PSN hacked/down

[Ddrak]

The way Sony's been dealing with this really shits me. First they deny anything's wrong and are "investigating issues". Then they say "maintenance", now it's "has been hacked by an external party". No mention of what data has been compromised, what data hasn't been compromised and what they're doing to resolve the issues.

Add to all of that the idiot fanboys who don't know the difference between Anonymous' DDoS attempts (which were moderately successful) and an actual hack (ie "network intrusion")...

Sure, hackers are evil blah blah, but SoE must have had some serious shit go down or just have been flat out incompetent for their network to have been compromised badly enough to pull the whole service for over 3 days now.

Dd

[Freecare Spiritwise]

Every aspect of their company seems dreadfully mismanaged. We're about a year into our household boycott of all things Sony and so far it's looking like we made the right choice. I still read the EQ2 forumns once in a while and man what a clusterfuck that is. Had we stayed with the game we would've seen our serer Najena merged into Unrest, which has seen 1-2 second server lag spikes since the merge. People are reporting the whole server is unplayable and SOE customer service is having people defrag their hard drives and shit because they won't admit that the hardware is insufficient to run some of the merged servers..

Look at all the bad PR they got from that dude (geohotz or something) that hacked their firmware. They ended up settling with him because they were looking like such overbearing assholes.

Their music division is pathetic as always.

Their consumer electronis division isn't shit from what it used to be. Who here would buy a Sony TV as their first choice? You're better off with a Samsung or Vizio.

So no, this doesn't surprise me a bit. They seem to have almost this disdain for their paying customers. So yeah, screwing them over has never really been a problem for this company.

[Freecare Spiritwise]

Oh, and wait until your account information falls into the wrong hands, if it hasn't already.

[Freecare Spiritwise]

It's really hard not being sympathetic towards the hackers. I disagree with their methods but not their viewpoint of the situation. Think if I bought a Toyota and a year later they remotely disabled the radio.Then I figure out how to re-enable the radio and then Toyota sues me. People would be up in arms about that shit. But since this is just a bunch of nerds with their video game consoles then nobody important cares.

So it all comes down to: When you buy a piece of hardware do you really own it?

Certainly a company that changes the major functionality of the hardware after I bought it, and doesn't offer me the option of a full refund isn't a company I will ever do business with. Fighting piracy is one thing. This is changing the major functionality of the system to less than it was when people first purchased it.

[Ddrak]

I am completely supportive of GeoHotz. He didn't do anything more than figure out how to re-enable Linux on the PS3. A side effect of that work was *other* groups started projects to enable pirated games to be played. A better side effect was allowing home-brew stuff to run.

Stuff I've heard about this specific hack (from Ars forums):

From what I understand a custom firmware allowed an exploit that was fairly major and some hackers were taking advantage of it. Sony decided to fix it. It's taking a long time because they are really fixing it "once and for all." It sounded like a pretty deep hack, so I can see Sony needed to spend some real time getting it fixed.

...

The explanation I received was something about hackers getting access to debug, admin and QA servers, and being able to create custom lobbies (not sure if those were redirected from the PSN) that basically amounted to griefing. Again, this is hearsay and I have done nothing to confirm it.

[Ddrak]

The company is conducting a "thorough investigation" into the outage, said Satoshi Fukuoka, a spokesman for Sony Computer Entertainment in Tokyo. He declined to provide more information about the nature of the problem, which Sony has blamed on an "external intrusion" into the network.

He also said the company has not yet determined if the personal information or credit card numbers of users have been compromised, but that Sony would promptly inform users if it found that was the case.

So, reading through the corporate PR-filter:

"We got hacked. They got us bad. We need to basically rewrite the system to fix it. We can't even tell what data the bad guys took, so if you get a weird charge on your CC then, uh, good luck with that!"

The fact they've basically said that they're rewriting parts of the PSN system to improve security is more than a little scary because rush jobs are usually a recipe for bug-ridden disasters.

Dd

[Ddrak]

Interesting post: http://www.reddit.com/r/gaming/comments ... _the_real/

To summarize:

- PSN trusted the PS3 to report whether it was a dev box or not.
- Dev boxes are allowed to put in fake CC numbers to "purchase" software on PSN.
- Hackers figured out how to get their PS3s to report being a dev box.
- Sony explodes.

Now, while it's only alleged that this is what happened, it matches the known facts perfectly. The only reason Sony would take PSN down and leave it down is if they are losing buckets of cash and in this case, the hackers can basically get everything on PSN for free.

To those saying it isn't Sony's fault - if PSN trusted the client to report its dev status then it's absolutely Sony's fault. That's just lazy and bad programming. Pretty much unforgivable.

Dd

[Freecare Spiritwise]

Sony is known for doing half-assed rush jobs in everything they code, so none of that really surprises me.

They develop something with a fraction of the resources needed, then call it "done" when it starts to resemble something functional, then tout how great it is to the community, then they get really defensive about how much it sucks, ban a bunch of people on the forums who say it sucks and blame everyone but themselves, then they abandon it for the next project and repeat the cycle!

[Freecare Spiritwise]

Sony Told To Pay Finnish Man 100 Euros For Removing OtherOS

from the time-for-others-to-ask dept

As you may recall, Sony decided to delete its OtherOS feature on PlayStation 3 devices, despite it being a key selling point for many. It was a rude reminder that thanks to today's laws, sometimes you don't really own what you think you own. Of course this has also resulted in a class action lawsuit against Sony (and, less directly to Sony's legal attack on Geohot for restoring the feature). However, Slashdot points us to the news that the Finnish Consumer Complaints Board has said that Sony should pay 100 euros to a guy who complained about the deleted feature:


The CCB said that the removal of OtherOS crippled console features that were present at the time of purchase, and agreed that consumers should be compensated. It recommended that the manufacturer and seller of the console pay €100 jointly to compensate the man.

Unfortunately, it appears that the Consumer Complaints Board has no enforcement ability... but that its rulings are frequently used by courts in dealing with disputes. Thus, it seems that Finnish PS3 owners might want to see if they can start some sort of legal action to get their €100 back from Sony for taking away a key feature that was used in marketing the PS3.

[Freecare Spiritwise]

You just knew this was coming:

Sony: Personal info compromised on PSN

http://news.cnet.com/8301-31021_3-20057 ... opStories1

[Ddrak]

Yep, pretty much. Not a good day to be in Sony PR.

Name, Address, Phone, Login, Passwords, Security Questions+Answers, Purchase History and maybe CC Number + Expiry Date.

I sense some serious liability if the hackers actually got all of that.

Dd

[Freecare Spiritwise]

I'm not in favor of people hacking companies they don't like. But having said that,

Hello, Sony, meet Karma.

[Freecare Spiritwise]

You hear that sound? That's the sound of a whole bunch of class action lawsuits being filed against Sony as we speak. I'd like to say it's a huge surprise that Sony would even store passwords and credit card data in a place where it could easily be extracted like that, but it's really not. This, after all, is the company that made the word "rootkit" famous, and spent the last few months wasting more resources in a quixotic legal campaign against a guy who added back a feature to the PS3 that Sony had deleted. Perhaps if it spent a little more time actually protecting its users rather than fighting silly battles, there wouldn't be issues like this.

[xilly]

Class action suits won't hold up in court. It's not Sony's fault that they were hacked, and they'll get around that battle. However, the impending lawsuit for storing sensitive information in plain-text, will absolutely stand and whomever brings that one up will have a much better shot.

[Ddrak]

It's not Sony's fault that they were hacked, and they'll get around that battle.

Actually, it's hard to say that for certain. If Sony were negligent in their security implementation then it's absolutely their fault that the hack was successful. The key part of the contract is right there in their privacy policy where they state:

We will take appropriate technical and organisational steps to prevent unauthorised access to or disclosure of your information.

If they didn't do that then they are in breach of contract and liable for damages.

Honestly, I'm tempted to write them a letter of demand for 24 months of identity theft monitoring. That would have a reasonable chance of standing up in court, and cost them more to defend than it would for me to prosecute through our small claims system ($20 court fees).

Dd

[Edit - really should sign with Dd instead of my real name, which is trivially available anyway so I'm not bothered]

[Freecare Spiritwise]

Those 70-something-million compromised passwords would've been ZERO compromised passwords had they stored them hashed like they shou'dve done. Just that alone is going to nail them, and more is probably going to come to light. And so if they're negligent in safeguarding their user's personal info then I would think the class actions would stick.

Also, they do business in California which has strict disclosure laws. It looks like they might've run afoul of those laws in waiting so long to disclose the breach. Those customers with compromised accounts could've used that extra time. How many fraudulent transactions were put through on those presumably compromised credit cards while Sony stood around yanking their wankers? At the very least, the extra bit of delay didn't win them any friends.

Heh, I like how their press release asked for the goodwill of their customers. The same company who root-kitted their customer's machines and initially lied about it? The same company who relentlessly pursues those same customers in court for enabling functionality they originally paid for? Goodwill gets as goodwill gives. Again, Karma.

[Ddrak]

...and the class actions begin.

Dd

[Ddrak]

Not a bad set of goodies being offered as a "please don't kill us in our sleep" bribe...

All existing PlayStation Network members will be able to access the following from PlayStation Store*:

Two PS3 games from the following list:

LittleBigPlanet
Infamous*
Wipeout HD/Fury
Ratchet and Clank: Quest for Booty
Dead Nation*

For those with PSP accounts, you will also be eligible to download two PSP games from the following list:

LittleBigPlanet PSP
ModNation PSP
Pursuit Force
Killzone Liberation*

- 30 days free PlayStation Plus membership for non PS Plus subscribers*

- Existing PlayStation Plus subscribers will be given 60 days free subscription.

- For existing Music Unlimited subscribers, you will be given 30 days free subscription.

- We are working on a Welcome Back offer in PlayStation Home and will share that when it is confirmed.

With my wife and I both PSN account holders, 4 free games ain't too bad.

Dd

[Freecare Spiritwise]

I'm not sure that free PS3s for all customers would be enough:

Report: PSN password resets exploited, accounts compromised again

http://arstechnica.com/gaming/news/2011 ... omised.ars

I totally despise Sony but this isn't even sporting anymore.

[Minute]

BAHAHAHA! I love it!