Current PSN outage: Don't abuse or we lose this thread.

[Famine]

Also , if the information the robbers used to disable the alarm was on the internet, why didn't Sony see that and fix it?

Wow. Talk about a mixed metaphor.

Information on breaking or hacking just about anything is available on the internets. It's still, and I'll say this slowly, the fault of the individual/group who commits a criminal act by using this information and not the fault of the individual/group who has the criminal act committed upon them - and whomever placed the information on the internets is an accessory to the crime.

Sony had what they thought was enough security. It wasn't and the criminals got past it. The bank had what they thought was enough security. It wasn't and the criminals got past it.


It'll happen again and again and again because no network - or bank - is truly secure. When it does, it'll still be the fault of the criminals.

 

[t_w_a_h]

I can see the light at the end of the tunnel!

Doesn't look good, latest blog entry:

Valued Light At The End Of The Tunnel (LATE OTT) Customer:
We have discovered that between April 17 and April 19, 2011, certain Light At The End Of The Tunnel bulbs were compromised in connection with an illegal and unauthorized intrusion into our uplighter. In response to this intrusion, we have:

1. Temporarily turned off the Light At The End Of The Tunnel;
2. Engaged an outside electrician to conduct a full and complete investigation into what happened; and
3. Quickly taken steps to enhance and strengthen our lighting infrastructure by replacing our incandescent light bulbs with more effcient, longer life LED clusters to provide you with greater protection from the dark.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

 

[Leadpaint]

Please do not forget that claim (and that's what it is) is based on a conversation on a forum he found by people who claim that Sony had no firewall and outdated software.

Stated by Sony employees in the forum.

...doesn't make it anything other than an unsubstantiated claim and should be treated exactly as such (not repeated as if fact).

Then that would apply to any discussion about the current intrusion(hack), and Sony's security in this thread.

 

[FoolKiller]

Also , if the information the robbers used to disable the alarm was on the internet, why didn't Sony see that and fix it?

Nevermind that I learned how to pick locks on the Internet when I was a youth and that you wouldn't blame yourself if I used that information to get into your house and steal stuff, but I believe that the "why didn't they fix it" part was discussed yesterday.

Yes, yes it was.

Stated by Sony employees in the forum.

He said he knew the forum was frequented by Sony employees, not that he got the information from them.


I got you something:

 

[Brett]

In a PERFECT world that would make sense. But this is reality and the perfect world doesn't exist.

Why as a species should we not be striving towards perfection? Less than perfect is acceptable given maximum effort was exhausted and that maximum effort produces an adequate result. Causing trouble for the purpose of causing harm is not acceptable.

Sony is a huge company and should know better. It sounds like someone just didn't want to put in the work that was needed to do it right the first time and this was the outcome. Yes. IMO they should be held partially responsible. Especially with peoples personal info and financials involved.

Sony should know better than to be hacked? Sony should know to prevent something from happening before it happens like in Minority Report?

Yes, Sony should have invested more time and money into provisions to prevent an unforeseen attack, but hindsight is 20-20. This is especially true when there are other factors that likely were preventing an immediate upgrade. In many companies, money and manpower available is the limiting factor. I would be willing to guess that those limiting factors are exacerbated because of how large a company Sony is; for Sony, the sheer numbers an immediate update are probably staggering and a phased upgrade was likely a much better solution. But none of that is an excuse for the hacking.

You don't by chance work for Sony do you?

Nope and for full disclosure, I do not own any Sony stock either.

So what you are saying is, if a bank was robbed at night, and it turned out that the alarm was not working, that would not be an issue if it was not robbed in the first place?

Yes, I am. What I said before still applies. The bank should not be robbed in the first place. Two wrongs, bank robbing and a malfunctioning alarm, do not make a right.

Information on breaking or hacking just about anything is available on the internets. It's still, and I'll say this slowly, the fault of the individual/group who commits a criminal act by using this information and not the fault of the individual/group who has the criminal act committed upon them - and whomever placed the information on the internets is an accessory to the crime.

Sony had what they thought was enough security. It wasn't and the criminals got past it. The bank had what they thought was enough security. It wasn't and the criminals got past it.

It'll happen again and again and again because no network - or bank - is truly secure. When it does, it'll still be the fault of the criminals.

Excellent post! Said what I wanted to say in a much better fashion.

EDIT ASIDE: Miscellaneous, just thought of it, and not sure what it pertains to, but wanted to include somewhere before I lost the thought: an unlocked parked car, with the keys in the ignition, and no note stating the owner wants the car stolen is not an excuse to steal a car ; that scenario may scream, "steal me", but that "voice" is not a legitimate reason. Even with a note stating the owner wants the car stolen, the note would need to be properly notarized and at that point, I do not think theft would apply.

 

[Leadpaint]

First, I do not support hacking in any way. So please don't misunderstand me. I'm only stating that Sony is somewhat complicit in the failure of PSN. Given the known exploits of the PS3, and the recent threats/attacks by anonymous, Sony should have been at the top of their game on security.

"Sony chief information officer, Shinji Hasejima (pictured), this week confessed at a Tokyo press conference that security measures could have been improved."

“The vulnerability [of the network] was a known vulnerability, one known of in the world. But Sony was not aware of it... was not convinced of it,” he said.

Sony knew of PSN security flaws

 

[caninehostile]

Just updated!
http://blog.eu.playstation.com/2011/05/06/scee-identity-theft-protection-offering/

We will be offering PSN users the opportunity to select two PS3 games from a list of five,

 

[shepzki]

Just updated!
http://blog.eu.playstation.com/2011/05/06/scee-identity-theft-protection-offering/

We will be offering PSN users the opportunity to select two PS3 games from a list of five,

Beat me to it, wow sounds good, 2 free games. Let's hope it's from a list of 5 good ones. 👍

 

[aland18]

Beat me to it, wow sounds good, 2 free games. Let's hope it's from a list of 5 good ones. 👍

if this is true, then how can anyone say that Sony isn't handling this situation in good fashion???

 

[canderson19]

if this is true, then how can anyone say that Sony isn't handling this situation in good fashion???

That is UK only right now?

 

[shepzki]

That is UK only right now?

No, it should apply to everybody.

 

[aland18]

That is UK only right now?

good point, wonder if we get something similar across the pond

 

[Leadpaint]

Just updated!
http://blog.eu.playstation.com/2011/05/06/scee-identity-theft-protection-offering/

We will be offering PSN users the opportunity to select two PS3 games from a list of five,

That's bribery.

 

[nick09]

Countries: AE, AU, GB, IE, NZ

That's a copy and paste from the article. I think I'm gonna log into my Europe account when the UK PSN is back up.

 

[canderson19]

good point, wonder if we get something similar across the pond

We get credit protection!

 

[Mr P]

Not really bothered about the 2 free games from the bargain rejects bucket just give us the PSN back today please 👍

I'm fed up to the back teeth of playing facebook poker now

 

[arora]

Sony should know better than to be hacked? Sony should know to prevent something from happening before it happens like in Minority Report?

In this case I can almost say yes, not quite but Sony made a pretty damn big mistake right from the get.

EDIT ASIDE: Miscellaneous, just thought of it, and not sure what it pertains to, but wanted to include somewhere before I lost the thought: an unlocked parked car, with the keys in the ignition, and no note stating the owner wants the car stolen is not an excuse to steal a car ; that scenario may scream, "steal me", but that "voice" is not a legitimate reason. Even with a note stating the owner wants the car stolen, the note would need to be properly notarized and at that point, I do not think theft would apply.

You are describing negligence, or just asking for trouble to happen. There is a difference in reguards to the ps3 and psn though as in your case you would only loose the car but in Sony's case they are loosing as well as effecting their customers in a negative way.

O.K. I'll post some things about the root key and rebug because I think it's the whole reason for the psn outage in the first place. Some tid bits from a few sources with the links.

"The complete console is compromised - there is no recovery from this," said pytey, a member of the fail0verflow group of hackers, who revealed the initial exploit at the Chaos Communication Congress in Berlin in December.

"Sony uses a private key, usually stored in a vault at the company's HQ, to mark firmware as valid and unmodified, and the PS3 only needs a public key to verify that the signature came from Sony. "Applied correctly, it would take billions of years to derive the private key from the public key, or to make a signature without knowing the private key, even when you have all the computational power in the world at your disposal."
But the team found that Sony had made a "critical mistake" in how it implemented the security.

"The signing recipe requires that a random number be used as part of the calculation, with the caveat that that number must be truly random and not predictable in any way," the team said. "However, Sony wrote their own signing software, which used a constant number for each signature. "This allowed the team to use "simple algebra" to uncover Sony's secret key, without access to it. "This is supposed to be the most secret of secret of secrets - it's the Crown jewels," said pytey.

Source: http://www.bbc.co.uk/news/technology-12116051

Does that sound negligent to you? By this point in time, around Jan 1, 2011, Sony obviously had sold millions of ps3's. Did they think this form of root key was acceptable?

More from another source;

"In a post on Reddit, the source pointed out that a custom firmware named Rebug is now available online, allowing users to gain access to Sony's trusted developer network via a normal retail machine rather than a development - or 'debug' - system. The post speculates that some Rebug users may have worked out how to employ fake credit card details to download games and other content from PSN for free."

This is why the psn is down IMO.

"The mention of 'credit cards' has set off alarm bells, with the BBC's technology editor, Rory Cellan-Jones, appearing on Breakfast Time this morning to theorize over potential security fears for anyone who has an account on the system. Although it's unlikely that customer details would be vulnerable in this scenario, Sony will naturally want to make sure its online platform is entirely secure before allowing transactions to continue."

Source: http://www.guardian.co.uk/technology/gamesblog/2011/apr/26/games-playstation

And this is what sKope was referring to when he said he thought there would be much more public outcry if the psn was down do to ps store being stolen from rather then the potential of your credit card info being in jeopardy.

I'm not defending rebug, piracy, hacking, Geo Hot, anon, etc.

 

[lbsf1]

Suddenly I'm not so upset about psn going down.

However I bet you the games they offer will be rubbish ones.

 

[Darren.]

Just updated!
http://blog.eu.playstation.com/2011/05/06/scee-identity-theft-protection-offering/

We will be offering PSN users the opportunity to select two PS3 games from a list of five,

WOW! Now Famines got a LOT of updating to do on his locked sticky.

 

[FoolKiller]

First, I do not support hacking in any way. So please don't misunderstand me. I'm only stating that Sony is somewhat complicit in the failure of PSN. Given the known exploits of the PS3, and the recent threats/attacks by anonymous, Sony should have been at the top of their game on security.

"Sony chief information officer, Shinji Hasejima (pictured), this week confessed at a Tokyo press conference that security measures could have been improved."

“The vulnerability [of the network] was a known vulnerability, one known of in the world. But Sony was not aware of it... was not convinced of it,” he said.

Sony knew of PSN security flaws

Did you stop reading at what you bolded? Read the whole quote.

That's bribery.

How so?

 

[t_w_a_h]

Since the discussion has wandered to OtherOS, which I was a user of, I was annoyed at Sony when the 'PSN or OOS/CFW' choice was forced upon me but I quickly got over it.

Now some ramble.

When I bought the PS3, OOS was very interesting. The PS3 experience was better with a decent browser and a decent media player. SNES emulation was a bonus! Using it as a full on Linux box though was always a novelty though. If you used the functionality, it was fairly obvious that it was always going to be a small niche in the PS3 community, which is rightly dominated by people who use it to play games and watch movies. My main thought at the time was, "hey Sony, this is cool, I hope it catches on with the main stream Sony consumer", pretty much immediately followed by "and if it doesn't, which it won't, this will quickly be written out of the software or left unsupported". I suspect that a good chunk of OOS proponents had similar feelings.

When the "PSN or OOS" decision was pushed on users, I went for PSN and all OOS/CFW funtionality was absorbed by other devices. I'd hazard a guess that pretty much everyone who used OOS/CFW has at least one alternative device that could do everything OOS/CFW could do and a load more. Those that didn't, well I wouldn't be surprised if they went on to save some pennies and get one.

If that is the case, the only thing that I can see would remain attractive are backups and for a good proportion of people (not all) back up is really a thinly euphemism for piracy.

In the recent past, before the 'intrusion', the way Sony were dragged over the coals by the tech community went way beyond justified and became what can only really be called a witch hunt.

Small spark, big fire. Fanned largely by a very vocal minority niche in the PS3 community.

Since the intrusion, Sony do need to make right* their own failures in the incident but that should never be used to justify the action of malicious cr/hackers. Data theft is rarely a victimless crime, even if it's done for the 'lulz'.

Which is related to one of the things I'm surprised so few people are commenting on across the community, the wider consequences of this breach. As mentioned earlier in the thread, many of the laws relating to data security, intellectual property rights and a whole other related issues are in their relative infancies and utterly un-harmonised.

Anyway, all of the above is blah, ignore at your leisure.
____
* For clarity, for me make right means closing the gates on their data, kicking back to the developers whose content was unavailable from the store, recompensing paid content users for time lost and reassuring their customer base that this will not happen again. Showing a little goodwill by offering free credit checking facilities to customers via a reputable third party would be a bonus and sell well in the media.

 

[Famine]

WOW! Now Famines got a LOT of updating to do on his locked sticky.

Not really. Two blog posts, already done.

I'm only stating that Sony is somewhat complicit in the failure of PSN.

Sure, and girls who dress sexy are to blame for their own rape...


Sony are the primary victims of a crime here. We're the secondary victims. The criminal is the person to blame and the only people complicit in it are the people who made the exploits known.

 

[Brett]

You are describing negligence, or just asking for trouble to happen. There is a difference in reguards to the ps3 and psn though as in your case you would only loose the car but in Sony's case they are loosing as well as effecting their customers in a negative way.

That is why I posted it as an aside and stated not sure what it pertained to; it was a half-baked idea. Just thought it a decent one, but potentially off-topic.

 

[Darren.]

Not really. Two blog posts, already done.

But the most number of PS Blog posts in 1 day staggers me, I don't need anymore, I just want sony to complete the final stages. GT5 Here I come!

 

[Scaff]

Stated by Sony employees in the forum.

Once again no.

Unless that is you have some kind of proof that they were Sony employees.

This is not the first time you have taken conjecture or speculation and passed it off as fact, and to be honest its not a good posting trait to have.

Then that would apply to any discussion about the current intrusion(hack), and Sony's security in this thread.

And at what point have I said anything contrary to that?

Quite the opposite I used that very thing to illustrate my point, then again I'm not posting it as if it were fact am I.

That's bribery.

No its compensation, but you comment does re-enforce what seems to be a rather large anti-Sony bias on your part.

No problem with a bias, we all have them (I'm just to the side of Sony on this whole thing), just as long as they are not passed off as being impartial.

Personally I'm rather happy that it appears I will be getting 2 PS3 and 2 PSP games for my troubles, its far more than my building Society offered me when they lost personal data.


Scaff

 

[caninehostile]

That is why I posted it as an aside and stated not sure what it pertained to; it was a half-baked idea. Just thought it a decent one, but potentially off-topic.

not off top i think.
Since people in the world "ain't right in the head"
WE ALL MUST TAKE PRECAUTIONs

If you want **** to be safe, you'd better safe it your self.
EDIT: if you leave keys in car, thank you, stupid choice that is. And I cant see that is caring for own property.

 

[arora]

That is why I posted it as an aside and stated not sure what it pertained to; it was a half-baked idea. Just thought it a decent one, but potentially off-topic.

I don't think it's off topic but, I left my cd's in your trunk and I'm going to exagerate their value so pay up

 

[Darren.]

Scaff

If I remember rightly it said 2 PS3 games OR 2 PSP games. Correct me if I'm wrong.

 

[caninehostile]

Scaff

If I remember rightly it said 2 PS3 games OR 2 PSP games. Correct me if I'm wrong.

We will be offering PSN users the opportunity to select two PS3 games from a list of five, as well as offering PSP users the opportunity to choose two games from a list of four.

 

[Leadpaint]

No its compensation, but you comment does re-enforce what seems to be a rather large anti-Sony bias on your part.

Sony provides a free service, the PSN. How is feeling no need for a free game for that service going down anti-Sony?

And why would I own two PS3's if I'm anti-Sony?