1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Sony defends PSN announcement delays

Discussion in 'Article Discussion' started by CardJoe, 27 Apr 2011.

  1. javaman

    javaman May irritate Eyes

    Joined:
    10 May 2009
    Posts:
    3,730
    Likes Received:
    117
    You should be changing passwords every few months anyway. I would rather have a new card, pin and passwords than have the headache of talking to bank regarding the £2k overdraft some dickwad has rung up.

    Its far better Sony coming out and saying "We've been breeched, we don't know the damage but do x, y and z just incase."
     
  2. sharpethunder

    sharpethunder Minimodder

    Joined:
    25 Mar 2010
    Posts:
    156
    Likes Received:
    1
    What i think happened is that it 0 day flaw in the coding of the network so they are having to rewrite it from scratch but dont i have a ps3 so doesn't aftect me but if i was 0ne of the 3 millon uk costomer i would be angry about it sony should of informed the user on day one saying the network has been attacked we dont know the extent yet but we our advice would be to change credit card/ debit just in case
     
  3. Eggy

    Eggy Minimodder

    Joined:
    8 Oct 2009
    Posts:
    184
    Likes Received:
    6
    No you don't. What kind of experience do some of you have in these matters anyway. If you don't know what was accessed, how can you properly inform people. You find out what happened and what was breached and inform people correctly or not at all.
     
  4. BRAWL

    BRAWL Dead and buried.

    Joined:
    16 Aug 2010
    Posts:
    2,667
    Likes Received:
    185
    True... but with many people that isn't possible. For example at work I have seven passwords just to get on my damn system in the morning. I then have Facebook, BitTech, Gaming forums, Community forums, Banking passwords and other wiffle waffle online that hits over 30+ registered member sites (not porn before some twisted individual... Teel... thinks of it) so it's literally nigh-impossible to change this over.

    Admitting to something like 70 million profiles being breeched, you can tell that at least 1% of them are then going to file some serious issues with Sony which in the long run, maybe more costly than them losing details due to hacking in the first place. (I.e. customers suing Sony over Customers suing Sony over non-action.)

    I know it seems cruel and maybe a little cold hearted of me. But I think if your details are accessable via the Internet then you should always be ready for this kind of issue to come up really. There is always the real possibility that your details are going to be gotten hold of by some negative entity on the web, right? To think otherwise is... whats the word? Naive? No system is 100% secure, other than not having it online in the first place... and best of luck to breaking into my flat to get hold of my details!

    Thankyou! Someone who see's my point of view. Why cause a scare if you do not know.
     
  5. Whirly

    Whirly What's a Dremel?

    Joined:
    25 Dec 2002
    Posts:
    515
    Likes Received:
    16
    The very fact that Sony closed down the entire network shows how serious the security breach was. If they didn't feel that it exposed important data and was on-going they would have left it up running while they investigated.

    So the reality is that Sony knew that their network had been exposed in such a way that it afforded access to important and private information. There is no other explanation for the drastic and unprecedented measure they took. They didn't simply "fear" there had been a breach, they knew it.

    Despite this, they spent SEVEN days deliberately misleading more than 70 million users about the problems they were having. Let me make that point again.

    Deliberately misleading users.

    For some reason they felt that their position as a leading global corporation afforded them the right to decide for 70 million people whether or not to trust their personal information to the hope that the hackers had decided not to download the database.

    That is unbelievably arrogant behaviour and says a great deal about the corporate culture within Sony. Either the announcement was deliberately delayed to avoid clashing with other PR announcements or, every employee involved was too frightened of career repercussions to take responsibility for releasing the information until the decision was made at the highest level.

    One thing is pretty much certain. For at least 7 days, criminals have had the personal details, password and DOB of over 70 million people. And possibly their credit card details too. The effects of this hack will go on for years as much of that info will still be viable for use in identity theft for a long time to come. After all, while changing a few passwords is easy to do, how many of you can easily change your address? Or name? Or DOB?

    One small point that seems to have been missed is that there has been a suspicion that Sony collects quite a lot of data about its users...if that is true then what else do the criminals now know about us?

    Still, as Sony have shown over the past few months, they have very good lawyers. So I doubt there will be too much fallout for Sony. As always, the users will bear the brunt.

    As for the Geohot case, I doubt it is directly linked to the hack except insomuch as the hacking of the playstation firmware may have exposed security flaws in the PSN that were exploited.
     
  6. Boogle

    Boogle What's a Dremel?

    Joined:
    8 Mar 2002
    Posts:
    282
    Likes Received:
    6
    So they've got full customer information, security questions, and credit card info? Fantastic. Not only that, but they gave the hackers a massive head start to start abusing the data, even better. Thanks for nothing Sony.
     
  7. UrbanSmooth

    UrbanSmooth Surround Gamer

    Joined:
    27 Apr 2011
    Posts:
    98
    Likes Received:
    1
    I can see it now, with the PS4, Sony is really going to be pushing their security on the next PSN.
     
  8. javaman

    javaman May irritate Eyes

    Joined:
    10 May 2009
    Posts:
    3,730
    Likes Received:
    117
    While i see you point of view I dont agree with it. My view was nailed when you said
    we "trust" these companies to look after our data and yes **** happens but its how the company responds to such problems that makes and breaks them. If there is a breach You should be prepared to do whats necessary. Yes its moan worthy and annoying to change so many passwords but online as I sid you should be changing them regularly anyway an be prepared to need to change them if something goes tits up. Its in good faith that we hope the company admits when something goes tits up. How would you like it if facebook failed to tell you your account was hacked or even your bank? you would far rather know from day 1 that theres a possibility rather than waiting 7 days to find out or sooner if your card gets declined and you had the chance to be pro active.

    P.S., its not cold hearted its a view point I hold but only if the person genuinely deserves it. Being nieve by having the same password for everything or getting info about the breach and doing nothing deserves everything that comes to them, after all it is a reality of the web, nothing is 100% secure but it goes a very long way to improving safety and saving tons of hassle by notifying people. By telling them it removes most of the liable from Sony since they notified people so they could act. better to have to act over nothing rather than be late to react or not react at all.

    @eggy you don't need to know what was accessed to know that there is a possibility that getting any info could screw people. Any breach is serious enough, even if its just snooping or vandalism to warrent people taking action in changing passwords. Attacking PSN wasn't just to model a similar system after it. It was clearly to snoop at customer details and damage the system where possible. same if amazon was attacked, I would change my details regardless. Any compromise has the possibility of accessing details that shouldn't be made public, even if they didn't would you take the chance?
     
  9. cdb

    cdb No comment

    Joined:
    25 Apr 2009
    Posts:
    478
    Likes Received:
    4
    I like this bit

    It almost sounds like they are trying to blame us for giving them the information. I honestly don't know if I gave them mine, but I never fill in optional fields, so if they have it chances are they made us give it.
     
  10. BRAWL

    BRAWL Dead and buried.

    Joined:
    16 Aug 2010
    Posts:
    2,667
    Likes Received:
    185
    In Goldmembers words, "Then there ish no pleeeezing yoou". Nailed opinions aren't fun. A bank wouldn't tell me it got hacked, thats the purpose of a good hack. As for Facebook... not alot of good there as I do little more than enlighten people to how foolish they are (Yes... very egotistical I know).

    Oh don't get me wrong I have different passwords for most things dependant. Financial things have one, Games have another, Tech stuff another and Work based stuff another. So it should be... I'm not going to try and remember 30 passwords because thats just not possible with everything else I have to do man, and don't get me started on password completion systems. Not a good move.

    I never mentioned trust? I don't trust any company... not even the one I work for to keep my details secure chap. I never will, thus why if I answer my cellphone to an unknown number they get me saying a random name (That and for the shits and giggles of hearing their reaction to "Hello eggs and bacon..." at 0830am on a saturday.) If you're going to put your details on the net, be prepared to have them violated, hell someones gonna do it and they've been doing it from the moment you first saw "PENIS EXTENSION!ONE35612" come into (lol, no puns) your hotmail box when you were eight, right?
     
  11. Eiffie

    Eiffie What's a Dremel?

    Joined:
    11 Oct 2010
    Posts:
    364
    Likes Received:
    2
    great idea, did that once I found out about the whole data leak thing, gonna get a new card in the mail in a day or two for free. rather painless process actually.
     
  12. Skiddywinks

    Skiddywinks Minimodder

    Joined:
    10 Aug 2008
    Posts:
    932
    Likes Received:
    8
    Double post, my bad.

    Le sigh.
     
  13. Skiddywinks

    Skiddywinks Minimodder

    Joined:
    10 Aug 2008
    Posts:
    932
    Likes Received:
    8
    What? That's crazy.

    People seem to be seeing this as A) Sony could release a PR on day 0 saying "ZOMG YOU HAVE ALL BEEN HACKED" and started a mad rush of people cancelling cards etc, or B) They do what they did, and wait seven fricking days before even mentioning the possibility.

    I don't see why they couldn't have done C) Release a PR saying there are some legitimate concerns about the security of people's information, and that it is worth watching your account carefully for suspicious transactions, and advising people speak to their bank, card provider etc about how to go about preventing fraudulent activity in their account.

    This would have been a measured, deliberate response to what at the time was genuinely a legitimate concern about people's information. They don't have to start a mad panic, they don't have to say everyone has definitely been dicked, only to possibly have to retract it. Either way it turns out, they have covered their own asses and the asses of their customers.

    7 days later, they confirm the **** has hit the fan, and everyone was well prepared for it, and praise Sony for being so diligent and putting their customers before their own selfishness. Sony get to be the good guys.

    Or, 7 days later they confirm that no one is at risk. People are now more aware of what to look out for in terms of fraudulent activity (always a good thing), no one has gone on a mad spree to cancel their cards etc, and Sony get to be the good guys. Again.

    The absolute only reason that Sony would keep people in the dark is in the hopes that it is nothing and that it will all blow over with no reprecussions. It's, quite frankly, a stupid gamble. They have missed an oppurtunity to show how dilligent they can be, and since the **** turned out to hit the fan anyway, they are now in even more crap than if they had just admitted there was potentially an issue.
     
  14. javaman

    javaman May irritate Eyes

    Joined:
    10 May 2009
    Posts:
    3,730
    Likes Received:
    117
    I couldn't be bothered arguing since your clearly wearing a tin foil hat and failed to address any of what I said. Just one thing, you clearly haven't applied to any jobs in your life (either have one and lack ambition or are just a bum, I can't tell) but every company I've applied to have always withheld their numbers. 30 passwords.....easy, Ill give you a tip, break passwords into 3 sections which can come in any order and have at least 5 combinations per section. even key words are helpful, ie. kitchen and one of those sections is made up of something in the kitchen or in my case, something that shouldn't be there. change the keyword every month and you'll not only have more combinations but it'll be a hell of alot easier to remember. Even if you can't remember that writing down keywords especially vague ones could mean anything.
     
  15. alf-

    alf- Minimodder

    Joined:
    6 Oct 2010
    Posts:
    230
    Likes Received:
    3
    when we say credit card information, do we mean enough information for that credit cad to be used illegally for purchases, or is it a case of some, but not all required information being hacked?

    from what i'm reading i'm not sure either way.
     
  16. BRAWL

    BRAWL Dead and buried.

    Joined:
    16 Aug 2010
    Posts:
    2,667
    Likes Received:
    185
    Yeah, of course. Because being protective over my credit card/debit card details is tin foil hat wearing.

    [/conversation]
     
  17. badman_mo007

    badman_mo007 What's a Dremel?

    Joined:
    6 May 2010
    Posts:
    63
    Likes Received:
    0
    YES!

    paymentMethod
    holderName
    cardNumber
    expireYear
    securityCode
    address
    address.province
    address.postalCode

    serviceid
    loginid
    password
    consoleid

    Source
    Is that enough information for ya? :D

    Apparently this has been happening since as early as Feb and Sony has only just found out about it?!?
    I guess they were too busy suing everyone and collecting the IP addresses of people who watched a video of geohot on youtube, rather than fixing their own security flaws.
    The worst thing is they never even bothered to put any encryption on this sensitive data... :nono:

    Sony have screwed up Big!
     
Tags: Add Tags

Share This Page