Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

PSN Outage Continues, Console Hack Claimed To Be Responsible

Soulskill posted more than 3 years ago | from the house-of-cards dept.

Crime 404

Over the weekend, we discussed news that the PlayStation Network had been down for days, with Sony saying little other than that it was caused by an "external intrusion" and that they were "rebuilding their network." Many of you have written to point out that the outage continues, with Sony saying they "don't have an update or timeframe to share at this point." One theory about the cause behind the network's downtime was recently espoused on Reddit by 'chesh,' a moderator at PlayStation-modding enthusiast site PSX-Scene.com. According to him, recently released custom firmware called Rebug allowed people to essentially turn their PS3s into dev consoles, though some features were missing. A different group supposedly used this firmware to get on PSN through the developer networks, and also found that fake credit card numbers were not being validated for game purchases, leading to what chesh called "extreme piracy." He acknowledges that this theory is speculation. Sony's handling of this outage is starting to draw attention from the government. Update: 04/26 20:47 GMT by S : Sony just posted more details, saying that a massive data breach occurred: An "unauthorized person" has PSN users' "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID." Billing address, password questions, and credit card info may also have been taken.

cancel ×

404 comments

There's some karma for you, Mikey (2, Interesting)

elrous0 (869638) | more than 3 years ago | (#35945750)

I've got a friend who is a PS3 fanatic, and hates all things Nintendo and MS as a consequence (never understood the partisanship myself, and I've owned all three consoles at one time or another and they all have their respective merits). A couple of weeks ago when he found out I was buying Portal 2 for the Xbox (I sold my PS3 a while back), I was treated to a rant about how superior the PS3 version was because it allows cooperative play between PSN and Steam PC users (a nice feature, for sure). I thought I was going to have to give him a sedative to get him to shut up about how stupid I was to even consider the Xbox version, how great PSN is, how much Xbox Live sucks, etc., etc.

I'm tempted to rub this in his face, but it would probably only make him worse.

Re:There's some karma for you, Mikey (1)

Anonymous Coward | more than 3 years ago | (#35945818)

you might as well. The cognitive dissonance could be hilarious to watch!

Re:There's some karma for you, Mikey (4, Insightful)

tripleevenfall (1990004) | more than 3 years ago | (#35945820)

A one-week outage does not make Xbox live better.

Re:There's some karma for you, Mikey (5, Funny)

xMrFishx (1956084) | more than 3 years ago | (#35945860)

On the other hand, PSN can't actually get worse by being down.

Re:There's some karma for you, Mikey (4, Insightful)

Anonymous Coward | more than 3 years ago | (#35945876)

It makes just about anything else better, for a week.

Re:There's some karma for you, Mikey (1)

elrous0 (869638) | more than 3 years ago | (#35945912)

No, it doesn't change the respective merits of either online service. But I bet Mikey would still have a seizure if I asked him how his Steam coop play is going.

Re:There's some karma for you, Mikey (1)

Anonymous Coward | more than 3 years ago | (#35945998)

No, it doesn't change the respective merits of either online service.

In what universe does percentage uptime not one of the factors in determining which service is better? Certainly not in our universe.

Re:There's some karma for you, Mikey (3, Insightful)

omnichad (1198475) | more than 3 years ago | (#35946056)

When one is free and one is paid? That certainly makes uptime LESS of a factor, though I suppose doesn't eliminate it.

Re:There's some karma for you, Mikey (0)

Anonymous Coward | more than 3 years ago | (#35946626)

No one said uptime doesn't matter. However, XBox Live has gone down before as well (once for 2 weeks if I'm not mistaken). Unless someone actually worked out each sides uptime, it's not really a relevant argument. To claim one is better simply because it's up right this second is arbitrary and ridiculous.

Re:There's some karma for you, Mikey (4, Insightful)

Bobfrankly1 (1043848) | more than 3 years ago | (#35946000)

A one-week outage does not make Xbox live better.

Yeah, it's not the outage that makes Xbox live better, it's the external intrusion. Nothing quite like an external intrusion into a company that holds your credit/debit card data to make you wish you could pay for better service.

Re:There's some karma for you, Mikey (4, Insightful)

nschubach (922175) | more than 3 years ago | (#35946090)

Even if Sony offered a pay service, the same would have likely happened. I don't see the validity in your complaint.

Re:There's some karma for you, Mikey (1)

osu-neko (2604) | more than 3 years ago | (#35946212)

Even if Sony offered a pay service, the same would have likely happened. I don't see the validity in your complaint.

Most people assume that if they pay a company for a service, at least some of the money they pay goes to improving the service. If your assumption is that Sony's service would be identical regardless of whether you paid for it or not (and you would have to assume that for your post to be at all logical), that's awfully cynical of you. Not that you're necessarily wrong, but it should be noted that most people aren't that cynical, and thus, do see the validity of the argument you're apparently not seeing the validity of.

Re:There's some karma for you, Mikey (1)

Anonymous Coward | more than 3 years ago | (#35946300)

The service is paid for, every time you buy a PS3 game Sony takes a cut. Just because you don't have to pay for it by shelling out directly for an account doesn't mean it's not paid for by you. Also, as the PA guys were quick to point out, you can't say "but it's free, you can't cry about it" when the network and social aspects that PSN provides is part of the core experience that prompts the purchase of a PS3 over something else (maybe not in 2005, but today it does).

Re:There's some karma for you, Mikey (0)

Anonymous Coward | more than 3 years ago | (#35946420)

He might've meant that because both free and paid services get hacked all the time it doesn't matter if the service is free or paid.

Re:There's some karma for you, Mikey (2, Insightful)

smelch (1988698) | more than 3 years ago | (#35946374)

There's the whole fact that it is, you know, actually better. Xbox Live is just about fucking perfect. You can bitch all you want about paying less than a WoW subscription to play all of your console games online, but that doesn't make the PSN even close to XBox Live. PSN always makes me feel like I'm playing multiplayer in 1998. I mean that literally not as a slam. I enjoy games from 1998 still. This may have more to do with the fact that Halo has amazing multiplayer if you are in to the game, and there is a lot of consistency between titles with good matchmaking. As far as I can tell each game has to roll their own for PSN.

Re:There's some karma for you, Mikey (0)

Anonymous Coward | more than 3 years ago | (#35946400)

Payment is no guarantee of service unless the contract expressly states as such. ...and...

Anyone that writes a guarantee of service into a contract is an idiot. There's no way you can absolutely guarantee anything in this world, except the hordes of lawyers that are going to descend on your ass when you don't honor your agreement.

Re:There's some karma for you, Mikey (1)

desdinova 216 (2000908) | more than 3 years ago | (#35946510)

and here I was still thinking this was Anon's faul

Re:There's some karma for you, Mikey (1)

Culture20 (968837) | more than 3 years ago | (#35946294)

It does if the fad is killed with a week of inactivity. I'm reminded of the Simpsons episode where the children go outside after the Krusty the Clown show is canceled. People will find something else fun to do. If Xbox is that other thing, then it is better by default.

Re:There's some karma for you, Mikey (1)

harl (84412) | more than 3 years ago | (#35946644)

It doesn't need to be. Before this is was leaps and bounds above PSN. After this is will be leaps and bounds above PSN.

The PSN is embarrassingly feature poor.

Speculation (4, Insightful)

Sonny Yatsen (603655) | more than 3 years ago | (#35945754)

I understand that the slashdot community might be anxious to see the PSN come back up, but do we seriously have to start publishing nothing more substantial than speculation?

Also, I've met Dick Blumenthal. He's a very nice man. However, he is, by no means, "the government", nor does a single letter from a freshman senator constitute "attention from the government".

Re:Speculation (5, Informative)

ThePhish (154000) | more than 3 years ago | (#35945974)

You are correct, he is not the government...but he was CT's Attorney General for 20 years, and has long championed consumer rights and technology . So, him picking this battle as a freshman senator is technically accurate, but it does not reflect his multi-decade experience in the arena.

Re:Speculation (1)

briansct (1857764) | more than 3 years ago | (#35946218)

I second ThePhish's comment about Blumenthal. As a resident of CT I have seen the results of his actions and letters to businesses. I was sad to see him go when he won the senate seat.

I would be very surprised if Sony did not take him very seriously. He represents a very large voice (yes read it "the US government") that may soon rally behind his simple letter.

Re:Speculation (-1)

Anonymous Coward | more than 3 years ago | (#35946582)

As another resident of CT, I was sad to see him win the senate seat... the man is an asshat.

Re:Speculation (1)

osu-neko (2604) | more than 3 years ago | (#35946312)

However, he is, by no means, "the government", nor does a single letter from a freshman senator constitute "attention from the government".

Actually, it does. "The government" is a collection of people doing various jobs paid for out of the Treasury. He is one of those people, currently a member of the legislative branch of the government. Getting attention from any of those people is therefore "attention from the government".

Re:Speculation (4, Informative)

Anonymous Coward | more than 3 years ago | (#35946574)

Well, here's some "speculation" from Patrick Seybold // Sr. Director, Corporate Communications & Social Media.

http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/

"... an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

Looks pretty bad to me. Anybody that reads and understands the above will never provide their real name or birthdate to a corporation online again. Ever.

Re:Speculation (1)

interkin3tic (1469267) | more than 3 years ago | (#35946632)

I understand that the slashdot community might be anxious to see the PSN come back up, but do we seriously have to start publishing nothing more substantial than speculation?

When it's that interesting, when there's not much other information to go on, when it's explicitly marked as speculation/hypothesis without any pretense that it's more authoritative than that, AND when the speculation is over something as inconsequential as a videogame network, I don't see any harm.

-It is exactly the type of story that we would be interested in, moreso if and when it becomes more than speculation.

-Sony is basically encouraging speculation by keeping tight-lipped about it.

-Doesn't degrade slashdot's credibility, since it was marked as speculation and this is slashdot...

-Unlike speculation about, say, the situation with the Fukushima reactor in Japan, publishing speculation is never going to create a dangerous situation

I see nothing wrong here.

government? (1)

Anonymous Coward | more than 3 years ago | (#35945806)

why is the PSN outage any of the (US?) government's business?

Re:government? (4, Insightful)

tripleevenfall (1990004) | more than 3 years ago | (#35945834)

Is there anything that isn't government business anymore?

Re:government? (5, Insightful)

kevinNCSU (1531307) | more than 3 years ago | (#35945864)

why is the PSN outage any of the (US?) government's business?

Because Senators are suppose to represent their constituents and the issues they care about (lets leave the vote pandering cynicism discussion as off-topic for now) and his constituents are worried their personal/financial details were compromised in the attack so it makes sense that he would ask Sony whether or not this is the case as he has a better chance of being responded to because he wields more power.

Re:government? (-1)

Anonymous Coward | more than 3 years ago | (#35946048)

Wrong. Senators are supposed to represent their state. Representatives are supposed to represent their constituents.

Re:government? (2)

i kan reed (749298) | more than 3 years ago | (#35946190)

Yeah, that whole 17th ammendment ship already sailed, AC. Let it go.

Re:government? (1)

Abstrackt (609015) | more than 3 years ago | (#35946208)

Wrong. Senators are supposed to represent their state. Representatives are supposed to represent their constituents.

Please correct me if I'm wrong, but isn't the state made up of constituents?

Re:government? (1)

VGPowerlord (621254) | more than 3 years ago | (#35946332)

Wrong. Senators are supposed to represent their state. Representatives are supposed to represent their constituents.

Please correct me if I'm wrong, but isn't the state made up of constituents?

He meant the state governments, but as someone else already pointed out, the 17th Amendment changed that.

Re:government? (1)

_0xd0ad (1974778) | more than 3 years ago | (#35946402)

Yes, but of constituents of more than one congressional district.

Senators represent the state; Representatives only represent their constituents, and unless their House seat is an at-large seat, their constituents are not the entire state.

Re:government? (1)

kevinNCSU (1531307) | more than 3 years ago | (#35946244)

Wrong. Senators are supposed to represent their state. Representatives are supposed to represent their constituents.

Unless I missed a memo and the Senators are all now versions of the Lorax and speak for the trees for the trees have no tongues I'm pretty sure by representing "their state" it means they represent the people in their state, who authorized the senator to act as an agent on their behalf by voting them in, thereby making them: constituents. [merriam-webster.com]

Re:government? (1)

nedlohs (1335013) | more than 3 years ago | (#35946324)

Do you ignore first 16 amendments as well?

Re:government? (1)

KarrdeSW (996917) | more than 3 years ago | (#35946672)

Wrong. Senators are supposed to represent their state. Representatives are supposed to represent their constituents.

This is why they sprinkle Constituent Service offices around their states where they employ constituent service representatives?

Also, they call them constituents because constituents are defined as the entities being represented. Therefore, even if your statement is correct, the state would still be a constituent.

Re:government? (1)

Chemicles (771024) | more than 3 years ago | (#35945884)

I know it's cool to bash anything the government does, but the senator in question is probably interested in Sony's protection (or lack thereof) of users' financial data which, as far as I know, Sony can't guarantee wasn't compromised.

Re:government? (0)

Anonymous Coward | more than 3 years ago | (#35945964)

It does seem strange that such a company would matter, but in a way, they should: anything that keeps the population sedate should be supported by big G.

Re:government? (2)

osu-neko (2604) | more than 3 years ago | (#35946418)

why is the PSN outage any of the (US?) government's business?

Why would you even question that? Preventing citizens from being harmed or abused by others, whether they be foreign armies, domestic criminals, or large corporations skirting or possibly even breaking the law, is precisely the most fundamental function of any government. There are regulations dictating how a corporation must handle user's information precisely because of this, and there's good reason to believe Sony ain't following them at the moment. Are you suggesting governments should just ignore their job and not enforce laws or address threats to their citizens merely because it's a corporation that did them rather than an individual or a foreign power, and therefore somehow above the law?

Nothing else to do? (0)

Wyatt Earp (1029) | more than 3 years ago | (#35945870)

Senators and Representatives going after Apple, now Sony, aren't there other goddamned things they should be working on?

Re:Nothing else to do? (1)

Anonymous Coward | more than 3 years ago | (#35946006)

Oh yes..
Because people who paid for services that they aren't getting is not important at all. Especially after that same company advertised Linux running on their PS3 and then on a whim changed their minds and screwed plenty of people over...

Not to mention Apple's careless tracking of the users' every move...

Nope, not important at all... Let's just let these companies do whatever they want. /sarcasm.

Re:Nothing else to do? (0)

Wyatt Earp (1029) | more than 3 years ago | (#35946172)

PSN is free.

The Apple, Google and Sony issues should be handled by the fracking Federal agencies who deal with these issues, the Federal Trade Commission's Bureau of Consumer Protection, the Federal Communications Commission and the Department of Justice, along with the state agencies that do the same thing.

Re:Nothing else to do? (1)

Anonymous Coward | more than 3 years ago | (#35946050)

Yeah, um. Senator Blumenthal *was* going to be playing Portal 2 in coop mode with his state's senior Senator, but they can't do that while the PSN is down. Therefore the letter. Duh.

RTFA, etc.

  I mean, I assume that's what it says. Not that I'd read it.

Re:Nothing else to do? (0)

Wyatt Earp (1029) | more than 3 years ago | (#35946254)

That's exactly what happened, or his kid complained.

Re:Nothing else to do? (1)

PingSpike (947548) | more than 3 years ago | (#35946084)

Nope. Everyone else already paid up their campaign contributions and lobbying fees.

Re:Nothing else to do? (0)

Anonymous Coward | more than 3 years ago | (#35946164)

If you care so much then why don't you run for political office? If you won't/can't get elected then you could at least be campaigning for someone you support. Obviously you don't actually care about or participate in politics - otherwise you would be unable to justify wasting your time complaining on Slashdot.

Or, as one Slashdot poster put it: "aren't there other goddamned things [you] should be working on?"

Re:Nothing else to do? (1)

Wyatt Earp (1029) | more than 3 years ago | (#35946512)

I'm not running for an office because it's an off year and because my Senators and Representatives are doing a good job and not getting wrapped up in political grandstanding on this issue, but as a voter I have every right to complain about other politicians.

And no, really there's nothing else I need to be working on right now, thanks for asking.

Re:Nothing else to do? (0)

Anonymous Coward | more than 3 years ago | (#35946568)

Isn't complaining on Slashdot *ACTUALLY* a form of protest? Any time I stand in a room and shout about an issue I'm making a "political statement". Next you'll say the candidates are wasting their time advertising on TV and debating when there's "other goddamned things they could be working on". I'd be incredibly surprised if there's never been a grassroots campaign in the history of Slashdot servers that hasn't hit these forums in some way. I'd also be surprised if you haven't read some form of political material on these servers either. How do you know the people you're talking to aren't in some way politically motivated??

Politics is really just about getting people to do what you want; first step is to tell them what's wrong, next step is to tell them how you'll put it right, next step is not putting it right and siphoning all the budget off into a Swiss bank account.

Not exactly. (2)

chemicaldave (1776600) | more than 3 years ago | (#35946406)

aren't there other goddamned things they should be working on?

As a member of the Subcommittee on Privacy, Technology and the Law [wikipedia.org] , this is exactly what Richard Blumenthal should, and is doing.

Re:Not exactly. (1)

Wyatt Earp (1029) | more than 3 years ago | (#35946538)

"Jurisdiction: (1) Oversight of laws and policies governing the collection, protection, use and dissemination of commercial information by the private sector, including online behavioral advertising, privacy within social networking websites and other online privacy issues; (2) Enforcement and implementation of commercial information privacy laws and policies; (3) Use of technology by the private sector to protect privacy, enhance transparency and encourage innovation; (4) Privacy standards for the collection, retention, use and dissemination of personally identifiable commercial information; and (5) Privacy implications of new or emerging technologies."

Where does that say - "ask a software/hardware vendor why their free service isn't up and running"?

Re:Nothing else to do? (1)

osu-neko (2604) | more than 3 years ago | (#35946458)

Senators and Representatives going after Apple, now Sony, aren't there other goddamned things they should be working on?

There are, and they are. A government, being composed of many, many individuals, is capable of working on many, many things at the same time. Thus, an argument along the lines of "isn't there something else they should be working on" is always utterly moronic...

Re:Nothing else to do? (1)

interkin3tic (1469267) | more than 3 years ago | (#35946656)

Senators and Representatives going after Apple, now Sony, aren't there other goddamned things they should be working on?

Than writing a letter? We're not talking about a $5 million investigation.

Valve (5, Interesting)

bazald (886779) | more than 3 years ago | (#35945932)

It would be nice to be able to activate the PC version included with my PS3 copy of Portal 2. You're in a somewhat unique position to improve matters, given that you were planning to make the PC version available to us anyway.

Re:Valve (1)

Tukz (664339) | more than 3 years ago | (#35946546)

I'm on this boat as well.
I see my roommate and several of my steam friends play Portal 2, but I can't log into PSN with my PS3 version to unlock my PC version.

I'm somewhat surprised that Valve didn't do something about this by now or at least made an official statement, the forum is running rather hot.

Sony Shills out in Force (0)

Anonymous Coward | more than 3 years ago | (#35945942)

I hate to be the paranoid type, but when the first 5 of 10 comments are kiss-ass "thank you's", it starts to raise red flags. Thank you for what? A nebulous useless update that they are denying you service, and have no idea when their service will be backup? I know that there are Sony Fanboys, but I can't imagine any Fan boy being happy about being denied internet gaming for a week... Especially happy enough to thank the company that is preventing them from playing, and has basically been lying from the start.

Am I just paranoid? Is there a legitimate reason to thank that guy for a useless update?

Theory, speculation, bullshit. (4, Interesting)

ToasterMonkey (467067) | more than 3 years ago | (#35945960)

One theory about the cause behind the network's downtime was recently espoused on Reddit by 'chesh,' a moderator at PlayStation-modding enthusiast site PSX-Scene.com. According to him, ... [snip]
He acknowledges that this theory is speculation.

Slashdot should to change its moniker to "Jerry Springer for Nerds". All that's missing is a video feed of some grimy sweat pants wearing nerds furiously typing away virtual beatdowns over who got who's virtual girlfriend knocked up.

This whole "new media" thing is unconvincing.

Re:Theory, speculation, bullshit. (2)

H0p313ss (811249) | more than 3 years ago | (#35946004)

nerds furiously typing away virtual beatdowns over who got who's virtual girlfriend knocked up.

There was no need to bring the G word into the conversation, that's just uncalled for.

Re:Theory, speculation, bullshit. (1)

makubesu (1910402) | more than 3 years ago | (#35946438)

I'm pretty sure the network is down because of aliens trying to connect to it.

LOL (1)

Threni (635302) | more than 3 years ago | (#35945968)

You seriously believe that Sony would disable all access to it's multiplayer games, movie sharing etc, because someone's temporarily able to use one of their devices as a dev console? I think that overblows Sony's interest in homebrew.

Re:LOL (2)

The MAZZTer (911996) | more than 3 years ago | (#35945986)

You seemed to have missed the part where dev consoles can get unlimited funds to buy content from the PSN store.

Re:LOL (1)

tao (10867) | more than 3 years ago | (#35946036)

Still doesn't make any sense though. The PSN store can be closed down without disabling the rest of PSN.

Re:LOL (1)

The MAZZTer (911996) | more than 3 years ago | (#35946112)

Alright then: multiplayer hackers/cheaters can easily work around bans and start hacking again.

Re:LOL (0)

Anonymous Coward | more than 3 years ago | (#35946550)

Can it? I would not be surprised if the systems were sufficiently coupled as to not be able to shut just a piece down.

Re:LOL (1)

AxemRed (755470) | more than 3 years ago | (#35946622)

That's what I was thinking too. I'm guessing the real reason it has been shut down is unpublicized. If I had to take a stab in the dark, I would say that it was something along the lines of: "We've analyzed their attack, sir, and there is a danger..." Sony probably realized that there was a vulnerability present that would inevitably be exploited, and it required a significant amount of work to fix. Or it's possible that someone already did exploit it to access personal information or do something else that's more critical than just pirate games, and Sony has kept it quiet.

Re:LOL (1)

_0xd0ad (1974778) | more than 3 years ago | (#35946078)

dev consoles can get unlimited funds to buy content from the PSN store

If they use fake CC numbers.

But TFS was definitely pretty unclear about that.

So from what I gather, the gist of the (speculative) reason goes like this:

Rebug allows you to unlock dev features in the console; some proxy magic then allows you access the developer network with your unlocked console, and if you're on the "trusted" dev network it doesn't bother to verify that you use a valid CC number when you make a purchase. Result: Sony hastily shuts down the network.

Re:LOL (0)

Anonymous Coward | more than 3 years ago | (#35946188)

There are a few fake CC numbers Sony gives to developers. They can be used for testing out all sorts of things while developing for the PS3.

Re:LOL (1)

_0xd0ad (1974778) | more than 3 years ago | (#35946242)

I'm guessing they're actually the "test" CC numbers that the credit agencies created for that purpose, but end-user systems should explicitly be designed to reject them, because the credit card check will approve any purchase made with that number.

Re:LOL (1)

Kagato (116051) | more than 3 years ago | (#35946426)

Wouldn't be easier just to F with the dev network for a week or so and leave the prod one alone. It just seems like you could selectively turn off some servers of get some fire wall rules to deal with the Dev Console issue.

"Almost a week?" (0)

Anonymous Coward | more than 3 years ago | (#35945994)

For some of us, the PlayStation Network has effectively been "down" since April 1, 2010.

Welcome to my world.

Sony's Silence says it all (2)

Goffee71 (628501) | more than 3 years ago | (#35946064)

At least Amazon were up front about the failure and remedy for its service... Sony should be learning that lesson - fast! http://www.cmswire.com/cms/enterprise-20/the-aftermath-amazon-ec2-sony-playstation-network-recover-from-cloud-crashes-010954.php [cmswire.com]

Re:Sony's Silence says it all (5, Informative)

Goffee71 (628501) | more than 3 years ago | (#35946146)

Oh, Sony takes that very minute to make full confession:

Press the NUKE button now!

Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows. We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.

We’re working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback.



Valued PlayStation Network/Qriocity Customer: We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

Temporarily turned off PlayStation Network and Qriocity services; Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable. Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it: U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228. We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below. Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013 Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241 TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790 You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us. We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions. Sincerely, Sony Computer Entertainment and Sony Net

why put up with this? Get a Gaming PC (0)

Dan667 (564390) | more than 3 years ago | (#35946092)

sony is obviously not going to do what is in your interest.

Official word from Sony finally (5, Informative)

ShaggusMacHaggis (178339) | more than 3 years ago | (#35946128)

"We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
"

http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/ [playstation.com]

Re:Official word from Sony finally (1)

xMrFishx (1956084) | more than 3 years ago | (#35946230)

So basically "all your personal data, which we hold, because reams of data is fun, was probably copied by someone." As Barney says, "Good luck out there buddy, you're gonna need it."

Re:Official word from Sony finally (0)

elrous0 (869638) | more than 3 years ago | (#35946326)

Since PSN is free, I imagine most people haven't given it their credit card info. (unless they're buying DLC).

Re:Official word from Sony finally (1)

xMrFishx (1956084) | more than 3 years ago | (#35946372)

Isn't there a PSN+ service that is non-free? I figure even though they have, what 75 million accounts, if even 1% of those had a PSN+ account, that's a lot of data.

Re:Official word from Sony finally (0)

Anonymous Coward | more than 3 years ago | (#35946380)

You'd think they'd send an email to PSN members, to alert them about the compromise, rather than assuming 60-70m users are going to be polling a fucking blog page!

Re:Official word from Sony finally (1)

msavory (1734428) | more than 3 years ago | (#35946466)

Yeah, and it seems those that do don't even read it correctly... From the 2nd line "We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems."

Re:Official word from Sony finally (1)

subanark (937286) | more than 3 years ago | (#35946412)

Wait... the passwords/security answers should have been encrypted, so unless they are being overly cautious about someone trying to generate passwords that match every hash (plus salt), or just some they are interested in there is not much to fear. Also the credit card number should not even be on their systems at all, they should have gotten a buyer code from the credit card company which they can simply invalidate (unless they think that someone may have inserted monitoring code in their system, in which case your credit card number is only in danger if you entered into their system recently).

Re:Official word from Sony finally (2)

wbav (223901) | more than 3 years ago | (#35946478)

This is Sony.

Security isn't their strong suit.

Re:Official word from Sony finally (1)

xMrFishx (1956084) | more than 3 years ago | (#35946520)

Wait... the passwords/security answers should have been encrypted

Emphasis: mine
This will be fun. I'm hoping some form of external inquiry will take place post mop-up operation to confirm that Sony was indeed using best practices for securing it's data.

Fuck the rebug assholes (-1)

Anonymous Coward | more than 3 years ago | (#35946136)

I hope the assholes who released this shit get shot in the head with a CheyTac m200! There goes your stupid 'I want my homebrew' excuse.

Take note (2, Interesting)

ravyne (858869) | more than 3 years ago | (#35946192)

If the rumor is indeed true that a custom firmware has been used to get some people free stuff, take note how Sony has handled the situation -- A small, small portion of people (the few that run custom firmware, and the fewer that run this particular custom firmware) are getting a few free (virtual) goods, and they shut down the entire network, screwing 100% of their customers.

What if banks operated this way? They find a ring of fraudsters using bank accounts to commit fraud, and the bank responds by freezing everyone's accounts for weeks? It would be totally unacceptable.

When you find a small group of fraudsters, you take targeted action against them alone, even if it means you hemorrhage a little money compared to the more totalitarian approach. Its part of the cost of doing business. In the retail world they call it "spillage" -- the fact that some of your goods might get damaged beyond saleability or that a few things will go missing from the floor (or the stock room) is unavoidable -- you simply do your best to detect and take action against those responsible, but you don't go around treating every other customer as a criminal.

Of course, that assumes the rumored reason is the cause of this action -- I suspect its either speculation or a (possibly intentionally-leaked) cover story for other measures taken in response to the Anonymous attack and whatever information they got out of GeoHot in the settlement. I anticipate a new official firmware will be required after the network comes back up and it will be necessary to access the "new" PSN, and possibly even already-owned downloadable content. This long of a downtime indicates pretty drastic changes behind the scenes, methinks.

Re:Take note (1)

Schadrach (1042952) | more than 3 years ago | (#35946448)

Assuming that that hack is what this is all about, wouldn't it have been simpler to shut off "developer" PSN for however long, rather than all PSN? It's not adding up.

Sony "can't rule out" credit card data was taken (1)

Anonymous Coward | more than 3 years ago | (#35946232)

Recent post on their blog (http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/) explains the following:

"... we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

Penny Arcade (1)

Yvan256 (722131) | more than 3 years ago | (#35946236)

Obligatory... [penny-arcade.com]

Re:Penny Arcade (1)

Yvan256 (722131) | more than 3 years ago | (#35946262)

Better link [penny-arcade.com] (sorry about that, reader from the world of tomorrow!)

Don't think so.. (1)

SuperDre (982372) | more than 3 years ago | (#35946340)

You must be really gullable to think the rebug-firmware and being able to 'buy' games from PSN with fake CC would be the reason.. Sony could have easily suspended sale through PSN, so it wouldn't be possible to buy new content, but you would still be able to use PSN with bought content...

Attention from government? Please no. (1)

chemicaldave (1776600) | more than 3 years ago | (#35946354)

I can see Sony's response already "These data breaches were caused by unauthorized tampering of proprietary hardware by criminal hackers in violation of federal DMCA laws and has caused considerable and irreparable damage and losses to our networks as well as preventing our users from fully enjoying their console experience in a lawful manner."

PSN May Be Back by Wednesday, Expert Claims (1)

pilich (455704) | more than 3 years ago | (#35946414)

"The main thing Sony will be doing now is taking the original server code and rebuilding it using new login keys for their admin side," he said. He also claimed that Sony "will probably take the chance to change the developers root key that was recently leaked, which tells PSN that a particular piece of software is licensed and allowed to use the PlayStation Network."

http://www.gamepro.com/article/news/219040/psn-may-be-back-by-wednesday-expert-claims/ [gamepro.com]

Kotaku: "Sony Comes Clean" Data Stolen (1)

eddy (18759) | more than 3 years ago | (#35946440)

Sony Comes Clean: PlayStation Network Hackers Have Stolen Personal Data [kotaku.com]

Sony says while personal information was likely stolen they don't believe credit card numbers were and that they hope to have the Playstation Network service back up within a week.

Re:Kotaku: "Sony Comes Clean" Data Stolen (1)

Chyeld (713439) | more than 3 years ago | (#35946600)

Not that I begrudge Kotaku the clicks, but if you are going to post it, post the one that comes from the horses mouth.

Update on PlayStation Network and Qriocity [playstation.com]

+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media

Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows. We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.

We’re working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback.

        Valued PlayStation Network/Qriocity Customer:
        We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

                Temporarily turned off PlayStation Network and Qriocity services;
                Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
                Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

        We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

        Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

        For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

        To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it:

        U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228.

        We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. residents can have these credit bureaus place a “fraud alert” on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact any one of the agencies listed below.

        Experian: 888-397-3742; www.experian.com; P.O. Box 9532, Allen, TX 75013
        Equifax: 800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, GA 30374-0241
        TransUnion: 800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834-6790

        You may wish to visit the web site of the U.S. Federal Trade Commission at www.consumer.gov/idtheft or reach the FTC at 1-877-382-4357 or 600 Pennsylvania Avenue, NW, Washington, DC 20580 for further information about how to protect yourself from identity theft. Your state Attorney General may also have advice on preventing identity theft, and you should report instances of known or suspected identity theft to law enforcement, your State Attorney General, and the FTC. For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001; telephone (877) 566-7226; or www.ncdoj.gov. For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202; telephone: (888) 743-0023; or www.oag.state.md.us.

        We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at 1-800-345-7669 should you have any additional questions.

        Sincerely,
        Sony Computer Entertainment and Sony Network Entertainment

To tell the truth... (2)

Daniel Phillips (238627) | more than 3 years ago | (#35946472)

To tell the truth, I do not believe a think Sony says. Sony credibility has fallen to zero, or negative even. So if Sony says their system was brought to its knees by a "console hack" I naturally tend to assume that the real cause was an inside job. And then I go on to speculate about what kind of employee abuse goes on inside Sony that might trigger such a thing, not that I condone it.

And everyone was saying hacking their ps3 was ok (0)

Anonymous Coward | more than 3 years ago | (#35946514)

People up in arms bitching at sony saying they should be able to custom hack their consoles with their own firmwares and all that other geohot was doing that every nerd was behind him 100%.

Well, you see what happens when people do shit with their stuff that were not supposed to do? All it took was one jerk to mess it up for everyone worldwide. Yeah hacking your console is a real great idea and you morons supported it without thinking because you wanted to believe your hip suave tech people and want to be on the bandwagon against the big evil corporations like a you were hippies with droid phones or something.

Re:And everyone was saying hacking their ps3 was o (4, Insightful)

Chyeld (713439) | more than 3 years ago | (#35946628)

Or we are seeing what happens when a company become so arrogant that they don't bother actually locking down this info despite the fact that it would be inevitable that someone would come along and find a backdoor.

Seriously, a 'hacked PS3' being able to do this is pretty much the definition of "Security Design Failure".

So... (0)

Anonymous Coward | more than 3 years ago | (#35946532)

If only there had been some white-hat hacker to warn Sony that this might happen.

Forget CC#s, there is a worse scenario (4, Interesting)

Mysteray (713473) | more than 3 years ago | (#35946606)

I'd written a blog post [extendedsubset.com] speculating about a worst-case scenario involving attackers using the leaked firmware signing keys to push a malicious firmware update from Sony's compromised backend servers. Personally, I've disconnected my PS3 from the network until the all-clear sounds from Sony.

Next Gen Console Power (2)

Drakkenmensch (1255800) | more than 3 years ago | (#35946666)

Bought the two big titles that came out a week ago. Can't play Mortal Kombat on my PS3 because PSN is down. Can't play Portal 2 on my Xbox360 because it red ringed on me. Isn't the latest technology grand?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...