PSN Phasing Back Into Existence With Enhanced Security

[Baresark]

Hmmm, enhanced security..... Wonder how many legal users will get bit in the ass on this. I don't really care, I own my PS3, but I will not be purchasing any more Sony tech. And it's not because they were hacked, that could happen to anyone. It's really because the hack was most likely blowback from their policies and EULA.

It's like getting caught in the middle of someone else's firefight, neither side is your friend, and both sides are willing to shoot through you.

 

[Baresark]

If Sony's serious about this, I might just be able to download a copy of the Red Dead Undead thingy for free. If so, all is forgiven.

It was epic...very much so. I would say it almost makes rape forgivable....almost.

did i hear free Dead Money DLC?
I never really feared this as much as a lot of other ppl and i think this was actually quite well handled by Sony to make sure they had the info so everyone didnt lose there shit when this happened
good on ya Sony

Also most were blaming sony as if they had a hand in the theft of the stuff. Like the executives were going to be using their credit information to buy coffee makers.

Good. They say that it'll be back by the end of May by the latest. I don't care how long it takes to get it back up, keeping my info safe and getting these neckbearded cunts behind bars should be the first priority, and it looks like Sony realises this. They seem to have realised how badly they handled this in the beginning and decided to man up and get some shit done.
Good job Sony, as long as you're doing all you can do. Just remember, I can wait to play Portal 2 online, my personal and financial info is a bit more important to me at the moment. Don't rush PSN back out of pressure, take your time and ensure everything is perfectly safe before that.

Edit: as for the free month of PS+, here's my plan:
1. get PS+
2. download every bit of free shit
3. ????
4. PROFIT!!!

Neckbearded cunts? Whats a neckbearded?

Enhanced levels of data protection and encryption

So... what? Are we storing the plain text user data as anagrams? That would be a bit of an improvement.

Everything i have read says that the information was encrypted. Don't know why it wouldn't be. There is no proof to verify that it wasn't encrypted either.

from Sony's press release:



Working closely with several outside security firms,

They can work as close as the want with the "best" security firm like the one that was gonna take down the hackers in the wikileaks issue but i dont think that is gonna help, the answer is to treat better the costumers, dont go making claims and sues to the paying costumers.

Work with the new tallent A.K.A. the hackers A.K.A. George hots, if there is people out there that can do a Ddos attack to PayPal, MasterCard, and Swiss bank PostFinance im sure they can take out a videogame company infrastructure

I may not be a genius but i remember like 90% of everything i read and everything i hear. And i remember reading about how to preform a DDoS attack all you have to do is download a program that comes whit instructions. So really any 12 year old that isn't illiterate can do it. I wouldn't think preforming a DDoS attack is very impressive.

I'm still iffy about whether to return or not, but I probably will. Just going to avoid buying anything with my card from now on and just get pre-paid for anything that's worth the trip to the store :s

As for the damage done, I'd say that Sony should have done this "enhanced security" BEFORE they went and got hacked. I don't expect a few bonuses tossed in to win everyone with half a brain back; a better way would be to get on their hands and knees and start begging for people not to leave them behind >.> Far as I'm concerned, it was THEIR fuck-up for not doing things right, and that's that, no matter who's fault it was.

Doesn't mean that I no longer want to see the cocksucker who now knows where I live (probably some guy in Peruvia or some obscure place like that) brought down. I most certainly do, but Sony can't just say "we're sorry, here's a cookie" and that just makes everything better by itself >.<

I don't see why so many people think it was sonys fault. If you make an unbreakable shield someone will make a sword that can break it. It will go on forever. They probably already had security and all that but someone got through it and that made them beef it up. And anyone with half a brain would know that the company involved isn't nearly as in the wrong as the people who stole the information int he first place.

People are angry because in a hack, it's not all or nothing. It's not "you get no data" or "you get fucking EVERYTHING. Usually hackers come out with an absolutely tiny portion of the data stored, and this hacker got WAY too much. The simple fact that the user data was stored in plaintext is unforgivable.

Haha, you are quite right, in this case, no one should be shook, because there is such a thing as a halfway crook.

 

[JDKJ]

If Sony's serious about this, I might just be able to download a copy of the Red Dead Undead thingy for free. If so, all is forgiven.

It was epic...very much so. I would say it almost makes rape forgivable....almost.

did i hear free Dead Money DLC?
I never really feared this as much as a lot of other ppl and i think this was actually quite well handled by Sony to make sure they had the info so everyone didnt lose there shit when this happened
good on ya Sony

Also most were blaming sony as if they had a hand in the theft of the stuff. Like the executives were going to be using their credit information to buy coffee makers.

Good. They say that it'll be back by the end of May by the latest. I don't care how long it takes to get it back up, keeping my info safe and getting these neckbearded cunts behind bars should be the first priority, and it looks like Sony realises this. They seem to have realised how badly they handled this in the beginning and decided to man up and get some shit done.
Good job Sony, as long as you're doing all you can do. Just remember, I can wait to play Portal 2 online, my personal and financial info is a bit more important to me at the moment. Don't rush PSN back out of pressure, take your time and ensure everything is perfectly safe before that.

Edit: as for the free month of PS+, here's my plan:
1. get PS+
2. download every bit of free shit
3. ????
4. PROFIT!!!

Neckbearded cunts? Whats a neckbearded?

Enhanced levels of data protection and encryption

So... what? Are we storing the plain text user data as anagrams? That would be a bit of an improvement.

Everything i have read says that the information was encrypted. Don't know why it wouldn't be. There is no proof to verify that it wasn't encrypted either.

from Sony's press release:



Working closely with several outside security firms,

They can work as close as the want with the "best" security firm like the one that was gonna take down the hackers in the wikileaks issue but i dont think that is gonna help, the answer is to treat better the costumers, dont go making claims and sues to the paying costumers.

Work with the new tallent A.K.A. the hackers A.K.A. George hots, if there is people out there that can do a Ddos attack to PayPal, MasterCard, and Swiss bank PostFinance im sure they can take out a videogame company infrastructure

I may not be a genius but i remember like 90% of everything i read and everything i hear. And i remember reading about how to preform a DDoS attack all you have to do is download a program that comes whit instructions. So really any 12 year old that isn't illiterate can do it. I wouldn't think preforming a DDoS attack is very impressive.

I'm still iffy about whether to return or not, but I probably will. Just going to avoid buying anything with my card from now on and just get pre-paid for anything that's worth the trip to the store :s

As for the damage done, I'd say that Sony should have done this "enhanced security" BEFORE they went and got hacked. I don't expect a few bonuses tossed in to win everyone with half a brain back; a better way would be to get on their hands and knees and start begging for people not to leave them behind >.> Far as I'm concerned, it was THEIR fuck-up for not doing things right, and that's that, no matter who's fault it was.

Doesn't mean that I no longer want to see the cocksucker who now knows where I live (probably some guy in Peruvia or some obscure place like that) brought down. I most certainly do, but Sony can't just say "we're sorry, here's a cookie" and that just makes everything better by itself >.<

I don't see why so many people think it was sonys fault. If you make an unbreakable shield someone will make a sword that can break it. It will go on forever. They probably already had security and all that but someone got through it and that made them beef it up. And anyone with half a brain would know that the company involved isn't nearly as in the wrong as the people who stole the information int he first place.

People are angry because in a hack, it's not all or nothing. It's not "you get no data" or "you get fucking EVERYTHING. Usually hackers come out with an absolutely tiny portion of the data stored, and this hacker got WAY too much. The simple fact that the user data was stored in plaintext is unforgivable.

Haha, you are quite right, in this case, no one should be shook, because there is such a thing as a halfway crook.

But ain't no half steppin'. You can't fake the funk.

 

[GamingGoddessV]

Now we can finally start putting this behind us.

Like BP's catastrophic oil spill in the Gulf, everyone will forget about it soon enough.

THANK YOU! EXACTLY! "everyone is like this is the end" "yup its the end of sony" "I guess 360 is going get more customers" Alls Sony is going to do is give people free s*** and it'll all b good.

 

[Kyoh]

Am I the only one who reads Qriocity as Queer-iocity at first glance?

 

[EchetusXe]

Am I the only one who reads Qriocity as Queer-iocity at first glance?

I just assumed they segregated the LGBT community out of the PSN. Qriocity being like the PSN only 60% more fabulous and with 90% less homophobic cursing.

 

[Danpascooch]

snip

As compared to no defense? They get your info and they have your Address and your email address. I'm not to worried about getting mail that might harm me. As for the Mediocre defense how would you know the hackers weren't the best of the best and they just made the protection they had set up look like nothing. It's one thing to say "Come on guys. You could have done better" to saying "It's your fault and you are to blame" Simple statement is Someone burns your house down but it's your fault for building it out of flammable material.

Hacking is not easy, there has to be a vulnerability, they claimed this was one server, so a single point of security (this one server) had all 45 million profiles on it. That sort of lack of compartmentalization is a critical error in secure networking. Not to mention the fact that they stated the user data was in plaintext and unencrypted. Those two facts mean that the security was unacceptably bad, no matter how skilled this hackers are.

 

[BlueMage]

from Sony's press release:



Working closely with several outside security firms,

They can work as close as the want with the "best" security firm like the one that was gonna take down the hackers in the wikileaks issue but i dont think that is gonna help, the answer is to treat better the costumers, dont go making claims and sues to the paying costumers.

Work with the new tallent A.K.A. the hackers A.K.A. George hots, if there is people out there that can do a Ddos attack to PayPal, MasterCard, and Swiss bank PostFinance im sure they can take out a videogame company infrastructure

Oh for .... look, just do us all a favour and never breed. Please?

 

[Vigilantis]

Meh whats another person with the knowledge of my name, address, and email to me. Another piece of paper in the mail/spam in my email won't pay me no nevermind, I just hope for one they of ALL people can spell my name correctly.

The free PS+ is alright despite losing any free games once the 30 days is up, but I rarely found much on there that interested me, thus I never bought a PS+ subscription.

Really just looking forward to getting online with MK9 to be honest

 

[8-Bit Grin]

Cool. I like getting things for free.

Which is exactly what they're banking on.

 

[Shepard's Shadow]

Cool. I like getting things for free.

Which is exactly what they're banking on.

Probably. Everyone likes getting free stuff.

 

[Danpascooch]

snip

As compared to no defense? They get your info and they have your Address and your email address. I'm not to worried about getting mail that might harm me. As for the Mediocre defense how would you know the hackers weren't the best of the best and they just made the protection they had set up look like nothing. It's one thing to say "Come on guys. You could have done better" to saying "It's your fault and you are to blame" Simple statement is Someone burns your house down but it's your fault for building it out of flammable material.

Hacking is not easy, there has to be a vulnerability, they claimed this was one server, so a single point of security (this one server) had all 45 million profiles on it. That sort of lack of compartmentalization is a critical error in secure networking. Not to mention the fact that they stated the user data was in plaintext and unencrypted. Those two facts mean that the security was unacceptably bad, no matter how skilled this hackers are.

Having one server seems better then multiple. even if it is to Hold the different info on separate servers. Then the servers would have to communicate between each one and that would create a good deal of lag. One server seems enough. As for the user data being encrypted do you encrypt every file on your computer that has info about you? And not Important info but just small things like addresses or groceries.

No, I don't encrypt that info, but then again, my computer is not in charge of 45 million people's. Just mine, you can bet your ass if I was in charge of 45 million people, I'd encrypt the fuck out of it, and I would sure hope Sony has better security than my laptop.

You don't need the servers to be far away from each other, hell, they can be in the same room. This isn't a 500mb file, it's profile info, even if each one was 1000 miles apart there would be basically no lag, if they put them in the same room it has the same speed as one server (ok fine, it requires like an extra 0.00000001 seconds) with the security of segmentation. The important bit is that they aren't linked to eachother directly, and each require their own security checks, that way if someone gets in, they don't make off with everything

Here are the facts:

1.) Sony lost 45 million people's data, and possibly credit cards
2.) The user data was in plaintext
3.) It was all on a single server so that once you broke that layer of security you could access all of it.

Is fact 1 enough to condemn Sony? No.

Are facts 2 and 3 enough to condemn Sony? No.

Are facts 1, 2 and 3 together enough to condemn Sony? FUCK YES.

fact one establishes damages, facts 2 and 3 establish negligence. They fucked up.

 

[Therumancer]

Well, speaking for myself I'm wondering when this "phased reboot" starts, I tried to login last night and didn't even have a chance to change my password, nor did I see any instructions for doing it through some website or whatever. Still getting a message that the system is down for maitnence.

As far as the overal situation, yes, I think Sony is to blame at least as much as the hackers. If nothing else, it can be pointed out that Sony did kind of provoke this attack.

Right now I think Blumenthal is starting down the right track, in having them cover the security costs and so on. I also think punitive measures are in order, but we'll see what transpires in that direction, and whether or not they do a good job of compensating their users. If they DO manage to compensate their users well on their own, then it's all cool, however I'm sort of expecting Sony to just toss the users a couple of dog treats and go back to business as usual.

Simply put, even with something like the 24 billion dollar price tag to cover the credit checks and such, when you look at the size of Sony, that's similar to paying the damages out of petty cash. Maybe not if you look at the "Playstation" division on it's own, but Sony is FAR more than just Playstation, it's just one of their many products, and not even close to being their most successful I don't think. A blow for the playstation section, is pretty much digging some change out of the couch for the corperation as a whole. 24 billion is a lot of change, but we're talking about a REALLY big couch, where the cracks are like Scrooge Mcduck's money bin.

The point is that whether it's due to volentary compensation, or goverment action and massive punitive damages, Sony as a whole entity should be held responsible, and should definatly be made to feel the cost.

 

[FamoFunk]

I can't wait, really looking forward to playing co-op Portal 2 without split screening.

Also, they're giving us all compensation when we log back in with the 'Welcome back' message/package thing. Looking forward to trying out the PSN+ for a month for free.

 

[JMan]

What sucks about Playstation Plus though is that anything you get from it for free won't be playable once the Plus membership runs out and to continue to play it you have to pay to renew the Plus membership.

 

[Danpascooch]

snip

As compared to no defense? They get your info and they have your Address and your email address. I'm not to worried about getting mail that might harm me. As for the Mediocre defense how would you know the hackers weren't the best of the best and they just made the protection they had set up look like nothing. It's one thing to say "Come on guys. You could have done better" to saying "It's your fault and you are to blame" Simple statement is Someone burns your house down but it's your fault for building it out of flammable material.

Hacking is not easy, there has to be a vulnerability, they claimed this was one server, so a single point of security (this one server) had all 45 million profiles on it. That sort of lack of compartmentalization is a critical error in secure networking. Not to mention the fact that they stated the user data was in plaintext and unencrypted. Those two facts mean that the security was unacceptably bad, no matter how skilled this hackers are.

Having one server seems better then multiple. even if it is to Hold the different info on separate servers. Then the servers would have to communicate between each one and that would create a good deal of lag. One server seems enough. As for the user data being encrypted do you encrypt every file on your computer that has info about you? And not Important info but just small things like addresses or groceries.

No, I don't encrypt that info, but then again, my computer is not in charge of 45 million people's. Just mine, you can bet your ass if I was in charge of 45 million people, I'd encrypt the fuck out of it, and I would sure hope Sony has better security than my laptop.

You don't need the servers to be far away from each other, hell, they can be in the same room. This isn't a 500mb file, it's profile info, even if each one was 1000 miles apart there would be basically no lag, if they put them in the same room it has the same speed as one server (ok fine, it requires like an extra 0.00000001 seconds) with the security of segmentation. The important bit is that they aren't linked to eachother directly, and each require their own security checks, that way if someone gets in, they don't make off with everything

Here are the facts:

1.) Sony lost 45 million people's data, and possibly credit cards
2.) The user data was in plaintext
3.) It was all on a single server so that once you broke that layer of security you could access all of it.

Is fact 1 enough to condemn Sony? No.

Are facts 2 and 3 enough to condemn Sony? No.

Are facts 1, 2 and 3 together enough to condemn Sony? FUCK YES.

fact one establishes damages, facts 2 and 3 establish negligence. They fucked up.

Fact 1 is off. It's closer to 76 million. as for plain text with the user data so what. Whats the worst that can happen? I get some annoying emails for awhile and my spam filter works overtime? Maybe i get a letter in the mail for something stupid? Shit just got real. As for the Credit Card info it was encrypted. And now that everyone has had ample warning time if they haven't cancelled their cards then it is no longer the companies fault if they lose money. As for the size of the file info on the server try closer to a few gigs. If every bit of user data is more then name address and email address it is gonna be pretty big. and even if they have multiple servers it wouldn't matter. After cracking one the rest would probably be easy. No matter how many servers they have you would probably find some reason to say "They should have had the servers like this". As for condemning sony i will wait till their actual business ethics start teetering rather then cry like a 12 year old girl because someone might have looked over all the user data and seen my name. Hell my real name is on here so why would i care if someone knows my name.

So your opinion is "I don't care so nobody else should"? That's borderline narcissistic.

So if Sony loses my credit card number to a hacker, it's my fault? Fuck that, they're supposed to PROTECT that data.

As for the file size, you think your PS3 asks for all 45 million profiles when it connects to the server? You don't understand how these things work do you? You request the profile information and it sends the server your username and password, the server sends back only your profile information which is like, a page long of plaintext at the most. The idea is to segment the information with slightly different security checks at the different servers, and it stores your information on one of them, and only requests data from that one. It's like how World of Warcraft has many "realms" which are different servers. Since you're only interacting with one, the existence of others doesn't slow you down, but if a hacker gets into one of those realm servers, at worst they compromise ONE realm, not all of them. It's basic security, especially for this volume of data.

The data in that profile alone means my "clean" email address is probably going to no longer be clean, much less the fact that all of that data used together would probably be enough for someone to engage in a bit of identity theft. But the most important thing is that Sony still can't confirm the credit card data wasn't taken, so I'd appreciate if you don't call me names like you're a child just because I care about something you don't.

Wait till their business ethics start teetering? Jesus don't get my started on that. First it's Linux, next they'll just start repossessing functions of your console unless you pay an extra fee.

As for the argument that I would find "something to yell at them for anyway" that doesn't hold water. There's no evidence that I would fabricate another argument if this one didn't exist, it's baseless speculation and these are validly problematic security holes that have compromised 10's of millions of people's personal information.