Sony Offers "Sincerest Apologies" for PSN Attack

[BilboB2]

The real question here is why the sensationalist "Hackers Sell PSN Info" story is up in the important articles section of the main page, while this one is left to stew in the News Feed further down the page. Wouldn't it be better to let everyone know that Sony made an official apology and offer of free stuff instead of giving us the (hopefully) false impression that our credit is completely screwed? It may just be my bias, but couldn't they at least change that title to something like:

"There's a slim chance that someone may have tried to sell your credit information on a underground hacker forum, even though there is no actual confirmation of such a transaction taking place other than one thread on the most unoriginally named underground hacker forum in the world."

You may have to slim it down a bit to fit the apparent character limit for the headline, though.

 

[jthm]

Failure on a massive level. Sincerest apologies? Japanese business leaders used to know how to properly apologize. With a sharp knife, a quick poke in the gut and then a long drag across the torso.

 

[JDKJ]

The real question here is why the sensationalist "Hackers Sell PSN Info" story is up in the important articles section of the main page, while this one is left to stew in the News Feed further down the page. Wouldn't it be better to let everyone know that Sony made an official apology and offer of free stuff instead of giving us the (hopefully) false impression that our credit is completely screwed? It may just be my bias, but couldn't they at least change that title to something like:

"There's a slim chance that someone may have tried to sell your credit information on a underground hacker forum, even though there is no actual confirmation of such a transaction taking place other than one thread on the most unoriginally named underground hacker forum in the world."

You may have to slim it down a bit to fit the apparent character limit for the headline, though.

There was a time, before the advent of the 24-hour cable news channel and the internet news blog, that journalist wouldn't run with a story until after they had confirmed it with at least three reliable sources. Nowadays, you're likely to get "Osama bin Laden has been killed in Pakistan! Or he may have just been wounded in Afghanistan. Or he may be chilling out in the Dominican Republic at the Boca Chica Spa and Resort, drinking a mojito on the beach. Who knows? We certainly don't. But that won't stop us from reporting the news."

 

[Low Key]

in b4 "Anonymous did it!" without reading the article.




Now, what will you do if/when credit cards that were "stolen" start being used?

Dispute the charges, get the card replaced, and put a fraud alert on your accounts.

I would also get your credit reports checked. It's free as a US citizen at annualcreditreport.com once a year.

Are you employed by Sony or are you just copying and pasting their press releases?

Bro, that is what YOU need to be doing. Be a little more proactive about your personal finances. Sony isn't going to talk to your bank for you, even if this whole mess is their fault.

Bro? I thought you had gone out drinking tonight and when did you... oh wait your not him..

Anywhooooooo... If Sony talked to my bank for me I would be rather confused as I don't own a Sony product. I was merely stating the similarity between what someone had posted and what the official statement coming from Sony was.

However as we already decided to travel down the road, it would be a shame to not enjoy the views while we are here sooo. If I did own a PS3 and just had my details taken, do you know how big a fuck I'd give right now? None, if I've been hit I've been hit by now. Everyone know whats happend and no-one will be stupid enough to use those cards anymore, not with the FBI etc involved. Using a credit card from the "Sony stockpile" will be like firing off a flaregun while shouting out of microphone. "Over here guys. Please come and throw me in jail! There's something soooo appealing about having an ass like a clowns pocket."

Nevertheless, I would expect people to have taken out the basic precautions to say the least, safe than sorry yada yada yada.

If you don't tell your bank your card is stolen, they won't be able to catch whomever is responsible BRO. Your bank doesn't go through everyone's financial information to see who bought something through Sony and who didn't.

 

[awesome_ninja]

It's been about time Sony... that adds another point to my "Never use consoles" list ...

 

[BehattedWanderer]

I'll accept, as long as my account isn't robbed. I love you Sony. Don't hurt me like this.

 

[RDubayoo]

Hm. Maybe I was wrong when this story first broke out. This attack would require someone with actual skill and intelligence rather than a script and a chip on your shoulder, so maybe that rules out Anonymous after all.

 

[justnotcricket]

Permalink

Great PR move, honestly. And a hard one for a lot of hard-working folks to make. The technicians know it's not their fault, and they know this is making them look bad... but the company at large knows they can't convince the irrational public of this, because the hackers don't have any faces to hate (yet).

So they throw themselves under the bus, and offer an unqualified apology accepting the "blame," just to get things back on track. Swallowing the pride and getting down to business. Kudos to Sony. I don't own any Sony consoles or products, but this gives me some real respect for them.

I just wish they didn't have to do this. It'd be nice if they could just say, "Look. We got hacked. It's the hackers' fault. We're going to try to fix it going forward, but quit blaming us. Seriously, it's like blaming a guy whose house got robbed because he happened to be borrowing your lawnmower at the time."

This. I wish they could hold the hackers up for people to more justifiably direct their bile at. Hating on Sony has become a rather ugly fashion lately amongst the gaming community. I'm no happier than anyone else that my data might have been stolen, but you change your credit card and move on with your life, wiser and perhaps slightly warier of online purchasing.

Until demonstrated otherwise, I'm going to give the benefit of the doubt and assume that Sony wasn't criminally negligent with their security - after all, it's not in their interests *at all* to skimp on that area as the current influx of disfavour/lawsuits/etc shows.

I wish people would remember that 'Sony' isn't just a company who could improve their customer service (what company couldn't?) or takes away OtherOS from PS3s or whatever anyway. Even if they were negligent, that's only one part of a huge company, and the people who want Sony to go under seem to be forgetting that a crapton of people who work in everything from marketing to manufacture could lose their jobs. I would hate to see a good company (or a portion of it that I happen to enjoy using)go under for one mistake that they would be damn sure to rectify. They'll have to suffer while people learn to trust them again anyway.

Call me too forgiving, but it's not like Sony is famous for having chronic security problems. I would just like it if those who were *actually* at fault; the hackers and, if negligence occured, the people who were responsible for the security, could be punished appropriately, instead of 'Sony' at large.

 

[RedEyesBlackGamer]

The real question here is why the sensationalist "Hackers Sell PSN Info" story is up in the important articles section of the main page, while this one is left to stew in the News Feed further down the page. Wouldn't it be better to let everyone know that Sony made an official apology and offer of free stuff instead of giving us the (hopefully) false impression that our credit is completely screwed? It may just be my bias, but couldn't they at least change that title to something like:

"There's a slim chance that someone may have tried to sell your credit information on a underground hacker forum, even though there is no actual confirmation of such a transaction taking place other than one thread on the most unoriginally named underground hacker forum in the world."

You may have to slim it down a bit to fit the apparent character limit for the headline, though.

Welcome to the Escapist. Journalistic integrity is optional.

 

[blind_dead_mcjones]

"sincerest apologies".... That's it?

Do you understand the Asian concept of "losing face?" It isn't much like the Western concept of an apology -- one that's usually insincere and don't mean much of anything.

I foresee culturally insensitive responses to this.

How about a culturally relative one?

I live in a culture where apologies mean fuck all when coming from a capitalist interest, so why would I accept one coming from a different culture where it means even less to me regardless of the importance it has them.

because beggars can't be choosers, and the fact you can't accept an apology in the interim on the basis that 'apologies don't mean fuck all when comming from a capitalist interest' just makes you look churlish.

 

[Tron Paul]

Until demonstrated otherwise, I'm going to give the benefit of the doubt and assume that Sony wasn't criminally negligent with their security - after all, it's not in their interests *at all* to skimp on that area as the current influx of disfavour/lawsuits/etc shows.

Passwords were stored as plaintext. If that's not criminally negligent, I don't know what is. Learn to hash, even phpbb does it.

 

[JDKJ]

Permalink

Great PR move, honestly. And a hard one for a lot of hard-working folks to make. The technicians know it's not their fault, and they know this is making them look bad... but the company at large knows they can't convince the irrational public of this, because the hackers don't have any faces to hate (yet).

So they throw themselves under the bus, and offer an unqualified apology accepting the "blame," just to get things back on track. Swallowing the pride and getting down to business. Kudos to Sony. I don't own any Sony consoles or products, but this gives me some real respect for them.

I just wish they didn't have to do this. It'd be nice if they could just say, "Look. We got hacked. It's the hackers' fault. We're going to try to fix it going forward, but quit blaming us. Seriously, it's like blaming a guy whose house got robbed because he happened to be borrowing your lawnmower at the time."

This. I wish they could hold the hackers up for people to more justifiably direct their bile at. Hating on Sony has become a rather ugly fashion lately amongst the gaming community. I'm no happier than anyone else that my data might have been stolen, but you change your credit card and move on with your life, wiser and perhaps slightly warier of online purchasing.

Until demonstrated otherwise, I'm going to give the benefit of the doubt and assume that Sony wasn't criminally negligent with their security - after all, it's not in their interests *at all* to skimp on that area as the current influx of disfavour/lawsuits/etc shows.

I wish people would remember that 'Sony' isn't just a company who could improve their customer service (what company couldn't?) or takes away OtherOS from PS3s or whatever anyway. Even if they were negligent, that's only one part of a huge company, and the people who want Sony to go under seem to be forgetting that a crapton of people who work in everything from marketing to manufacture could lose their jobs. I would hate to see a good company (or a portion of it that I happen to enjoy using)go under for one mistake that they would be damn sure to rectify. They'll have to suffer while people learn to trust them again anyway.

Call me too forgiving, but it's not like Sony is famous for having chronic security problems. I would just like it if those who were *actually* at fault; the hackers and, if negligence occured, the people who were responsible for the security, could be punished appropriately, instead of 'Sony' at large.

"Until demonstrated otherwise, I'm going to give the benefit of the doubt and assume that Sony wasn't criminally negligent with their security - after all, it's not in their interests *at all* to skimp on that area as the current influx of disfavour/lawsuits/etc shows."

Did you know when making the statement above that you were restating the "business judgment rule" (a presumption under American law that the decision-makers of a corporation always act in the best interest of their shareholders and, therefore and with few rare exceptions, their decisions are immune from judicial second-guessing)? If you didn't, that you'd intuit the business judgment rule is impressive. The average lay person wouldn't.

 

[BabyRaptor]

I'd just like to take this opportunity that this Sony shouldn't have to apologise for this, they are a victim too, all of this is the soul fault of arrogant coders such as failoverflow and George Hotz, these are the people responsible for allowing the hackers to steal all of your data. From the beginning of this debacle it has been clear that there are far too many people in possession of an overblown sense of entitlement. Once the FBI or other force has identified these hackers the coders who found the PS3 public key should be treated as accessories to the crime. I'm tired of everyone bitching about free speech and free access because this is the result of such arrogance. Anonymous in this case can go f**k itself.

Why should the PS3 key be treated as an accessory to them hacking Sony's servers? There's no correlation between the two whatsoever, except maybe someone wanting to get revenge for Geohot getting taken to court.

Hate on people all you want, but show some common sense.

 

[JDKJ]

Until demonstrated otherwise, I'm going to give the benefit of the doubt and assume that Sony wasn't criminally negligent with their security - after all, it's not in their interests *at all* to skimp on that area as the current influx of disfavour/lawsuits/etc shows.

Passwords were stored as plaintext. If that's not criminally negligent, I don't know what is. Learn to hash, even phpbb does it.

Criminal negligence usually requires a disregard of a risk to human life and safety (e.g., leaving a loaded handgun within reach of a young child). If conduct can't result in someone losing their life or limb, then it isn't usually criminal negligence. It may still be civil negligence, but criminal negligence is a stretch.

 

[JDKJ]

I'd just like to take this opportunity that this Sony shouldn't have to apologise for this, they are a victim too, all of this is the soul fault of arrogant coders such as failoverflow and George Hotz, these are the people responsible for allowing the hackers to steal all of your data. From the beginning of this debacle it has been clear that there are far too many people in possession of an overblown sense of entitlement. Once the FBI or other force has identified these hackers the coders who found the PS3 public key should be treated as accessories to the crime. I'm tired of everyone bitching about free speech and free access because this is the result of such arrogance. Anonymous in this case can go f**k itself.

Why should the PS3 key be treated as an accessory to them hacking Sony's servers? There's no correlation between the two whatsoever, except maybe someone wanting to get revenge for Geohot getting taken to court.

Hate on people all you want, but show some common sense.

I asked this question before and didn't get an answer but maybe I'll get one from you:

How can we rule out the possibility that a PS3 console modded to run custom firmware wasn't used in the intrusion? And I'm not trying to say that if it was, there is any "accessory" charge afoot for Hotz et al. (that seems like a stretch to me). I'm just wondering what basis there is to rule out the possibility of a PS3 being used (the poster who was saying it couldn't have been used was relying on that flow chart-like diagram Sony distributed at its press conference yesterday and, after reviewing it myself, I couldn't see where it supported the conclusion -- but I'm not one of God's most tech-savvy creatures). Can you explain to me why I should conclude that a modded PS3 was not involved?

 

[bad rider]

in b4 "Anonymous did it!" without reading the article.




Now, what will you do if/when credit cards that were "stolen" start being used?

Dispute the charges, get the card replaced, and put a fraud alert on your accounts.

I would also get your credit reports checked. It's free as a US citizen at annualcreditreport.com once a year.

Are you employed by Sony or are you just copying and pasting their press releases?

Bro, that is what YOU need to be doing. Be a little more proactive about your personal finances. Sony isn't going to talk to your bank for you, even if this whole mess is their fault.

Bro? I thought you had gone out drinking tonight and when did you... oh wait your not him..

Anywhooooooo... If Sony talked to my bank for me I would be rather confused as I don't own a Sony product. I was merely stating the similarity between what someone had posted and what the official statement coming from Sony was.

However as we already decided to travel down the road, it would be a shame to not enjoy the views while we are here sooo. If I did own a PS3 and just had my details taken, do you know how big a fuck I'd give right now? None, if I've been hit I've been hit by now. Everyone know whats happend and no-one will be stupid enough to use those cards anymore, not with the FBI etc involved. Using a credit card from the "Sony stockpile" will be like firing off a flaregun while shouting out of microphone. "Over here guys. Please come and throw me in jail! There's something soooo appealing about having an ass like a clowns pocket."

Nevertheless, I would expect people to have taken out the basic precautions to say the least, safe than sorry yada yada yada.

If you don't tell your bank your card is stolen, they won't be able to catch whomever is responsible BRO. Your bank doesn't go through everyone's financial information to see who bought something through Sony and who didn't.

Bro, if your credit or debit card is used for an uncharacteristically large sum of money your bank will block the amount. Or, if your card is used on a purchase out of the country or even on a strange website your bank will block the amount.

So, you know, chill bro its all good. No need to be stressin, maybe we should chillax and hit a few waves yo!

 

[faefrost]

I'd just like to take this opportunity that this Sony shouldn't have to apologise for this, they are a victim too, all of this is the soul fault of arrogant coders such as failoverflow and George Hotz, these are the people responsible for allowing the hackers to steal all of your data. From the beginning of this debacle it has been clear that there are far too many people in possession of an overblown sense of entitlement. Once the FBI or other force has identified these hackers the coders who found the PS3 public key should be treated as accessories to the crime. I'm tired of everyone bitching about free speech and free access because this is the result of such arrogance. Anonymous in this case can go f**k itself.

Why should the PS3 key be treated as an accessory to them hacking Sony's servers? There's no correlation between the two whatsoever, except maybe someone wanting to get revenge for Geohot getting taken to court.

Hate on people all you want, but show some common sense.

Because according to the nice little chart back on the first page of this thread, SONY implies that the hack occured by a third party installing a comunication tool on the Application Server tier of their infrastructure. Which then had the ability to comunicate with the database server.

The main security protection/ validation for that application server level is at least in part the PS3 key. It's what the server uses to validate that the game talking to it is a legit game. So the thought that the root keys factored into this (assuming it was an outside third party job coming in from the internet) is a fairly valid hypothesis at this point. I am sure there is more to it than this, and the root key is not the "keys to the kingdom" that let the hackers in. But I don't think any of us would be surprised to find that it is part of the tools used to pull this off.

 

[JDKJ]

I'd just like to take this opportunity that this Sony shouldn't have to apologise for this, they are a victim too, all of this is the soul fault of arrogant coders such as failoverflow and George Hotz, these are the people responsible for allowing the hackers to steal all of your data. From the beginning of this debacle it has been clear that there are far too many people in possession of an overblown sense of entitlement. Once the FBI or other force has identified these hackers the coders who found the PS3 public key should be treated as accessories to the crime. I'm tired of everyone bitching about free speech and free access because this is the result of such arrogance. Anonymous in this case can go f**k itself.

Why should the PS3 key be treated as an accessory to them hacking Sony's servers? There's no correlation between the two whatsoever, except maybe someone wanting to get revenge for Geohot getting taken to court.

Hate on people all you want, but show some common sense.

Because according to the nice little chart back on the first page of this thread, SONY implies that the hack occured by a third party installing a comunication tool on the Application Server tier of their infrastructure. Which then had the ability to comunicate with the database server.

The main security protection/ validation for that application server level is at least in part the PS3 key. It's what the server uses to validate that the game talking to it is a legit game. So the thought that the root keys factored into this (assuming it was an outside third party job coming in from the internet) is a fairly valid hypothesis at this point. I am sure there is more to it than this, and the root key is not the "keys to the kingdom" that let the hackers in. But I don't think any of us would be surprised to find that it is part of the tools used to pull this off.

I had kinda figured that one cannot rule out the possibility of a modified PS3 being involved when I saw that no one was rushing to answer my questions.

It's all George Hotz' fault!! He's the one to blame!!

 

[FamoFunk]

Cool Sony. Now, get me back online.

[sub][sub]Give me my free shit, too.[/sub][/sub]