On the PSN Relaunch Announcement

Shamus Young

New member
Jul 7, 2008
3,247
0
0
On the PSN Relaunch Announcement

Shamus thinks Sony responded the best they could.

Read Full Article
 

Jumwa

New member
Jun 21, 2010
641
0
0
A good take on events.

It's nice to see someone take it on the chin and accept responsibility. It's so easy to shift blame or mitigate fault in your apology, and so hard to resist giving excuses. Shows a good grasp of logic and reasoning to do so, and a strong will to bite your tongue.

Not everyone will be happy with the apology and their actions--and likely, not everyone should be--but it's a good step, I'd wager.

I was impressed with how they handled it during events, and despite everyone in the gaming community and media immediately blaming "Anonymous", they obstinately refused to implicate anyone until more was known. They went so far as to state that any signs of "Anonymous" having done it could easily have been planted to cause confusion. They handled that well, and didn't take an easy copout of trying to point a finger and ease the blame on themselves.
 

unwesen

New member
May 16, 2009
91
0
0
Around the three minute mark he did point out the hackers are always hacking things, like they do, but he didn't repeat the meme I've been hearing lately that "no network can ever be secure".
Not so much a meme but simple truth. It's also true that networks can usually be secured just enough for the requirements of the use-case.

Good solution to the PSN password problem.
Debatable.

One group of people had (or might have) the password for everyone else.
This. This should never have happened. It's a n00b mistake to store plaintext passwords; any half-witted security engineer will tell you not to do it. That Sony has someone done it is unforgivable, in terms of trusting their security solutions.

From their standpoint, how could you ever be sure of anyone's credentials ever again?
They can't. They never could. You can sign up to PSN without any meaningful proof of who you are, so that hasn't actually changed much.

I'm not a security expert, ...
indeed.

... but I think their solution to the password problem is a good one.
It isn't, though.

You have to change your password when you log in again. You can only do so from the machine you've been using.
You think. Sony wants. It's a password-based authentication system, and the authenticity of the person trying to change the password is "proven" based on their old password.

The "machine" part can be faked. It'll take a bit to find out how to fake it; you'd better change your password before someone does that.

This means a hacker with the full list of passwords can't log in and pretend to be any of those people, even though he's got their login.
And that is not the problem. The problem is that most people re-use the same password (or almost the same password) over and over again. I doubt the PSN hackers cared about hacking PSN; I'm fairly sure they cared about obtaining email addresses, user names and passwords. Now they can use that to pay with your paypal account, read your email, harvest more information from your facebook account, etc. That's where the value of having stolen passwords lies.

Having said all the above, I don't think Sony responded particularly badly. They did what you need to do: shut down (ignore the cost of that), and hire someone who knows what they're doing to perform an audit. Engineer a solution for people to regain control over their account. Apologize.

But the damage is already done, and because of a painfully silly oversight. That doesn't really make me feel warm and fuzzy inside about whatever they've replaced their system with.
 

Scrustle

New member
Apr 30, 2011
2,031
0
0
This is probably the first real positive reaction I've seen to the return of PSN. So far all I've heard is entitled brats moaning about how 2 weeks without PSN has ruined their lives and how the welcome back bonus doesn't even come anywhere near healing the gaping mental scars of this whole fiasco (which they will probably forget about in a few months). Good to see someone is actually being mature about it.
 

sunami88

New member
Jun 23, 2008
647
0
0
That's an awful lot of excuse making for a multinational corporation that was insanely negligent with the personal information of tens of thousands of people from all over the world.

If the rumours about their "network security" are true (unpatched/old versions of both Apache and RedHat, credit card and account information sent as GET requests albeit over HTTPS), then it serves to reinforce the notion that Sony just doesn't care. They wanted it done fast and cheap, and didn't care if the consumer got fucked over. Worse still, it seems they didn't even consider that as a possibility.

Don't get me wrong, everybody is entitled to their own opinion. I just happen to vehemently disagree with the one presented in this article. In fact, I'm proud to say that I haven't bought anything with the name "SONY" on it since about 2006; And will continue not to do so until they actually start acting like they give a damn.

One admission of guilt doesn't make it all go away. I find it inconceivable that people have already forgotten that they waited days to admit to anything.

9. They are talking directly to the customer, and only the customer. They didn't work in any language for the benefit of shareholders. They weren't trying to speak to both groups with the same message. There's nothing here about protecting value or building brands or securing assets. You can walk away from this with the impression that Sony doesn't give a damn about what happens to them, as long as you're okay.
How can that seriously be spun as a positive? They waited ages to tell people who had bought their hardware that there was a real problem, and have (as of yet) not told the people who actually bought into the company anything... And we should be proud of them for that?

I found it to be the height of hubris arrogant that after the breach they hired not one, not two, but THREE external security firms to comb through their network. From my perspective, the company is simply too big to inter-communicate (in fact, evidence of this can be seen from their cell phone division Sony Ericsson, who after the breach tried to distance themselves from the rest of the company by openly encouraging Linux on their phones [http://linux.slashdot.org/story/11/05/07/1936221/Sony-Encourages-Linux-On-Their-Phones] some time after the breach). This lack of communication leads to half finished, or simply outright incomplete products being sent out to retail. It could even be seen as the reason they removed OtherOS altogether; The lawyers and higher ups perceived a threat, and removed a feature that many (including the US Military) were using as advertised on the retail box.

Sure, Sony is too big to fail outright. But how can we just go back to trusting a company that has proven time and time again that they don't give any consideration towards the people who buy their products [https://secure.wikimedia.org/wikipedia/en/wiki/Sony_rootkit]?

[hr]

*Breath in, breath out*... Well, that turned into quite the wall of text, eh?

Addendum: I will say that their offer of a few free PSN games is more than fair (with the month of PSN+ debateably being advertising for the paid service). PSN doesn't cost anything, but not having it sucked really hard for a lot of people, and it was very nice of them to offer at least something in the ways of compensation.

I'll also just say that I'm not a lawyer or anything like that. Simply a pissed-off consumer.
 

Vapus

New member
May 15, 2010
94
0
0
Im curious as to the failure rate with PS3 consoles and LA noire . Im hearing a lot about it lately . Another big fail for Sony ??
 

bombadilillo

New member
Jan 25, 2011
738
0
0
Vapus said:
Im curious as to the failure rate with PS3 consoles and LA noire . Im hearing a lot about it lately . Another big fail for Sony ??
Or you would know it was happening to 360's too and is not a PS3 fail but an LA noire fail. That is you would know that if you bothered to look it up on say THIS website where they ran this story!

I think the overheat thing is just people not giving proper ventilation like the manual says they are supposed to and LA Noire being a hot running game on both systems.
 

mjc0961

YOU'RE a pie chart.
Nov 30, 2009
3,847
0
0
I think the big thing of why that message works so well is that they had Kazuo Hirai deliver the message. He was a good choice, as even though I still can't hear him speak without a little voice in my head going "RIIIIIIIIIIIIIIIIIIIDGE RACER!" or "FIVE HUNDRED NINETY NINE US DOLLARS!", he actually seems like a decent human being and truly comes off as sorry for the whole incident.

Imagine if they had gotten Jack Tretton to deliver the message... I imagine it would have gone something like, "PS3 is the best thing ever, quit whining about the network being down because you still have the best blu-ray player ever. And to those of you who went and got a 360 to play on while you wait, you're just as lacking in self-respect as all those Nintendo DS owners." Or something extremely rude and condescending like all his interviews and E3 presentations seem to be.
 

bombadilillo

New member
Jan 25, 2011
738
0
0
sunami88 said:
WTF, how is it hubris to high outside firms to help you when you are in over your head. It would b hubris to NOT hire them and think they could fix it themselves. Do you understand that word?
 

sunami88

New member
Jun 23, 2008
647
0
0
bombadilillo said:
WTF, how is it hubris to high outside firms to help you when you are in over your head. It would b hubris to NOT hire them and think they could fix it themselves. Do you understand that word?
They hired three companies? One wasn't good enough? Is the network so complex that one firm simply could not secure the whole thing?
 

mjc0961

YOU'RE a pie chart.
Nov 30, 2009
3,847
0
0
sunami88 said:
I found it to be the height of hubris that after the breach they hired not one, not two, but THREE external security firms to comb through their network.
What?

So, you think it's exaggerated self-confidence to say "Okay, we're in over our heads here. We need lots of help from experts to make sure our network is far more secure than it was previously"? Could you explain that one to me please, because I'm not understanding your thought process here at all.

sunami88 said:
They hired three companies? One wasn't good enough? Is the network so complex that one firm simply could not secure the whole thing?
Oh, I see. You're just making random assumptions about things you have absolutely no knowledge about (in this case, the size and complexity of PSN). My bad, I was taking what you had to say seriously.
 

bombadilillo

New member
Jan 25, 2011
738
0
0
sunami88 said:
bombadilillo said:
sunami88 said:
WTF, how is it hubris to high outside firms to help you when you are in over your head. It would b hubris to NOT hire them and think they could fix it themselves. Do you understand that word?
They hired three companies? One wasn't good enough? Is the network so complex that one firm simply could not secure the whole thing?
How arrogant of them to spend ridiculous amounts of money to fix the problem as fast as they could....the hubris...

Sorry Sunami, that's rude and sarcastic. Hubris is when you are so arrogant you cant accept your own shortcomings or ignore outside advice because you think you are just tops. Nobodys saying their network wasnt jacked or they didnt mess up. But even hiring 1 company is the opposite of hubris. Hiring 3 is about as far from hubris as you can get.
 

sunami88

New member
Jun 23, 2008
647
0
0
@All;
Perphaps hubris was the wrong word to use. It certainly seems to be judging by the number of people jumping down my throat. I just found it arrogant that they had to go out and get three companies to complicate a job that just one of them would have been capable of doing. They could have then hired another afterwards to check the firsts work, but instead decided that no less than 3 companies were needed to go over their work.

It's really what brought me to my next point. I've always seen them as a company that had trouble communicating, and found it funny when instead of getting one company to do one job, they got three. That must've been a lot of memo's to read through.
 

bombadilillo

New member
Jan 25, 2011
738
0
0
sunami88 said:
@All;
Perphaps hubris was the wrong word to use. It certainly seems to be judging by the number of people jumping down my throat. I just found it arrogant that they had to go out and get three companies to complicate a job that just one of them would have been capable of doing. They could have then hired another afterwards to check the firsts work, but instead decided that no less than 3 companies were needed to go over their work.

It's really what brought me to my next point. I've always seen them as a company that had trouble communicating, and found it funny when instead of getting one company to do one job, they got three. That must've been a lot of memo's to read through.
Think of this. They hire one company, they say, we can do this but with our staff it will take 4 months. So they hire firm 2 to get the manpower to do it faster. Same with 3, or perhaps they found some new problem and needed more people.

EVERYONE is pissed at them for PSN being down. It isnt arrogant to hire all the people you need to get it done timely. With all the things you can be mad at Sony for about this it doesnt make any sense to be mad at them for spending the money to hire all the people they need to fix it.
 

Baldr

The Noble
Jan 6, 2010
1,739
0
0
No, they have not fixed the problem. It all about their lack of network security and it is still horrid. It should have never been that bad to begin with, and now they are a big target.
 

Smokescreen

New member
Dec 6, 2007
520
0
0
It seems to me that they've done all they could to get things right and this video message is a good one.

Of course, it probably wouldn't have happened in the first place if Sony hadn't been dicking around with their customer base to begin with. If they're really smart, Sony will re-introduce the functionality of the PS3 as a Linux box or whatever, for those who wanted to do such a thing. And quit fighting over such trivialities.
 

sunami88

New member
Jun 23, 2008
647
0
0
bombadilillo said:
Think of this. They hire one company, they say, we can do this but with our staff it will take 4 months. So they hire firm 2 to get the manpower to do it faster. Same with 3, or perhaps they found some new problem and needed more people.

EVERYONE is pissed at them for PSN being down. It isnt arrogant to hire all the people you need to get it done timely. With all the things you can be mad at Sony for about this it doesnt make any sense to be mad at them for spending the money to hire all the people they need to fix it.
Perhaps. Money and people isn't always the answer, though. I don't see why they couldn't just get one team and work with them.

In fact, it made me wonder if they knew about the exploit on the password reset pages, but wrote it off as low risk because only one team informed them of it. Or they just figured that no one would notice and wanted everything to be done a little too quickly. Stuff like this is what I find arrogant.

[hr]

And just to beat a dead horse; If bombadilillo's definition of "hubris" is correct, then it would seem that I got the word pretty far out of context. I simply thought it was synonymous with "arrogant".

[hr]

Or maybe I'm just reading far too much into the whole thing. There just seem to be too many gaps in Sony's logic for it all to be coincidence.
 

Jumplion

New member
Mar 10, 2008
7,873
0
0
unwesen said:
One group of people had (or might have) the password for everyone else.
This. This should never have happened. It's a n00b mistake to store plaintext passwords; any half-witted security engineer will tell you not to do it. That Sony has someone done it is unforgivable, in terms of trusting their security solutions.
It wasn't in plaintext/cleartext, though, they've clarified on that [http://blog.us.playstation.com/2011/05/02/playstation-network-security-update/]. Really, everybody's been going around, saying Sony didn't update their servers, Sony did update their servers, they stored it in cleartext, they encrypted their data, whathaveyou. What's done is done, they got hacked and no amount of security would have prevented the eventual hackage. Maybe to minimize it, but who knows how secure it actually was.

But, regardless, Sony did respond to all this hooplah better than most companies. While many companies would hide behind their "No Comment" stuff, Sony was much more open with the breach, and apparently only 43% of companies detail breaches in security in a months time.

Still, Sony could have done better in other areas. They didn't communicate to their customers as well as they should have, leaving us in the dark for days on end without any sort of update other than "We're working day and night/tirelessly/around the clock" and only communicating through their blog and twitter. I severely doubt that 70+ people check their blog, or even know they have a blog.