Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Japan PlayStation (Games) Security Sony Games

Japan Says No To PlayStation Network Restart 146

tekgoblin writes "Although Sony may be restoring services on the PlayStation Network around the world, one country has said 'No.' Japan has not yet given Sony approval to start up their online services, making the company wait until they have proven that they have taken the necessary measures to secure their network against another incident."
This discussion has been archived. No new comments can be posted.

Japan Says No To PlayStation Network Restart

Comments Filter:
  • Bravo Japan! (Score:5, Insightful)

    by cpu6502 ( 1960974 ) on Monday May 16, 2011 @12:49PM (#36142064)

    A government that actually does its job (protect the citizens' rights). Good for them.

    • No networks is secure no matter how many steps are taken there is always a hole to get in
      • Re:Bravo Japan! (Score:4, Insightful)

        by somersault ( 912633 ) on Monday May 16, 2011 @01:26PM (#36142480) Homepage Journal

        That's no excuse to be lazy about keeping up to date with patches, and apparently having no disaster recovery plan.

        • and apparently having no disaster recovery plan.

          I do not think it means what you think it means. Go here for more information. [wikipedia.org]

          • Hmm.. nope, that reads as exactly what I think it means. What do you think it means?

            • Hmm.. nope, that reads as exactly what I think it means. What do you think it means?

              As linked in the wiki article, it refers to disasters like floods or bombing; where the building that housed your data center no longer exists and you're employees are probably living in shelters.

        • by Anonymous Coward

          The issue isn't patches...

          The issue is that they didn't encrypt the data so that an embarrassing intrusion became a financially damaging intrusion for their customers.

          The two things I am left with that really piss me off are:
          - Why haven't they given me the last 4 digits of the card they had on file? Which card should I be watching? They gave the whole damn number to the intruder so telling me the last 4 digits isn't a big deal.
          - Why do they even require a card number (which they can't be trusted with) when

          • Wow, way to FUD.

            They didn't "encrypt", but they did hash.

            You should be a bit more careful what you're doing with your cards.

            They don't.. do you you even have a PS3?

            • They didn't "encrypt", but they did hash.

              I thought they did encrypt the credit card data. They would only hash passwords.

              • Possibly, but according to one of the press releases I saw, people were complaining about a lack of encryption, and they explained that the passwords were not encrypted, but they were hashed.

                Would encryption of the credit card data even be any use if they compromised the whole system, and therefore probably had access to the keys too?

                • Possibly, but according to one of the press releases I saw, people were complaining about a lack of encryption

                  The personal data wasn't encrypted but the credit card data was.

                  and they explained that the passwords were not encrypted, but they were hashed.

                  Well yes, hashing is a safer and better method for passwords anyway.

                  Would encryption of the credit card data even be any use if they compromised the whole system, and therefore probably had access to the keys too?

                  Good point, i guess that depends on their system architecture and whether it was just the database that was compromised or the entire system.

      • by h4rr4r ( 612664 )

        Perfect is the enemy of Good. The question is not is their setup perfect, but is it good. Odds are it is just the cheapest fix they could come up with.

        • Perfect and Good don't always get along, but they can and do cooperate in their eternal struggle against Sucks.

      • Perfect is the enemy of good.

      • wow, someone read bruce schneier's interview [kotaku.com] on kotaku about the PSN outage!
    • No, that would have been to have standards in place and make Sony follow them before they were permitted to even put up the PSN. This is the same kind of "protect" that the police are there for. "To Serve and Protect"? No. "To Punish After the Fact".

      • >>>"To Serve and Protect"? No. "To Punish After the Fact".

        Excellent point. Didn't think of it in that way.
        Of course, in order to prevent ANY kind of disaster/theft/etc (i.e. zero such events), the government would have to put its nose into everything. Seems kinda... invasive? Of course if they did that with corporations I'd certainly have no objections.

      • I wish I had mod points.
      • While I understand your initial point, you lost me as you began the next sentence. Have cops never interrupted a robbery? Prevented a murder? Broken up a street fight? You're absolutely right in that the standards are late coming, but that doesn't translate to cops only punishing after the fact. Lastly, while yes, they are late, I'm glad they're coming up now "to serve and protect" in the future(hopefully).
    • by zanian ( 1621285 )

      really... Troll? You may not agree, but I don't think he's being a troll. I wish I had some Mod points right now.

    • A government that actually does its job (protect the citizens' rights). Good for them.

      Right. And just sort of ignores major problems with nuclear reactors. Nice set of priorities there.

    • And yet, if the US tried to tell YOU that you were not permitted to run a legal server that you wanted to run, there would be screams of censorship.

      The government does not have the duty to protect the citizens from themselves, nor to deny the citizens the right to run a service that is within the bounds of the law.

      IF the Sony service is breaking the law, the government has the duty to step in. Until it breaks the law, Sony should be allowed to run its service just as Apple and Google and every other conte

    • A government that actually did its job in this instance (protect the citizens' rights). Good for them.

      More like this. Japan's government takes some positive unilateral actions without consulting business on occasion, but on average they're not a lot better than ours in the US.

      • Now, if the Japanese government can get Sony to cough up some compensation for the nearly 100 million users that were comprimised...
  • Kudos to Japan (Score:5, Insightful)

    by Hultis ( 1969080 ) on Monday May 16, 2011 @12:50PM (#36142070)
    This is a very nice move by Japan - rather than bending their laws to maximize corporate profit, a disturbing trend, they do the absolute opposite and force Sony to take measures that protect customers (which will cost Sony quite a bit). Customers win, Sony loses. Excellent, they really deserved it!
    • by drb226 ( 1938360 )
      Sony doesn't necessarily "lose" if these forced changes can help them regain customers' confidence. Getting the OK from Japan could be a great boon to Sony, and a chance for them to say "hey look, we redid everything and now everything bad is all better!" (whether or not it actually is)
  • Bedfellows (Score:5, Insightful)

    by Krazy Kanuck ( 1612777 ) on Monday May 16, 2011 @12:51PM (#36142090)

    It says a lot when the country a company is headquartered in tells them their stuff stinks.

    +1 Japan for asking what everyone else lacked the sense to question.

    • Seconded. Bravo for the business equivalent of "proof or it didn't happen" as far as Sony's claim of having everything fixed.
    • Re:Bedfellows (Score:5, Informative)

      by idontgno ( 624372 ) on Monday May 16, 2011 @01:00PM (#36142186) Journal

      This is certainly not something I would have expected of the Japanese government, although I'll admit I hadn't thought very much about it since the business-friendly era of the "bend-over-backwards and kiss business' butt" MITI [wikipedia.org]. Of course, that was international trade, and this is about domestic business.

      I have the beginnings of a theory, though. The recent revelations about the government's virtually non-existent oversight over the nuclear power industry, and TEPCO in particular, may have sensitized the entire Japanese cabinet and bureaucracy to public perceptions of being asleep at the switch... hence, the surprising and almost-literal leaping to the defense of the public interest against a danger to network and financial security. (Yeah, comparing Fukushima to the PSN hack is ridiculous, except for the change in behavior of the government between the two events. Correlation != causation and all..)

      As a theory, it strains my credibility, and I just thought it up, but who knows?

      • As a theory, it strains my credibility, and I just thought it up, but who knows?

        Well, the same thing had occurred to me.

        In in the wake of the nuclear plant, er, 'problems' ... and not getting responses from the company for quite some time when they were asking for updates ... I think it highly likely that the Japanese government isn't looking to just simply take companies at their word.

        And, yes -- obviously the importance of the nuclear reactors vs the PSN outage are nowhere near one another. But, that do

        • And then there was the Toyota debacle a year or two ago with the sudden accelerations and the denials. Japan doesn't want to lose much more face in the market.
      • Like the other replies below, I find your theory fairly credible, actually. Their government has lost enough face over the poor showing by TEPCO that they probably want to take good care of the shred of a cheek they have left.

      • by BBF_BBF ( 812493 )
        Cynical Mode On...

        Sony Japan is probably blaming it on the incompetent *Americans* since the data breach occurred in Servers located in San Diego. Thus the foreigners created a mess for the parent company. Cynical Mode Off...
        • Sure, but the public face of the government response doesn't really hint of "someone else's screwup". I'm sure that in private, both Sony and government robots are muttering under their breaths about incompetent gaijin... but publicly, the gov is jumping on Sony's Japan operations.
      • by AmiMoJo ( 196126 )

        I think it is because Sony has failed to admit responsibility and apologise, and the government sees this as a way to boost their own popularity by taking a hard line on businesses that screw up.

        TEPCO has apologised several times already. Sony has not, probably because the US and EU arms don't want to admit liability and open themselves up to lawsuits from customers, developers, merchants and Visa/Mastercard. Normally a Japanese company's top management would issue a heartfelt apology like Toyota did, accep

    • It says a lot when the country a company is headquartered in tells them their stuff stinks.

      Obama wants his Call of Duty...see what happens when PSN goes down, he recreates the 'Castro's Compound' level as 'Osama's Compound', right down to where he uses his wife as a human shield!!!

  • Seems like Japan used to bend over backwards for Sony. This ongoing outage is seriously harmful to Sony's reputation. It's deservedly so, but interesting to see happen nonetheless, especially at this time when Japan could use a little financial love.

    Can Sony really be this incompetent, and/or incapable of hiring in the necessary talent?

    • Seems like Japan used to bend over backwards for Sony.

      That happened to be the case. However after one earthquake, one tsunami and one muthafucking nuclear disaster they've grown some extra skin and decided Sony deserves some good facefarting.

    • With the fukushima daiichi incident fresh and lingering in the japanese publics eyes, exhibiting additional signs of blatant regulatory capture is counter intuitive to fat-cat politicians, and their political careers.

      Prior to the disaster, there was a revolving door between government employees and politicians and the (ahem) regulated nuclear power industry-- a connection that was lambasted by inquiries and probes into the reasons for the spectacular failure of Fukushima Daiichi in preventing a meltdown. T

  • by Anonymous Coward

    Can someone remind me how can a government say "no" to someone operating a legal service again?

    • You mean like, "Get all the planes out of the air, turn back international flights, and nobody goes up again until we say so"?
      • Big difference. The Federal Aviation Administration, a US governmental agency, is responsible for the airspace over the United States so I would say it was well within its rights to shutdown the airspace over the US. It's nowhere near the same thing is it would be if they told a private company that they couldn't do business in the US because of a data breach.
        • by h4rr4r ( 612664 )

          Corporate charters exist at the pleasure of the government. If your corporation would prefer not to have all its assets nationalized it will play along.

          • So kiss off any concept of private property.
            • by h4rr4r ( 612664 )

              Who do you think enforces that?
              This has zero to do with private property for real humans, just the construct called the corporation. With its limited liability should come limited freedoms. Having limited liability and unlimited freedom just means everyone should become a corporation and start committing crimes for fun.

              • This has zero to do with private property for real humans, just the construct called the corporation.

                Corporations are owned by people. The property owned by a corporation is owned, ultimately, by the people who own the corporation.

                Having limited liability and unlimited freedom just means everyone should become a corporation and start committing crimes for fun.

                That statement is so pathetically ridiculous that it does not merit any response, buy I'll point out one tiny fact that demonstrates your lunacy: corporations don't have unlimited freedom, and people in corporations have gone to jail for committing crimes. Even so, many people do become corporations so they can take advantage of the laws for corporations, which also pretty much

                • by h4rr4r ( 612664 )

                  Corporations are owned by people. The property owned by a corporation is owned, ultimately, by the people who own the corporation.

                  Tell the GM shareholders that lost out about that.

                  That statement is so pathetically ridiculous that it does not merit any response, buy I'll point out one tiny fact that demonstrates your lunacy: corporations don't have unlimited freedom, and people in corporations have gone to jail for committing crimes. Even so, many people do become corporations so they can take advantage of t

                  • Tell the GM shareholders that lost out about that.

                    So you think that debts are not owned by the owners of a corporation, as well? How interesting. Please tell me how I can subscribe to your newsletter.

                    So who from BP is in jail for that oil spill?

                    Nobody I know of, yet. Was it BP breaking the law, or was it the firm that was supposed to maintain the flow diverters that didn't do it? Are you actually stupid enough to think that the legal process dealing with the gulf spill is actually over and nobody else will wind up in court?

                    If I let my car leak oil all over town and nature parks(since my car does not float) I bet I would be paying for cleanup and fines.

                    And now you are trying to tell us that BP didn't pay anything for the clean

      • Difference: that limitation was applied to all and every aircraft, either commercial or private, without regard to ownership. It was invocation of a legal power congress gave the FAA in controlling the airspace.

        If Japan had said: there is a clear threat to the wellbeing of the populace from network services and NO company may operate one until further notice, you'd have a fair comparison. For Japan to single out Sony in a prohibition against performing a legal service that others were still permitted -- Ja

    • The same way a government can setup a monopoly of companies [wikipedia.org] and be Ok with it.
      Japanese laws are not US Laws.

    • The service is not legal if the Japanese government does not allow Sony to operate it. You know, kind of like how buying and selling marijuana is illegal in the United States?

      What constitutes a "legal service" is entirely dependent on the law of the land. If you are in a country where the law requires you to seek government approval before operating a service, then your service is only "legal" if the government allows it.

      Now, whether or not it is morally acceptable to have such a legal system is ano
    • by name_already_taken ( 540581 ) on Monday May 16, 2011 @01:51PM (#36142738)

      Can someone remind me how can a government say "no" to someone operating a legal service again?

      When it looks like you're operating it in a way that does not comply with all of the laws.

      You can read into that the Japanese government believes that PSN is not a legal service in Japan if PSN does not protect the privacy of the users.

  • proven that they have taken the necessary measures to secure their network

    IIRC, one rather glaring issue was the use of a bone-stock Apache install that evidently hadn't kept up with any security updates. I wonder what sort of Powerpointology Sony will be needed to prove worthiness, and whether there's enough folks at the Media and Content Industry department to knowledgeably gage the degree to which Sony got its act together?

    • There were also the glaring issues of not hashing passwords, storing all kinds of sensitive information in plain text, failing to offer sunset on old customer data, etc...

      • Re: (Score:2, Informative)

        by zen_la ( 1377775 )
        "One other point to clarify is from this weekend’s press conference. While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form. For a description of the difference between encryption and hashing, follow this lin
        • I see!

          I had heard it reported that they transmitted cleartext information over the wire protocol, and even read a packet dump taken some 2 weeks or so before the breach at PSX-SCENE. Hackers there reported that cc data and other sensitive information was sent in cleartext. [psx-scene.com]

          • I believe user2 when he says this. He seems like a trustworthy guy.

            • There was a whole thread on the PSX-SCENE forums that was over 11 pages long discussing this issue. It was independently verified by several forum members. Sadly, I am at work right now and we have some draconian internet filtering set up, so I cant link to the forum thread. You can find it yourself though. It was in the news section, dated april 30, 2011.

              Names and some other information were redacted to protect people from corporate retaliation; remember, this was released at the height of the Geohot lawsu

      • When did they not hash passwords? They said they didn't *encrypt* passwords, but clarified that later that they meant they were hashed not encrypted. I actually found it rather reassuring that they understand the difference (and, yes, passwords should be hashed and not encrypted).

      • by cmholm ( 69081 )

        So, the "unpatched" theory was based on nothing by Spaf's gut. It would seem Dr.Spafford is resting on his laurels. Great.

        • by suutar ( 1860506 )
          Spaf said he didn't actually know anything. If folks take his ruminations as gospel even when he disclaims them, what can he do about it?
    • by jd2112 ( 1535857 )

      I wonder what sort of Powerpointology Sony will be needed to prove worthiness

      Slide 1 - Intro slide
      Slide 2 - Previous configuration - Insecure (include at least 4 bullet points, include lots of buzzwords)
      Slide 3 - New configuration - Secure (include at least 6 bullet points, include even more buzzwords)
      Slide 4 - Conclusions/Q&A

      Remember, if you can't dazzle them with brilliance, baffle them with bullshit.

    • The same Powerpointology that was used to design the PS3 security system. It includes just about every single crypto buzzword and system under the sun. AES, RSA, Elliptic Curves, CBC, ECB, CTR, CFB, RC4, SHA1, MD5, HMAC, SSL, Full Disk Encryption, Isolated Security System, Hardware Decryption, Secure Boot, Per-Console Encryption, Tokens, Hypervisor, blah blah. You name it, it's in there, used in all the wrong ways and littered with holes.

      This is the problem with Sony: they do Security by Powerpoint. Buzzwor

  • by onlysolution ( 941392 ) on Monday May 16, 2011 @01:04PM (#36142250)

    Sony is saying that this is a voluntary effort to cooperate with Japanese authorities, as they are not actually legally obliged to wait for permission to restart their services in Asia.

    However, it's worth pointing out that in Japan it is common to allow companies and individuals to take "voluntary" actions to save face or prevent a public appearance of contention. There is also generally a greater public expectation of privacy amongst the Japanese, so their regulators are more less amused with Sony than American authorities.

    Make of Sony's voluntary claims what you will.

    • I lived in Japan, and when you damage someone, and you eventually get to court, the judge asks what compensatory payments were made. If there haven't been enough good-faith payments, things don't go well. If you cause a traffic accident and someone is killed, you had better give a shitload of money to the family that just lost their breadwinner, for example.
  • /. Hypocrisy? (Score:1, Insightful)

    In one story we have commenters berating the US government for unveiling a "cybersecurity plan," and here we have them praising another government for ordering a private corporation from continuing operations.

    What gives?

    • by Anonymous Coward

      Different laws of the land. USA doesn't care what businesses do with your data, EU goes bonkers if your screw up, and it would appear Japan takes data seriously too.

    • Re:/. Hypocrisy? (Score:4, Interesting)

      by Anonymous Coward on Monday May 16, 2011 @01:22PM (#36142438)

      I agree. It's almost as if slashdot commenters weren't just one homogenous unit with a fixed opinion on each issue, but instead were a collection of individuals with differing views on any given subject.

    • Re:/. Hypocrisy? (Score:5, Insightful)

      by betterunixthanunix ( 980855 ) on Monday May 16, 2011 @01:45PM (#36142688)
      Perhaps because the Japanese government is pressuring Sony to do more to protect user data, whereas the US government is pushing for companies to make it easier to access that data.
  • I'll stick with my offline xbox and my ultra-retro graphics
  • OK, so how is this different from censorship?

  • When I saw US was near the top of the list for the PSN getting back on was all I could think of was Xbox 360 sales, US vs. Japan.
  • Hahahahahahahahahahahahaaaaa! FUCK YOU SONY! OH IN YOUR FACE!!!! *dance wildly while singing GO JAPAN GO JAPAN*

    Holy fuck this has been the biggest bunch of epic bullshit to come down the pike out of a corporation in a long time. ONE MONTH of being down, Sweet Jesus, where is the lynch mob? Has anyone been following what a bunch of idiots Sony is with ALL of their security? Reuters had to call and tell them about massive screw ups they had in basic security from a causal outside probe by a security expert. T

  • 6,341,950 PS3 Units Sold in Japan.
    http://en.wikipedia.org/wiki/PlayStation_3#Sales_and_production_costs [wikipedia.org]

    Say the average PS3 uses 110W as typical power consumption.
    http://en.wikipedia.org/wiki/PlayStation_3_hardware [wikipedia.org]

    = 700 Million Watts.

    = 700 Megawatts.

    All those PS3's turned off is saving a lot of electricity!

    Yes I am aware of the obscene amount of over simplification.

    • Forget the oversimplification, how about your perception that just because the online part of Playstation gaming is down, that people automatically shut their machine off and don't play any offline games???
  • I just got off the line with Clear.com helpdesk.
    The doofushead on the other end of the line posted my clear username/login info for me, even though I never asked for it.

    People are just so clueless with security, it is pretty disgusting.

    Japan forcing Sony to prove they have secured there network - I like this. I like this a lot.

  • The suicide rate has spike since this started? Even more so in countries where there is recognized gaming dependency issues.

Successful and fortunate crime is called virtue. - Seneca

Working...