Don't like the snow? You can make a bookmark with the following text instead of a url: javascript:snowStorm.toggleSnow(). Clicking it will toggle the snow on and off.
Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

The second PSN down thread... yes, there's a new one. Go post there.

cloudeaglecloudeagle Zhu-Li, do the thing!Registered User regular
edited May 2011 in Games and Technology
1261596481_3Fw2MnJ-L.jpg

By now you pretty much know the drill. Huge hack attack, 100 million account data stolen, change your passwords and possibly your credit card numbers, etc.

PSN seems to be up by now, but the store's still down.

Oh yeah, that game compensation thing. Here's what we know:

http://blog.eu.playstation.com/2011/05/16/details-of-the-welcome-back-programme-for-scee-users-2/

All existing PlayStation Network members will be able to access the following from PlayStation Store*:

Two PS3 games from the following list:

LittleBigPlanet
Infamous*
Wipeout HD/Fury
Ratchet and Clank: Quest for Booty
Dead Nation*

For those with PSP accounts, you will also be eligible to download two PSP games from the following list:

LittleBigPlanet PSP
ModNation PSP
Pursuit Force
Killzone Liberation*[/quote]

That's for Europe. U.S. residents get:
PS3:
Dead Nation
inFAMOUS
LittleBigPlanet
Super Stardust HD
Wipeout HD + Fury

PSP:
LittleBigPlanet (PSP)
ModNation Racers
Pursuit Force
Killzone Liberation
- 30 days free PlayStation Plus membership for non PS Plus subscribers*

- Existing PlayStation Plus subscribers will be given 60 days free subscription.

- For existing Music Unlimited subscribers, you will be given 30 days free subscription.

- We are working on a Welcome Back offer in PlayStation Home and will share that when it is confirmed.

I would like to thank all of the developers and publishers involved in this programme for their support in making this happen. We certainly couldn’t have done it without you.

You will be able to access this content once PlayStation Store comes back online and we are doing everything we can to make that happen as soon as possible.

Thank you for your support and keep checking back on the blog for more information.

1. For eligibility for the welcome back programme consumers must be an account holder on 20 April 2011. Specific details about these offers and eligibility requirements will be posted as the services go live. All existing PSN registrants have 30 days from when the welcome back programme goes live to redeem their content.

2. For the German market, InFamous and Dead Nation will be replace with Super Stardust HD and Hustle Kings in the selection of PS3 games.

3. For the German market, Pursuit Force and Killzone Liberation will be replaced with Everybody’s Golf 2 and Buzz Junior Jungle Party in the selection of PSP games. Killzone Liberation will not offer online gameplay functionality.

4. Access to the 30 days free PS Plus subscription is only available for those countries where PS Plus is offered. You will have access to the PS Plus content planned for May for 30 days. Access to the free games and exclusive features finishes at the end of the 30-day subscription period. Anything you buy with exclusive discounts, dynamic themes and premium avatars are yours to keep forever.

IMPORTANT EDIT: Oh great, there's been another hack.
Just a heads up, Sony may have had a major password hack exploit on their password reset page as recently as yesterday. Whether true or not, it should already be fixed.

http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/
I want to make this clear to ALL PSN users. Despite the methods currently employed to force a password change when you first reconnect to the PlayStation network, your accounts still remain unsafe.
A new hack is currently doing the rounds in dark corners of the internet that allows the attacker the ability to change your password using only your account’s email and date of birth.

It has been proven to me through direct demonstration on a test account, so I am without any shadow of a doubt that this is real.

I would suggest that you secure your accounts now by creating a completely new email that you will not use ANYWHERE ELSE, and switching your PSN account to use this new email. You risk having your account stolen, when this hack becomes more public, if you do not make sure that your PSN account’s email is one that cannot be affiliated with or otherwise traced to you.

While we originally assumed this was a poor hoax designed only to stir the community into another frenzy, the individual who we are in contact with requested just two pieces of information from us: this being an account email and the date of birth used for that account. We promptly created a new account via us.playstation.com and provided the individual with the email address and date of birth used.

Roughly a minute later they requested that we try to login with the password we used for the account (which they did not know at any point), and sure enough, we were presented with an invalid username and/or password prompt.

In addition to this, within a few minutes we received an email from Sony stating the following:

This email confirms that your PlayStation(R)Network password account has been changed successfully.

If you did not change your password…
This email has been sent to you because the password for the relevant PlayStation(R)Network account has been changed.
If you did not change your password, please contact Customer Support at the following address:

networksupport@uk.playstation.com

The PlayStation(R)Network Team


While we will not reveal specific details regarding how the exploit is performed for obvious reasons, we can say that the exploit involves a vulnerability in the password reset form currently implemented, not properly verifying tokens.

UPDATE: In the interest of sidestepping the naysayers and getting the warning out there, if someone working for a larger, more well known site (Kotaku, Destructoid, IGN, etc) wants to contact me for a live demonstration that this exploit is the real deal, you can do so at nevada@nyleveia.com.

UPDATE 2: Web based PSN login / Password recovery is now down for maintenance, hopefully as a result of our contact with SCEE. And more importantly, hopefully to fix the security issue.

UPDATE 3: To clarify the situation, we had confirmed ourselves the method used last night, and contacted SCEE, SCEE have acted upon this information, we felt the information previously provided in our tweets and this article may have been a little too revealing to the vulnerability, thus we “dumbed down” the explanation of the security hole. We have provided SCEE with a detailed description of the security hole.
While it’s unclear at this time if they will actually patch the flaw while they have the system taken down, I can also confirm that the system went down approximately 15 minutes after I received a response from SCEE on the matter.

We for rather obvious reasons do not want to elaborate further on the exact details of the exploit, on the off chance that when the web based interface for PSN is restored the exploit has not been patched.

UPDATE 4: Last update on the topic most likely, i notice a lot of people are saying that we should not have posted this information and simply contacted Sony, and you’re right in thinking this, however we contacted SCEE as soon as we had confirmed that the exploit was in fact real, the problem was that at the time there was a good 8-9 hour stretch where SCEE would not see our messages and given the rate at which the exploit method was spreading in the dark corners of the internet, we felt as though we needed to publicise the exploit advising users to change the emails used for their PSN accounts to secure them until Sony could patch the security hole.

Originally we posted rough details on how the exploit operated, to give further evidence to users that it was a valid reason for them to change their passwords, as with most news like this on the internet, people tend not to believe something until hoards of users have been affected, we posted an article on N4G advising PSN users to switch their email addresses which was promptly reported as spam/lame/fake by several users who refused to believe the news due to our site just being a small news outlet.

All along our main priority and focus has been to assist Sony and PSN users in keeping their accounts safe. If the current downtime for the web based forms results in the exploit being patched then our job is done and the potential thieft of countless user accounts has been nipped in the bud as early as humanly possible.

Thank you to everyone that has taken our warnings seriously and acted upon it, and to SCEE for their swift response to the matter.

If it means anything to anyone, the more specific method they had previously posted that hinted at the hack said this:
While we are hesitant to reveal too many details regarding how the exploit is performed, for obvious reason, we can say that the exploit specifically involves the web address https://store.playstation.com/accounts/reset/resetPassword.action?token When used in combination with another web address (normally used for password recovery) certain key details can then be extracted and used to trick the server in to allowing the password of an account to be changed without a valid Sony-issued security token.

Sony's latest tweets on the subject, that appear to be trying to hide the real purpose of modifying the page:
"Clarification: this maintenance doesn't affect PSN on consoles, only the website you click through to from the password change email."
"Fortunately we have got ISPs to release outstanding emails; unfortunately, a small amount of maintenance is required to improve this process"
Schwhat wrote: »
Nyleveia wrote:
UPDATE 5: Okay, due to the email response I felt i should answer some general common questions regarding the topic.

Q. If I already reset my password am I safe?
A. The exploit was possible on any account the email and date of birth was known for, regardless of if the password was changed or not, or what region the account was tied to.

Q. What if they don’t know my Date of Birth or Email account?
A. Then the average user would not be able to take your account, however due to the database being illegally accessed in April, it’s safe to assume that someone, somewhere, has access to a large number of users details, which include date of birth and email addresses, this alone should be reason enough to change your email.

Q. Are you sure this is real?
A. Yes, it was demonstrated to one of our empty accounts, then we were able to repeat the process ourselves after figuring out the method, this was additionally confirmed when a twitter user provided us with his data and requested that we change his password as proof.
We have since emailed him his new password, and no other data on his account was changed.

Q. Can Sony fix it?
A. Shortly after containing SCEE, the online forms connected to login and password recovery for the PlayStation and other linked networks was shut down and placed in a maintenance mode, I can only assume this is a direct response to our detailed reports to SCEE, with that said, I assume that when services resume the exploit will be patched and everyone’s data once again safe.

Q. If Sony fixes the hole should I worry?
A. I would suggest that everyone, regardless of if they have been affected or not, create a new password and change their account email to one they do not use anywhere else, and will not be sharing with anyone else just for additional security.

Q. Will you give us more details on the exploit?
A. Until we have confirmed that the security hole has been patched we will not release further details on how and why the exploit was possible.

Update: Hopefully things will be back May 24.
Barring any additional problems, Sony plans to bring the PlayStation Store back online next Tuesday, May 24, according to a memo sent to Sony's game developer and publishing partners.

The company has sent a tentative publishing schedule to partners detailing when their games, expansions and other releases will become available to players. In the memo, obtained by Gamasutra, Sony unveils plans to do two content pushes per week for the next two weeks to catch up with the backlog of content.

"We thank you for your patience as we work to resume service of the PlayStation Store," wrote PSN content manager Jack Osorno to developer partners.

The first push, set to coincide with the PlayStation Store's reopening, will distribute content that was originally scheduled to publish on April 26. Three days later on the 27th, another round of games will go live, which were originally scheduled for May 3.

The following week, pushes will take place on May 31 and June 3, using content that originally had been planned to be spread over three weeks. At that point, the company will be back on schedule and, presumably, return to a single content push per week.

While Sony is trying to maintain the queue that was already in place, the company says it is willing to move some titles around, depending on urgency. Seemingly, this would include DLC packs for existing titles that have already released expansions on other platforms.

"If there are concerns, we are willing to consider adjusting the release date of your content on this schedule," says Osorno. "Adjustments will be made on a case by case basis."

The launch of the PlayStation Store is one of the final steps to bringing the PlayStation Network back to full operation. Sony has said many times that it expected the network to be fully operational before the end of May.

Osorno's note does not detail what plans, if any, Sony has to assist developers who were impacted by the outage.

In some cases, that impact has been substantial. Capcom corporate officer and SVP Christian Svensson, for instance, has previously estimated the company's lost revenue from the outage as being in the "hundreds of thousands, if not millions of dollars."

Other developers have remained more supportive of Sony, but have made public appeals to the company to assist them with marketing their titles once the Store goes back online so that they might recoup any losses.

Sony, though, is actually in something of a power position -- especially with smaller developers. Despite the security crisis, the company remains one of the most powerful players in the video game industry, so few, if any, small shops are going to make a lot of noise complaining about the way they feel they have been treated. While some could jump to Microsoft's Xbox Live platform, they're unlikely to do so immediately.

For consumers, the relaunch of the PlayStation Store should get them one step closer to being able to claim the contents of their "Welcome Back" package. As detailed on Sony's U.S. PlayStation Blog, PlayStation 3 owners with existing PSN accounts will be able to download two free games from a pool that includes Dead Nation, Infamous, LittleBigPlanet, Super Stardust HD and Wipeout HD.

Sony has said that those (and other) freebies would be made available once services are fully restored.

http://www.gamasutra.com/view/news/34739/Sony_Tells_Dev_Partners_PlayStation_Store_To_Return_May_24.php

cloudeagle on
3DS: 0344-9335-6762
«13456763

Posts

  • cloudeaglecloudeagle Zhu-Li, do the thing! Registered User regular
    edited May 2011
    Older updates:
    Sony's US PlayStation blog tonight announced that "some PlayStation Network and Qriocity services" will become available this week as the company scrambles to build a new server home in the wake of a security breach earlier this month. Though no specific time or date is named, the post lays out a plan to "begin a phased restoration by region" of services "shortly," alongside a mandatory system update for all consoles forcing a change in password, before the full return of services "within this month."

    With the return of services will also come a new position at Sony Corporation: chief information security officer, a position that will report to current chief information officer Shinji Hasejima. Additionally, the company says it is expediting an "already planned move" of its data center -- a data center the post claims to have been "under construction and development for several months," despite the attacks having only occurred within the past few weeks. Sony also detailed its "Welcome Back" appreciation program a bit more thoroughly, though it still remains unclear what content the company will be offering in various regions as an apology. The list of known services returning to PSN this week are listed after the break.

    * Restoration of Online game-play across the PlayStation®3 (PS3) and PSP® (PlayStation®Portable) systems -This includes titles requiring online verification and downloaded games
    * Access to Music Unlimited powered by Qriocity for PS3/PSP for existing subscribers
    * Access to account management and password reset
    * Access to download un-expired Movie Rentals on PS3, PSP and MediaGo
    * PlayStation®Home
    * Friends List
    * Chat Functionality

    http://www.joystiq.com/2011/05/01/some-psn-services-to-return-this-week-full-services-within-thi/

    Sony sends a letter to Congress:
    Sony Explains Playstation Hack to Congress, Calls "Anonymous" Cyberterrorists The cyber attack that knocked the Playstation Network and Sony Online Entertainment offline for more than a week was a "very carefully planned, very professional, highly sophisticated criminal cyber attack designed to steal personal and credit card information," according to a letter from Sony to members of Congress obtained by Kotaku today from government sources.

    While Sony declined to testify at today's congressional hearings on the threat of data theft to American consumers they did provide Congress with some answers to their pointed questions.

    In an 8-page letter dated May 3, Kazuo Hirai, chairman of the board of directors for Sony Computer Entertainment of America, explains the lead up to the attack, how it was first detected and the deep impact it is having on the multi-national company. Sony also separately informed the subcommittee that they discovered that the intruders had planted a file on one of their Sony Online Entertainment servers named "Anonymous" with the words "We are Legion."

    On April 19, at 4:15 p.m. Pacific, members of the Sony Network Entertainment America network team detected unauthorized activity in the network system, according to the letter.

    "The network service team immediately began to evaluate this activity by reviewing running logs and analyzing information in order to determine if there was a problem with the system," Hirai writes.

    On April 20, in the early afternoon, the team discovered evidence that the unauthorized intrusion had occurred and that data of some kind had been taken from the Playstation Network servers. The team didn't know what the data was, so they shut the system down.

    That shut down kicked off what Hirai calls an "exhaustive and highly sophisticated process of identifying the means of access and the nature and scope of the theft."

    Later that afternoon, Sony Network Entertainment of America brought on a "recognized security and forensic consulting firm" to copy the servers and begin a deeper investigation in the break in. As the investigation continued, Hirai writes, the scope and complexity grew.

    On April 21, Sony brought in a second computer security and forensic consulting form to help. By the evening of April 23, the experts confirmed that intruders had used "very sophisticated and aggressive techniques" to break into the network undetected.

    On Easter Sunday, now realizing how serious the breach was, Sony brought on a third team that specialized in these sorts of intrusions. By April 25, the teams confirmed that personal data had been stolen from the network, but still could not determine whether credit card info was stolen.

    On April 26 Sony notified users that personal information had been taken and that they could not rule out credit card theft.

    Sony says they were reluctant to prove partial information to the public about the breach and what was stolen because they worried it could cause confusion among consumers and "lead them to take unnecessary actions if the information was not fully corroborated by forensic evidence."

    Sony still hasn't determined whether credit card information was stolen, but they did say that of the 77 million Playstation Network and Qriocity service accounts, about 12.3 million of them had credit card information on file. Of that, 5.6 million were from the U.S. and the rest abroad.

    Hirai assured congress in his letter that the company has figured out how the breach happened, something they declined to share because of the nature of the on-going investigation by the FBI. They haven't yet, Hirai said, identified who was behind the breach.

    Hirai added that the company has taken a number of steps to try and prevent future breaches including adding automated software monitoring to their networks, enhanced levels of data protection and encryption, new firewalls, moving the data center to a different location and hiring a new Chief Information Security Officer.

    The attack, the subsequent investigation and the fall out are described by Hirai as "unprecedented", "extraordinary circumstances and challenges" that employees of Sony Network Entertainment America and Sony Computer Entertainment America have "endured."

    "They were faced with very difficult decisions and often-times conflicting concerns and objectives," he wrote. "Throughout this challenging period, they acted carefully and cautiously and strove to provide correct and accurate information while balancing concerns for our consumers' privacy and need for information."

    Hirai wrapped up his 8-page letter with a request to the congressional committee:

    "We ask the Committee to consider as well the connection between data security and the cybercrimes and cyber terrorism that threaten to make the Internet unsafe for consumers and commerce."

    http://kotaku.com/#!5798492/sony-explains-playstation-hack-to-congress-blames-cyberterrorists

    Letter from Howard Stringer:
    Dear Friends,

    I know this has been a frustrating time for all of you.

    Let me assure you that the resources of this company have been focused on investigating the entire nature and impact of the cyber-attack we’ve all experienced and on fixing it. We are absolutely dedicated to restoring full and safe service as soon as possible and rewarding you for your patience. We will settle for nothing less.

    To date, there is no confirmed evidence any credit card or personal information has been misused, and we continue to monitor the situation closely. We are also moving ahead with plans to help protect our customers from identity theft around the world. A program for U.S. PlayStation Network and Qriocity customers that includes a $1 million identity theft insurance policy per user was launched earlier today and announcements for other regions will be coming soon.

    As we have announced, we will be offering a “Welcome Back” package to our customers once our PlayStation Network and Qriocity services are up and running. This will include, among other benefits, a month of free PlayStation Plus membership for all PSN customers, as well as an extension of subscriptions for PlayStation Plus and Music Unlimited customers to make up for time lost.

    As a company we — and I — apologize for the inconvenience and concern caused by this attack. Under the leadership of Kazuo Hirai, we have teams working around the clock and around the world to restore your access to those services as quickly, and as safely, as possible.

    I know some believe we should have notified our customers earlier than we did. It’s a fair question. As soon as we discovered the potential scope of the intrusion, we shut down the PlayStation Network and Qriocity services and hired some of the best technical experts in the field to determine what happened. I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks, and it took some time for our experts to find those tracks and begin to identify what personal information had — or had not — been taken.

    As a result of what we discovered we notified you of the breach. Our investigation is ongoing, and we are upgrading our security so that if attacks like this happen again, our defenses will be even stronger.

    In the last few months, Sony has faced a terrible earthquake and tsunami in Japan. But now we are facing a very man-made event – a criminal attack on us — and on you — and we are working with the FBI and other law enforcement agencies around the world to apprehend those responsible.

    In the coming days, we will restore service to the networks and welcome you back to the fun. I wanted to personally reach out and let you know that we are committed to serving you to the very best of our ability, protecting your information better than ever, and getting you back to what you signed up for – all the games and great entertainment experiences that you expect from Sony.

    With best regards,
    Howard Stringer

    http://blog.us.playstation.com/2011/05/05/a-letter-from-howard-stringer/

    And cool fraud protection, assuming you're lucky enough to be born in the U.S.
    Last weekend, Sony Computer Entertainment announced that we will provide complimentary enrollment in an identity theft protection program. Here are the details of this program for PlayStation Network and Qriocity account holders in the United States only. We are working to make similar programs available in other countries/territories where applicable. Information will be posted on local websites/blogs when available.

    Sony Computer Entertainment and Sony Network Entertainment International have made arrangements with Debix, Inc., one of the industry’s most reputable identity protection firms, to offer AllClear ID Plus at no cost to PlayStation Network and Qriocity account holders for 12 months from the time an account holder registers for the program.

    Please note that we will start sending out activation emails for this program over the next few days, and you will have until June 18th to sign-up and redeem your code. You will need to sign up directly through AllClearID, not on Sony’s websites, and details, including step-by-step instructions for the program, will be emailed to United States PSN and Qriocity Account holders soon.

    The details of the program include, but are not limited to:

    * Cyber monitoring and surveillance of the Internet to detect exposure of an AllClear ID Plus customer’s personal information, including monitoring of criminal web sites and data recovered by law enforcement. If his/her personal information is found, the customer will be alerted by phone and/or email and will be provided advice and support regarding protective steps to take. The customer will also receive monthly identity status reports. Debix works with an alliance of cyber-crime experts from the government, academia and industry to provide these services.
    * Priority access to licensed private investigators and identity restoration specialists. If an AllClear ID Plus customer receives an alert, or otherwise suspects that he/she may be the victim of identity theft, the customer can speak directly, on a priority basis, with an on-staff licensed private investigator, who will conduct a comprehensive inquiry. In the case of an identity theft, the customer can work with an identity restoration specialist to contact creditors and others, and take necessary steps to restore the customer’s identity.
    * A $1 million identity theft insurance policy per user to provide additional protection in the event that an AllClear ID Plus customer becomes a victim of identity theft. This insurance would provide financial relief of up to $1 million for covered identity restoration costs, legal defense expenses, and lost wages that occur within 12 months after the stolen identity event.

    More information will be available on the enrollment page, a link which will be included in the email you will receive.

    We continue to work around the clock to have some PlayStation Network services and Qriocity services restored, and will be providing you specific details shortly.

    Thank you.

    http://blog.us.playstation.com/2011/05/05/sony-offering-free-allclear-id-plus-identity-theft-protection-in-the-united-states-through-debix-inc/

    SOE compensation detailed.

    http://www.eurogamer.net/articles/2011-05-13-soe-mmos-offline-for-few-more-days
    Sony Online Entertainment MMOs will be offline for "at least a few more days", the company has announced.

    The compensation packages have been beefed for each SOE game fittingly, and now encompass in-game items, currency and Station Cash - as well as free game time (30 days free plus one extra for each day the SOE game has been offline). We've listed specific compensation for each game below.

    US SOE Station Account holders also receive a complimentary identity theft security program through Debix. "SOE will be offering similar programs, if and as available, and will provide details as they're confirmed for each country or territory," a company statement read.

    Lifetime subscribers to SOE games will be compensated further. Free Realms lifers will receive 20,000 coins, Clone Wars Adventures lifers 7500 Galactic Credits and DC Universe Online lifers 10 extra Marks of Distinction.

    All Station Access subscribers will receive 500 Station Cash on top of that.

    "We thank you for your patience as we continue to work around the clock to restore our game services. We know this has been a frustrating time for you and appreciate your understanding as we work to confirm the security of our network," said SOE in a statement.

    "We are currently in the process of an extensive upgrade to our network to further protect your information from future attacks. It will likely be at least a few more days before we restore our services, and when we come back online, here is what you can expect for each of our game services."

    DC Universe Online: Batman and Two-Face masks, plus 30 Marks of Distinction
    Free Realms: seven free daily items
    Clone Wars Adventures: Count Dooku V2 outfit
    EverQuest 1: double XP, double rare mob spawns and double faction gain events
    EverQuest 2: double XP, double guild XP, loot bonanza and city festival events
    Vanguard: Saga of Heroes: double XP events
    Star Wars Galaxies: mini model of Boba Fett's ship Slave I
    Magic: The Gathering - Tactics: four Ivory Mask, Duress and Angelheart Vial spells, plus 500 Station Cash
    PoxNora: Limited edition Carrionling, Welcome Back tournaments (with 5K prize purse) and two Draft Tournaments, plus 500 Station Cash

    3DS: 0344-9335-6762
  • LewiePLewieP Registered User regular
    edited May 2011
    Can we get SmokeStacks address added to the OP?

    But seriously, I don't know if that is a real or fake address, but my point was really that it is not unreasonable to think that of the 77 million accounts that Sony's clearly slapdash security allowed hackers to access, there will be details of some people who have good reason to not want their address to be publicly available.

    Even if it is 0.1% of them, that is still 77,000 people.

  • TetraNitroCubaneTetraNitroCubane Registered User regular
    edited May 2011
    Address information being leaked will probably do the most damage through credit card related activities, just because a valid, current address is required to ensure an online charge goes through.

    I think the greater cause for concern, beyond address information, is the fact that user passwords and secret questions/answers were not encrypted, and were certainly stolen. Combined with email address information, that can lead to some serious problems, as we all saw in the Gawker case.

    Soooo... Everyone always be sure that the email address you use for a service never has a password that matches the service itself. Secret question answers being leaked in a bit more worrisome, given that it's not usually information you can change. That is, if you answer honestly - which may not be a good idea in light of all this.

    qwlru.png
  • HenroidHenroid Nobody Nowhere fastRegistered User regular
    edited May 2011
    Sony could always take a cue from Blizzard and making a physical authenticator device.

    "Ultima Online Pre-Trammel is the perfect example of why libertarians are full of shit."
    - @Ludious
    PA Lets Play Archive - Twitter - Blog (6/15/14)
  • MichaelLCMichaelLC In what furnace was thy brain? ChicagoRegistered User regular
    edited May 2011
    Henroid wrote: »
    Sony could always take a cue from Blizzard and making a physical authenticator device.

    PS3.jpg?

    Whatever happened to the talk of it being an inside job? Anyone address that on the presentation?

    Excision wrote: »
    My girlfriend is going down tonight!

    Steam:MichaelLC
  • DouglasDangerDouglasDanger Registered User regular
    edited May 2011
    I guess there will be some kind of official stuff tomorrow. It is annoying that I have to go looking for stuff when Sony should be emailing all of its PSN users updates.

    I play games on ps3 and ps4. My PSN is DouglasDanger.
  • EggPuppetEggPuppet Registered User
    edited May 2011
    I guess there will be some kind of official stuff tomorrow. It is annoying that I have to go looking for stuff when Sony should be emailing all of its PSN users updates.

    They'd have to get all-new tin cans. Do you know how hard it is to drink that much soup??

  • TetraNitroCubaneTetraNitroCubane Registered User regular
    edited May 2011
    MichaelLC wrote: »
    Whatever happened to the talk of it being an inside job? Anyone address that on the presentation?

    Given the language used at the press conference about the intrusion using a "known exploit", I'm going to say it wasn't a case of physical breaking and entering. Whether or not it was a disgruntled employee leveraging that exploit from off-site, I don't think that was addressed... But it was almost certainly an electronic attack.

    Also, I just realized... Perhaps one of the greater threats of the personal information being leaked is the potential for its use in social engineering. Malicious folks have been getting (regrettably) more resourceful in that regard. Spear phishing will be made much easier with the data set this leak provides, so spam might become more of a threat than an annoyance.

    qwlru.png
  • GarrisGarris Registered User
    edited May 2011
    Oh great I just realized I forgot to change my psn e-mail after I switched internet providers and one got shut down...should be good spending time on psn's customer support phone line when this goes back up...

  • MichaelLCMichaelLC In what furnace was thy brain? ChicagoRegistered User regular
    edited May 2011
    MichaelLC wrote: »
    Whatever happened to the talk of it being an inside job? Anyone address that on the presentation?

    Given the language used at the press conference about the intrusion using a "known exploit", I'm going to say it wasn't a case of physical breaking and entering. Whether or not it was a disgruntled employee leveraging that exploit from off-site, I don't think that was addressed... But it was almost certainly an electronic attack.

    Also, I just realized... Perhaps one of the greater threats of the personal information being leaked is the potential for its use in social engineering. Malicious folks have been getting (regrettably) more resourceful in that regard. Spear phishing will be made much easier with the data set this leak provides, so spam might become more of a threat than an annoyance.

    Thanks.

    Yeah, the awareness is out there, and lots of good - and bad - advice is available, but the bad guys are getting more clever. I chewed out two different CC agents who tried to get me to pay a bill over the phone when they called me. I suggested that's not the best security protocols and something the company probably shouldn't be encouraging.

    Excision wrote: »
    My girlfriend is going down tonight!

    Steam:MichaelLC
  • IcemopperIcemopper Registered User regular
    edited May 2011
    What is this SmokeStacks business?

    steam_sig.png PSN:Icemopper
  • LewiePLewieP Registered User regular
    edited May 2011
    Icemopper wrote: »
    What is this SmokeStacks business?

    From the previous thread. Read this page.

  • HenroidHenroid Nobody Nowhere fastRegistered User regular
    edited May 2011
    MichaelLC wrote: »
    Henroid wrote: »
    Sony could always take a cue from Blizzard and making a physical authenticator device.

    PS3.jpg?

    That's the joke! :D

    "Ultima Online Pre-Trammel is the perfect example of why libertarians are full of shit."
    - @Ludious
    PA Lets Play Archive - Twitter - Blog (6/15/14)
  • halkunhalkun Registered User regular
    edited May 2011
    MichaelLC wrote: »
    Henroid wrote: »
    Sony could always take a cue from Blizzard and making a physical authenticator device.

    PS3.jpg?

    One of the reasons why the WoW authenticator works is because the key is different every time you play. Sony screwed up the encryption by leaving out the random element, locking them into a static master key, non revocable public keys, and private keys that can be derived by standard algebra.

  • MazloMazlo Registered User regular
    edited May 2011
    I'm going to make a prediction based on the new info that the vulnerability exploited was regular old SQL injection but this particular instance was probably complicated enough that it wasn't hit by the run-of-the-mill SQLi bots.

    We'll see (or we may never hear what the actual vulnerability was but if I had to wager...)

    -Mazlo

  • AbsoluteZeroAbsoluteZero Registered User regular
    edited May 2011
    So... Sony is making this up to us with a free month of Playstation Plus?

    whoopdeedoo.jpg

    ix3uu000mwdx.jpg
    3DS Friend Code: 0817-5033-8184 // Nintendo Network ID: AbsoluteZero
  • SollahSollah Registered User regular
    edited May 2011
    what's the long term perks of having a free month of PS+? I'm pretty sure free games are no longer accessible once your subscription runs out, as well as the hour long demos. that leaves...discounts?

    palonelydriver.gif
  • SmokeStacksSmokeStacks License Number 137596Registered User regular
    edited May 2011
    Sony is making the outage up to PSN+ subscribers who have paid for a service they are unable to use with a free month of PSN+.

    They are also extending the free month to all PSN subscribers.

    They have said that there will be other things done to make the outage up to all subscribers, but haven't said any specifics.

    To make up for the leak of personal details, they are offering to reimburse people who have had to pay money to switch their credit cards, along with other things that they have not yet been specific on.

    So no, they're not actually using a month of PS+ to make up for the entire ordeal.

    edit:
    Sollah wrote: »
    what's the long term perks of having a free month of PS+? I'm pretty sure free games are no longer accessible once your subscription runs out, as well as the hour long demos. that leaves...discounts?

    Basically, yeah if you don't intend to continue using it past the thirty days (and I'm sure a lot of people won't), than the only thing left is discounts.

    SUP ISORN
    STEAM ME, BABY / PSN: ghjfghdfgcvb
  • HenroidHenroid Nobody Nowhere fastRegistered User regular
    edited May 2011
    Sollah wrote: »
    what's the long term perks of having a free month of PS+? I'm pretty sure free games are no longer accessible once your subscription runs out, as well as the hour long demos. that leaves...discounts?

    The long term perk is that you will have had a sip of the Koolaid. You'll be hooked, and everyone will want to give Sony their dollars for PSN+!

    "Ultima Online Pre-Trammel is the perfect example of why libertarians are full of shit."
    - @Ludious
    PA Lets Play Archive - Twitter - Blog (6/15/14)
  • anoffdayanoffday To be changed whenever Anoffday gets around to it. Registered User regular
    edited May 2011
    I'm already a member of PS Plus, and some months are better than others. I'm guessing the free month won't be so great.

    steam_sig.png
  • SmokeStacksSmokeStacks License Number 137596Registered User regular
    edited May 2011
    If they plan on re-earning consumer goodwill, I would expect a very good month in terms of games and discounts.

    SUP ISORN
    STEAM ME, BABY / PSN: ghjfghdfgcvb
  • AbsoluteZeroAbsoluteZero Registered User regular
    edited May 2011
    Sony is making the outage up to PSN+ subscribers who have paid for a service they are unable to use with a free month of PSN+.

    They are also extending the free month to all PSN subscribers.

    They have said that there will be other things done to make the outage up to all subscribers, but haven't said any specifics.

    To make up for the leak of personal details, they are offering to reimburse people who have had to pay money to switch their credit cards, along with other things that they have not yet been specific on.

    So no, they're not actually using a month of PS+ to make up for the entire ordeal.

    edit:
    Sollah wrote: »
    what's the long term perks of having a free month of PS+? I'm pretty sure free games are no longer accessible once your subscription runs out, as well as the hour long demos. that leaves...discounts?

    Basically, yeah if you don't intend to continue using it past the thirty days (and I'm sure a lot of people won't), than the only thing left is discounts.

    I don't want to post the unimpressed cat twice in this thread, but just pretend I did.

    ix3uu000mwdx.jpg
    3DS Friend Code: 0817-5033-8184 // Nintendo Network ID: AbsoluteZero
  • Blue mapBlue map Freedom Fighter Registered User regular
    edited May 2011
    So... Sony is making this up to us with a free month of Playstation Plus?
    As fucking stupid as it seems, it's actually a rock solid business move. Sony gets to compensate its player base by effectively giving them a couple of rental games and some discounts. It'll generate goodwill towards Sony while simultaneously earning them additional revenue via digitally distributed games sales and increased PSN+ memberships. There's certainly a strong argument to be made that it's a bullshit apology gift considering they fucked up everything prior to this, but judging by the reactions iv'e on other message boards (admittedly, not always great source of info), it was definitely a smart business move on Sony's part.

    Also, in before someone says "boo hoo, they're only giving you free stuff" or something stupid like that.

    Edit: Beat'd big time

    My Steam profile thing: http://steamcommunity.com/id/Blue_map/ Battlenet: BlueMap#1493
  • darthmixdarthmix Registered User
    edited May 2011
    As someone who's never bothered with PS+ and has never paid much attention to what exactly it gets you: what good is PS+ if the Playstation store's not going to be working? Aren't all the free stuff and discounts accessed through the Playstation store?

  • SollahSollah Registered User regular
    edited May 2011
    Henroid wrote: »
    Sollah wrote: »
    what's the long term perks of having a free month of PS+? I'm pretty sure free games are no longer accessible once your subscription runs out, as well as the hour long demos. that leaves...discounts?

    The long term perk is that you will have had a sip of the Koolaid. You'll be hooked, and everyone will want to give Sony their dollars for PSN+!

    welp *somehow throws it on top of the pile of free xbox live cards*

    palonelydriver.gif
  • Shorn Scrotum ManShorn Scrotum Man Registered User regular
    edited May 2011
    darthmix wrote: »
    As someone who's never bothered with PS+ and has never paid much attention to what exactly it gets you: what good is PS+ if the Playstation store's not going to be working? Aren't all the free stuff and discounts accessed through the Playstation store?

    Presumably they will give us the free month once everything is up and running again.

    steam_sig.png
  • AlgertmanAlgertman Registered User regular
    edited May 2011
    What? Here I thought we would get Undertow 2.

    PSN; AlbertBOMB
  • JAEFJAEF Unstoppably Bald Registered User regular
    edited May 2011
    Breaking: All PSN members to receive Daikatana HD

    Battle.net ID: Jaef#1126 -- Steam: Jaef -- PSN: Jaef -- League of Legends: Jaef
  • MechMantisMechMantis Registered User regular
    edited May 2011
    JAEF wrote: »
    Breaking: All PSN members to receive Daikatana HD

    John Romero might not make you his bitch

    but he'll certainly make you Sony's.

    UA1OmVB.png
  • PrincepeachPrincepeach Registered User
    edited May 2011
    I know it's been said before, but I think it's important to note that the month of PS+ is really intended to compensate pre-existing subscribers for their lost time. Every non-subscriber is just getting a month anyway.

    The other unspecified shit is the baseline compensation for everyone.

  • AlgertmanAlgertman Registered User regular
    edited May 2011
    PS1 game voucher?

    PSN; AlbertBOMB
  • KreutzKreutz Registered User regular
    edited May 2011
    I wonder if accepting the PS+ free month and whatever else Sony comes up with would preclude one from participating in the class-action lawsuit which is sure to crop up. Like, Sony already compensated you for their fuck-up, now you can't complain anymore.

  • PrincepeachPrincepeach Registered User
    edited May 2011
    PS1 game voucher?
    I wish, but it will probably be a free download of a specific game. Which kinda sucks.

  • Triple BTriple B Registered User regular
    edited May 2011
    Welp. You've gotta think sales for the PSN funbux cards are going to skyrocket once all is said and done.

    steam_sig.png
  • SmokeStacksSmokeStacks License Number 137596Registered User regular
    edited May 2011
    Kreutz wrote: »
    I wonder if accepting the PS+ free month and whatever else Sony comes up with would preclude one from participating in the class-action lawsuit which is sure to crop up. Like, Sony already compensated you for their fuck-up, now you can't complain anymore.

    Well, do you want a free month of PlayStation Plus and a free game, or do you want to roll the dice on maybe getting a check from SNEA for $8 eleven months from now?

    SUP ISORN
    STEAM ME, BABY / PSN: ghjfghdfgcvb
  • never dienever die Registered User regular
    edited May 2011
    Welp, with Sony still not giving me solid information about how safe my card is, time to change it. I'll call my company tomorrow. Luckily it was just a debit card, not like their that bad to replace. Just have to put it into a couple of sites and I'll be good.

    Spoiler:
  • MechMantisMechMantis Registered User regular
    edited May 2011
    Kreutz wrote: »
    I wonder if accepting the PS+ free month and whatever else Sony comes up with would preclude one from participating in the class-action lawsuit which is sure to crop up. Like, Sony already compensated you for their fuck-up, now you can't complain anymore.

    Class actions don't exist anymore in the US thanks to the infinite wisdom of the Supreme Court.

    So no, it won't be cropping up.

    UA1OmVB.png
  • Shorn Scrotum ManShorn Scrotum Man Registered User regular
    edited May 2011
    MechMantis wrote: »
    Kreutz wrote: »
    I wonder if accepting the PS+ free month and whatever else Sony comes up with would preclude one from participating in the class-action lawsuit which is sure to crop up. Like, Sony already compensated you for their fuck-up, now you can't complain anymore.

    Class actions don't exist anymore in the US thanks to the infinite wisdom of the Supreme Court.

    So no, it won't be cropping up.

    Uh...

    I happen to be signed up to a class action lawsuit currently, and I'm in the US. What are you talking about?

    steam_sig.png
  • JAEFJAEF Unstoppably Bald Registered User regular
    edited May 2011
    Triple B wrote: »
    Welp. You've gotta think sales for the PSN funbux cards are going to skyrocket once all is said and done.
    I wonder how many people don't realize that using your credit card anywhere on the internet constitutes a fundamental security risk and that practicing sound financial security habits means that at most you're in danger of the inconvenience of replacing your credit card and having to redo any auto-billing setups?

    Edit: forgot the work risk.

    Battle.net ID: Jaef#1126 -- Steam: Jaef -- PSN: Jaef -- League of Legends: Jaef
  • MechMantisMechMantis Registered User regular
    edited May 2011
    MechMantis wrote: »
    Kreutz wrote: »
    I wonder if accepting the PS+ free month and whatever else Sony comes up with would preclude one from participating in the class-action lawsuit which is sure to crop up. Like, Sony already compensated you for their fuck-up, now you can't complain anymore.

    Class actions don't exist anymore in the US thanks to the infinite wisdom of the Supreme Court.

    So no, it won't be cropping up.

    Uh...

    I happen to be signed up to a class action lawsuit currently, and I'm in the US. What are you talking about?

    This.

    Binding arbitration for everyone!

    And given Sony's previous track record for EULA bullshit, you can bet your ass there's now gonna be a binding arbitration clause in their user agreements.

    UA1OmVB.png
«13456763
Sign In or Register to comment.