ve taken action on PSN’s security then and there.
    Also if they really did have everyone’s details unlocked on their systems then they’ve broken the Data Protection Act and, at least here in the UK (I don’t know about abroad) they can get in some deep shit over that.

    #13 3 years ago
  14. Freek

    This has nothing to do with the PS3 DRM being cracked. That just the console, not PSN.

    Hell, every console on the market is cracked months after it’s released. That doesn’t effect Xbox Live or Itunes or the Wii network.

    #14 3 years ago
  15. TheWulf

    “Every network in the world can be hacked”

    It’s interesting to say that when Steam’s network has yet to be breached. In 2007 there was a pretty believable hoax about it, that had the aid of a Cyber cafe to make it all the more realistic, but that turned out to be fake and much evidence was presented to prove it. Steam is so secure that people have to fabricate breaches to satisfy their wet dreams about breaking in.

    Consider that for a moment.

    Steam has been running since ’04. That’s 2004. That’s 7 years of strong security that’s never been breached.

    What was the excuse for having shit security, again?

    Oh, right. It’s happened to other people so negligence is okay. Security negligence is NEVER okay. Ever. Seriously. Every previous instance of a breach this bad (and it was bad, VERY bad, far worse than all of the rumours that were drifting around before Sony told us just how bad it was) is inexcusable. It’s incompetence, it’s idiocy, it’s complacency, it’s stagnation, and it’s completely underestimating those with malicious intent.

    You need to be upgrading your security as often as you can, staying on top of new security practises, using the latest and most secure forms of encryption, and generally doing what Valve do, doing what’s made Valve an impregnable fortress since ’04.

    If Valve can do it, anyone can. Stupidity is not an excuse. Stupidity should not be praised.

    #15 3 years ago
  16. kingofscotland

    Brenna the Anti Pat – Definately.

    But I’d also like to say well done for Pat posting this piece which then gives a balanced argument – thats what its all about, fair balanced view.

    Pat says one thing, Brena says another then everyone gets a bigger picture and can decide for themselves what they agree with.

    #16 3 years ago
  17. PapaJustify

    I just registered for this site only because I wanted to express my gratitude towards this article, which – in those times – is a blessing to read amongst all the Sony-hate-press.

    Finally an editor who stays objective in the face of customer rage and sensational headlines.

    I really want to thank you for this, Brenna! Great Work!

    #17 3 years ago
  18. Blerk

    If this is ‘pretty much everything right’ then I’d hate to see what it’s like when they get everything wrong.

    #18 3 years ago
  19. TheWulf

    @13

    No, they were not right to take Hotz to court, that was part of their manifest idiocy. The correct thing to do would’ve been to hire the man on the spot. If someone spots a way to break into your supposedly secure console then you want to know all they know, and firin’ yer law lazors at them isn’t going to get you that information. A job offer will.

    This has happened countless times in the past, but even still, it’s Sony’s fault for not having enough security experts in the first place. If they’d built a better system then Hotz wouldn’t have had such an easy time to crack it. Sony just has to suck it up, swallow their pride, and ask the man to come work for them.

    What did they do? They went on the most ill-conceived, most butthort, most egomaniacal tantrum-riddled romp they could have. Yeah, in hindsight, that was such a great idea.

    I’ve been a Sony supporter in the past, but I cannot and will not support and/or praise idiocy.

    #19 3 years ago
  20. Gekidami

    ^ 5 years = “An easy time” apparently.

    #20 3 years ago
  21. DuhMan

    at last some perspective.
    seeing both sides of the coin
    but i DuhMan with my fellow XBOTS will hammer SOny to death,we have to
    now is our chance
    sell your ps3′s and get XBOX360 woohooo.This could never happen to Live
    because Microsoft rulezzzzz
    derpppppppppppppppp

    #21 3 years ago
  22. TheWulf

    @20

    Nice attempt at smoke and mirrors. Once GeoHot sat down to try it, he made pretty quick progress as you’ll note if you read his blog. However, there have been many concerted attempts to try to hack Valve and none of them have ever succeeded. So the only recourse was a hoax.

    And even despite that, if you’re being an apologist then you’re encouraging corporate idiocy and open access to your most private details. I must have different standards to you.

    #22 3 years ago
  23. dragonsight

    @thewulf
    hotz is not the clever individual that you think he is. what he has done is use other peoples work and published it faster and louder than them for his own egotistical gain. what hotz exposed publicly and quite loudly has directly led to this situation.

    your heavy emotional word choice only leads others to foment emotions. right now we need to think clearly. that means to think rationally and without emotion. you say that idiocy should not be praised, yet it seems that you are tying to instill it in others. why is that?

    #23 3 years ago
  24. TheWulf

    @dragonsnight

    So if Hotz isn’t that bright then you’re saying that Sony’s security was so bad that it could be cracked by a dumb kid?

    Excellent.

    I think you may find though that your logic is perhaps a bit flawed, and thus your whole viewpoint is suspect.

    If this needs to be spelled out though, which I fear it might, then I’ll spell it out. If you act like an apologist and say that GeoHot is just a dumb kid who built upon the works of others, then it’s STILL Sony’s fault because they should’ve been watching all this work that GeoHot had supposedly built upon and created some barriers of protection to prepare themselves for this.

    And if GeoHot is as smart as I think he is, then it’s still their fault because they could’ve hired him or worked with him instead of making the situation a million times worse.

    Either way, Sony dropped the ball here. And all apologist arguments lead to the true fault lying with Sony.

    #24 3 years ago
  25. frostquake

    So if Pat and Brenna ever come into contact, like matter and anti-matter will there be an all consuming explosion??

    In that case get it over with, don’t want to call and cancel my card and go through the headache again and again and again!

    I remember the days when the ONLY and I mean the ONLY PASSWORD I had to remember was a Locker Combination in High School…and I sucked at that too!!!

    Now my days are DOMINATED by ever growing increasingly difficult to input passwords, that now require a Paperback Thick Sized Binder that is Overloaded with Passwords…Pages and Pages and Pages of Passwords!!!

    #25 3 years ago
  26. dragonsight

    @ thewulf
    no, i did not imply any of that.

    a group of very knowledgeable individuals collaborated to hack the ps3. this information was then presented to hotz. hotz then released this information stating that he has hacked the ps3. by his actions that makes him a lier and an egotistical individual.

    it seems that you have the reasoning pattern of a female. are you perhaps a female? you still didnt tell my why you are using such emotional words as i would like to know your agenda. because right now we do as individuals have a problem that we need to take seriously and act rationally. either you are helping us gain valuable information that we can use or you are not. which one are you?

    my main point is that finger pointing does noting. as an individual i need to act and i want valuable reliable information so that i can act. by you posting your emotional words is contrary to that. so, what am i trying to convey. YOUR POSTS ARE A WASTE OF SPACE AND UNNEEDED. so far this has been the most rational article that i have read and you are ruining it.

    #26 3 years ago
  27. Freek

    @18, Would probably involve PS3 being used as guidance system for nuclear weapons that started WW3 and wiped out humanity.
    And not by accident, but as a nice means to increase proffit and fund development of the PS4.

    ;)

    #27 3 years ago
  28. DonnerKebab

    And the fact that they sat on the bad news about our cc details until after they released their new Sony pads, as pointed out by Game Informer?

    No, the very fact that there is a possibility of our names, addresses, DoB, etc being used for the foreseeable future in ways we haven’t even begun to think about, including opening accounts in our names, does not mean we are overreacting.

    #28 3 years ago
  29. OrbitMonkey

    Lulz, TheWulf you talk some shite. “Hey Sony, some guy hacked your console & is bragging how easy it was… Hire him!” Fucking idiot. You think the police should hire thieves & murderer’s too? O_o

    #29 3 years ago
  30. NeoSquall

    *sends e-hugs to Brenna*

    #30 3 years ago
  31. Kerplunk

    Interesting.

    Disregarding the content of this article for a moment, I am hugely impressed with VG247 for wilfully presenting a contrarian article on such an emotive topic. I feel there is always more than one side to any story and that, often, things are not so black-and-white as they are often presented.

    Going forwards, I think VG247 could really raise their game with more of these “other side of the coin” type articles on things. It would add a genuinely unique* element to the flood of news to the site and might also raise the standard of all the content presented on the site.

    *IGN have done this sort of thing but kept it locked as part of their premium subscriber content. And, you know, IGN o_0

    #31 3 years ago
  32. Mike

    What did Sony do wrong?

    Have an outdated, flimsy network,that’s both slow, badly designed and monitored, poorly implemented and wide open to attack. On top of that, they stored your personal info server-side as a text file – something which no-one else does in cases like this.

    How it can be “they didn’t communicate” is beyond me. It should’ve been:

    What did Sony do wrong?

    They hired the wrong people, took the wrong decisions, rested on their laurels and mismanaged 75 million people’s data.

    #32 3 years ago
  33. Mike

    #29 – the police often hire ex-cons as consultants, they also hire theives etc. as informants.

    But yeah, stupid idea…

    #33 3 years ago
  34. DuhMan

    ^herp a derp
    get them

    #34 3 years ago
  35. Deacon

    Good article Brenna – thanks.

    I wasn’t surprised to see this story mentioned on pretty much every news bulletin last night, even the local ones. The coverage I have seen on the British news channels is completely biaised and one-sided, as is to be expected from a society who only ever seem to want to point the finger at the big corporations.

    The fact remains that this could have easily happened to XBL were Microsoft the ones angering the hacker community.

    Am I the only one here who HASN’T changed passwords and had reconstructive plastic surgery?????

    Really….. without the answers to my personal security questions or the security number on the reverse of my debit card, what can they actually do??

    Only the idiots among us will fall for giving out any further information, and as such all this media scaremongering all seems a bit.

    —————

    @DuhMan – you really are the worst kind of troll. Please die.

    #35 3 years ago
  36. Mike

    I forgot to add that what Sony also got wrong is that it arrogantly believes that millions of people will simply hand over all their details again on Sony’s word that “we’re better now.”

    How can I trust you, Sony? You’ve had years of PSN mismanagement culminating in the astronomical fuck up, what makes you think we can trust you now?

    #36 3 years ago
  37. DaMan

    TheWulf, stop talking shit! hacking a leisure device is the same as an armed robbery, get off my internet now.

    Easy there, number 34. You try way too hard. Consider diazepam, that should ease the pain of Killlzone withdawal.

    #37 3 years ago
  38. RandomTiger

    @35

    “The fact remains that this could have easily happened to XBL were Microsoft the ones angering the hacker community.”

    The 360 was hacked ages ago and I never even heard about it because MS chose not to make a big deal about it.

    On what basis do you think xbox live could “easily” be hacked?

    #38 3 years ago
  39. Goffee

    I know they are different animals, but all Sony needed to answer the lack of communication issue was a status update page similar to Amazon’s whose outage affected many more real businesses and services (http://t.co/GRQ1QIk) to tell users what was happening – updated every couple of hours.

    Sitting on the problem with highly vague updates once a day did nothing to help calm the situation. That’s where Sony fell down as the article points out, and it is shocking that a media company can do so badly.

    #39 3 years ago
  40. DuhMan

    @37
    Bro what are you talking about?Shitzone and pieceofcrap3 have nothing to do with me
    HALOZ for evar.Im gonna enjoy some LIVE tonight.Butthurt sony fanboys
    DERP

    #40 3 years ago
  41. HauntaVirus

    WOW, lesbian ducks???

    #41 3 years ago
  42. Deacon

    I’m just saying that were there enough incentive for a specific targeted attack against XBL, I’m convinced that hackers could cause an equal amount of disruption and ball-ache.

    Of course now that this has happened to Sony, MS would be crazy not to reassess their own security architecture, especially with regards to personal data.

    There’s so much sensationalization around this that few people seem to be considering the possibility that Sony (other than being a bit slow on letting us know what’s happening) may well have done all they could to prevent the disturbance and theft of data. I highly doubt they left a huge hole in their security as some people are making it sound.

    #42 3 years ago
  43. DaMan

    Number 40, notice how you ‘ve already made more comments on the matter than I did since the very beginning of this disaster.

    http://en.wikipedia.org/wiki/Obsessive–compulsive_disorder

    ^ a good read.

    keep it up, you’ll be the third permaban in the history of vg24/7.

    #43 3 years ago
  44. RandomTiger

    @42 Im sure xbox live is quite hackable but so is any system under enough stress. MS have not invited attacks on their system in the same way Sony has.

    We don’t know how much effort it took to hack Sony’s system but why was the “personal data table” not encrypted?

    Sony still hasn’t contacted their customers personally to let them know the risks and have left it to the media to pass on statements instead.

    As you point out the upside will be that everyone tightens their security.

    #44 3 years ago
  45. Mike

    @42 MS is probably the most hated software company out there. Of course there is incentive.

    #45 3 years ago
  46. DarkElfa

    What a bullshit puff piece!

    Sony did nothing right here. Their encryption was laughable to non-existent and they apparently cared little about their user’s info. It wasn’t until THEY were presented with potential monetary loss from free credits and games that they jumped into action.

    How with Sony’s business ethics and customer service history, they have any customers left is beyond me. There’s fanboy, then there’s masochistic asshat.

    #46 3 years ago
  47. Deacon

    @45 – it would be interesting to see a mass poll regarding major video game companies.

    Sure there are always haters. But you must admit the whole OtherOS / Hotz / Anonymous saga has given the hackers plenty of reason to ‘get even’ as they may call it.

    MS on the other hand haven’t baited the hackers by filing lawsuits against them or removing features which were once available.

    (But still, even after 10 years, are unable to build a good quality console)

    #47 3 years ago
  48. Ireland Michael

    @46 This.

    I like Brenna, but this article reeks of being a “nice for the sake of being nice” fluff piece.

    If you actually do believe Sony have been that effective and top quality about the whole thing… well, I dont just know what to say.

    This entire thing makes the whole Gawker crap a few months ago look like a playground scruffle in comparison.

    #48 3 years ago
  49. Deacon

    @46 & 48

    And I suppose you guys know exactly how the PSN security is inadequate and outdated right?

    Please tell me about their particular encryption or lack of while you’re at it!

    #49 3 years ago
  50. Blerk

    Sony themselves have said that although the credit card information was encrypted, the user information wasn’t. So once the hackers were past the actual security systems the user names, addresses, passwords, etc. were all in plain text – a schoolboy security error that not even the smallest web site would make, never mind a supposed super-mega-corp.

    #50 3 years ago
  51. kingofscotland

    @ 44 – Totally agree with that you’ve said apart from Sony not contacting customers – all registered emails have been emailed an ‘important info about your account’ from Sony.

    I have 2 emails – 1 for each account

    #51 3 years ago
  52. Blerk

    Well I don’t have an email. They’ve been quite happy to send me endless marketing shit in the past, too.

    #52 3 years ago
  53. Alakratt

    Finally a non-sensationalist article!!

    #53 3 years ago
  54. Gekidami

    http://ps3.nowgamer.com/news/5669/sony-psn-credit-card-information-encrypted

    #54 3 years ago
  55. mathare92

    Whoa there, Wulf. No need to be overly pimping Valve’s security. :) You don’t know who might be reading that. If there’s one thing we’ve learnt from this mess, it’s that there’s few more dangerous than a skilful hacker with a little motivation.

    Also, to all – the BBC piece Pat linked earlier is an interesting read. [http://www.bbc.co.uk/news/technology-13213632]

    #55 3 years ago
  56. Deacon

    The reconstructive facial surgery was a bit premature then?

    —————————————-

    I love how there is a massive assumption on behalf of the media (incluing the BBC from what I’ve read of that article) that whomever attacked the network did it SOLELY to gain personal data etc.

    we don’t know WHERE the ‘external intrusion’ came from yet.
    It could be a random group of hackers / Anon / ANYONE, that simply want to cause yet more disruption and distress to Sony… it could be anyone, and the reason is as of yet completely unknown.

    #56 3 years ago
  57. Ireland Michael

    @48 I am a network administrator. This stuff is fairly basic.

    The simple fact that people’s information wasn’t encrypted is pure laziness and stupidity. You don’t leave that kind of information lying around.

    I’ve also seen numerous complaints from people on here *alone* of their cards being charged for purchases they didn’t make, meaning someone got into other people’s accounts and used them. That isn’t just bad. It’s stupid and incompetent.

    If you’re some sort of Pepsi-guzzling basement dweller who still lives with his mother, it might be hard to understand just how bad this could affect people other the yourself on an individual level.

    For the consumer, it’s potential lost money that they need to take time out of their busy family life and work to get back from their credit card holder. For businesses, it’s potential lost profit and exposure.

    I feel especially bad for NetherRealm and Valve. They both invested in partnerships with Sony to promote the PS3 versions of their games and their exclusive content, and the service goes down a few days later. Not to mention all the lost revenue on the PlayStation Store.

    This not only harms those companies who supported Sony, it ruins consumer trust. This isn’t philshing people, it is simply poor neglect on Sony’s part, and they are *solely* responsible for this.

    #57 3 years ago
  58. Blerk

    Well said, Michael.

    And bonus points for “Pepsi-guzzling basement dweller who still lives with his mother”. :-D

    #58 3 years ago
  59. Ireland Michael

    One last thing. Even on the most basic of servers, passwords are almost always stored in an encrypted format, meaning that even the owner of the server wouldn’t be able to access that kind of information.

    Meaning only one thing; either passwords were unencrypted, or the credit card information was. Whichever one it was, it’s a first grade mistake and should not exist on a service of this size. You don’t need a degree in network engineering (which I have) to understand this.

    #59 3 years ago
  60. DrDamn

    @57
    “I’ve also seen numerous complaints from people on here *alone* of their cards being charged for purchases they didn’t make, meaning someone got into other people’s accounts and used them.”

    But no actual solid evidence that it was this breech which caused it. If it’s PSN like purchases then the account has been hack and if just before the network was taken down then likely related. Until they find a direct link through some proper analysis of data or catching someone with the big list of account details then how do you link the two? Certainly not through posts on an internet forum.

    #60 3 years ago
  61. DrDamn

    @59
    They have already stated that the CC info was encrypted and by implication the passwords apparently weren’t. Unless you think they are lying about saying the CC info was encrypted? At this stage that would be the stupidest mistake they’ve made so far in this sorry saga if true.

    #61 3 years ago
  62. Deacon

    Only time will tell if Sony’s infrastructure is/was grossly inadequate.
    I agree with you on the encryption element, but have still yet to see any substantial claims of fraud or ID theft as a result.

    I find it hard to believe that their setup fails to meet basic online security requirements, but I guess this will all be determined through the investigation.

    #62 3 years ago
  63. Ireland Michael

    @60 Oh please, this happens to a *huge* percentage of people just before the service goes down, at a quantity far beyond the scale of any standing philshing attempt.

    If a guy with blood on his hands runs out of a building just before they find the dead murder victim, it’s safe to say that person is the killer.

    #63 3 years ago
  64. DrDamn

    @63
    My point is – what huge percentage? How do you quantify it?

    Are you talking about PSN/Sony purchases or more extensive use of the credit cards?

    #64 3 years ago
  65. marijnlems

    While I appreciate the alternative viewpoint, Brenna, your story reads like the work of an apologist. Sony might not deserve ALL the criticism they’re getting, but they’ve certainly not done “practically everything” right – flawed network security and ridiculously inefficient communication towards their customer base are their most egregious mistakes.

    And then there’s this:

    “You’re a weak link here. You’re not aware of how much you give away about yourself. You trust, foolishly, that nobody can breach the walls society puts around you. You’re wrong. You can’t blame PSN for that; it doesn’t store anything you wouldn’t hand over anyway.”

    That’s pathetic. Let’s absolve all corporations of any responsibility towards their customers, why don’t we? No, I wouldn’t just “hand over” my personal details to anyone; the fact that I’ve put them on PSN is based on the implicit promise that Sony would keep that data safe.

    #65 3 years ago
  66. Ireland Michael

    @64 PSN purchases. I’ve yet to see any reports of credit cards details being abused outside of PSN.

    Which leads me to believe that it was passwords that were compromised, and people’s accounts were simply accessed directly.

    #66 3 years ago
  67. DrDamn

    @66
    Oh absolutely, agree that is the case – Sony have admitted as much. There would have been a period when there was a breach of data prior to the shutdown. Plenty of time to do some stuff. The limited use related to PSN purchases implies the actual CC details were a bit more secure though. Why bother with PSN purchases at all if you have other details.

    #67 3 years ago
  68. AHA-Lambda

    i actually feel abit better after hearing it seems to be only related to psn purchases

    #68 3 years ago
  69. ManuOtaku

    The thing that theres no system/console that cannot bee hacked doesn’t matter in the end if PSN security is found that was lacking, which by all the information given at this moment seems to point out, thats far for they did almost evertyhing right, like one person did mention before, if this issue was the almost evertything right i dont want to see the almost everything bad, and lets not forget the time that had past since the key was divulged by geo is very long, why sony didnt take the neccesary steps to avoid this?, they should at least enforce their security a bit more under the circumstances, but they choose not doing it, therefore it was not they did everything right, we need to be strong with this case in order to avoid similar situations in the future, if we go softly with sony, then this will happen again in this industry with the same or another manufacturer.

    Also lets said that the Credit data was secure based on the sony statement What about our personal data and password, according to the same statement it was not encrypted at all, that alone says too much about all this situation, and believe me thats far for “they did almost everything right” like your post try to suggest,i know is your opinion and i respected it but i do not agree with it, why it was not encrypted?, for me this continue to demostrate that users are not taken in consideration the way it should be by sony, adding to the other issues like the other s situation and the lack of information for several days that kept their users on a black hole.

    Having said that i agree, is nice to see another different perspective of the same issue, like many posters previously stated, becuase at the end is us the readers that need to find all the information available in order to make our own opinion.

    #69 3 years ago
  70. spiderLAW

    Sony is going to have a tough time gaining back the little faith they had left from consumers after this one.
    That’s all i really have to say on the subject….im just too tired and wound up in life to care about this stuff anymore.

    #70 3 years ago
  71. spiderLAW

    one more thing to add.
    Please no more fucking hacking anything…dammit.
    I used to be a hacker in my teenage years, i’ll admit….but realy, it gets old and is really immature.

    #71 3 years ago
  72. DrDamn

    I think the “Everything right” point in the article was meant to be post discovery of an intrusion, not prior. It’s not worded particularly well but that’s how I read it initially. Prior it seems obvious there was a lot wrong.

    “What did Sony do right? Practically everything. Sony’s reaction to the detection of a network security breach was picture-perfect”

    #72 3 years ago
  73. daytripper

    @70 hope whatever is going on you get sorted

    #73 3 years ago
  74. ManuOtaku

    #72 put it that way i agree with you, after the breach what they did was almost everything right, the only thing that i cannot pass was the delay of information on sonys part, that could cause more trouble to the users that one might think, other than that good, but prior was quite the opposite case, it was almost everything wrong.

    #74 3 years ago
  75. spiderLAW

    thanks daytripper. Maybe eventually it will, but hey, its life and its how things go.

    #75 3 years ago
  76. XDamage

    I respect that Brenna manages to keep a level head when writing about this situation, unlike many many others. I think Sony will pull through just fine.

    #76 3 years ago
  77. Bluscope

    Finally! A level headed article and not another “OMG!!! Derp, This is the worst hack in teh history teh world is ending ARRRRRRGGHHHHHHH!!!!!!!”

    It really isn’t, I’ll admit that Sony really haven’t handled it all that well but Jesus, take a chill pill people.

    Thanks Brenna :D.

    #77 3 years ago
  78. jdfoster00

    @57 I’m sorry but that is simpley not true. Peoples information WAS enncrypted! (NOTE MY INFORMATION SOURCE:- http://blog.eu.playstation.com/2011/04/28/playstation-network-and-qriocity-outage-faq/ ). @70 How? Because of people like you yes but just no! They have given us all the information quickly! And have dont the right things like this article suggests sony has done… They only new on Monday then released, publicly, all the information regarding to psn… and it takes a while to send over 75 million emails you know? @69 Plz look at the related article to answer you’re queries! http://blog.eu.playstation.com/2011/04/28/playstation-network-and-qriocity-outage-faq/ @77 agree with you TOTALLY!

    #78 3 years ago
  79. IL DUCE

    First off: “The ICO is investigating Sony, yes, and if found negligent, the company will face massive backlash in multiple countries. But there’s a strong likelihood the PlayStation Network will be found to meet minimum standards.”
    -I don’t want them meeting “minimum” standards, I want them to actually try to have some legit security because last time I checked I haven’t heard about any massive hacks on XBL while the PSN/PS3 has had major hacking issues at least 3-4 times this year alone

    “Xbox Live got caught with a phishing scam just yesterday. That’s the state of network security in 2011: inadequate.”
    This scam was so minor you shouldn’t have even mentioned it in this article, it was only people on Modern Warfare 2 and they sent out a message immediately, not shut down XBL and not tell anyone what was going on for days…the difference between Sony and MS is that MS can handle breaches, and they are never as big as the one’s Sony has had recently

    “What did Sony do right?
    Practically everything.”
    -That’s an overstatement if I’ve ever seen one, “It’s a short list: it didn’t communicate.” – That’s probably the most important thing to do in a situation like that

    “What about me?
    You should cancel your credit card. However slim the possibility that your data has been compromised is, you shouldn’t gamble your financial security on it.

    But while you’re at it, you should get in touch with your bank, your work place, your social network, your MMO – any identity you log into, and which you’d be troubled by the loss of – and set up additional security measures, including double authentication, hard-to-remember passwords, and better secret questions. And not grumble about what a hassle it is.”
    -That’s the point, why should we have to go through all this because their security protocol and network in general is shit, I have had XBL for 3 years and nothing like this has ever happened but now I get a PS3 and PSN in February, even after a good amount of hacking bullshit and then this happens, let alone I got the PS3 to play SOCOM which I got to play for a good few hours before PSN went down…it is a hassle and it shouldn’t be, why should we trust Sony with any personal data at all if their security and response to breaches is what we’ve seen over the past few weeks…it is a travesty, and I hope they get what they deserve, why the fuck should I have to go through the trouble of cancelling my credit card, and changing passwords, and changing double authentication standards and making security questions harder. Plus any retard who knows how to work a computer has online banking of some sort and is able to check their credit card transactions every day to make sure it’s not being used unlawfully, so I’m going to gamble my financial security on it so that I can trade in my PS3 if any of my info was leaked…we’re customers, we have the right to be pissed, so if you think otherwise you’re either living in a dream world or being paid by Sony…

    #79 3 years ago

Comments are now closed on this article.