Is PSN under attack? - PSN now back up 15/05

I'm flabbergasted that they stored user details and passwords unencrypted - if I could do it in a Uni project, why the heck can't a multi-million pound business like Sony ?
 
Its been said a few times now in various places that Sony had been warned about their Security, but did nothing to act, months ago.
Makes you wonder if its possible someone involved in 'informing' Sony as to their security issues might of been involved direct or indirectly with this.
 
If you have a problem with pointless arguing that's your issue. Come at me?
It's not pointless, I'm trying to make the point that hardware hackers are not evil, Anonymous are not responsible, I'm trying to spread correct information, sadly there seems to be resistance to this. I still haven't seen any firm evidence of unencrypted storage of CC/DC details, there are many rumours that they didn't encrypt passwords, none confirmed, this has all been said, many times, on major news outlets and in this thread, don't get all hissy.
Anyway I'm busy ranting about climate change and egalitarianism elsewhere so maybe you'll get some respite.
 
http://www.psu.com/PSN-back-online-...ownload-patch,-claims-expert---a011444-p0.php

"Though there's still no official word on when the PlayStation Network will be back online again, an expert in the field of database security believes that the servers will be up this week and might be online as early as tomorrow, Wednesday.

Speaking with NowGamer, Neil Martin, a database security engineer expert, says that Sony will currently be in the process of removing the original server code and "rebuilding it using new login keys for their admin side."

Martin also believes that this may affect our sign-up when we first log back onto the PlayStation Network. Due to the fact the route key that Sony will be changing currently determines whether each piece of software you use with the PlayStation 3 is licensed, "this could mean all previous software will require a patch when it comes back online," he says."

Not sure how accurate this random website is though....
 
I'm beginning to think Sony are just plain crap at protecting stuff, hell they got experts in to get to this point in the investigations. Those sort of people should be in house in company that over sees 70+ million users.
 
How do they also not know that all the information that they have (user's stats, etc) hasn't been injected/compromised in some way? Are they going to have to restore back from a 'known good' backup?
 
Sydney said:
If you have a problem with pointless arguing that's your issue. Come at me?
It's not pointless, I'm trying to make the point that hardware hackers are not evil, Anonymous are not responsible, I'm trying to spread correct information, sadly there seems to be resistance to this. I still haven't seen any firm evidence of unencrypted storage of CC/DC details, there are many rumours that they didn't encrypt passwords, none confirmed, this has all been said, many times, on major news outlets and in this thread, don't get all hissy.
Anyway I'm busy ranting about climate change and egalitarianism elsewhere so maybe you'll get some respite.
Click to expand...

It is pointless though as your as guilty of derailing the thread as anyone else is when it comes to the topics being discussed due to the threads current title. I don't quite get your "come at me" remark but I'll simply ignore it and keep checking the thread for info as usual. Sorry if I offended you in anyway, just tired of seeing actually useful threads being turned into slanging matches on here lately.
 
Sydney said:
If you have a problem with pointless arguing that's your issue. Come at me?
It's not pointless, I'm trying to make the point that hardware hackers are not evil, Anonymous are not responsible, I'm trying to spread correct information, sadly there seems to be resistance to this. I still haven't seen any firm evidence of unencrypted storage of CC/DC details, there are many rumours that they didn't encrypt passwords, none confirmed, this has all been said, many times, on major news outlets and in this thread, don't get all hissy.
Anyway I'm busy ranting about climate change and egalitarianism elsewhere so maybe you'll get some respite.
Click to expand...
Not sure if thats aimed at me, but seriously just focus your comments, bringing up issues over 5 years old that you feel vindicate whats happening to Sony just weakens your argument of which some points are completely valid and some are just irrelevant to the topic at hand...

More than happy to debate, but seems silly not to solely deal with the particulars - at least thats more likely to inform all...

Im not completely surprised that someones asked for your age - surely that intimates how you are coming across?!?

ps3ud0 :cool:
 
James J said:
It is pointless though as your as guilty of derailing the thread as anyone else is when it comes to the topics being discussed due to the threads current title. I don't quite get your "come at me" remark but I'll simply ignore it and keep checking the thread for info as usual. Sorry if I offended you in anyway, just tired of seeing actually useful threads being turned into slanging matches on here lately.
Click to expand...
No, you wouldn't get it, that's partly the point ;)
You accuse me of derailing the thread but you keep replying and I feel the need to reply, so you're (not your) as guilty as anyone.
As I've probably mentioned, there's not much information to be disseminated, but as I can actually be bothered checking the usual sources I will be reporting here with useful information.

This: http://www.psu.com/PSN-back-online-t...a011444-p0.php (thanks oldbag) is interesting but is purely speculation, albeit informed speculation.

edit: oh ps3ud0 :cool: It's relevant. I'm old enough that five years ago doesn't seem like ancient history and definitely contributes to any political motive there may or may not be. But I'm bored of this.

Latest news: there is no news.
 
Last edited:
wozzizname said:
I'm flabbergasted that they stored user details and passwords unencrypted - if I could do it in a Uni project, why the heck can't a multi-million pound business like Sony ?
Click to expand...
The thing I cant get my head around is the common person is so used to encryption of passwords at their workplace or something as simple as an input mask when you enter your PIN at a cashpoint - for a company like Sony to not do it seems so ludicrous - its really hard to accept as to anyone it seems to be the simplest thing to expect
Alpherah said:
Its been said a few times now in various places that Sony had been warned about their Security, but did nothing to act, months ago.
Makes you wonder if its possible someone involved in 'informing' Sony as to their security issues might of been involved direct or indirectly with this.
Click to expand...
Any sources on who has told Sony? Love for this to be true and an organisation that Sony should have listened to - should make fines and Sony cleaning their house far more likely...

ps3ud0 :cool:
 
Last edited:
Sony would have been PCI DSS accredited and audited so they could handle card transactions directly. There are different tiers of PCI compliance from being allowed to use a 3rd party payment gateway to doing your own. As Sony handle their own transactions they would have needed to prove a business need for storing the details after the transaction and proving that they were secure in a regular audit.

The audits would have shown pretty quickly if the data wasn't segregated from other data and if it was unencrypted. They would have had accreditation revoked and would have been blocked from handling card transactions directly and would have been forced to use another merchant gateway.

This has most likely been an RSA/Google style of persistant attack where Sony are still trying to figure out what actually happened.

Disclaimer - I work in HMG security so I've only spent a little time with my PCI colleagues and am in no way an expert.
 
To add I'm a 4chan regular, So should point out again, although its been said already. The original DDoS attacks, yes that was 4chan and they succeeded in slowing the network and causing the odd blackout. Anything to do with document stealing isn't Anon. You sort of heard it from the horses mouth, because if it was Anon I'd probably have seen it unfold
 
When I tried to get on PSN last Thursday morning I didn't think it would turn into something this big.

Now I'm keeping my eye on my bank, just in case. Even if hackers don't have our information, it is best to be safe than sorry.
 
Sydney said:
No, you wouldn't get it, that's partly the point ;)
You accuse me of derailing the thread but you keep replying and I feel the need to reply, so you're (not your) as guilty as anyone.
As I've probably mentioned, there's not much information to be disseminated, but as I can actually be bothered checking the usual sources I will be reporting here with useful information.

This: http://www.psu.com/PSN-back-online-t...a011444-p0.php (thanks oldbag) is interesting but is purely speculation, albeit informed speculation.

edit: oh ps3ud0 :cool: It's relevant. I'm old enough that five years ago doesn't seem like ancient history and definitely contributes to any political motive there may or may not be. But I'm bored of this.

Latest news: there is no news.
Click to expand...

I've said sorry so I suggest you "get over it" and move on sincerely as anything more is basically classed as flame baiting.
 
You must log in or register to reply here.
Back
Top Bottom