Discussion in 'Article Discussion' started by CardJoe, 28 Apr 2011.
How the hell can a company the size and stature of Sony act like such doughnuts!
I can't believe they aren't PCI-DSS compliant. Maybe Sony got confused about the meaning of PSN, thinking it meant Please Steal Numbers.
Why the hell would they not encrypt everything? I literally cannot think of a single reason not to.
Don't worry Sony, I'll just cancel my date of birth and get a new one.
IRC logs of a discussion between people using the debug firmware to probe PSN security:
The table might have been encrypted, but it seems like all the calls were sent in plain-text.
Why on earth won't Sony say definitively what data was encrypted and what wasn't? Specifically: were the passwords encrypted? This policy of being as vague as possible is only making the situation much worse.
I'm incredibly unimpressed with the secretive, deceptive nature of their response to this situation.
My hope is that the highly litigious nature of the USA works in everyone's favour for once and as many people as possible sue the living hell out of Sony so that they will finally take this stuff seriously.
The most interesting thing here is that this shows just how much the consoles looks like PC today. on top of that if you can hack one machine you can hack them all as they are all the same.
Several things. Firstly, Sony have stated what is and what isn't encrypted in their statement, read it. It's pretty clear.
I'm unimpressed with it too, I think everyone is!
However, suing Sony won't do anyone any good imo. The negative publicity will do good. Sony are obviously taking a lot of steps (including physically relocating their data centre, if you read it), so they are taking it seriously. The fact that they have lost money and will continue to lose revenue and good-will from customers will mean that they take it deadly seriously. I can't imagine what a rollicking their shareholders will give them!
They don't mention PCI DSS compliance, but I thought that if you store personal data and credit card information that can be connected, you have to be? Either way, they obviously weren't doing it right.
Ads by Google
Detect and protect against identity theft. Receive alerts, react fast!
I was hearing rumours about this and refused to believe it.
If the delayed announcement wasn't enough, this just takes the cake.
That made me laugh!
That quote is signature worthy, bravo Jamie. Bravo
I don't understand why Sony needed all of that personal information in the first place: I've not linked a credit card to XBox Live (nor did I to PSN) but the only info that XBox Live wanted was a Username, Password and E-mail address. Why does Sony need Name, Address and DOB by default? I very nearly didn't sign up at all with all the info they wanted... I should have stuck with my gut instinct.
And with the effort I take to stop the potential of Identity Fraud happening to me, I'd just like to thank Sony for failing to encrypt my personal data and therefore essentially handing it to bad people on a silver platter. Along with the personal information of 70+ million others.
As I was typing this, I just received an e-mail from Sony telling me about the situation. Nice to see they're so on the ball with telling people, as I don't keep tabs on the PSN Blog. Although it would have been impossible to miss this if you were online at all over the last week.
As for litigation not doing any good... the bad publicity will hurt Sony, but they'll recover as people have short memories and Sony have a lot of money to spend on advertising. To get Sony to learn not to do it again the penalty for this is going to have to hit them where it hurts: the pocketbook. I think Identity Theft Protection/Insurance for every single PSN user would be a good start. They obviously have our names and addresses and DOBs (hell, so does the whole of the 'dark side' of the internet by now, most likely) and that's all they should need to open these Identity Theft Protection schemes if they're footing the bill.
Disclaimer: Paragraphs 2 and 3 of this post contain high levels of sarcasm.
Encrypting personal info e.g. profile information is not very common though.
you do realize that most sites/service dont encrypt personal data. The reason being that the constant need for unencryption each time the data is needed imposes a massive processing cost on the server. The bit-tech forums store all personal data in plain text too, so does every other IBB / vBulletin / SMF forum.
Usually only the account password is hashed, which is why most forums dont email you a new pasowrd but rather a password reset code. Yes, you can reverse engineer the hash to get a text string that creates the same hash but the chances of it being the user's actual password are slim (assuming a good hashing alg is used. Futhermore that "reverse engineered" string is useless for any sites/networks usign a different hash.
This "news" post is ridiculously alarmist and just pulled a FOX news stunt, overreacting to something thats perfectly normal.
My real name, birthday and email address are already available online in a million places, so why would some hacker gaining that info be of any concern to me. Now if the credit card table wasnt encyrpted then you can be really really worried.
Lol it just keeps getting worse.
I'm just waiting for the next announcement that says "No credit card details were taken off the system, they were all left unencrypted on a USB key on a train, it's ok though because it might have been found by a cleaner"
I recieved a lenghthy email directly from Sony stating all my information may have been compromised including my credit card. They then go on to state I need to keep an eye on my accounts and keep vigil over my credit report. Also providing links to the credit score agencies.
So ya I guess you can call me a little bit alarmed but more so very irritated.
Anonymous said they were gonna give sony the biggest attack ever, so I'm gonna risk assuming this is it & if like they are saying they don't mean any harm towards consumers & only towards sony then maybe they did this to cause a big chunk of mistrust with people who buy sony stuff & any personal data they took they deleted, this is what I like to think anyway, either that or another bad hacker group has capatilised on the situation & gone for it for real for mass id fraud, sure as heck not good either way.
It's been a while since I fired up the ps3 so I'm unsure about ways to pay for adding money to the wallet, is it possible to put money in the account through paypal, I can't remember as it was ages ago, if so I'd have done it through paypal, if not then my old debit card would have been on there which runs out of date this month.
Separate names with a comma.