PSN Phasing Back Into Existence With Enhanced Security

[FamoFunk]

I can't wait, really looking forward to playing co-op Portal 2 without split screening.

Also, they're giving us all compensation when we log back in with the 'Welcome back' message/package thing. Looking forward to trying out the PSN+ for a month for free.

 

[JMan]

What sucks about Playstation Plus though is that anything you get from it for free won't be playable once the Plus membership runs out and to continue to play it you have to pay to renew the Plus membership.

 

[Danpascooch]

snip

As compared to no defense? They get your info and they have your Address and your email address. I'm not to worried about getting mail that might harm me. As for the Mediocre defense how would you know the hackers weren't the best of the best and they just made the protection they had set up look like nothing. It's one thing to say "Come on guys. You could have done better" to saying "It's your fault and you are to blame" Simple statement is Someone burns your house down but it's your fault for building it out of flammable material.

Hacking is not easy, there has to be a vulnerability, they claimed this was one server, so a single point of security (this one server) had all 45 million profiles on it. That sort of lack of compartmentalization is a critical error in secure networking. Not to mention the fact that they stated the user data was in plaintext and unencrypted. Those two facts mean that the security was unacceptably bad, no matter how skilled this hackers are.

Having one server seems better then multiple. even if it is to Hold the different info on separate servers. Then the servers would have to communicate between each one and that would create a good deal of lag. One server seems enough. As for the user data being encrypted do you encrypt every file on your computer that has info about you? And not Important info but just small things like addresses or groceries.

No, I don't encrypt that info, but then again, my computer is not in charge of 45 million people's. Just mine, you can bet your ass if I was in charge of 45 million people, I'd encrypt the fuck out of it, and I would sure hope Sony has better security than my laptop.

You don't need the servers to be far away from each other, hell, they can be in the same room. This isn't a 500mb file, it's profile info, even if each one was 1000 miles apart there would be basically no lag, if they put them in the same room it has the same speed as one server (ok fine, it requires like an extra 0.00000001 seconds) with the security of segmentation. The important bit is that they aren't linked to eachother directly, and each require their own security checks, that way if someone gets in, they don't make off with everything

Here are the facts:

1.) Sony lost 45 million people's data, and possibly credit cards
2.) The user data was in plaintext
3.) It was all on a single server so that once you broke that layer of security you could access all of it.

Is fact 1 enough to condemn Sony? No.

Are facts 2 and 3 enough to condemn Sony? No.

Are facts 1, 2 and 3 together enough to condemn Sony? FUCK YES.

fact one establishes damages, facts 2 and 3 establish negligence. They fucked up.

Fact 1 is off. It's closer to 76 million. as for plain text with the user data so what. Whats the worst that can happen? I get some annoying emails for awhile and my spam filter works overtime? Maybe i get a letter in the mail for something stupid? Shit just got real. As for the Credit Card info it was encrypted. And now that everyone has had ample warning time if they haven't cancelled their cards then it is no longer the companies fault if they lose money. As for the size of the file info on the server try closer to a few gigs. If every bit of user data is more then name address and email address it is gonna be pretty big. and even if they have multiple servers it wouldn't matter. After cracking one the rest would probably be easy. No matter how many servers they have you would probably find some reason to say "They should have had the servers like this". As for condemning sony i will wait till their actual business ethics start teetering rather then cry like a 12 year old girl because someone might have looked over all the user data and seen my name. Hell my real name is on here so why would i care if someone knows my name.

So your opinion is "I don't care so nobody else should"? That's borderline narcissistic.

So if Sony loses my credit card number to a hacker, it's my fault? Fuck that, they're supposed to PROTECT that data.

As for the file size, you think your PS3 asks for all 45 million profiles when it connects to the server? You don't understand how these things work do you? You request the profile information and it sends the server your username and password, the server sends back only your profile information which is like, a page long of plaintext at the most. The idea is to segment the information with slightly different security checks at the different servers, and it stores your information on one of them, and only requests data from that one. It's like how World of Warcraft has many "realms" which are different servers. Since you're only interacting with one, the existence of others doesn't slow you down, but if a hacker gets into one of those realm servers, at worst they compromise ONE realm, not all of them. It's basic security, especially for this volume of data.

The data in that profile alone means my "clean" email address is probably going to no longer be clean, much less the fact that all of that data used together would probably be enough for someone to engage in a bit of identity theft. But the most important thing is that Sony still can't confirm the credit card data wasn't taken, so I'd appreciate if you don't call me names like you're a child just because I care about something you don't.

Wait till their business ethics start teetering? Jesus don't get my started on that. First it's Linux, next they'll just start repossessing functions of your console unless you pay an extra fee.

As for the argument that I would find "something to yell at them for anyway" that doesn't hold water. There's no evidence that I would fabricate another argument if this one didn't exist, it's baseless speculation and these are validly problematic security holes that have compromised 10's of millions of people's personal information.

 

[RicoADF]

It's good to see that normality is slowly returning to proceedings.

I'm also quite happy to hear that news steps are being taken to help in the line of this not happening in the near future. Though I would also suggest that they remove the ability to directly use credit\debit cards and go the Microsoft way with the pre-paid cards. It may not be practical or quick, but at least it will put a lot of peoples minds at ease.

PSN cards do exist and you can buy them from stores, the option is already there.

 

[wooty]

It's good to see that normality is slowly returning to proceedings.

I'm also quite happy to hear that news steps are being taken to help in the line of this not happening in the near future. Though I would also suggest that they remove the ability to directly use credit\debit cards and go the Microsoft way with the pre-paid cards. It may not be practical or quick, but at least it will put a lot of peoples minds at ease.

PSN cards do exist and you can buy them from stores, the option is already there.

I know they exist, I was just wondering whether after all this mess would it be better for Sony to ease current/potential customers fears by offering only the pre-paid cards.

 

[mGoLos]

"For me personally, the badness level of having my identity stolen versus the goodness level of getting a videogame I want for free is a toss up, so this is a step in the right direction."

For me personally, I'm getting real tired of checking my bank statements every day. I'm also starting to doubt the validity of Sony press-releases. They've had three weeks now and I still don't know if my personal information is safe.

Lets keep the outrage going for a while yet shall we?

 

[Sora383]

Glad to see that Sony is at least starting to get up and running. But got to wonder if that free month deal for PlayStation plus kicks in even before the store opens back up or if it waits till you can access the store first.