- 3,587
Wasn't it supposed to be back up today?
Current PSN outage: Don't abuse or we lose this thread.
- Thread starter BWX
- 2,574 comments
- 184,376 views
- 147
- leadpaint
The real question is did Sony store information on their so called secure admin/dev server in an unencrypted format. Sending your information from your ps3 to the PSN network in an encrypted form does not mean that its actually stored on their server in encrypted form once its archived on the server, does it?
- 3,587
Being careful about this issue is not a bad thing, but the bolded is why I don't have a facebook. I don't prefer some multi-billion hipster-corporation to own my memories.
- 7,907
- Horbury, West Yorkshire
- GTP_Sprite
I personally was a bit worried about it, and just on the off chance i have chnaged some passowrds on various systems that I use because of the similarities. As for Debit card info its only sugested that they might have got hold of this and not 100% confirmed they have stolen this.
I will keep off from contacing my bank just yet but I may do this soon to have a new card sent.
As for these people crying about they will jump ship to another system, then be my guest, I for one will be logging back in and and putting my new credit card details in (once needed). I agree with the comment above, I have allot of info on places like facebook and personal blogs. let alone various other websites that hold my card info like play, Amazon, Apple and various smaller sites.
I just hope its updated soon.
I will keep off from contacing my bank just yet but I may do this soon to have a new card sent.
As for these people crying about they will jump ship to another system, then be my guest, I for one will be logging back in and and putting my new credit card details in (once needed). I agree with the comment above, I have allot of info on places like facebook and personal blogs. let alone various other websites that hold my card info like play, Amazon, Apple and various smaller sites.
I just hope its updated soon.
- 74
- Nordschleifistan
- GTRP_Nilpferd
- GTRP_Lukenwolf
The password thing had me scratching my head as well. I've designed my fair share of applications, which have their own user management and one of the most basic principles is never to store the actual password anywhere, not even in encrypted form. If Sony or whoever is behind the design of PSN has made such a blunder, I would say we're talking about an epic fail here and it would sure as hell lead to a lot of suing. There must be a lot of drooling lawyers waiting to go in for the kill.
And the sad bit is that it is even a likely scenario. Why else would they list passwords as one of the exposed items. It really beggars belief.
And the sad bit is that it is even a likely scenario. Why else would they list passwords as one of the exposed items. It really beggars belief.
- 486
- MNLumberjack
Tower Turn 13
They've speculated about that for days it was supposedly going to be up in Japan on Monday and the rest of the world Tuesday.
I'd say just sit back and relax this could take awhile.
In the meantime maybe a break from video games isn't to bad.
It is spring after all
CodeRedR51
Premium
- 55,322
- United States
Sony said it could be up to another week.
- 2,796
- São Paulo
- Dravonic
- 4,559
- Minnesota
- TJ136
There is a message board on gamefaqs.com about it, Really dont think it will happen due to this Mass security breach...
Edit: I read somewhere that the hackers were going after Custom Firmware players, (Cant find it but was on google's news page when PSN was typed in search)
- 7,177
- Lisboa
- FLAT_TWELVE
I see a lot of people here assuming as FACT many things that are being just SPECULATED.
I know this in "ze internetz" and a discussion forum etc. But when you shout (example) : "SONY IS STUPID, OUR PASSWORDS AND CC DETAILS WEREN?T ENCRYPTED"
please add a disclaimer /foot note like this:
"NOTE: I'M NOT SURE THIS IS TRUE, SO BEAR IN MIND THAT THE STUPID HERE MAY BE ... ME"
got it?
I know this in "ze internetz" and a discussion forum etc. But when you shout (example) : "SONY IS STUPID, OUR PASSWORDS AND CC DETAILS WEREN?T ENCRYPTED"
please add a disclaimer /foot note like this:
"NOTE: I'M NOT SURE THIS IS TRUE, SO BEAR IN MIND THAT THE STUPID HERE MAY BE ... ME"
got it?
CodeRedR51
Premium
- 55,322
- United States
arora
(Banned)
- 4,098
It's fact, I've seen yt vids of clowns doing it 👍
- 147
- leadpaint
Came across this at Rockstar in reference to an gta IV online event for tomorrow (28th) on PSN.
"Note: Due to the extended PlayStation Network downtime, this event has been re-scheduled to Thursday, May 5th (5-8PM Eastern)."
This could be a clue to when the PSN is coming back online.
"Note: Due to the extended PlayStation Network downtime, this event has been re-scheduled to Thursday, May 5th (5-8PM Eastern)."
This could be a clue to when the PSN is coming back online.
CodeRedR51
Premium
- 55,322
- United States
- 2,796
- São Paulo
- Dravonic
I see a lot of people here assuming as FACT many things that are being just SPECULATED.
I know this in "ze internetz" and a discussion forum etc. But when you shout (example) : "SONY IS STUPID, OUR PASSWORDS AND CC DETAILS WEREN?T ENCRYPTED"
please add a disclaimer /foot note like this:
"NOTE: I'M NOT SURE THIS IS TRUE, SO BEAR IN MIND THAT THE STUPID HERE MAY BE ... ME"
got it?
It's really more than just wild speculation. Admittedly, it's not confirmed but it fits very well, makes a lot of sense. You'd have a very hard time trying to explain it any other way.
But sure, don't take anyone's word for granted. Do your own research, reach your own conclusions. That's what I did, that's what everyone should do.
- 12,901
- Cambridge
- Moglet85
- Moglet
That's besides the point though, I have chosen to put that information out there and I've taken the risk that goes with it. A mass attack doesn't discriminate and can affect people who are super careful online otherwise.
Of course, there are many many places that store similar information that could also be accessed but they are less obvious and haven't been covered much by the media. So they don't get discussed. I was just pointing out that some people might not be aware of how people can use their information is all.
- 147
- leadpaint
PSN data leak cost could top $24 billion - Report
http://www.gamespot.com/news/6310436.html
This is Funny.
http://www.gamespot.com/news/6310436.html
This is Funny.
Last edited:
- 2,567
- Upstate NY
- BWX232
PSN data leak cost could top $24 billion - Report
http://www.gamespot.com/news/6310436.html
This is Funny.
24 BILLION? That seems a little ridiculous. No reasons were given for that figure, just some group came up with it.. I don't believe it will cost Sony even a % of that insane number.
@BWX - It is a sensationalised figure for headline purposes but it's not stated as an indicative cost to Sony. Their "calculation" is based on the average "cost of a data breach involving a malicious or criminal act" per account compromised multiplied by the number of PSN users.
Average cost x PSN population
$318 x 77 million
It is a silly calculation, not least because they have no idea how many accounts were compromised and not all accounts will be active or contain valid/any information.
The Ponemon article average cost is based on samples from breaches not considered "catastrophic" (i.e. more tha 150,000 records) so it is not directly comparable but has some interesting points in it though.
Relevant to the US I thought this was interesting:
At the time of this study, most U.S. states require both business and governmental organizations to provide notification to data subjects (customers, consumers, employees and others ) when a breach of sensitive personal information is caused by negligence (insider threats), technology problems or malicious acts. While conditions for notification vary across states, the organization may not be required to notify individuals when:
i) The breached data is encrypted (minimum 128 bit standard).
ii) The breached data elements are not considered protected.
iii) The breach was stopped before information was wrongfully acquired.
iv) Other special circumstances such as national security or law enforcement investigations.
Can it be assumed from the above that some or all of the information potentially compromised in PSN-gate was not encypted (i), considered protected (ii) and the breach was not stopped before information was wrongfully acquired (iii)?.
In the UK DP law is pretty well defined. I am sure the Information Commissioner will be taking a long hard look at DP process, procedure and security protocols in the operation of the PSN. It will be interesting to see what the ICO make of it.
Average cost x PSN population
$318 x 77 million
It is a silly calculation, not least because they have no idea how many accounts were compromised and not all accounts will be active or contain valid/any information.
The Ponemon article average cost is based on samples from breaches not considered "catastrophic" (i.e. more tha 150,000 records) so it is not directly comparable but has some interesting points in it though.
Relevant to the US I thought this was interesting:
At the time of this study, most U.S. states require both business and governmental organizations to provide notification to data subjects (customers, consumers, employees and others ) when a breach of sensitive personal information is caused by negligence (insider threats), technology problems or malicious acts. While conditions for notification vary across states, the organization may not be required to notify individuals when:
i) The breached data is encrypted (minimum 128 bit standard).
ii) The breached data elements are not considered protected.
iii) The breach was stopped before information was wrongfully acquired.
iv) Other special circumstances such as national security or law enforcement investigations.
Can it be assumed from the above that some or all of the information potentially compromised in PSN-gate was not encypted (i), considered protected (ii) and the breach was not stopped before information was wrongfully acquired (iii)?.
In the UK DP law is pretty well defined. I am sure the Information Commissioner will be taking a long hard look at DP process, procedure and security protocols in the operation of the PSN. It will be interesting to see what the ICO make of it.
Last edited:
^ An interesting point. Though official communications have been put out there to the world at large, no direct comms have been sent to any of my email accounts linked to a PSN account.
Have we "been informed"?
Who knows eh? I suspect the only winners here are the corporate lawyers!
Have we "been informed"?
Who knows eh? I suspect the only winners here are the corporate lawyers!
- 1,477
- New York, U.S.A
- XxOnLySBz4mExX
Me either and I find this an absolute disgrace. Why should we find out this information through a blog, or by word of mouth from other internet users?
It's a massive mistake on Sony's part without taking into account the duty of care they have over the protection of information.
If money goes missing from my account it will be Sony who will be held to account.
The amount of time it took them to tell people (by blog) that their credit card details may be at risk is scandalous.
Say you're a security guard at a block of flats (apartment block), you turn up for work and you see evidence of someone breaking in to each and every department, do you:
A) Let everyone who lives in that block know STRAIGHT AWAY that there has been an attempted break in and some of their stuff may be missing
or
B) Say nothing for a week and hope no one finds out?
