Well, after a few weeks it still looks like the PS Network, Sony Online Entertainment, etc. will be still down for weeks. Maybe until the end of May - or beyond. I find this a bit shocking that it's taking them this long to restart it all. They are going to be bleeding money from this one for a long while since games that require online connections won't work until this is restored. I do like Sony products, but their security was obviously not up to what it should be. Anyway, more on this issue here:
http://arstechnica.com/gaming/news/2011/05/billion-dollar-psn-outage-may-not-be-fully-remedied-until-may-31.ars (http://arstechnica.com/gaming/news/2011/05/billion-dollar-psn-outage-may-not-be-fully-remedied-until-may-31.ars)
The whole situation has been pretty shocking and disturbing. I've been watching my accounts like a hawk since this was announced.
Fortunately for me, the PSN didn't have any credit card info of mine. I've never bought anything from them. I mainly use the PS3 for the Blu-Ray player and to stream video files from my PC or Netflix. But yeah, it's a pretty big mess. My younger son Eric who is a computer science major has lost a lot of faith in Sony. Anyway, I'll be most interested in how much they "step up" to compensate their customer base after all this.
My problem is that I know I bought some stuff a year or so ago, but I have no idea which card I used, and there's no way to check while their account management servers are offline. So basically I have to check every account I have open until there's some way of knowing.
I liked the idea that Sony Europe has stated they'll be giving away free games on PS3 and PSP as compensation, I guess as digital downloads. Hopefully we get this in the US as well.
It's not a question of bringing it back online, they could do that right now. They are redesigning a major portion of the basic structure of their systems to close the gaping security hole that was exploited. No point turning the system back on if it's just going to be hacked again.
This is a very big oversight on Sony's part and for a company as large as they are it's basically an unforgivable error. Unfortunately though, when it comes to online storage of sensitive data, I think you'll find more sites doing it 'wrong' then doing it right.
Oh, I realize all that Joe. My point was, fix the hole! I mean, is it really that hard to plug? The hackers pointed it right out to them. And I also have a hard time understanding how someone as big as Sony has such poor security to start with. Anyway, I just hope my bank does a better job. ;)
My understanding is that a complete fix requires a fairly substantial rewrite of the underlying server code. That combined with QA time easily puts it to the end of the month.
Quote from: Rico on May 09, 2011, 10:15:23 AM
Oh, I realize all that Joe. My point was, fix the hole! I mean, is it really that hard to plug? The hackers pointed it right out to them. And I also have a hard time understanding how someone as big as Sony has such poor security to start with. Anyway, I just hope my bank does a better job. ;)
I think that the reason they were easily exploited is because their gimick came back to bite them in the butts. The created PSN to go against the 360 and decided that they could win people by making it free. however, they knew going in that they would need to have a paying side to it to be able to support the framework of the PSN. IF you are putting out the console at a loss and hoping to make it up with first party titles, there is really not much money that you can put into a free network, if you still want to make money.
They tried to sale you something cheap and flawed and hope that it would move enough consoles so that when they had to switch to a paid format, people would already be too invested in the product to get upset.
Then their chickens came home to roost.
This is just another Sony oversight. Is this company trying to kill itself?
Just sad.
King
Since they are doing credit card transactions they should be PCI compliant. I am not sure how many of you have been through PCI audits but they are a joke. I am not suprised at all that this kinda stuff happens. Audits are nothing more than a third party company that comes and asks questions about your infrastructure. They really do not have hardware or software to confirm your PCI compliancy. They are dependent on the people taking the audit to answer correctly.
Blackride, I've been through PCI audits. I work for a for profit University and we were put through the wringer. Truly.
Alright, I know that people make mistakes, but to me, this just looks like sheer negligence. I don't think that just sending them free games is the right punishment for the possible damages they could have caused by this. What do you guys think about this?
King
The longer it goes the more damaging it seems to get for Sony. Now there are accusations that Sony actually knew about a fatal security flaw for months before the intrusion and did nothing about it. If that can be proven then it's even more of a huge blow for Sony.
I'll certainly take my free games of course, and probably have no problem using my credit card with them in the future. I look at it like, stuff happens, you can't live in constant fear. With all the scrutiny they are under now from the government and other sources I'm going to believe that when they are finally up and running again their service will have the highest security possible. Frankly anyone and everyone is vulnerable to hackers. Nothing is truly completely secure.
I have heard similar reports about them knowing about the security flaw too. That seems to happen a lot when security issues happen in places. Hey, I know there's a big, gaping hole but it would be too costly and time consuming to fix, so just cross your fingers. ;)
I will remain silent regarding some project I've worked on...let's just say it happens more then you'd be comfortable believing.
Quote from: billybob476 on May 10, 2011, 06:44:19 AM
I will remain silent regarding some project I've worked on...let's just say it happens more then you'd be comfortable believing.
Oh, I have no doubt it happens all the time. Just like most products of all types are built and shipped with known flaws or issues.
Quote from: Kingisaaclinksr on May 09, 2011, 04:09:10 PM
Alright, I know that people make mistakes, but to me, this just looks like sheer negligence. I don't think that just sending them free games is the right punishment for the possible damages they could have caused by this. What do you guys think about this?
King
I think you have unrealistically high expectations of company behaviour...
Just a thought. I have a PSN account but haven't owed a PS3 in a couple of years. Still get related emails. I wonder if they'll send me some free stuff?
Would be nice to trade in for some Apple gear... ;)
They'll almost certainly only be offering download codes.
Interesting article here on Sony's lack of communication during all this - especially early on.
http://www.ibtimes.com/articles/144054/20110511/sony-playstation-network-outage-psn-outage-sony-hackers-sony-pr-sony-response.htm (http://www.ibtimes.com/articles/144054/20110511/sony-playstation-network-outage-psn-outage-sony-hackers-sony-pr-sony-response.htm)
So, it looks like some people are trading in their PS3's as the outage continues. Poor Sony....
Users are trading in their PlayStation 3 consoles due to PlayStation Network being offline, according to a report.
Retail sources told Edge that there has been a rise in systems being swapped for cash or Xbox 360s, and that sales of PSN points cards have plummeted.
"In the first week of downtime we did not really see any major change in sales or trades," said a store manager at one major retailer.
"However, from the second week onwards we have seen an increase of over 200% on PS3 consoles being traded in, split almost 50/50 between those trading for cash and those taking a 360 instead."
Another source said that users trading in their systems were the "hardcore online shooter crowd", a group notably affected by the prolonged downtime.
It has been reported that sales and pre-orders of multiplatform titles have also declined on the platform, with players opting for the Xbox 360 version or canceling orders altogether.
Customer satisfaction has reportedly been hit, with those trading in hardware and software "annoyed" at how Sony has handled the security breach and its lack of communication.
Earlier this week, Sony said that it was unsure of an exact date for the return of PlayStation Network, but has suggested that all services will be fully operational by the end of the month.
PlayStation Network, which currently supports 77 million users worldwide, went offline on the evening of Wednesday, April 20 as a result of hacker activity.
It was confirmed the following Tuesday, April 26 that personal information was taken as a result of the breach. Sony has since recruited an external security firm to help create a more robust network infrastructure.
http://www.digitalspy.com/gaming/news/a319184/playstation-network-outage-hits-ps3-trade-ins.html (http://www.digitalspy.com/gaming/news/a319184/playstation-network-outage-hits-ps3-trade-ins.html)
Knew this was going to happen and as much as I'd pity them, Sony brought this upon themselves. Getting that badly hacked and then not restoring service for another month would make a lot of people switch to PC or XBox.
King.
This all originates with their original, in hindsight extremely foolhardy, decision to remove the "other OS" functionality of the PS3, which is what put Sony directly in the line of fire of these hacker groups in the first place. I totally agree that they brought this on themselves, by removing features that shipped with the console that were obviously important to a group of customers. Crazily enough, Sony stated a large part of the decision to remove the other OS functionality was to make the system more secure against piracy and hacking.
Quote from: Jobydrone4of20 on May 12, 2011, 11:59:23 AM
This all originates with their original, in hindsight extremely foolhardy, decision to remove the "other OS" functionality of the PS3, which is what put Sony directly in the line of fire of these hacker groups in the first place. I totally agree that they brought this on themselves, by removing features that shipped with the console that were obviously important to a group of customers. Crazily enough, Sony stated a large part of the decision to remove the other OS functionality was to make the system more secure against piracy and hacking.
I've found companies have no idea how to counter piracy and/or hacking. If they truly did, they would remove a good chunk of it. You'll never erase it, but you could easily cripple it and its just appealing to our better nature....
King
Leaked letter detailing some of the how, when, etc. of the Sony security breach:
A letter sent from Sony to publishers of the PlayStation Network and Qriocity—the breached online entertainment services entering day 23 in the dark—has revealed a few more details about what happened.
No, it doesn't answer your most pressing question of "when will the services be resumed?" but the letter, obtained by and published in full at Industry Gamers, explains how the hack was discovered:
"On Tuesday, April 19, 2011, Sony discovered that several PlayStation Network servers unexpectedly rebooted themselves and that unplanned and unusual activity was taking place on the network. This activity triggered an immediate response.
"Sony mobilized a larger internal team to assist the investigation of the four suspect servers. That team discovered the first credible indications that an intruder had been in the PlayStation Network system, and six more servers were identified as possibly being compromised. Sony immediately decided to shut down all of the PlayStation Network services in order to prevent any additional damage.
"The scope and complexity of the investigation grew substantially as additional evidence about the attack developed.
The forensic teams were able to confirm that intruders had used very sophisticated and aggressive techniques to obtain unauthorized access, hide their presence from system administrators and escalate privileges inside the servers. Among other things, the intruders deleted log files in order to hide the extent of their work and activity within the network."
It wasn't until two days later, April 21, that Sony officially confirmed the hack and shut down the services.
In the letter, Sony also said it was working with the Federal Bureau of Investigators to track the culprits. However even if "Anonymous," a coalition of hackers assumed to be behind the takedown, were involved, a disaffected former 'nonymous member recently told the press that he doubted such a secret would ever be leaked.
The letter also re-affirms that Sony is appointing its first Chief Information Security Officer for Sony Network Entertainment International, as announced in early May, who will report to Shinji Hasejima, Chief Information Officer of parent company Sony Corp.
For more background on the outage, see "Sony's PlayStation Network Outage: What You Need to Know." Also check out ways PSN users can hedge against financial losses incurred by the theft of credit card information: "Sony Accounts Hacked? Here's What You Should Do."
from: http://www.pcmag.com/article2/0,2817,2385339,00.asp (http://www.pcmag.com/article2/0,2817,2385339,00.asp)
Looks like they are working on getting the PS Network back up now. Anyone tried yet??
Sony began a gradual restoration of its PlayStation services Sunday as the company works to resume normal operations following a security breach that exposed personal details of 77 million users.
"I'd like to send my sincere regret for the inconvenience this incident has caused you, and want to thank you all for the kind patience you've shown as we worked through the restoration process," said Kazuo Hirai, the executive deputy president of Sony Corp.
"I can't thank you enough for your patience and support during this time."
PlayStation users eager to resume games
Sunday's restoration of the PlayStation Network appeared to end an outage that lasted four weeks, angered users and stained Sony's reputation among gamers.
However, the network's return was not without glitches. In an update Sunday, Sony said it had to turn off services again for about half an hour as it struggled to accommodate users.
"We're currently experiencing an extremely heavy load of password resets, and so we recently had to turn off services for approximately 30 minutes to clear the queue," wrote Sony spokesman Patrick Seybold in a blog post.
Twitter was abuzz Monday with PlayStation users excited to be back online, although others complained they were still waiting for Sony to send them their new passwords.
Sony announced this month that gamers will receive compensation for not being able to log on.
Full story here:
http://edition.cnn.com/2011/TECH/gaming.gadgets/05/15/sony.playstation.services/index.html?iref=NS1 (http://edition.cnn.com/2011/TECH/gaming.gadgets/05/15/sony.playstation.services/index.html?iref=NS1)
I have to say, Sony seems to be doing pretty right by it's customers. Besides free game time for 45 days for any SOE/MMO type game you ever have played or owned, they are also handing this stuff out to Sony/Playstation owners down below. I just changed my PS Network password and also my SOE password. I'm updating my PS3 right now. Hopefully, they are the most secure network around right now. :)
Goodies:
All PlayStation Network customers can select two PS3 games from the following list. The games will be available for 30 days shortly after PlayStation Store is restored and can be kept forever.
Dead Nation
inFAMOUS
LittleBigPlanet
Super Stardust HD
Wipeout HD + Fury
For PSP owners, you will be eligible to download two PSP games from the following list. The games will be available for 30 days shortly after PlayStation Store is restored and can be kept forever.
LittleBigPlanet (PSP)
ModNation Racers
Pursuit Force
Killzone Liberation
A selection of "On Us" rental movie titles will be available to PlayStation Network customers over one weekend, where Video Service is available. Those titles will be announced soon.
30 days free PlayStation Plus membership for non PlayStation Plus subscribers.
Existing PlayStation Plus subscribers will receive an additional 60 days of free subscription.
Existing Music Unlimited Premium Trial subscription members will receive an additional 30 days of free premium subscription.
Additional 30 days + time lost for existing members of Music Unlimited Premium/Basic subscription free of charge for existing Premium/Basic members.
To welcome users Home, PlayStation Home will be offering 100 free virtual items. Additional free content will be released soon, including the next addition to the Home Mansion personal space, and Ooblag's Alien Casino, an exclusive game.
Some really good, although a bit old, games on those lists. Sony needs the good PR, that's for sure. With the big E3 conference right around the corner, they don't want everything they announce or talk about to be thought of in conjunction with their servers being hacked.
If you haven't played Infamous, Rico, you need to download that one...it is awesome. You play as a bike messenger that gets super electrical powers during an apocalyptic event in a big city. The control you have over your character is the best thing about the game for me, zipping around the city on power lines, climbing buildings, jumping, flying, shooting electrical arcs from your fingertips...it all flows perfectly and feels so natural and easy with the controller. The story is presented with a cool, comic book style too with great art if not the most original plotline. Great game, and the price is right!
Thanks for the suggestion Joby. Was thinking of maybe Little Big Planet too.
http://kotaku.com/5803070/sony-playstation-network-password-reset-page-exploited-customer-accounts-potentially-compromised (http://kotaku.com/5803070/sony-playstation-network-password-reset-page-exploited-customer-accounts-potentially-compromised)
Joel Johnson — According to reports on Nyleveia.com, Eurogamer, and NeoGAF, Sony's PlayStation Network password reset system-the one just put in place after the PSN hack-has been compromised, allowing hackers to change a PSN password if they know your email and date of birth. Exactly the sort of information that was released in the original hack.
Sony has taken the password reset system offline. Kotaku has reached out to Sony for comment.
Update 1: The good news (as pointed out by NeoGAF's "Metalmurphy") is that if your account was compromised, you should have gotten an email from PSN that says your password has been reset.
Update 2: An official community moderator on the EU PlayStation forums notes the following services are offline:
PlayStation.com
PlayStation forums
PlayStation Blog
Qriocity.com
Music Unlimited via the web client
All PlayStation game title websites
Update 3: This is the purported exploit as provided to Kotaku. As PlayStation services are now offline, this exploit is no longer able to be executed:
So Sony needs to be taught again and again about Security apparently. This is pretty much shattering Sony's reputation. Getting hacked twice this quickly...
King
I thought this was the third hack, not the second.
Quote from: billybob476 on May 18, 2011, 10:28:23 AM
I thought this was the third hack, not the second.
idk, too many hacks to keep track of them ;)
King
Quote from: Kingisaaclinksr on May 18, 2011, 10:33:40 AM
Quote from: billybob476 on May 18, 2011, 10:28:23 AM
I thought this was the third hack, not the second.
idk, too many hacks to keep track of them ;)
King
I'm surprised that they let themselves get caught again so quickly (and I'm normally quite forgiving with regard to some corporate goings-on). After the publicity that they've just had to work their way through over the last problems, this does just make them look inept.
It is unbelievable they have been caught out again already!
This is a very interesting situation.
All I can say to all this now is: What the FRAK!?!?
Breaking News, Just in...Entertainment and Gaming Giant Sony to change their name to...Sorry...:)
At my previous job when I was developing e-commerce systems we used services like McAffee Secure (http:://www.mcafeesecure.com/us/). They would basically perform a hack simulation on our site every day and send us reports of any security holes. If we didn't patch any major holes withing 48 hours of them being found we lost our "secure" designation with them.
There's lots of ways to secure your online systems, Sony is in reactionary mode right now, this won't stop until they move into proactive mode.
Well, depending on who you believe right now, Sony in this story is saying there wasn't a "new hack." But, they took the password reset system down again to plug another security hole in it. Still, even that doesn't make me feel warm and fuzzy. It's like, we left the front door open while we went to work. So glad we didn't get robbed! ;)
http://www.foxnews.com/scitech/2011/05/18/network-sony-denies-second-playstation-hack/ (http://www.foxnews.com/scitech/2011/05/18/network-sony-denies-second-playstation-hack/)
Quote from: Rico on May 19, 2011, 08:39:12 AM
Well, depending on who you believe right now, Sony in this story is saying there wasn't a "new hack." But, they took the password reset system down again to plug another security hole in it. Still, even that doesn't make me feel warm and fuzzy. It's like, we left the front door open while we went to work. So glad we didn't get robbed! ;)
http://www.foxnews.com/scitech/2011/05/18/network-sony-denies-second-playstation-hack/ (http://www.foxnews.com/scitech/2011/05/18/network-sony-denies-second-playstation-hack/)
I call that story a "cover my butt" story. It's still sad that it existed after being down for so many weeks.
King
Quote from: Rico on May 19, 2011, 08:39:12 AM
Well, depending on who you believe right now, Sony in this story is saying there wasn't a "new hack." But, they took the password reset system down again to plug another security hole in it. Still, even that doesn't make me feel warm and fuzzy. It's like, we left the front door open while we went to work. So glad we didn't get robbed! ;)
http://www.foxnews.com/scitech/2011/05/18/network-sony-denies-second-playstation-hack/ (http://www.foxnews.com/scitech/2011/05/18/network-sony-denies-second-playstation-hack/)
There was definitely an exploitable hole in there which was previously not leveraged. I can't find the link right now but they outlined the hack. It's so easy anyone with a browser can do it. Basically if you had two windows open you could trick the password reset page into allowing you to reset a password of an account for which you didn't have ownership of thereby giving an attacker full access to it.
Well, the Playstation Store is still down. So, I haven't been able to get those free games or anything else yet due to the issues they have been having. Sony you really are continuing to drop the ball here.
Wow it is still down?! I thought it was back up already. That is pretty bad. I think this gives them a record for longest downtime on a gaming service ever...
King
Came back up then went back down :)
I had trouble yesterday logging into my netflix on the playstation. Had to do a few things just to get into netflix. Don't really do any thing at the Playstation store.
I never use the store either, but darn it - I want my two free games!! :)
The article below says all should be back up & online by the end of this week. Now, why do I not believe them?
http://content.usatoday.com/communities/gamehunters/post/2011/05/sony-to-fully-restore-playstation-network-by-end-of-week/1 (http://content.usatoday.com/communities/gamehunters/post/2011/05/sony-to-fully-restore-playstation-network-by-end-of-week/1)
Hard to believe a company that hasn't kept it's timetable right so far.
=\
King
Well, everything is suppose to be back up - at least for right now.
http://content.usatoday.com/communities/gamehunters/post/2011/06/sony-restores-all-playstation-network-services/1 (http://content.usatoday.com/communities/gamehunters/post/2011/06/sony-restores-all-playstation-network-services/1)
Not PSN, but more apparent Sony data breaches.
Quote
Already infamous for defacing PBS's website earlier this week, cracking outfit LulzSec today claimed the scalp—whatever remains of it—of Sony. This time, it's Sony Pictures Entertainment, the movie-making division.
http://www.boingboing.net/2011/06/02/sony-hacked-again-1m.html (http://www.boingboing.net/2011/06/02/sony-hacked-again-1m.html)
http://news.cnet.com/8301-31021_3-20068414-260/hackers-claim-more-stolen-info-from-sony-servers/ (http://news.cnet.com/8301-31021_3-20068414-260/hackers-claim-more-stolen-info-from-sony-servers/)
Hmm, note to self, when ticking off the hacking community, make sure my own house isn't made out of glass....
King
I'm starting to wonder how much of this is actually Sony and how much is just the fact that they seem to be the target of choice at the moment. If someone (or a group of someone's) made a concerted effort at another target, how long would that stand?
Why do poeple have to be so stupid to want to do anything like this. It's crazy.
Well, it seems I finally could get into the PS store today. Downloading my first free game right now (slowly), "Little Big Planet."