PSN Outage Continues, Console Hack Claimed To Be Responsible 404
Over the weekend, we discussed news that the PlayStation Network had been down for days, with Sony saying little other than that it was caused by an "external intrusion" and that they were "rebuilding their network." Many of you have written to point out that the outage continues, with Sony saying they "don't have an update or timeframe to share at this point." One theory about the cause behind the network's downtime was recently espoused on Reddit by 'chesh,' a moderator at PlayStation-modding enthusiast site PSX-Scene.com. According to him, recently released custom firmware called Rebug allowed people to essentially turn their PS3s into dev consoles, though some features were missing. A different group supposedly used this firmware to get on PSN through the developer networks, and also found that fake credit card numbers were not being validated for game purchases, leading to what chesh called "extreme piracy." He acknowledges that this theory is speculation. Sony's handling of this outage is starting to draw attention from the government. Update: 04/26 20:47 GMT by S : Sony just posted more details, saying that a massive data breach occurred: An "unauthorized person" has PSN users' "name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID." Billing address, password questions, and credit card info may also have been taken.
There's some karma for you, Mikey (Score:2, Interesting)
I've got a friend who is a PS3 fanatic, and hates all things Nintendo and MS as a consequence (never understood the partisanship myself, and I've owned all three consoles at one time or another and they all have their respective merits). A couple of weeks ago when he found out I was buying Portal 2 for the Xbox (I sold my PS3 a while back), I was treated to a rant about how superior the PS3 version was because it allows cooperative play between PSN and Steam PC users (a nice feature, for sure). I thought I
Re:There's some karma for you, Mikey (Score:5, Insightful)
A one-week outage does not make Xbox live better.
Re:There's some karma for you, Mikey (Score:5, Funny)
Re:There's some karma for you, Mikey (Score:4, Insightful)
It makes just about anything else better, for a week.
Re: (Score:2)
No, it doesn't change the respective merits of either online service. But I bet Mikey would still have a seizure if I asked him how his Steam coop play is going.
Re:There's some karma for you, Mikey (Score:4, Insightful)
When one is free and one is paid? That certainly makes uptime LESS of a factor, though I suppose doesn't eliminate it.
Re: (Score:3)
Tell that to anyone who was dumb enough to sign up for PSN Plus (which I don't see any value in myself, but I did get an Xbox Gold subscription just to get similar levels of service to a basic PSN account..)
Re: (Score:3)
The fact that my password and credit card number have been pwned sort of screws the PSN in my eyes.
Re:There's some karma for you, Mikey (Score:4, Interesting)
The fact that my password and credit card number have been pwned sort of screws the PSN in my eyes.
And of course you feel completely safe in Microsoft's hands, the company with a long and glorious history of high profile fiascos like the all-day trading outage on the London Stock Exchange [wsj.com] or turning a modern Navy frigate into a floating barge [wikipedia.org]
Re:There's some karma for you, Mikey (Score:5, Insightful)
face-saving talk...
if they say "may have been", they mean "definitely has been".
if they say "working around the clock to fix it", they mean "shitting in our pants and yelling at our techies but not authorizing overtime for them".
the mere mention of CC details, and the advice to avoid scammers is basically confirmation.
they're using the same language that TEPCO has been using the last month (not just Japanese).
Re:There's some karma for you, Mikey (Score:4, Informative)
Parent never once mentioned Xbox Live (Or any service) was better, so that wasn't an argument being made to need a response about which was better.
His entire post was a complaint about Sony fanbois who can't stop talking about how great Sony is.
They also charge a monthly fee, just sayin'.
Just like that :P
Re:There's some karma for you, Mikey (Score:5, Insightful)
A one-week outage does not make Xbox live better.
Yeah, it's not the outage that makes Xbox live better, it's the external intrusion. Nothing quite like an external intrusion into a company that holds your credit/debit card data to make you wish you could pay for better service.
Re:There's some karma for you, Mikey (Score:5, Insightful)
Even if Sony offered a pay service, the same would have likely happened. I don't see the validity in your complaint.
Re: (Score:2, Insightful)
Re: (Score:3, Funny)
Even if Sony offered a pay service[...].
They should make one ... call it Playstation Plus or something ....
Re: (Score:3)
If your assumption is that Sony's service would be identical regardless of whether you paid for it or not, that's awfully cynical of you.
This is Sony we're talking about. Cynicism is not really required.
Re:There's some karma for you, Mikey (Score:4, Interesting)
Sony does offer a paid service and it is identical to the free one, except it offers discounts on some downloadable games and automated patch downloads. It's called PSN Plus. PSN Plus users are also down right now and they are also part of the same data breach. So, the paid service is identical to the free service and the paid service is just as insecure as the free service.
Re:There's some karma for you, Mikey (Score:4, Insightful)
Bottom line: This can CERTAINLY happen to XBOX Live (or any system hosted on a public network). The fact that it's taking so long to correct is a little disconcerting, but I'd rather they fully correct it then bring a vulnerable system back online.
I'd be surprised if (evil) Microsoft didn't have a much more elaborate and robust system for countering "external intrusions". I'd chalk up their unwillingness to tie into many outside networks (Steam for one) as proof of their caution. With as much money as Live makes for them, they'd be foolish not to protect their cash cow.
(eviler) Sony, on the otherhand, has shown the opposite. With the rootkit on audio CDs, and now this. As well, Sony LOSES money [push-start.co.uk] on the playstation network. Their focus is likely on how to make it profitable, not secure.
If you'd rather trust your personal data (including credit/debit card) to the company with a record of security failure, have at it.
Re: (Score:3, Informative)
Sony does offer a paid service. It's called PSN Plus and it's $60/yr. It's the same service with discounts on a few download titles plus automatic patch downloading.
Having a paid service wouldn't make it any better, anyway. They're not a little startup. It's Sony. I'm pretty sure they can bootstrap a service on their own dime without a significant impact to the bottom line. Especially when it's used to bolster the userbase for their mainline product.
Also, don't forget when XBOX Live had an outage for . . .
Re: (Score:2)
Re: (Score:2)
It doesn't need to be. Before this is was leaps and bounds above PSN. After this is will be leaps and bounds above PSN.
The PSN is embarrassingly feature poor.
Re: (Score:3)
You can play games against other humans. That's all I really care about. And of course, free is free.
Re: (Score:3)
But you can't. That's the point of the article.
Re: (Score:3)
And XBOX Live is any better? Remember when XBOX Live was out for two weeks? You couldn't play that, either. And that isn't free.
http://www.engadget.com/2008/01/03/xbox-live-outage-day-13-still-up-and-down-still-preventing-fu/ [engadget.com]
You could at random times during that two weeks. Microsoft communicated the issue and an expected turnaround. As well, MS comped subscribers a free live arcade game. Not to mention they didn't lose your personal data in the process. Don't forget to cancel that card!
In short, yes, XBOX Live IS better.
Re: (Score:2)
A one-week outage does not make Xbox live better.
Uh, it doesn't? What other console have you owned that locked you out of playing games for a week?
Re: (Score:2)
I can still play any of my games, and Netflix still works. I just noticed that I couldn't play multiplayer the other day. meh. I'll do something else for a few days.
It still doesn't make up for the few hundred dollars I'd have spent on Xbox live the past couple of years.
Re: (Score:2)
Netflix worked as of last night, and every night for the previous few days even while the outage was ongoing.
The nag box to log in comes up, but you just cancel and the app works fine.
Re:There's some karma for you, Mikey (Score:5, Funny)
you might as well. The cognitive dissonance could be hilarious to watch!
I don't know, I wouldn't do it if you value him as a friend at all. A friend of mine is a big PS3 fan and I told him, look, there's no way PS3 can be the best when they have this sort of outage. It threw him into some kind of crazy logic-loop, and he started beeping and asking for someone named "Norman" to straighten things out for him...
Speculation (Score:5, Insightful)
I understand that the slashdot community might be anxious to see the PSN come back up, but do we seriously have to start publishing nothing more substantial than speculation?
Also, I've met Dick Blumenthal. He's a very nice man. However, he is, by no means, "the government", nor does a single letter from a freshman senator constitute "attention from the government".
Re:Speculation (Score:5, Informative)
You are correct, he is not the government...but he was CT's Attorney General for 20 years, and has long championed consumer rights and technology . So, him picking this battle as a freshman senator is technically accurate, but it does not reflect his multi-decade experience in the arena.
Re:Speculation (Score:4, Informative)
Well, here's some "speculation" from Patrick Seybold // Sr. Director, Corporate Communications & Social Media.
http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
"... an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."
Looks pretty bad to me. Anybody that reads and understands the above will never provide their real name or birthdate to a corporation online again. Ever.
Re: (Score:3)
I always was very hesitant to provide Sony with my credit card. I simply don't trust them. I hate the way the PS3 always tries to dump you into the Playstation Store. It just feels obnoxious and disrespectful. And now hearing about their technical negligence, I am even more happy with my decision. Honestly, I have never had any need or desire to buy anything on PSN.
Re: (Score:2)
I understand that the slashdot community might be anxious to see the PSN come back up, but do we seriously have to start publishing nothing more substantial than speculation?
When it's that interesting, when there's not much other information to go on, when it's explicitly marked as speculation/hypothesis without any pretense that it's more authoritative than that, AND when the speculation is over something as inconsequential as a videogame network, I don't see any harm.
-It is exactly the type of story that we would be interested in, moreso if and when it becomes more than speculation.
-Sony is basically encouraging speculation by keeping tight-lipped about it.
-Doesn't degr
Re: (Score:2)
Also, I've met Dick Blumenthal. He's a very nice man.
He's a politician. He has to be personable. That doesn't mean he's nice, just nice to you on the occasion that you met him.
Valve (Score:5, Interesting)
It would be nice to be able to activate the PC version included with my PS3 copy of Portal 2. You're in a somewhat unique position to improve matters, given that you were planning to make the PC version available to us anyway.
Re: (Score:2)
I'm on this boat as well.
I see my roommate and several of my steam friends play Portal 2, but I can't log into PSN with my PS3 version to unlock my PC version.
I'm somewhat surprised that Valve didn't do something about this by now or at least made an official statement, the forum is running rather hot.
Theory, speculation, bullshit. (Score:5, Interesting)
One theory about the cause behind the network's downtime was recently espoused on Reddit by 'chesh,' a moderator at PlayStation-modding enthusiast site PSX-Scene.com. According to him, ... [snip]
He acknowledges that this theory is speculation.
Slashdot should to change its moniker to "Jerry Springer for Nerds". All that's missing is a video feed of some grimy sweat pants wearing nerds furiously typing away virtual beatdowns over who got who's virtual girlfriend knocked up.
This whole "new media" thing is unconvincing.
Re: (Score:3)
nerds furiously typing away virtual beatdowns over who got who's virtual girlfriend knocked up.
There was no need to bring the G word into the conversation, that's just uncalled for.
Sony's Silence says it all (Score:3)
Re:Sony's Silence says it all (Score:5, Informative)
Press the NUKE button now!
Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of personal information as a result of an illegal intrusion on our systems. These malicious actions have also had an impact on your ability to enjoy the services provided by PlayStation Network and Qriocity including online gaming and online access to music, movies, sports and TV shows. We have a clear path to have PlayStation Network and Qriocity systems back online, and expect to restore some services within a week.
We’re working day and night to ensure it is done as quickly as possible. We appreciate your patience and feedback.
Valued PlayStation Network/Qriocity Customer: We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:
Temporarily turned off PlayStation Network and Qriocity services; Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable. Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well. To protect against possible identity theft or other financial loss, we encourage you to remain vigilant, to review your account statements and to monitor your credit reports. We are providing the following information for those who wish to consider it: U.S. residents are entitled under U.S. law to one free credit report annually from each of the three major credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll-free (877) 322-8228. We have also provided names and contact information for the three major U.S. credit bureaus below. At no charge, U.S. res
Re: (Score:3)
Re: (Score:3)
Thanks for that advice.
Good to know I should take my sensitive information seriously.
Thanks for the concern.
No, really.
Thanks.
Official word from Sony finally (Score:5, Informative)
"We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network.
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.
"
http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/ [playstation.com]
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I have my credit card on file with them. I bought the "Walking Dead" premier because I missed it and couldn't find it anywhere (didn't want to torrent it). So that's another way to get screwed.
It sounds like they encrypted the card numbers at least, which is why they are thinking the card numbers are safe. Annoyingly, some douchebag now has my full name, billing address, and date of birth (why does Sony need that??). Thanks, Sony, now I have to worry about some hacker trying to steal my identity, because
Re: (Score:2)
Security isn't their strong suit.
Re: (Score:2)
Wait... the passwords/security answers should have been encrypted
Emphasis: mine
This will be fun. I'm hoping some form of external inquiry will take place post mop-up operation to confirm that Sony was indeed using best practices for securing it's data.
Take note (Score:3, Interesting)
What if banks operated this way? They find a ring of fraudsters using bank accounts to commit fraud, and the bank responds by freezing everyone's accounts for weeks? It would be totally unacceptable.
When you find a small group of fraudsters, you take targeted action against them alone, even if it means you hemorrhage a little money compared to the more totalitarian approach. Its part of the cost of doing business. In the retail world they call it "spillage" -- the fact that some of your goods might get damaged beyond saleability or that a few things will go missing from the floor (or the stock room) is unavoidable -- you simply do your best to detect and take action against those responsible, but you don't go around treating every other customer as a criminal.
Of course, that assumes the rumored reason is the cause of this action -- I suspect its either speculation or a (possibly intentionally-leaked) cover story for other measures taken in response to the Anonymous attack and whatever information they got out of GeoHot in the settlement. I anticipate a new official firmware will be required after the network comes back up and it will be necessary to access the "new" PSN, and possibly even already-owned downloadable content. This long of a downtime indicates pretty drastic changes behind the scenes, methinks.
Re: (Score:2)
Assuming that that hack is what this is all about, wouldn't it have been simpler to shut off "developer" PSN for however long, rather than all PSN? It's not adding up.
Re:Take note (Score:5, Interesting)
Re:Take note (Score:4, Insightful)
This is the company that used a constant instead of a random value to feed a critical encryption algorithm in their flagship product. You really think they understand password security? Even if they hashed the passwords, what do you figure the odds are that they salted, much less peppered, them? Apply rainbow tables and go home happy, since i can't imagine many of the users would have bothered with a particularly secure password.
Re: (Score:3)
It's Sony's custom.
Think about it. GeoHot did a mostly theoretical demonstration of a possible flaw in the PS3 hardware (RAM glitchi
Penny Arcade (Score:2)
Obligatory... [penny-arcade.com]
Re: (Score:2)
Better link [penny-arcade.com] (sorry about that, reader from the world of tomorrow!)
Attention from government? Please no. (Score:2)
To tell the truth... (Score:3)
To tell the truth, I do not believe a think Sony says. Sony credibility has fallen to zero, or negative even. So if Sony says their system was brought to its knees by a "console hack" I naturally tend to assume that the real cause was an inside job. And then I go on to speculate about what kind of employee abuse goes on inside Sony that might trigger such a thing, not that I condone it.
Forget CC#s, there is a worse scenario (Score:5, Interesting)
Re: (Score:3)
A broken/compromised Playstation is the least of your worries.
Lost personal information is a well understand problem, credit monitoring, blah blah blah. Nightmare scenario for sony is a million PS3's updated with a firmware that no longer accepts updates. That would require a mass recall which would be very slow. It'd be utter destruction of the PS3 brand.
Next Gen Console Power (Score:3)
Oh oh personal data comprised (Score:2)
Cultural effect? (Score:4, Insightful)
Lets look at two problems with a Japanese company. PSN down and TEPCO's reactor. Both had similar reactions.
Silence, followed by small admissions, followed by admissions its much worse that it appears, followed by more silence, followed by admissions that some members of the public may have been harmed, repeat. No timetables, no estimates.
Is this possibly a Japanese cultural thing?
Re: (Score:3)
Maybe. One was caused by the worst earthquake in Japanese recorded history* the other was caused by bad security practices.
The other cultural difference (we'll see how Americanized they became) is that the people responsible may take responsibility and leave in disgrace. If this were America and your name was BP, you'd get a fat bonus check...for you know, performance.
* Technically, the reactor survived the earthquake but was damaged beyond repair by the tsunami. But the earthquake caused the tsunami er
Re:Cultural effect? (Score:4, Insightful)
Lets look at every problem with any company. (E.g. BP Oil spill, Three Mile Island, TEPCO's reactor, Sony's rootkit, Exxon Valdez, Apple's antenna, Microsoft's uhhh everything, various company's spinach, peanuts, milk, salmonella in meat, etc.) They all have similar reactions.
Silence, followed by small admissions, followed by admissions it's much worse that it appears, followed by more silence, followed by admissions that some members of the public may have been harmed, repeat. No timetables, no estimates.
Is this possibly a corporate thing?
Answer: yes
Re:Cultural effect? (Score:4, Informative)
Re:Cultural effect? (Score:4, Insightful)
Sorry, but this is plain racist.
We've had industrial accidents in West as well, as systems that have been hacked into. BP is the most recent example, and Union Carbine's Bhopal disaster is another (which killed 3,700 people and inured close to half a million). Cover ups, slow-response, not very unique to one country or company.
None of it is "cultural thing". In fact, Sony isn't very Japanese these days, its run by a British-born American, and Western executives pull a lot of sway, especially in the music division, movie studios and Playstation division where a lot of its is centered in the US. Their phone division is split with Ericsson, their music division with Germany's BMG.
Sony confirms: your personal data has been stolen (Score:2)
Story at Ars: http://arstechnica.com/gaming/news/2011/04/sony-admits-utter-psn-failure-your-personal-data-has-been-stolen.ars [arstechnica.com]
If Woody had gone straight to the police... (Score:4, Insightful)
If Sony had never removed "other OS" feature, they would never have encountered the focused rage of the entire enthusiast community.
Now, it's possible that the Playstation Network, and possibly the entire PS3 platform, is finished.
You reap what you sow, Sony....
Does anybody *buy* this story? (Score:2)
Translation :
newbie outsourced tech typed "sudo rm -rf *.*" and we don't have a backup.
If Sony ran a supermarket: if one guy was caught shoplifting, they'd close down the supermarket and deny an entire neighborhood any food.
This is their rootkit fiasco all over again. Deny, deny, deny, blame it on "hackers", don't admit that THEY fucked up.
Summer Wars (Score:3)
The anime film "Summer Wars" predicted this EXACT scenario, except a little more extreme and with more dire consequences, but pretty darn close.
http://www.anime.com/Summer_Wars/ [anime.com]
cleartext passwords? (Score:3)
Does this mean PSN stored passwords in cleartext?
If the password was hashed I'm not that concerned. You won't find my password in a rainbow-table.
But if it was unhashed, a looooot of people should change their passwords.
This XKCD [xkcd.com] comes to mind
Re:government? (Score:5, Insightful)
Is there anything that isn't government business anymore?
Re:government? (Score:5, Insightful)
why is the PSN outage any of the (US?) government's business?
Because Senators are suppose to represent their constituents and the issues they care about (lets leave the vote pandering cynicism discussion as off-topic for now) and his constituents are worried their personal/financial details were compromised in the attack so it makes sense that he would ask Sony whether or not this is the case as he has a better chance of being responded to because he wields more power.
Re: (Score:3)
Re: (Score:2)
Wrong. Senators are supposed to represent their state. Representatives are supposed to represent their constituents.
Please correct me if I'm wrong, but isn't the state made up of constituents?
Re: (Score:2)
Wrong. Senators are supposed to represent their state. Representatives are supposed to represent their constituents.
Please correct me if I'm wrong, but isn't the state made up of constituents?
He meant the state governments, but as someone else already pointed out, the 17th Amendment changed that.
Re: (Score:2)
Yes, but of constituents of more than one congressional district.
Senators represent the state; Representatives only represent their constituents, and unless their House seat is an at-large seat, their constituents are not the entire state.
Re: (Score:2)
Wrong. Senators are supposed to represent their state. Representatives are supposed to represent their constituents.
Unless I missed a memo and the Senators are all now versions of the Lorax and speak for the trees for the trees have no tongues I'm pretty sure by representing "their state" it means they represent the people in their state, who authorized the senator to act as an agent on their behalf by voting them in, thereby making them: constituents. [merriam-webster.com]
Re: (Score:2)
Do you ignore first 16 amendments as well?
Re: (Score:2)
Wrong. Senators are supposed to represent their state. Representatives are supposed to represent their constituents.
This is why they sprinkle Constituent Service offices around their states where they employ constituent service representatives?
Also, they call them constituents because constituents are defined as the entities being represented. Therefore, even if your statement is correct, the state would still be a constituent.
Re: (Score:2)
why is the PSN outage any of the (US?) government's business?
Why would you even question that? Preventing citizens from being harmed or abused by others, whether they be foreign armies, domestic criminals, or large corporations skirting or possibly even breaking the law, is precisely the most fundamental function of any government. There are regulations dictating how a corporation must handle user's information precisely because of this, and there's good reason to believe Sony ain't following them at the moment. Are you suggesting governments should just ignore th
Re: (Score:3)
Re: (Score:2)
dev consoles can get unlimited funds to buy content from the PSN store
If they use fake CC numbers.
But TFS was definitely pretty unclear about that.
So from what I gather, the gist of the (speculative) reason goes like this:
Rebug allows you to unlock dev features in the console; some proxy magic then allows you access the developer network with your unlocked console, and if you're on the "trusted" dev network it doesn't bother to verify that you use a valid CC number when you make a purchase. Result: Sony hastily shuts down the network.
Re: (Score:2)
I'm guessing they're actually the "test" CC numbers that the credit agencies created for that purpose, but end-user systems should explicitly be designed to reject them, because the credit card check will approve any purchase made with that number.
Re: (Score:2)
They should, if you define "end-user systems" to be "NOT developer systems". It'd be hard to develop something that depends on accepting/rejecting credit card data if the dev system ALSO rejects the test cards.
That depends on how you define "developer". Should a developer for the PS3 be able to use a test CC number to test their own DLC? Probably. Should they be able to download anything off the entire network using it? Probably not... so you should still be doing some basic common-sense checks before blindly authorizing the download.
Of course, in my opinion, this is sounding more and more like Sony just assumed the single point of failure was enough to secure the entire system ("system" including the PS3, PSN, etc) with no redundancies, no security on the server end, and depending on their own overconfidence and arrogance to keep everyone out if the shit ever hit the fan.
Well... yeah, probably.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Wouldn't be easier just to F with the dev network for a week or so and leave the prod one alone. It just seems like you could selectively turn off some servers of get some fire wall rules to deal with the Dev Console issue.
Re: (Score:2)
Nope. Everyone else already paid up their campaign contributions and lobbying fees.
Not exactly. (Score:3)
aren't there other goddamned things they should be working on?
As a member of the Subcommittee on Privacy, Technology and the Law [wikipedia.org], this is exactly what Richard Blumenthal should, and is doing.
Re: (Score:3)
Where does that say - "ask a software/hardware vendor why their free service isn't up and running"?
It doesn't... and Blumenthal isn't asking that... because he doesn't give a flying fuck about the functionality of the PSN. He cares about the "(4) Privacy standards for the collection, retention, use and dissemination of personally identifiable commercial information" which is clearly stated in his letter.
"I am concerned that PlayStation Network users’ personal and financial information may have been inappropriately accessed by a third party," Blumenthal wrote to Jack Tretton, president and CEO of Sony Computer Entertainment America. "Compounding this concern is the troubling lack of notification from Sony about the nature of the data breach."
Please RTFA next time.
Re: (Score:2)
Senators and Representatives going after Apple, now Sony, aren't there other goddamned things they should be working on?
Than writing a letter? We're not talking about a $5 million investigation.
Re: (Score:2)
Not that I begrudge Kotaku the clicks, but if you are going to post it, post the one that comes from the horses mouth.
Update on PlayStation Network and Qriocity [playstation.com]
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
Thank you for your patience while we work to resolve the current outage of PlayStation Network & Qriocity services. We are currently working to send a similar message to the one below via email to all of our registered account holders regarding a compromise of
Re:And everyone was saying hacking their ps3 was o (Score:5, Insightful)
Or we are seeing what happens when a company become so arrogant that they don't bother actually locking down this info despite the fact that it would be inevitable that someone would come along and find a backdoor.
Seriously, a 'hacked PS3' being able to do this is pretty much the definition of "Security Design Failure".
Re: (Score:2, Insightful)
I've said it before and I'll say it again: PC fanboys really are the worst.
Disclaimer: I am a PC gamer, and do not have a PS3.
Evils of DRM (Score:5, Insightful)
Yeah, can't you wait until your Blu-Ray player stops working too, every time you want to watch a movie? This is why you can't have "server" verification. Because there's no guarantee the server will be there.
Tell your friend to return the game. It's broken. Get his money back. It's designed to fail.
Re: (Score:3, Insightful)
Re: (Score:3)
Everyone.
Re: (Score:3)
Two things.
a. I thought slashdot didn't edit articles. I'm obviously wrong.
b. This smells of anonymous....
That guy always was a coward...
Re: (Score:3)
I feel a disturbance in the financial industry, as if millions of gamer's credit cards were stolen, and then suddenly canceled.