The Great 2011 PSN Outage Megathread *Post 1 updated*

gant0

People stop worrying about your credit card details banks have stated that if you have a genuine claim of fraud they will refund you so you will not lose any money.Sony will not make us pay for psn becaue of this I will guarantee you of that.It'd just drive so many consumers away.

Liamario

Trevor451 wrote: »

Sony deserve it IMO. Serves them right for suing pepole who mod their own consoles.

People with modded consoles are the people who hacked the netrwork. The very reason that Sony doesn't want modded consoles out there. :rolleyes:

Renn

Liamario wrote: »

People with modded consoles are the people who hacked the netrwork. The very reason that Sony doesn't want modded consoles out there. :rolleyes:

Is it even known yet who hacked it?

Chavways

Renn wrote: »

Is it even known yet who hacked it?

Probably not the exact culprit but it was someone with a custom firmware version called rebug 3.55 installed.

Headshot

I heard the hackers were soon killed after the hacking by explosives wired to their ps3's

RangeR

Liamario wrote: »

People with modded consoles are the people who hacked the netrwork. The very reason that Sony doesn't want modded consoles out there. :rolleyes:

Please don't be so closed minded. Modded consoles are not the problem. If Son'y security rated higher than Playmobil, no amount of custom firmware would have allowed the elicit intrusion. Be under no illusions This is purely Sony's fault.

And the reason, the main reason, Sony want to combat custom firmware is to mitigate against piracy.

Owenw

Just rang Visa and they put me straight though to Lost and Stolen as soon as I mentioned the Playstation Network. Card was blocked and a new one is being issued. No fee for the new card.

imitation

Trevor451 wrote: »

Sony deserve it IMO. Serves them right for suing pepole who mod their own consoles.

What about the 77 million people who have been put out over this because some members of the modding community felt like pilfering there servers for peoples private info.

knuth

imitation wrote: »

What about the 77 million people who have been put out over this because some members of the modding community felt like pilfering there servers for peoples private info.

What about them?

Liamario

RangeR wrote: »

Please don't be so closed minded. Modded consoles are not the problem. If Son'y security rated higher than Playmobil, no amount of custom firmware would have allowed the elicit intrusion. Be under no illusions This is purely Sony's fault.

And the reason, the main reason, Sony want to combat custom firmware is to mitigate against piracy.

That's like saying it's a shopkeeper's fault for getting killed by a shotgun for not wearing enough bulletproof armour.
Of course Sony weren't as secure as they thought, but to imply that they had no protection is pushing it a little bit.

A-Trak

A-Trak wrote: »

What I will say in defence of Sony in this instance is they're commendably honest in their time frames for a fix. They publicly said could be 48 hours before it's back up. A lot of other companies use ambiguous terms such as shortly and ASAP, which just lead to further frustration.

Mmmmm, my words, I hope they're delicious

Corkfeen

Liamario wrote: »

That's like saying it's a shopkeeper's fault for getting killed by a shotgun for not wearing enough bulletproof armour.
Of course Sony weren't as secure as they thought, but to imply that they had no protection is pushing it a little bit.

They were storing millions of people's details from credit cards to addresses. They were responsible for preventing it from being stolen. Personally, I would lay a large amount of the blame on sony for this.

Hackers exist and if a company intends to provide an online service they should be prepared for such an incident and to protect our information securely. Sony are a Multi-Billion dollar company so you'd expect the highest standard. They failed to inform anyone of it before nearly a week had elapsed. Plenty of other consoles have had custom firmware and it hasn't resulted in anything like this happening

In other news the first class action suits have arisen, who knows what'll happen with them.

http://www.informationweek.com/news/security/attacks/229402362

Liamario

I'm not saying Sony have no part to blame. But RangeR is implying that the hackers were like Lybian rebels fighting a tyrant.

Sony have some responsibility, but at the same time, hackers will always find a way. Nothing is 100% secure and I think no matter what security Sony had in place people would still blame them for being completely incompetent.

People aren't being reasonable.

Ciano35

My gmail account, which i use for my psn account and has the same password, was hacked 4 hours ago my some fúcker from Venezuela :mad:

Micky Dolenz

Liamario wrote: »

I'm not saying Sony have no part to blame. But RangeR is implying that the hackers were like Lybian rebels fighting a tyrant.

Sony have some responsibility, but at the same time, hackers will always find a way. Nothing is 100% secure and I think no matter what security Sony had in place people would still blame them for being completely incompetent.

People aren't being reasonable.

Reasonable? it's been down for a week. Sony are a massive company with a lot of expertise at their disposal, them being taken down like this is unacceptable really.

Corkfeen

Liamario wrote: »

I'm not saying Sony have no part to blame. But RangeR is implying that the hackers were like Lybian rebels fighting a tyrant.

Sony have some responsibility, but at the same time, hackers will always find a way. Nothing is 100% secure and I think no matter what security Sony had in place people would still blame them for being completely incompetent.

People aren't being reasonable.

But he's entirely right, Custom firmware managed to enable Dev access from what I gather and that should have been in no way possible(It's not possible on any of the other consoles). And this appears to be the reason that are info was open to be harvested by the hacker who chose to put some work in. The playstation security team seem borderline incompetent to be honest to allow this possibility for as long as they did. The custom firmware was not at fault, it was sony's online infrastructure.

WolfForager

Already changed my passwords on any associated accounts, too slow ****as!!

Liamario

It's not reasonable to expect a company to have a 100% secure system. There is always away around, whether it be social hacking or human error.
As I've already said, Sony have to take a lot of the responsibility. My issue is with people ignoring the fact that scumbag hackers broke into the system and stole the information. This seems to be getting ignored by some people.

It takes 2 to tango.

Mayo_Boy

Glad I never purchased anything from the psn store :pac:

RangeR

Liamario wrote: »

I'm not saying Sony have no part to blame. But RangeR is implying that the hackers were like Lybian rebels fighting a tyrant.

Sony have some responsibility, but at the same time, hackers will always find a way. Nothing is 100% secure and I think no matter what security Sony had in place people would still blame them for being completely incompetent.

People aren't being reasonable.

Don't put words in my mouth and I resent the Lybian rebel remark.

The facts speak for themselves. Sony can say anything they want. They are NOT security conscious. Intrusion to a web server should NOT open the doors to full customer base personal details.

At the VERY least...

• This information should be encrypted via private/pubic key pair.
• There should be NO doubt,none at all, that CC information was accessed as it shouldn't be anywhere NEAR an inherently insecure host [the internet facing server]. There are MANY ways to securely allow CC interaction without having them accessible via client software.
• NO software should have free reign on secure servers [custom firmware in this example]

I'm sorry, I don't see how you could be defending Sony. They were exceptionally complacent with their security measures, bordering on gross negligence. The PSN debacle is just the latest in a string of Security breaches on Sony infrastructure.

RangeR

Liamario wrote: »

It's not reasonable to expect a company to have a 100% secure system. There is always away around, whether it be social hacking or human error.
As I've already said, Sony have to take a lot of the responsibility. My issue is with people ignoring the fact that scumbag hackers broke into the system and stole the information. This seems to be getting ignored by some people.

It takes 2 to tango.

I don't think anyone ever mentioned 100% secure. The way I see it, Sony barely hit the 20% secure mark. Not encrypting information is unforgivable.

I'm also not letting the hackers off. However, Hackers are an every day event. Everyone [in the online world] expects to get hacked. Reputable companies should pro-actively protect themselves from attack, not re-actively. Even simple IDS would help.

If Sony had performed due diligence with MY details, all the hackers would have gotten would have been encrypted, useless information.

I feel that you are concentrating on the fact an attack happened,rather than the outcome of the attack.

As much as I HATE analogies on boards... You own a house, you lock the doors. If someone comes a knocking, you vet them before you let them in. You don't put a sign on the door saying that there is loads of money on the other side and then leave the money outside the safe.

amacachi

RangeR wrote: »

Don't put words in my mouth and I resent the Lybian rebel remark.

The facts speak for themselves. Sony can say anything they want. They are NOT security conscious. Intrusion to a web server should NOT open the doors to full customer base personal details.

At the VERY least...

• This information should be encrypted via private/pubic key pair.
• There should be NO doubt,none at all, that CC information was accessed as it shouldn't be anywhere NEAR an inherently insecure host [the internet facing server]. There are MANY ways to securely allow CC interaction without having them accessible via client software.
• NO software should have free reign on secure servers [custom firmware in this example]

I'm sorry, I don't see how you could be defending Sony. They were exceptionally complacent with their security measures, bordering on gross negligence. The PSN debacle is just the latest in a string of Security breaches on Sony infrastructure.

What's still confusing me is the link between the CFW mimicking the dev-consoles and the access to the data. If there is one, there's always the chance it's just a coincidence the two things happened at once.

RangeR

amacachi wrote: »

What's still confusing me is the link between the CFW mimicking the dev-consoles and the access to the data. If there is one, there's always the chance it's just a coincidence the two things happened at once.

I don't understand that either. Sony aren't very forthcoming with information.
Security through obfuscation is not real security.

macpac26

PR disaster for Sony it's on every news channel. Considering how easily the PSP was compromised I guess this shouldnt come as a surprise.

Changed all my passwords and put my bank on notice about my credit card so I'm alright for now. Sony dropped the ball by waiting so long to inform it's customers. I'm a Sony fan but it will be very difficult for me to trust them again with online purchases.

Liamario

We'll have to agree to disagree.

But, I think we can all agree on this......

Minstrel27

macpac26 wrote: »

PR disaster for Sony it's on every news channel.

Even my mother asked me about it.

WolfForager

My Dad: "Told ya those video games would get ya eventually!"

I didn't ask him to elaborate...

PaddyBomb

Does PSN ask for your mobile number anywhere? Anyone else getting loads of poxy survey people ringing their phones?

RangeR

PaddyBomb wrote: »

Does PSN ask for your mobile number anywhere? Anyone else getting loads of poxy survey people ringing their phones?

I'd say this is a co-incidence.

Meglamonia

My email account that I use for psn got hacked fcuk sake