Linked by Thom Holwerda on Tue 26th Apr 2011 22:06 UTC
Games After days and days of the Playstation Network being offline, Sony has announced it has taken the service down indefinitely. The cause is a lot more severe than previously thought: PSN has been systematically attacked, and personal information of all users has been stolen, possibly including credit card data. Sony is asking PSN users to keep close tabs on their credit card account statements. This has turned from a rather amusing slap on the wrist for Sony into a massive and truly epic security fail that could have tremendous consequences for millions and millions of people the world over.
Order by: Score:
Comment by smashIt
by smashIt on Tue 26th Apr 2011 22:19 UTC
smashIt
Member since:
2005-07-06

I'm hoping law enforcement will track down and find the people responsible.


like sony management and their security-experts?

Reply Score: 19

RE: Comment by smashIt
by fretinator on Wed 27th Apr 2011 21:10 UTC in reply to "Comment by smashIt"
fretinator Member since:
2005-07-06

I realize this is mostly humor, but I do feel humor has a basis to it. The basis here is wrong. This is like telling a rape victim they have committed a crime because they placed themselves in too vulnerable of a position.

For once and... naw, it never ends. Anyhoo, the folks who stole the data committed the crime. They need to be apprehended and punished.

Sony is LIABLE (a civil matter) for any improper handling of the data, especially if they did not use proper encryption, etc. Do not confuse these issues.

OK, it was just a joke and it was funny...Next!

Reply Score: 3

RE[2]: Comment by smashIt
by tylerdurden on Thu 28th Apr 2011 05:18 UTC in reply to "RE: Comment by smashIt"
tylerdurden Member since:
2009-03-17

I don't think you realize the second part of your argument (the liability) makes your initial equivalence a false one.

Reply Score: 2

RE[3]: Comment by smashIt
by fretinator on Thu 28th Apr 2011 15:13 UTC in reply to "RE[2]: Comment by smashIt"
fretinator Member since:
2005-07-06

Not really, The second item, civil liability, is unrelated to the first, legal liability. What happens in the analogy breaks down. Legally, both those who are raped and those who have data stolen are innocent.

In regard to civil liability, the analogy no longer holds. Business do have a responsibility to secure data, and can be sued for not using sufficient safeguards. In the situation of rape, there is no civil liabilty. However, in the past, the fact that a victim was in a bar, wearing a short skirt, etc, WAS often used against a defendant, hopefully we are beyond those days.

Analogies only go so far.

Reply Score: 2

You know
by orestes on Tue 26th Apr 2011 22:21 UTC
orestes
Member since:
2005-07-06

I bet the DCUO and FFXIV customer service people really love Sony right now.

Reply Score: 2

RE: You know
by Kasi on Tue 26th Apr 2011 23:08 UTC in reply to "You know"
Kasi Member since:
2008-07-12

FFXIV isn't out for the PS3 yet... ?

Reply Score: 1

RE[2]: You know
by latreides on Wed 27th Apr 2011 02:01 UTC in reply to "RE: You know"
latreides Member since:
2011-03-20

No its not, and DCUO is so buggy (and short) that I doubt most DCUO players mind (I know I dont).

Reply Score: 1

A console hack to own the network
by matthekc on Tue 26th Apr 2011 23:19 UTC
matthekc
Member since:
2006-10-28

Why would that even be possible? Can somebody explain how Sony sucked this bad.

My bad it was slashdot that said they think it was a console hack that exposed some sort of developer access.

Edited 2011-04-26 23:35 UTC

Reply Score: 1

CapEnt Member since:
2005-12-18

Excessive faith in DRM schemes bundled into game consoles to keep their own network safe, probably.

Reply Score: 2

werpu Member since:
2006-01-18

Excessive faith in DRM schemes bundled into game consoles to keep their own network safe, probably.

I assume they same, they were so trustful of their own console lockin, that they probably were sloppy on the server. I would not even be sure if a hacked PS3 was involved in the hack because every network sniffer could get the addresses and the encrypted data. So I would be careful to blame the PS3 hacks here.
Either way Sony omitted the golden rule of never trust the client here. On the other hand if the passwords and credit card data were really stored in clear text than they have a huge bigger problem also from a legal point of view.

Edited 2011-04-27 07:48 UTC

Reply Score: 2

Credit card security
by bouhko on Tue 26th Apr 2011 23:20 UTC
bouhko
Member since:
2010-06-24

I still do not understand how a mean of payment as unsecure as a credit card can be so widespread. Maybe it's time the banks figure out a mean to pay that requires something more than just what is written on the damn card.

For example in my bank, to access e-banking, I have to have : a login, a password AND a card reader.
After I have entered my login and password, the e-banking website display a number. I have to put my bank card in the card reader, type in the number given by the website and then the PIN associated with my card. The card reader will then display another number that I have to enter.

So unless somebody manages to steal my login, my password, my card and my PIN, I'm safe.

Really, if my bank can do it for e-banking, Visa and Mastercard should be able to do it.

Reply Score: 4

RE: Credit card security
by xiaokj on Wed 27th Apr 2011 00:32 UTC in reply to "Credit card security"
xiaokj Member since:
2005-06-30

Think about your own statement for a moment and you can discover the real answer:

Debit cards are Credit cards without the credit part; you just use whatever you need and pay instantly.

Credit cards are required to get a credit rating, gets discounts everywhere...

Seems like there is a huge amount of effort put into keeping the dead horse alive.

Think about it for a moment, and think whether keeping things safe is part of the bank's job.

Reply Score: 2

RE: Credit card security
by smitty on Wed 27th Apr 2011 00:52 UTC in reply to "Credit card security"
smitty Member since:
2005-10-13

I still do not understand how a mean of payment as unsecure as a credit card can be so widespread. Maybe it's time the banks figure out a mean to pay that requires something more than just what is written on the damn card.

For example in my bank, to access e-banking, I have to have : a login, a password AND a card reader.
After I have entered my login and password, the e-banking website display a number. I have to put my bank card in the card reader, type in the number given by the website and then the PIN associated with my card. The card reader will then display another number that I have to enter.

So unless somebody manages to steal my login, my password, my card and my PIN, I'm safe.

Really, if my bank can do it for e-banking, Visa and Mastercard should be able to do it.

There's always going to be a tradeoff between security and convenience. For example, with your system you could no longer just hand a credit card to the waiter after eating in a restaurant - you'd have to get up, go to the cashier, wait in line, type in your password, etc. And just imagine how many people would forget their passwords and be unable to pay. New technology might allow them to come around to your table with a mobile card reader, but that would take a while to become widespread.

Reply Score: 5

RE[2]: Credit card security
by Radio on Wed 27th Apr 2011 07:28 UTC in reply to "RE: Credit card security"
Radio Member since:
2009-06-20

There's always going to be a tradeoff between security and convenience. For example, with your system you could no longer just hand a credit card to the waiter after eating in a restaurant - you'd have to get up, go to the cashier, wait in line, type in your password, etc. And just imagine how many people would forget their passwords and be unable to pay. New technology might allow them to come around to your table with a mobile card reader, but that would take a while to become widespread.

Hello there; this is exactly how credit/debit cards work in France, the country were the smart card was invented. We even have mobile terminals everywhere that the waiter brings to you to read your card and enter your code. And nobody forgets his code, as we type it all the time. That or we are just naturally smart.

I'm always unsettled overseas when my card has just its magnetic band swiped and I just have to sign, and nobody really check the signature -which is easy to counterfeit, as it is already drawn on the back of the card. This is &*$#! dumb.

Reply Score: 4

RE[3]: Credit card security
by Laurence on Wed 27th Apr 2011 08:06 UTC in reply to "RE[2]: Credit card security"
Laurence Member since:
2007-03-26

Same for the UK as well.

Reply Score: 2

RE[3]: Credit card security
by smitty on Wed 27th Apr 2011 08:53 UTC in reply to "RE[2]: Credit card security"
smitty Member since:
2005-10-13

Hello there; this is exactly how credit/debit cards work in France, the country were the smart card was invented. We even have mobile terminals everywhere that the waiter brings to you to read your card and enter your code. And nobody forgets his code, as we type it all the time. That or we are just naturally smart.

I'm always unsettled overseas when my card has just its magnetic band swiped and I just have to sign, and nobody really check the signature -which is easy to counterfeit, as it is already drawn on the back of the card. This is &*$#! dumb.


Cool. I agree those signatures are worthless even when they get checked, which is almost never. I suppose people probably could remember a 4 digit PIN if they used it all the time. I'm just wary of solutions like that because I know how often people forget their password where I work - they have to use it every day, it's ridiculous how often people mess it up.

I've heard certain restaurants might start using tablets to show menus and let you order directly. It would be interesting to see if they could build the payment system right into that - maybe connect directly to your smartphone and link into your account through that.

Reply Score: 2

RE[4]: Credit card security
by Thom_Holwerda on Wed 27th Apr 2011 09:02 UTC in reply to "RE[3]: Credit card security"
Thom_Holwerda Member since:
2005-06-29

Cool. I agree those signatures are worthless even when they get checked, which is almost never. I suppose people probably could remember a 4 digit PIN if they used it all the time. I'm just wary of solutions like that because I know how often people forget their password where I work - they have to use it every day, it's ridiculous how often people mess it up.


It's how everything works in The Netherlands too. You pay almost everything with your bank card and 4-digit PIN code. It's become so entrenched in everyday life I can't imagine living without it. Even waiters carry tiny payment terminals around now. I even use my bank card for all my online purchases, through a closed and trusted inter-bank system.

The problem with credit cards is similar to the problems with guns. I'm sure many people would be perfectly able to handle a gun responsibly, but I still believe regular folk should NOT have access to them. Credit cards are of the same nature; they pose a danger to the public, as it promotes a culture that is detrimental to the economy - both at macro and micro levels.

I don't have a credit card, nor do I ever intend to get one. My bank card works all over the globe - even in some backwater town in Texas - and that's all everyone really needs. People need to learn that they can't buy that 70" flatscreen TV until their bank account allows them to - and not a second sooner. Credit cards have brought many a decent household down to the ground, and it needs to stop.

Edited 2011-04-27 09:04 UTC

Reply Score: 2

RE[5]: Credit card security
by bhtooefr on Wed 27th Apr 2011 10:28 UTC in reply to "RE[4]: Credit card security"
bhtooefr Member since:
2009-02-19

Although my understanding is that chip and PIN has some nasty security risks of its own due to design flaws...

Debit cards in the US require a PIN, but credit cards require a signature (for transactions over $25, and with exceptions for gas stations and online transactions).

As for guns, here in the US, the idea was for people to have the tools necessary to fight a government if need be, and treating the risk of irresponsible use as acceptable.

Reply Score: 2

RE[6]: Credit card security
by Thom_Holwerda on Wed 27th Apr 2011 10:38 UTC in reply to "RE[5]: Credit card security"
Thom_Holwerda Member since:
2005-06-29

Although my understanding is that chip and PIN has some nasty security risks of its own due to design flaws...


Unless someone gets AND your PIN AND your card AND you somehow fail to tell your bank... Then yes, then it's insecure.

Reply Score: 1

RE[7]: Credit card security
by flypig on Wed 27th Apr 2011 13:04 UTC in reply to "RE[6]: Credit card security"
flypig Member since:
2005-07-13

Unless someone gets AND your PIN AND your card AND you somehow fail to tell your bank... Then yes, then it's insecure.


The problem is, every time you use your card in a shop, this is exactly the details you're handing over (card AND pin AND agreement you're not going to tell your bank). In theory you're handing it over to the bank (since the terminal belongs to them), but in practice there's no real way to know you're not handing it directly to the retailer.

The same is true online. It's crazy that you hand over all of the details needed to make a transaction (and unlimited future transactions) to a non-trusted retailer.

The process ought to be the other way around. When you want to make a purchase you should instruct your bank to transfer the money, rather than instruct the retailer to collect the money. Now that we all have mobile phones (our own trusted terminal) and practically instant communications, there shouldn't be any reason why it doesn't work this way, except bad habits.

[Edited to fix quoting]

Edited 2011-04-27 13:07 UTC

Reply Score: 1

RE[6]: Credit card security
by gustl on Sun 1st May 2011 12:42 UTC in reply to "RE[5]: Credit card security"
gustl Member since:
2006-01-19

As for guns, here in the US, the idea was for people to have the tools necessary to fight a government if need be, and treating the risk of irresponsible use as acceptable.


Well, if that is the argument for allowing guns in the public, most US Citizens lost their right to a gun when they let the second Bush administration run the country into the ground.

But then, most people in democracies get the government they deserve, and who am I to complain (living in Austria with a government as bad as the Bush administration but luckily not the power to do as much damage - which means we have to eat our own shit).

Reply Score: 2

RE[5]: Credit card security
by fretinator on Wed 27th Apr 2011 14:53 UTC in reply to "RE[4]: Credit card security"
fretinator Member since:
2005-07-06

Unfortunately, the entire U.S. economy is founded on debt. If people every started opting out, I honestly think the whole economy here would tumble. Of course, that might not be a bad thing in the long run.

Reply Score: 4

RE[6]: Credit card security
by TemporalBeing on Wed 27th Apr 2011 18:04 UTC in reply to "RE[5]: Credit card security"
TemporalBeing Member since:
2007-08-22

Unfortunately, the entire U.S. economy is founded on debt. If people every started opting out, I honestly think the whole economy here would tumble. Of course, that might not be a bad thing in the long run.


It is not really founded on debt. It is founded on monetary transfer. Its just that current economic thoughts fail to realize that debt is NOT a good thing. This is why we are in the recession that we are in, and why China will eventually take over as a larger economy. If we got our debt under control, and reduced or eliminated it, then that would not be a problem.

Economics does not require debt, just exchange of goods. Debt only comes into play when you want to play loosely with the exchange of goods such that one party may not be solvent. Eventually no one will be solvent and the system collapses under its own weight.

Reply Score: 2

RE[7]: Credit card security
by fretinator on Wed 27th Apr 2011 18:25 UTC in reply to "RE[6]: Credit card security"
fretinator Member since:
2005-07-06

I'm glad to hear that! However, while the economy could theoretically go on, many large players in our current economy would go down in flames. I don't believe that could happen without very serious consequences.

I also believe the same arguments could be used for insurance. What if hospitals, auto repair shops, morticians, etc. couldn't count on private insurance? It would totally rearange several industries. Currently, in the U.S., people pay 5-10 thousand a year for medical insurance, and yet still have to deal with large medical costs. Something tells me that a whole lot of money is going to the wrong people. Nevertheless, a change in the arena would probably devastate a large part of our economy.

Thus, neither change is very likely to happen. The players have too much power to allow it.

Reply Score: 2

RE[7]: Credit card security
by gustl on Sun 1st May 2011 12:50 UTC in reply to "RE[6]: Credit card security"
gustl Member since:
2006-01-19

Eventually no one will be solvent and the system collapses under its own weight.


There ALWAYS is someone left who is solvent. It might be even one person only. And the economy is only in trouble if this person who is solvent does not buy enough goods.

Which leads us directly into the reason, why taxing the "richness" of people is good for the economy:
If no tax is put on money you are just sitting on, you are not encouraged to buy things.
But if taxes on your money (not your income!) are high, you will say: OK, I buy me a new $WHATEVER before taxes are eating up all I have. And that is good for the economy.

Reply Score: 2

RE[5]: Credit card security
by umccullough on Wed 27th Apr 2011 23:09 UTC in reply to "RE[4]: Credit card security"
umccullough Member since:
2006-01-26

The problem with credit cards is similar to the problems with guns. I'm sure many people would be perfectly able to handle a gun responsibly, but I still believe regular folk should NOT have access to them. Credit cards are of the same nature; they pose a danger to the public, as it promotes a culture that is detrimental to the economy - both at macro and micro levels.

I don't have a credit card, nor do I ever intend to get one. My bank card works all over the globe - even in some backwater town in Texas - and that's all everyone really needs. People need to learn that they can't buy that 70" flatscreen TV until their bank account allows them to - and not a second sooner. Credit cards have brought many a decent household down to the ground, and it needs to stop.


Which is why people have credit scores... to demonstrate that they can in fact be responsible with credit.

You keep referring to credit cards, but the same applies to any loan - you shouldn't be able to purchase a house or car with a loan until you can demonstrate your responsibility to use it.

Sadly, the act of building one's credit score does require that you obtain some credit in order to demonstrate your capabilities to use it responsibly first.

It's the banks that need to be blamed - for giving credit out to individuals so willingly, knowing that they can recoup lost money easily through writeoffs, chargeoffs, bailouts, and increased interest rates for other customers.

As someone who has quite a few credit cards, excellent credit, and is financially responsible, I can safely tell you that using money you don't actually have is a perfectly fine.

At the same time I know people who are racking up credit card bills for the sole purpose to file bankruptcy because they know the "broken banking system" will allow them to keep everything they have, and be given more credit cards within a couple years as if nothing has happened - THAT IS THE PROBLEM.

Reply Score: 2

RE[2]: Credit card security
by lucas_maximus on Wed 27th Apr 2011 10:44 UTC in reply to "RE: Credit card security"
lucas_maximus Member since:
2009-08-18

That is what we do in the UK ...

However the machine is wireless so the waiter can take the chip and pin machine over to me.

Reply Score: 2

RE[2]: Credit card security
by aaronb on Wed 27th Apr 2011 17:22 UTC in reply to "RE: Credit card security"
aaronb Member since:
2005-07-06

"Chip and pin" is the marketing name for this in the UK. Where the waiter would come over with a card reader and passes it to you to insert card, enter pin and process payment. The vast majority of people have become use to this.

Internet purchases are getting a little more secured. There is "Verified By Visa" and "MasterCard SecureCode" where you set up a password that is used when making payments online. However not all shops implement this (for example amazon).

Both systems have their faults but in this case its not the issue.

Sony failed to secure their system.

The primary account number (PAN) should be encrypted or hashed to prevent it from being leaked if it must be stored.

Reply Score: 2

Foot in mouth
by 3rdalbum on Wed 27th Apr 2011 00:13 UTC
3rdalbum
Member since:
2008-05-26

People should learn to spend the money they have, not the money they may have.


That's why I use a prepaid Visa card. Unfortunately, I've used this card on PSN so I've probably had the $300 stolen out of it. Nice one, Sony. And nice one, Thom: Passing judgement on everyone who has a "credit card" as being people who spend money they don't have.

Reply Score: 5

RE: Foot in mouth
by WereCatf on Wed 27th Apr 2011 03:13 UTC in reply to "Foot in mouth"
WereCatf Member since:
2006-02-15

And nice one, Thom: Passing judgement on everyone who has a "credit card" as being people who spend money they don't have.


Indeed, that's what I don't understand either. Having a credit card doesn't automatically mean you're going to be spending more money than you actually have on your account. I too have a credit card because it's a whole damn lot easier and more convenient to use than cash, but I have set a limit on it that I cannot draw more money with it than what I have.

So, did Thom actually have some point to make, or is he just being an ass?

Reply Score: 4

RE[2]: Foot in mouth
by darseex on Wed 27th Apr 2011 04:25 UTC in reply to "RE: Foot in mouth"
darseex Member since:
2010-12-06

I can't speak for Thom, but there is a distinction to be made between credit cards and debit cards.

Reply Score: 1

RE[3]: Foot in mouth
by WereCatf on Wed 27th Apr 2011 04:29 UTC in reply to "RE[2]: Foot in mouth"
WereCatf Member since:
2006-02-15

I can't speak for Thom, but there is a distinction to be made between credit cards and debit cards.


Yah mon, tru dat. I'm really effing sick atm so it's hard to think straight. Still, I retain my opinion that having a credit card doesn't automatically mean one is going to spend money they don't have, and that is was an ass comment from Thom.

Reply Score: 2

RE[4]: Foot in mouth
by smitty on Wed 27th Apr 2011 04:38 UTC in reply to "RE[3]: Foot in mouth"
smitty Member since:
2005-10-13

"I can't speak for Thom, but there is a distinction to be made between credit cards and debit cards.


Yah mon, tru dat. I'm really effing sick atm so it's hard to think straight. Still, I retain my opinion that having a credit card doesn't automatically mean one is going to spend money they don't have, and that is was an ass comment from Thom.
"
Reading Thom's comment again, I think what he's actually saying is that the "average" person is too stupid to responsibly use a credit card. And I'd agree with that. They're just so convenient for people who are able to handle them, that I don't really want them to just die out completely.

Reply Score: 2

RE[5]: Foot in mouth
by Moredhas on Wed 27th Apr 2011 07:15 UTC in reply to "RE[4]: Foot in mouth"
Moredhas Member since:
2008-04-10

I use my credit card for big one-offs. I'm absolutely crap at saving money because I usually just blow it on something frivolous when I'm halfway there. I buy stuff I'd normally save for with the credit card and then I kind of have no choice but to pay for it. I don't see it as "money I may have", but as "money I will certainly have and just as certainly waste".

Reply Score: 2

RE[3]: Foot in mouth
by daedliusswartz on Wed 27th Apr 2011 08:51 UTC in reply to "RE[2]: Foot in mouth"
daedliusswartz Member since:
2007-05-28

The statement is stupid anyways. How far do you take it? Don't get a car loan? Don't get a mortgage? Don't ask someone to spot you for lunch?

At some point we all use and rely on credit in one form or another.

Reply Score: 2

RE[3]: Foot in mouth
by mrstep on Wed 27th Apr 2011 13:47 UTC in reply to "RE[2]: Foot in mouth"
mrstep Member since:
2009-07-18

I never carry a balance on my credit card, but won't use debit as it typically has side effects like NOT advocating for you in case of fraudulent charges, higher liability, and removing the money from my account immediately - in which case, since I'm going to pay it off anyway, I'd rather let the card company carry the charge until then. If debit cards lowered the cost of the purchase or something, I'd be more interested.

While the credit card industry is effectively legalized loan-sharking, if you use it wisely it's not always a bad thing - beats dealing with money orders, checks to clear, or giving out your bank routing number, etc., particularly in this day of online commerce. Of course, there are plenty of people who don't use it wisely. :/

Reply Score: 1

RE[2]: Foot in mouth
by Radio on Wed 27th Apr 2011 07:39 UTC in reply to "RE: Foot in mouth"
Radio Member since:
2009-06-20

In many countries, the tiny plastic smart card is usually a credit card where the "credit" part really means "credit" - there are people, especially in the US, who buy everything with a credit and have zero savings (except a 401(k) for their retirement - but they can't use it to buy stuff). It is also easier as you don't need a permanent connection to the banking system to check at every transaction if there is money on the account.

In France and maybe other countries, we abusively also call it "credit" card while it is in fact often restricted to a specific amount loaded on the card, or the terminal even get in touch with your bank each and every time you buy something to check if you still have enough money.

Reply Score: 2

RE: Foot in mouth
by earksiinni on Wed 27th Apr 2011 17:27 UTC in reply to "Foot in mouth"
earksiinni Member since:
2009-03-27

I'm sure many people would be perfectly able to handle a gun responsibly, but I still believe regular folk should NOT have access to them. Credit cards are of the same nature; they pose a danger to the public, as it promotes a culture that is detrimental to the economy - both at macro and micro levels.


Where do you see him generalizing about anyone?

Reply Score: 1

v Mountains out of Molehills
by latreides on Wed 27th Apr 2011 00:27 UTC
RE: Mountains out of Molehills
by WorknMan on Wed 27th Apr 2011 00:55 UTC in reply to "Mountains out of Molehills"
WorknMan Member since:
2005-11-13

Too many people are blindly blowing this out of proportion.


I'm not sure if this foul-up is really much worse than other stories I've heard in this regard. On one hand, 70 million is certainly a lot of accounts, but on the other hand, how many accounts have to be compromised before it becomes a big deal? 100? 1000? 10,000? 100,000?

However, one has to wonder why Sony waited nearly a week to inform customers that their account (and possibly their CC) information had been breached. I'm pretty sure they didn't just find out about this today ...

Edited 2011-04-27 00:57 UTC

Reply Score: 2

RE[2]: Mountains out of Molehills
by scottlowe on Wed 27th Apr 2011 00:59 UTC in reply to "RE: Mountains out of Molehills"
scottlowe Member since:
2011-04-27

I think it's the potential sheer scope of the breach -- if it released the mass of information it looks like it did and not just a subset, it would be a treasure trove for identity thieves.

Reply Score: 1

latreides Member since:
2011-03-20

If you think that your private information is really private in the age of the Internet, you should Google a bit. There isn't much that you cannot find out about someone from their SSN to their home address if you scour the net enough. There are so many records of everything you do, and everywhere you have been that its naive to think that your info is "secure".

There are security breaches all the time, an while most are not as large as say the TJX data breach (45 million CC #'s stolen) or Heartland Payment Systems (130 million CC #'s stolen) or the Epsilon data breach, etc... they sure add up over time.

No one can ever prepare for every possible avenue of attack. They can only respond, and secure.

I think it should be reiterated, because everyone is taking it as gospel, that Sony has stated that its UNKNOWN if the CC info was taken. This doesn't mean that it was, just that there is at least a possibility. Everyone needs to stop overreacting to a possibility. Btw neither my CC info, nor any friends of mine, or family, or online buddies has been used since the intrusion a week ago. Nor do I know of anyone who has had such violations. Which leads me to believe, until information shows otherwise, that the CC info was probably not taken, or if taken, was taken only to prove a point.

Reply Score: 1

RE[2]: Mountains out of Molehills
by latreides on Wed 27th Apr 2011 01:34 UTC in reply to "RE: Mountains out of Molehills"
latreides Member since:
2011-03-20

Sony most likely didn't know (for sure) until now. They hired outside agencies to see what happened, how it happened, and what it means. They could probably have guessed on day one (but so could anyone) and it would have been irresponsible for them to post a guess at that point.

Reply Score: 1

RE: Mountains out of Molehills
by Fergy on Wed 27th Apr 2011 06:21 UTC in reply to "Mountains out of Molehills"
Fergy Member since:
2006-04-10

Hackers violating the privacy of individuals is nothing new, and it wont ever go away.

I completely disagree. It is a matter of responsibility. If Sony wants your personal information they better protect it as if it is worth 1 million dollar. If they can't guarantee that they should make their system work without it.

I would love to be able to make whole identities per company that I have to use. Right now a lot of companies force me to fill in dozens of forms before I can use their services.

Reply Score: 5

RE[2]: Mountains out of Molehills
by latreides on Wed 27th Apr 2011 13:47 UTC in reply to "RE: Mountains out of Molehills"
latreides Member since:
2011-03-20

If they can't guarantee that they should make their system work without it.s.

It does. There is no reason that you HAVE to enter CC information to access the PSN or even to make purchases. You can get preloaded PSN cards at most major department stores and game stores. The rest of the information is unimportant and you can put anything at all in there if you are not using a CC. So their system DOES work without it, quite well in fact.

Reply Score: 1

Bill Shooter of Bul Member since:
2006-07-14

No, these are not molehills. Breach of privacy information of itself a serious problem. Breach of Credit card information is a severe violation of the PCI regulations. Any company that has this problem will be heavily fined, and should be ostracised. Everyone does make mistakes but that doesn't mean that they shouldn't pay the appropriate penalty for making the mistakes.

Reply Score: 2

Which OS does Sony use?
by ozonehole on Wed 27th Apr 2011 00:34 UTC
ozonehole
Member since:
2006-01-07

Does anyone happen to know which operating system Sony uses on their servers? I'd don't suppose Sony will be very forthcoming with details on just how their system got cracked, but for us OS security enthusiasts this is just the sort of thing we'd like to know.

Reply Score: 2

RE: Which OS does Sony use?
by latreides on Wed 27th Apr 2011 00:43 UTC in reply to "Which OS does Sony use?"
latreides Member since:
2011-03-20

I doubt it really matters for a couple reasons. The first is that no OS is 100% secure, even were an OS to be 99.9% secure, that 0.1% is still enough for a group with enough time and resources to exploit, especially when they are going after a single individual/company and can target them specifically.

That being said, its most likely their own in-house or middle-ware applications that were exploited. Which, again doesn't make a bit of difference what OS they were on.

Whatever the answer to this question, it will just incite flames from one group or another.

Edited 2011-04-27 00:49 UTC

Reply Score: 4

Bill Shooter of Bul Member since:
2006-07-14

That being said, its most likely their own in-house or middle-ware applications that were exploited. Which, again doesn't make a bit of difference what OS they were on.


Well, the OS may not matter, but to defiantly say it does not matter is going too far. You simply don't know enough about their stack to say that.

Think of a buffer overflow in a piece of middle ware. Address space randomization on the Host OS may prevent it from being reliably exploited. Proper role based authentication, may also prevent the scope of the bug form being harmful.

But yeah, it was most likely a middleware or application bug. Knowing sony, it was most likely middleware of their own creation as well.

Reply Score: 3

RE: Which OS does Sony use?
by BluenoseJake on Wed 27th Apr 2011 20:47 UTC in reply to "Which OS does Sony use?"
BluenoseJake Member since:
2005-08-11

I'd hazard a guess that they aren't using Windows...

Reply Score: 3

Good read until the last line
by scottlowe on Wed 27th Apr 2011 00:58 UTC
scottlowe
Member since:
2011-04-27

Thom,

I registered for OSnew just so that I could tell you that your last line is simply... stupid. You apparently have no idea that there is a whole world of people out there that actually, you know, use things responsibly. You editorialized in a situation with something completely unrelated and ruined what was a good piece.

Scott

Reply Score: 9

RE: Good read until the last line
by drcouzelis on Wed 27th Apr 2011 01:46 UTC in reply to "Good read until the last line"
drcouzelis Member since:
2010-01-11

OSNews is Thom's blog, so... whatever. ;)

...but, your comment does make me wonder: Is it possible to use a credit card responsibly and NOT spend money you don't have? (which I would consider irresponsible)

The only case I can think of is for an emergency, when you don't have the money at the moment but (hopefully) will in the near future. I wouldn't consider the Playstation Network to be an emergency, and don't see a reason a person would need to use a credit card on it. (as opposed to a debit card)

Even in the case of an emergency, one could argue that it would have been more responsible to have a savings for such an emergency...

Just some thoughts from someone who tries to use his money responsibly. ;)

Reply Score: 1

latreides Member since:
2011-03-20

I wouldn't consider the Playstation Network to be an emergency, and don't see a reason a person would need to use a credit card on it. (as opposed to a debit card)

When you enter your "debit card" information into the PSN you are actually using the "credit card" option on your Bank Card.

That being said, saying you are being irresponsible by spending money you don't have is idiotic. How would a typical individual buy a house? Or a car? Or pay for college? Is it irresponsible to get a loan (essentially a line of credit) to pay for a college degree?

Edited 2011-04-27 02:23 UTC

Reply Score: 3

vodoomoth Member since:
2010-03-30

That being said, saying you are being irresponsible by spending money you don't have is idiotic. How would a typical individual buy a house? Or a car? Or pay for college? Is it irresponsible to get a loan (essentially a line of credit) to pay for a college degree?

Kudos to you. This is the most sensible comment I've read on this topic.

Reply Score: 2

drcouzelis Member since:
2010-01-11

How would a typical individual buy a house? Or a car? Or pay for college?


This topic is about credit cards, not mortgages, auto loans, or college loans.

Reply Score: 1

frood Member since:
2005-07-06

Sure, I do it all the time. There are legal protections you get when buying with credit cards that you don't get with debit cards. Plus I get air miles and other benefits, I use my credit card for everything then pay it back each month.

Reply Score: 7

smitty Member since:
2005-10-13

...but, your comment does make me wonder: Is it possible to use a credit card responsibly and NOT spend money you don't have? (which I would consider irresponsible)

Of course it is. I charge almost everything to a credit card, which i pay off in full every month. I do that instead of using a debit card because i get some (small) benefits in exchange, and because i know i will never spend too much. All it takes is a little self-control to know how much you make per-month versus how much you spend.

I suspect the credit card company hates having me as a customer, since i never pay them any interest. ;)

Edited 2011-04-27 02:50 UTC

Reply Score: 4

lucas_maximus Member since:
2009-08-18

Have you heard of things like mortgages, student loans etc ... according to your logic buying a house and going to university to get a degree is irresponsible.

Also if my bike breaks (which I use to commute on), and I don't have money to fix it I can use my credit card to buy replacement part ... is this also irresponsible.

Before you type next time ... try engaging your brain please.

Reply Score: 2

Thom_Holwerda Member since:
2005-06-29

Before you type next time ... try engaging your brain please.


Read the OP carefully. He SPECIFICALLY talks about emergencies. However, even then I would personally be against using a credit card. If you had been responsible enough, you would've set aside some money SPECIFICALLY for emergencies like that. I have a stash of cash in my savings account that has been reserved for the case something happens to my car. THAT is being responsible.

Reply Score: 1

lucas_maximus Member since:
2009-08-18

I have savings as well I put away money, but I still use my Credit card because it is more convenient, then having to wait for the building society to open.

I pay very little in interest, maybe less than £10 a month.

It is like with anything ... if you use it without understanding the risks and how it works, you will end up in trouble .. this is true for most things.

Stop being so narrow-minded and deliberately inflammatory.

Having and using a credit card is fine for the vast majority of people.

Edited 2011-04-27 11:58 UTC

Reply Score: 2

ichi Member since:
2007-03-06

I have savings as well I put away money, but I still use my Credit card because it is more convenient, then having to wait for the building society to open.

I pay very little in interest, maybe less than £10 a month.


I fail to see the benefits of a credit card over a Visa or Mastercard debit card.

I can use it everywhere with no fees and no interests, and it's not like I will be spending more than I own anyway, which would be the only advantage of a credit card (the "credit" part, that is).

Reply Score: 2

lucas_maximus Member since:
2009-08-18

There are advantages ... for example you have far better fraud protection and detection on a credit card compared to the equivalent Debit Card.

I also for example get other benefits such as Airmiles (I have a free flight to Madrid/Paris/Brussels for example), Reduction of Tickets to certain events, such a sporting events or music festivals.

I also have a better credit rating which helps me to secure other loans (such as bank loans and hire purchase) ... if I need it in the future. For example I will want to get a Motorbike after I pass my license.

If you treat it as "Free" money as opposed to "Credit" you will end up in trouble.

There are pros and cons like with anything, It suits me to have one. Not everyone will want one, but saying outright that having a credit card is wrong and you deserve your details stolen is ridiculous.

Edited 2011-04-27 12:45 UTC

Reply Score: 2

Thom_Holwerda Member since:
2005-06-29

Not everyone will want one, but saying outright that having a credit card is wrong and you deserve your details stolen is ridiculous.


Who on earth said that?!

Reply Score: 1

macUser Member since:
2006-12-15

There are two types of people that use credit cards:

1: Those that don't have money and keep a balance on the card, and 2: those that pay off their card every month to zero.

In case number one, this is trained behavior by the credit card companies who prey on the weak minded.

In case number two, this is trained behavior by those who have either been burned by credit card companies or learned that money doesn't grow on trees.

People should learn to spend the money they have, not the money they may have


You are absolutely correct. But... Can I get a show of hands on how many people here bought their home outright? What about their car?

Reply Score: 2

Soulbender Member since:
2005-08-18

Can I get a show of hands on how many people here bought their home outright? What about their car?


Who would buy any of those things on a credit card?

Reply Score: 2

RE: Good read until the last line
by Bobthearch on Wed 27th Apr 2011 04:52 UTC in reply to "Good read until the last line"
Bobthearch Member since:
2006-01-27

Maybe he thinks the Playstation boxes should have a coin slot? LOL.

Personally, I use a Visa or Mastercard bank card for nearly every purchase. It's safer and more convenient than cash. And how many businesses even take checks nowadays? I cannot even imagine traveling (especially overseas), making a major in-store purchase, or shopping online with cash and personal checks. Many/most places don't even accept debit cards unless they're a Visa/MC. I sure don't want to return to an age before pay-at-the-pump fuel.

Reply Score: 2

Neolander Member since:
2010-03-08

Even cash is more secure than debit cards, because you only carry a limited amount with you, withdraw it on demand, and must be physically next to someone for that person to steal it. Contrast with debit and credit cards where the malicious person can steal anything they want, anytime they want, wherever you are, as soon as you've used them once. And where all the numbers necessary for paying with the card online are conveniently written on it, making that 4-digit password totally worthless.

Around here (France), most shops still accept paychecks. I agree that they're not optimal as far as payment security is concerned, but since you only have a choice between them, large amounts of cash, and debit cards...

Reply Score: 1

lucas_maximus Member since:
2009-08-18

I don't need to write my pin down and I have 6 different credit and debit cards all with different pins ... not hard when you use them regularly.

At work I manage to remember about 20 different numbers of people I regularly phone.

Chip and Pin is a good system and is very easy for the vast majority of people.

Edited 2011-04-27 10:51 UTC

Reply Score: 2

Neolander Member since:
2010-03-08

...but it doesn't work on the internet, and is vulnerable to scamming to some extent (using modded readers).

I have to admit it's currently infrequent to encounter issues with chip and pin though. Except with ATMs, whose modding is apparently quite popular in some parts of the world, but that's yet another story...

Edited 2011-04-27 10:58 UTC

Reply Score: 1

talaf Member since:
2008-11-19

Actually banking terminals are supposed to fault when tampered with, and afair they do have some crypto identifying them to the banks network. That said, couple years ago British scientists played tetris on one such terminal and further demonstrated a relay attack (when you think you're paying for one stuff but you're in fact paying for a simultaneous transaction in a nearby location).

These are still very impractictal to implement though. There's heavy crypto involved in this, with time constraints limiting the timeframe on which someone would use your unlocked private key. I'd say you're far more susceptible to theft of the card and PIN than a bogus terminal. All in all the "real world" debit card system is pretty sound, the internet part certainly could use some work.

Paypal and such systems are actually a fine answer. Zero-locked accounts you have to fill with some exact amount for payments are probably the best thing you can do beyond never paying anything on the internet.

Reply Score: 1

Neolander Member since:
2010-03-08

Sadly, paypal is not zero-locked, though it has the advantage of displaying the amount you're going to pay on the login page.

About physical terminals, I wonder... Instead of messing with an existing one, couldn't the attacker just build something which looks like a card reader, behaves like a card reader, but in fact only saves credit card information and PIN in a way that the hacker can later make a copy of the card whose PIN he has extracted and use it ?

Reply Score: 1

oiaohm
Member since:
2009-05-30

Interesting that.

28 of march 2010 other OS option was removed. Issues starting appearing with PSN in march 2011. Complete taken down 1 month latter.

From the most secure to completely fried in 12 months. Of course this still does not bode well for sony. Will PSN be able to withstand future attacks.

Also this should be a warning for users of Xbox 360 and steam and others that depend on central server model to allow games to run.

Yes there is something to those games that don't require online registration and checking with online servers to run. Big thing sony has not answered is are they going to pay people who have been disadvantaged by the outage?

Reply Score: 2

Indefinetly? Where did you see that?
by subsider34 on Wed 27th Apr 2011 01:18 UTC
subsider34
Member since:
2010-11-08

Sony has announced it has taken the service down indefinitely

The blog post you linked to claims that this is a temporary step, and that they plan to get PSN up and running in the future.

Edited 2011-04-27 01:19 UTC

Reply Score: 2

darseex Member since:
2010-12-06

At a time that has yet to be defined. Thus, indefinitely.

Reply Score: 3

latreides Member since:
2011-03-20

Sony said in their blog:

expect to restore some services within a week.


That doesn't really translate to me as indefinitely. Granted it doesn't mean all services, but I don't think a blanket statement about the PSN being down indefinitely is warranted.

Reply Score: 1

Comment by atsureki
by atsureki on Wed 27th Apr 2011 02:51 UTC
atsureki
Member since:
2006-03-12

we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.


They were storing passwords in cleartext?
Their security is beyond help.

I don't actually know which password of my rotation I gave them (and thus should be changing if I use it anywhere else right now), and of course there's no way to find out with the server simply rejecting all login attempts. Same with the credit card - I'm pretty sure all they have is an outdated debit card from a closed account, but it's possible I put in a different card once and don't remember. The uncertainty sucks, and Sony's not helping. They're acting precisely like they have something to be ashamed of (a given) and not at all like they're in control of the situation.

Hopefully, it will also be another nail in the coffin of the credit card, an inherently insecure and ridiculous concept that needs to die. People should learn to spend the money they have, not the money they may have.


Don't be ridiculous. Security and responsibility are two completely different issues, and credit cards absolutely win on the former. There's no reimbursement protection if someone steals your cash, and it's a lot harder to track counterfeit paper than electronic transactions. And I suppose I'll just get a USB cash scanner or mail a check if I ever want to buy DLC or get stuff from Amazon, which will of course be shipped to me by Pony Express.

Reply Score: 3

RE: Comment by atsureki
by timalot on Wed 27th Apr 2011 04:50 UTC in reply to "Comment by atsureki"
timalot Member since:
2006-07-17


They were storing passwords in cleartext?


If they are storing passwords in cleartext, not unheard of in proprietary systems, imagine the word list the hackers will have for future hacking, especially if tied to email addresses.

Simple way to take the power back, do your own hashing: use a real password, append some salt (ie domain name string) and pass it through a hashing method eg MD5 or SHA1. And use the output as your password for "Mega Corporation X's" service. By changing the salt for every service you generate unique passwords for each so hackers wont pwn you. And you need to only remember one password.

The passwordmaker extension for firefox does this, also available as a app for your phone.

See:
http://passwordmaker.org/

Reply Score: 1

RE[2]: Comment by atsureki
by vodoomoth on Wed 27th Apr 2011 08:45 UTC in reply to "RE: Comment by atsureki"
vodoomoth Member since:
2010-03-30

Excellent suggestion!

However, a problem (which is similar to the one I have solved by using secondary addresses provided by yahoo) remains: keeping track of those hashed-by-the-user passwords... Not to mention that entering such passwords might sometimes be a real PITA.

Reply Score: 2

RE: Comment by atsureki
by somebody on Thu 28th Apr 2011 17:58 UTC in reply to "Comment by atsureki"
somebody Member since:
2005-07-07

no, as far as i understand only cfw (or console in debug mode, which cfw basically is) was posting creditinfo and rest in cleartext. as far as i remember that was one of cfw bugs.

Reply Score: 2

PSN Hacking is highly unethical.
by Darkmage on Wed 27th Apr 2011 03:27 UTC
Darkmage
Member since:
2006-10-20

I use a debit card on my PSN network. Should they ban that too because my details might get leaked? A foolish statement that shouldn't have been on the post.

I am really worried about what this means for PSN in the future... Sony might remove the ability to access multiple regions from your Playstation, which would be a massive step backwards for the platform. The only reason I even own a playstation is I can import from any region, and I can buy content from PSN and I know it will work on my console.

Whoever has hacked PSN has gone way beyond ethical hacking, sure restoring lost features/adding new ones to your console is something most people will sympathise with. But hacking Sony's private servers to steal access to games you don't own or credit card content is wrong. If you don't want to pay for games, it's one thing to download hacked content from other people, but to do it from Sony's servers themselves at Sony's expense for bandwidth is just wrong. I can also sympathise with Sony banning pirated games/consoles running them from PSN. If you want to play pirated games on a hacked console, you should run your own Playstation Network on your own servers. if you want to run Linux on your PS3 with a jailbroken firmware, and aren't pirating your games then you should be able to run them on PSN (in an ideal world, I know Sony ban users for this at the moment). I hope Sony can restore PSN back to operation quickly and that the police prosecute the hackers to the maximum extent of the law.

Reply Score: 1

oiaohm Member since:
2009-05-30

I hope Sony can restore PSN back to operation quickly and that the police prosecute the hackers to the maximum extent of the law.


The odds are the crackers.(there is a difference). are in a country where their crime is legal and the administrators of the network would be the party who has committed an crime.

Problem we have here was the ethical above board attempt to restore features in the process they also create the tools the unethical use to let loss hell.

While the ethical and the makers of the hardware can remain on good terms the platform is secure for most cases.

PSN attack mostly has come out of the ethical restoring there PSN access after being banned for allowing Linux to run.

Data the ethical got about how PSN works was most likely used to carry out the attack.

Sooner companies learn don't force the ethical to fight them the better. You want to have the ethical on your side to fight the unethical.

Early lead up to this was the unethical reporting that PSN was not proper checking credit cards. So they could pirate what ever games they wanted. And that tech was based on what the ethical had done to restore Linux support.

Problem now the unethical have had the taste and know it can work. So will keep on trying.

Reply Score: 2

Darkmage Member since:
2006-10-20

I agree with you on the hackers vs crackers argument, but outside of open source/more involved tech circles the distinction is rarely made.

Reply Score: 1

oiaohm Member since:
2009-05-30

I agree with you on the hackers vs crackers argument, but outside of open source/more involved tech circles the distinction is rarely made.


Think this is OS news a tech circle. We really should make a effort to use the terms correctly.

crackers are the ones who seek to bring down systems.

Reply Score: 3

This is why I hate payment cards
by Neolander on Wed 27th Apr 2011 05:53 UTC
Neolander
Member since:
2010-03-08

As long as anyone with the card's information can withdraw as much money as he wants without your consent, the problem will remain. This means that you put a lot of trust in people whenever you're using a card to pay something. And that leaks have greater consequences.

I think Paypal have found the right online banking solution, on the other hand : all payments are made from the company's website, so you only have to trust your computer, your internet connection, and Paypal themselves. Oh, and check that you're actually heading to Paypal's website, too, and not giving your information to "PaypaI" with a capital i.

Another interesting approach is some banking services where you've got a "virtual" debit card account which is created for the transaction, filled with only the amount of money you want, and deleted at the end.

And then there would be wire transfers, if only they were less expensive...

Solutions to the massive security problem that payment cards are exist. Banks only have to embrace them.

Edited 2011-04-27 05:59 UTC

Reply Score: 2

vodoomoth Member since:
2010-03-30


I think Paypal have found the right online banking solution, on the other hand : all payments are made from the company's website, so you only have to trust your computer, your internet connection, and Paypal themselves. Oh, and check that you're actually heading to Paypal's website, too, and not giving your information to "PaypaI" with a capital i.

I don't see how entrusting Paypal with personal payment card information is different from entrusting any other company or their website with the same info.

The process is still the same: handing out private data to a third party, i.e besides yourself and your bank, that you need to trust (there's also a great deal of praying they are trustworthy involved).

Paypal is just as much (if not more) at risk of falling prey to these attacks / data thefts as any other website.

The only two reasons why I prefer to use Paypal are:
1- that limits the number of places where my info could possibly leak from
2- their core business is centered around money so I **believe** they know they will be an often-attacked target and I **hope** they devised measures that are more advanced than others would bother to even just consider.

Reply Score: 2

Neolander Member since:
2010-03-08

I don't see how entrusting Paypal with personal payment card information is different from entrusting any other company or their website with the same info.

Simple, and you mention it later : you trust exactly one third party versus many in the "handing you credit card information to everyone" scenario.

The process is still the same: handing out private data to a third party, i.e besides yourself and your bank, that you need to trust (there's also a great deal of praying they are trustworthy involved).

I'd love banks to do what Paypal currently does themselves instead of closing their eyes and going on claiming that the credit card system as it currently stands is secure, despite having countless proofs of the contrary.

What I'm advocating here is Paypal's process of making users go to the (trusted) bank's website when doing payments, instead of giving their card information to everyone and then assume they'll handle it honestly. Paypal inc. itself is just a third party which I'd gladly get rid of.

Paypal is just as much (if not more) at risk of falling prey to these attacks / data thefts as any other website.

Sure, but if paypal is attacked once, they **probably** will learn a lesson from it, and work on a fix to prevent it from happening again. Said fix will work for all online payment systems which use paypal. However, if $random online shop #1$ is attacked in one way, he won't fix the breach in $random online shop #2$.

Edited 2011-04-27 09:03 UTC

Reply Score: 1

lucas_maximus Member since:
2009-08-18

How do I use Paypal with the local takeaway, or restaurant, or the petrol station?

Reply Score: 2

Neolander Member since:
2010-03-08

Well, this might be some use case for the overhyped NFC-based phone billing...

Reply Score: 1

lucas_maximus Member since:
2009-08-18

Because Paypal is known for being soo secure ... oh wait my mate had £2000 nicked from his account because somebody hacked his paypal account.

You are still handing over your data to a third party.

Reply Score: 2

Neolander Member since:
2010-03-08

This is why I'd love to see banks embracing a Paypal-ish mechanism where payment is done on their website, instead of putting emphasis on the inherently insecure system of handing your card information to everyone.

Again, I advocate Paypal's way of doing online banking, not Paypal itself. I'd gladly avoid trusting that third party too. It is just already an improvement, as I trust dozens of third parties without Paypal versus just one with Paypal.

Reply Score: 1

Thom_Holwerda Member since:
2005-06-29

This is why I'd love to see banks embracing a Paypal-ish mechanism where payment is done on their website, instead of putting emphasis on the inherently insecure system of handing your card information to everyone.


That's what we have already.

http://en.wikipedia.org/wiki/IDEAL

Reply Score: 1

Neolander Member since:
2010-03-08

Nice ;) However, won't most websites not offer this option ? Frequently, means of payments other than Paypal, temporary debit card accounts, and the classic ones (paycheck, wire transfer) have this problem...

Edited 2011-04-27 14:55 UTC

Reply Score: 1

UltraZelda64
Member since:
2006-12-05

Let me be an immature and inconsiderate asshole for a minute and say...

Ha ha ha!

Alright, now that I got that out of the way... screw you Sony.

Quit giving people (including the bad guys) reasons to target you, design your systems with more security to begin with, and you (and your customers) would likely be safer. Just a thought.

I'm sounding like a broken record, but my stance is solid. I love to see, off all the companies in the world, Sony getting their weak point attacked for *massive damage*. Sucks for those Sony customers, but well, maybe they'll think twice about Sony products and trusting their personal information in their hands.

Flame on.

Edited 2011-04-27 06:29 UTC

Reply Score: 4

somebody Member since:
2005-07-07

you're not the only one. i was a fanboy until they took otheros away, now the only feeling i get when i hear sony is disgust with tendency to put my fist with middle finger extended on reflex. definitely not buying one more sony product unless it is used and sony gets no money from sale. and even that goes only for games

off course, me or anyone buying sony product is impossible. their license clearly states you can only loan

Edited 2011-04-28 18:05 UTC

Reply Score: 2

On the (OtherOS) news...
by bitwelder on Wed 27th Apr 2011 06:42 UTC
bitwelder
Member since:
2010-04-27

A few days ago the Finnish Consumers Complain Board has stated that Sony should refund 100€ to a customer as a compensation for removing the OtherOS functionality.
( http://www.afterdawn.com/news/article.cfm/2011/04/21/sony_should_pa... )
Now, unfortunately the Board can only put some pressure in the related court case, but it's still nice to see that some official board has recognized that the feature cut may have damaged consumers rights (...yeah, in 'hacker' Torvald's homeland, somebody would add :-P )

Reply Score: 3

Uber-win!
by cypress on Wed 27th Apr 2011 11:53 UTC
cypress
Member since:
2005-07-11

Best news item of the year!

Reply Score: 2

Comment by Darkmage
by Darkmage on Wed 27th Apr 2011 12:51 UTC
Darkmage
Member since:
2006-10-20

ok, as much as I blame the hackers... Sony was sending CC info in PLAINTEXT. They should get sued over this. Someone in their development team should get sacked over it. I mean seriously wireshark will read that data straight off the cable! it's not even obfuscated!

Reply Score: 1

Well said
by anarchisttomato on Wed 27th Apr 2011 16:57 UTC
anarchisttomato
Member since:
2010-05-17

Dig that last paragraph of the article.

Reply Score: 1

Thom Holwerda = Tyler Durden?
by earksiinni on Wed 27th Apr 2011 21:44 UTC
earksiinni
Member since:
2009-03-27

http://www.facade.com/biorhythm/relationship/?Celeb=Fiona_Apple&Cel... (70%)

http://www.facade.com/biorhythm/relationship/?Celeb=Fiona_Apple&Nam... (74%)

Pretty close. But:

http://www.facade.com/biorhythm/relationship/?Celeb=Fiona_Apple&Cel... (94%)

Sorry, Thom. As the old Turkish saying goes, "He who attacks the credit system on the ground gets the girl."

This is scientific.

Reply Score: 1

Comment by smitty
by smitty on Thu 28th Apr 2011 01:49 UTC
smitty
Member since:
2005-10-13

Someone tried blaming the recession on credit cards - no. They had nothing to do with it, that was bad mortgages and speculating on the real estate market.

I'm not offended by Thom's comment, but it was off topic. And I think everyone can agree that this whole huge comment thread was useless and did nothing but distract from what the original article was about. Sony, and the PSN.

Also, as mentioned, credit cards have several big advantages over debit cards. If you are responsible enough to pay them off, they have no downside. I would agree that the majority of people probably aren't that responsible.

Edited 2011-04-28 01:50 UTC

Reply Score: 2

chat-log
by smashIt on Thu 28th Apr 2011 20:22 UTC
smashIt
Member since:
2005-07-06

don't know if it's authenitc:
http://www.thehackernews.com/2011/04/complete-irc-chat-of-playstati...

[user2] aswell you should never ever install a CFW from someone unknown
[user2] cuz its way too easy todo scamming at this point
[user2] for example:
[user2] [redacted plain text code, includes false credit card number]
[user2] sent as plaintext


[user2] i know a few guys who worked @ sony’s psn backend. just when the ps3 was released we talked bout the first psn, at this time ALL was http and unencrypted. so you could see userpass etc plain. i asked em why is it that way. lame answer was “we thought it was adressed.” – lol
[user2] sony qa –> trainees


[user2] another funny function i found is regarding psn downloads
[user2] its when a pkg game is requested from the store
[user2] in the url itself you can define if you get the game free or not. requires some modification in hashes and so on tho

Reply Score: 2

Yet another stupid article by Thom
by IanDumych on Thu 28th Apr 2011 20:37 UTC
IanDumych
Member since:
2009-02-02

Thom, you do realize that this has nothing to do with the merits of credit cards right? "Credit card numbers" is a generic term that can just as easily refer to debit cards. Bringing up that buying things with credit is stupid was completely irrelevant to the issue at hand.

Reply Score: 0

Circles...
by juvenile4909 on Fri 29th Apr 2011 04:30 UTC
juvenile4909
Member since:
2007-08-04

Network security is not 100% guaranteed. Sony will pay off what they can to not make this look any worse than it already does. At the end of the day, You all will stand by this product because it is a fine piece of hardware.
All signatures on all lawsuits will be paid if Sony is punished by law, otherwise there is a stipulation in the SCEA UELA protecting them from anything grand of a bankruptcy. It's a shame such a large company mishandled such valuable information. We can only wait.

Reply Score: 1

Not all cards are equals !
by phoudoin on Fri 29th Apr 2011 13:32 UTC
phoudoin
Member since:
2006-06-09

"People should learn to spend the money they have, not the money they may have."

True.
But if I was a PSN user (which I'm not), my *debit* card number and security code would have been compromized too. In these 70 millions of PSN users, not all are using a credit card, many are just using a debit card (aka money they have).

That being said, credit or debit card, the security of these plastic piece is indeed ridiculous...

Reply Score: 2

No such thing as ethical hacking?
by JoeNerd on Sat 30th Apr 2011 11:31 UTC
JoeNerd
Member since:
2011-04-30

Just think of all the people that will be put out of work, if hacking becomes so rampant, that the only systems allowed to operate on the Internet, are cloud based systems run by governments?

No more clever writing about cool operating systems by Linux fans, and people should be cringing not just at the amount of money stolen, but at the freedom everyone will loose because we can no longer trust ourselves to innovate responsibly? No more releases of IDE platforms to create personal software or games, because it is viewed as too dangerous by naive politicians?

The writing is on the wall folks?

Reply Score: 1

jabbotts
Member since:
2007-09-06

So, by giving up Other OS, device owners maintained access to PSN. Now, device owners do not have a PSN.

Will Sony then be re-enabling Other OS through an official firmware update?

Reply Score: 2