Sony: PS3 News and Discussion Thread
The sizzle in the Steak
Joined: Nov 2001
Posts: 71,436
Likes: 1,877
From: Southern California
...and we're back....sorta...and oops we failed miserably!
(WEB HOST INDUSTRY REVIEW) -- As Sony (www.sony.com) began restoring parts of its PlayStation Network Friday after an outage of more than two weeks, information has surfaced that security experts knew the company was running outdated versions of the Apache Web server software without a firewall.
According to a report by Netcraft Friday, the PlayStation Store website is now online, but its online gaming services are still unavailable.
On Wednesday, Purdue University security expert Dr. Gene Spafford told Congress that Sony "continue to run outmoded, flawed software, fail to follow some basic good practices of security and privacy, and often have insufficient training or support," according to a report Thursday by VentureBeat.
The report says hackers were able to breach the network and steal data while Sony was fending off DDoS attacks from online hacktivist group Anonymous. Sony has tried to pin the larger attack on Anonymous, but the group has denied the allegation and says "if a legitimate and honest investigation into credit card theft is conducted, Anonymous will not be found liable."
Betwen April 17 and April 19, approximately 100 million Sony customers private information was stolen, including PlayStation users and customers of Sony Online Entertainment.
In the second apology this week, Sony chief executive officer and president Howard Stringer took to the PlayStation blog Thursday to let customers know he empathized with their frustration. He also admitted that the company was slow to address the issue with its customers: "I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks, and it took some time for our experts to find those tracks and begin to identify what personal information had — or had not — been taken."
Despite customers concern of credit card information being compromised in the attack, Stringer says "there is no confirmed evidence any credit card information has been misused." Nevertheless, Sony initiated a program for US PlayStation Network and Qriocity customers that includes a $1 million identity theft insurance policy per user covering ID restoration costs, legal expenses and lost wages, according to a report by PCMag.
The policy will be provided by Debix and will include cyber monitoring and surveillance to detect exposure of customers personal information, PCMag says. Sony says customers concerned that their information has been stolen can speak with an on-staff licensed private investigator.
Netcraft says credit card details were stored in an encrypted format, but "could also be at risk if the decryption key was stored on, or made available to, any of the compromised servers."
When PlayStation Network and Qriocity services are restored "in the coming days", Stringer says customers will receive a "Welcome Back" package that includes a month of free PlayStation Plus membership for all PSN customers, as well as an extension of subscriptions for PlayStation Plus and Music Unlimited customers. While Sony appears to have acknowledged its lack of communication, customers are eager for an exact date when all the services will be back online.
While there has been speculation that this event will have a negative impact on Sony's customer loyalty, judging by most of the comments on its blog, many customers seem to be committed to the company and will continue to buy its products. One even commended Sony for taking its time, "I am very satisfied with the way Sony is handling the situation, not rushing to get things back online without securing their servers."
Other customers are showing their disappointment in the form of a proposed class action lawsuit. On Tuesday, a proposed class action lawsuit was filed in Toronto on behalf of one million Canadian PlayStation and Qriocity users for breach of privacy and negligence.
According to a report by Netcraft Friday, the PlayStation Store website is now online, but its online gaming services are still unavailable.
On Wednesday, Purdue University security expert Dr. Gene Spafford told Congress that Sony "continue to run outmoded, flawed software, fail to follow some basic good practices of security and privacy, and often have insufficient training or support," according to a report Thursday by VentureBeat.
The report says hackers were able to breach the network and steal data while Sony was fending off DDoS attacks from online hacktivist group Anonymous. Sony has tried to pin the larger attack on Anonymous, but the group has denied the allegation and says "if a legitimate and honest investigation into credit card theft is conducted, Anonymous will not be found liable."
Betwen April 17 and April 19, approximately 100 million Sony customers private information was stolen, including PlayStation users and customers of Sony Online Entertainment.
In the second apology this week, Sony chief executive officer and president Howard Stringer took to the PlayStation blog Thursday to let customers know he empathized with their frustration. He also admitted that the company was slow to address the issue with its customers: "I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks, and it took some time for our experts to find those tracks and begin to identify what personal information had — or had not — been taken."
Despite customers concern of credit card information being compromised in the attack, Stringer says "there is no confirmed evidence any credit card information has been misused." Nevertheless, Sony initiated a program for US PlayStation Network and Qriocity customers that includes a $1 million identity theft insurance policy per user covering ID restoration costs, legal expenses and lost wages, according to a report by PCMag.
The policy will be provided by Debix and will include cyber monitoring and surveillance to detect exposure of customers personal information, PCMag says. Sony says customers concerned that their information has been stolen can speak with an on-staff licensed private investigator.
Netcraft says credit card details were stored in an encrypted format, but "could also be at risk if the decryption key was stored on, or made available to, any of the compromised servers."
When PlayStation Network and Qriocity services are restored "in the coming days", Stringer says customers will receive a "Welcome Back" package that includes a month of free PlayStation Plus membership for all PSN customers, as well as an extension of subscriptions for PlayStation Plus and Music Unlimited customers. While Sony appears to have acknowledged its lack of communication, customers are eager for an exact date when all the services will be back online.
While there has been speculation that this event will have a negative impact on Sony's customer loyalty, judging by most of the comments on its blog, many customers seem to be committed to the company and will continue to buy its products. One even commended Sony for taking its time, "I am very satisfied with the way Sony is handling the situation, not rushing to get things back online without securing their servers."
Other customers are showing their disappointment in the form of a proposed class action lawsuit. On Tuesday, a proposed class action lawsuit was filed in Toronto on behalf of one million Canadian PlayStation and Qriocity users for breach of privacy and negligence.
Sony really did run a half-ass network.
The sizzle in the Steak
Joined: Nov 2001
Posts: 71,436
Likes: 1,877
From: Southern California
Update: Sony = amateur hour!!!!
The biggest blow to Sony's health meter, however, came when security expert Dr. Gene Spafford of Purdue University testified against Sony during a meeting of the House Subcommittee on Commerce, Manufacturing and Trade on Wednesday. Spafford told the committee that not only was Sony using outdated versions of Apache Web server software that were "unpatched and had no firewall installed," but that the problem was "reported in an open forum monitored by Sony employees" two to three months before the security breaches. Oops fatality.
nnInn
Joined: Mar 2006
Posts: 37,670
Likes: 1,084
Despite customers concern of credit card information being compromised in the attack, Stringer says "there is no confirmed evidence any credit card information has been misused." Nevertheless, Sony initiated a program for US PlayStation Network and Qriocity customers that includes a $1 million identity theft insurance policy per user covering ID restoration costs, legal expenses and lost wages, according to a report by PCMag.
Anybody who a CC number in that data base better cancel it now.
What other information did they keep?
nnInn
Joined: Mar 2006
Posts: 37,670
Likes: 1,084
The sizzle in the Steak
Joined: Nov 2001
Posts: 71,436
Likes: 1,877
From: Southern California
Senior Moderator
Joined: Dec 2001
Posts: 169,058
Likes: 23,836
Wow...Sony, please go hang your disgraced heads in shame. All of them. Not enough gomenasais and bowing will help you in the next while. :shakehead
Safety Car
Joined: Feb 2009
Posts: 4,442
Likes: 214
Anyways, I had my card discontinued earlier this week, so I should be good with that...
I haven't received that email Sony said they'd send out if they believed your info was stolen, but regardless, it's kinda shitty how I'm always gonna be paranoid about it for awhile. I mean, if they have your name, DOB, etc. etc. they could do crap that could mess up your credit score, couldn't it? And of course it costs money to even look up your credit score, doesn't it?
Senior Moderator
Joined: Jun 2004
Posts: 18,052
Likes: 1,434
From: NYC
iirc, no. As soon as you try to buy something, it sets up a "wallet" then it asks for your CC number.
Anyways, I had my card discontinued earlier this week, so I should be good with that...
I haven't received that email Sony said they'd send out if they believed your info was stolen, but regardless, it's kinda shitty how I'm always gonna be paranoid about it for awhile. I mean, if they have your name, DOB, etc. etc. they could do crap that could mess up your credit score, couldn't it? And of course it costs money to even look up your credit score, doesn't it?
Anyways, I had my card discontinued earlier this week, so I should be good with that...
I haven't received that email Sony said they'd send out if they believed your info was stolen, but regardless, it's kinda shitty how I'm always gonna be paranoid about it for awhile. I mean, if they have your name, DOB, etc. etc. they could do crap that could mess up your credit score, couldn't it? And of course it costs money to even look up your credit score, doesn't it?
COME AT ME BRO!
Joined: Jun 2004
Posts: 9,796
Likes: 13
From: st.johns, NL (CANUKISTAN)
Im so effing pissed.. PSN is STILL DOWN! I really wanna go pick up Socom 4. But I only play socom online. I have been in the same Socom clan since Socom 1 came out. I miss playing Blood Lake, Frost Fire, Blizzard, Abandoned, and Desert Glory! God damn
The sizzle in the Steak
Joined: Nov 2001
Posts: 71,436
Likes: 1,877
From: Southern California
Will PlayStation users be without access to the service for another three weeks? According to a Sunday report from Bloomberg, Sony's PlayStation Network and Qriocity online services will be down until at least May 31.
In an interview with Bloomberg, Sony spokesman Shigenori Yoshida said Sony is currently installing an improved security system and will get its services back online by May 31.
Sony's PlayStation Network has been down since April 20, and Sony Online Entertainment (SOE) has been offline since May 2. During an April 30 press conference in Tokyo, Sony said it planned to have the services online within a week, but in the wake of the SOE outage, the company said it needed more time.
"We won't restore the services until we can test the system's strength" when it comes to security of the network and the safety of users' data, Sony said in a Friday blog post. "We were unaware of the extent of the attack on Sony Online Entertainment servers, and we are taking this opportunity to conduct further testing of the incredibly complex system."
Also on Friday, Sony chairman and chief executive Howard Stringer offered a personal apology to those affected and offered a year of free credit monitoring and an ID theft policy since it's possible that the hackers obtained PSN users' credit card data.
CNET, meanwhile, said today that an earlier report about a second planned attack on Sony's networks was likely thwarted.
Analysts have predicted that the hack could cost Sony as much as $1 billion in damages.
In a letter to Congress last week, Sony said it had not yet identified who hacked its network. That letter, however, revealed that there was evidence on the SOE server that the clandestine Web group Anonymous was involved, an accusation the group has denied.
In an interview with Bloomberg, Sony spokesman Shigenori Yoshida said Sony is currently installing an improved security system and will get its services back online by May 31.
Sony's PlayStation Network has been down since April 20, and Sony Online Entertainment (SOE) has been offline since May 2. During an April 30 press conference in Tokyo, Sony said it planned to have the services online within a week, but in the wake of the SOE outage, the company said it needed more time.
"We won't restore the services until we can test the system's strength" when it comes to security of the network and the safety of users' data, Sony said in a Friday blog post. "We were unaware of the extent of the attack on Sony Online Entertainment servers, and we are taking this opportunity to conduct further testing of the incredibly complex system."
Also on Friday, Sony chairman and chief executive Howard Stringer offered a personal apology to those affected and offered a year of free credit monitoring and an ID theft policy since it's possible that the hackers obtained PSN users' credit card data.
CNET, meanwhile, said today that an earlier report about a second planned attack on Sony's networks was likely thwarted.
Analysts have predicted that the hack could cost Sony as much as $1 billion in damages.
In a letter to Congress last week, Sony said it had not yet identified who hacked its network. That letter, however, revealed that there was evidence on the SOE server that the clandestine Web group Anonymous was involved, an accusation the group has denied.
all PS3's are $100 off till May 29th if anyone wants to pick one up.
guess Sony is trying to attract customers to replace the people who jumped ship?
might have to be a rewards points member at Gamestop I believe though
that's where I got the email/coupon
guess Sony is trying to attract customers to replace the people who jumped ship?
might have to be a rewards points member at Gamestop I believe though
that's where I got the email/coupon
Safety Car
Joined: Feb 2009
Posts: 4,442
Likes: 214
b-b-but the info was encrypted!
I had my card cancelled and cut up last Tuesday. Funny thing is that my bank gave me a funny look when I told them I wanted a new card, but didn't have any fraudulent charges. As if I should wait for the fraud before I put a stop to it even if I have reason to believe my info was stolen
They gave me a new card, but I still thought it was strange.
Moderator
Joined: Jun 2006
Posts: 29,869
Likes: 3,489
time to pick up a Blu Ray pl- er, a PS3 then
The sizzle in the Steak
Joined: Nov 2001
Posts: 71,436
Likes: 1,877
From: Southern California
Moderator
Joined: Oct 2007
Posts: 3,578
Likes: 322
From: Orange County, CA
