It almost felt like they wanted to say 'Anonymous did it', but didnt want to go so far as to be un-japanese and be direct about it. So instead they just had to bring them up once every 5 minutes, to keep them firmly in mind.
Can someone explain to me what these security terms mean exactly?
Hashing takes an input (like a password) and turns it into a 'hashed', unique output. Generally you hash passwords and store the hashes, rather than storing the passwords in plaintext (because you are fucked if someone finds the password list somehow). Here's a pretty straightforward explanation of what salting does. MD5 is a popular hash function.
exis on
0
Options
mntorankusuI'm not sure how to use this thing....Registered Userregular
Can someone explain to me what these security terms mean exactly?
Well, I'm not an expert on it, so people please correct me if I'm wrong, but
Encryption is when you take a set of data, perform some operation on it, and then output another set of data that can be returned to its original state using a key. If someone has the correct key, they have access to the encrypted data.
Hashing is where you take a set of data, perform some operation on it, and then output, more-or-less, a number. It's a one-way function-- the hash isn't long enough to store the actual data, so it's impossible to retrieve the data used to make the hash if that's all you have. When used for passwords, the system can check if the password is correct without actually storing it.
Edit: The hell, forums? This isn't my whole post.
mntorankusu on
0
Options
143999Tellin' yanot askin' ya, not pleadin' with yaRegistered Userregular
Well, the dev network not having a password kind of makes sense? Theoretically it should have only been accessible to PS3s with a devOS, which should have been locked down by a master key.
This only makes sense if you are idiot who has never opened a intro level network security textbook. If this is indeed the case then it is an outstanding level of stupidity by Sony. Breathtaking.
The golden rule of client-server security is that you do not trust the client. Ever.
EDIT: Master key being secure or not you cannot have implicitly trusted clients and a secure network - it's unpossible.
Well, the dev network not having a password kind of makes sense? Theoretically it should have only been accessible to PS3s with a devOS, which should have been locked down by a master key.
This only makes sense if you are idiot who has never opened a intro level network security textbook. If this is indeed the case then it is an outstanding level of stupidity by Sony. Breathtaking.
The golden rule of client-server security is that you do not trust the client. Ever.
Well, considering the whole redev fiasco, I'd have to say... They didn't read those particular textbooks.
Sadly, all this press conference did was make me feel more apt to change my card number once this months charges go through on the 1st/2nd. Their incompetence did nothing but shine through the entire time.
chocobolicious on
0
Options
Blake TDo you have enemies then?Good. That means you’ve stood up for something, sometime in your life.Registered Userregular
edited May 2011
Am I the only one who found that the compensation pretty shitty?
It's a month of a service I'm not interested in to begin with anyway.
I honestly don't understand their PR team. Everything they do leaves me thinking they look more incompetent than before, and that's between long periods of silence that look even worse. I knew people in PR and HRM courses in Uni, and they all had case studies of how companies responded to crisis, going over everything the companies did and how it all helped or tarnished their reputation. Any one of those uni students would do a better PR job than Sony is right now.
I know lolSony and everything, but in all seriousness, they are either thoroughly incompetent, or... I dunno. I cannot think of a single reason, outside of conspiracy theories that they're hiding another massive cockup, why they would deal with all this so poorly.
Am I the only one who found that the compensation pretty shitty?
It's a month of a service I'm not interested in to begin with anyway.
Agreed. Sony might think it's worth $49.99/£39.99 a year, but I certainly don't.
Edit: and it seems pretty clear that they are trying to make money from this fuck up. Hoping people will spend money on the Playstation Store with the PS+ discount.
Edit2: To clarify, they obv have lost money from it, but their reasons for giving people PS+ are profit motivated.
Am I the only one who found that the compensation pretty shitty?
It's a month of a service I'm not interested in to begin with anyway.
Agreed. Sony might think it's worth $49.99/£39.99 a year, but I certainly don't.
Edit: and it seems pretty clear that they are trying to make money from this fuck up. Hoping people will spend money on the Playstation Store with the PS+ discount.
The only good thing about a month of PSN+ is that if you were interested in purchasing a PSN game that had a PSN+ only discount, you could buy it at the discount and keep the game.
The State of Texas had some information leak troubles recently, and they offered something actually useful to people whose information was exposed: a huge discount on credit/id theft monitoring. 70% off from Experian I think it was.
Toxic ToysAre you really taking my advice?Really?Registered Userregular
edited May 2011
To recap: PSN back up "this week", all PSN members to get free software and 1 month of PlayStation plus free, plus more goodies TBA later.*
The month of PSN+ is bull. The free software better be good. The problem I see it's has to be something that works with the Go. I'm guessing it will also a game owned by Sony. A PS1 game is not going to cut it for me nor will a Mini. But what other games came be played on both a PSP & a PS3?
* I didn't watch the conference, just going on what I read in the thread.
Toxic Toys on
3DS code: 2938-6074-2306, Nintendo Network ID: ToxicToys, PSN: zutto
The State of Texas had some information leak troubles recently, and they offered something actually useful to people whose information was exposed: a huge discount on credit/id theft monitoring. 70% off from Experian I think it was.
This would be super. A shitty game and an advertisement for their paid service is not.
EggPuppet on
0
Options
MaddocI'm Bobbin Threadbare, are you my mother?Registered Userregular
To recap: PSN back up "this week", all PSN members to get free software and 1 month of PlayStation plus free, plus more goodies TBA later.*
The month of PSN+ is bull. The free software better be good. The problem I see it's has to be something that works with the Go. I'm guessing it will also a game owned by Sony. A PS1 game is not going to cut it for me nor will a Mini. But what other games came be played on both a PSP & a PS3?
* I didn't watch the conference, just going on what I read in the thread.
I actually think you're probably putting more thought into this than Sony did
"Complimentary Offering and “Welcome Back” Appreciation Program
While there is no evidence at this time that credit card data was taken, the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in each region."
Just sayin, Sony is offering something similar, I'd assume.
chocobolicious on
0
Options
MichaelLCIn what furnace was thy brain?ChicagoRegistered Userregular
edited May 2011
It'll be a "I Survived The Outage and All I Got Was This Lousy T-Shirt' t-shirt for your Home avatar.
MichaelLC on
0
Options
MrVyngaardLive From New EtoileStraight Outta SosariaRegistered Userregular
Hmm, fuck their shitty compensation. I want in on whatever class-action lawsuits succeed on them.
This, barring any effect of the recent Supreme Court decision...
MrVyngaard on
"now I've got this mental image of caucuses as cafeteria tables in prison, and new congressmen having to beat someone up on inauguration day." - Raiden333
I've glanced through various forums and the PR seems to be working. Of course, it's natural to assume that the more vocal fan base are expressing their thoughts right now. Whether the general public is appeased by these compensations remains to be seen.
I guess at least they'll be trying to make the PSN+ lineup for the free period really amazing to try and lure people into signing up for the service. :?
-SPI- on
0
Options
SteevLWhat can I do for you?Registered Userregular
edited May 2011
I plan on changing my credit card number this week after a charge goes through, but I haven't seen any suspicious activity on my account yet.
Anyone else notice the bit about the store taking longer to come up? Gonna piss off that one GO owner something fierce.
There are ways to get purchased games up and running on a Go with the latest official firmware, as well as a large library of homebrew. I sent the guy with a Go a PM telling him this, and offering him instructions if he wanted them, and got no reply.
There is even a Homebrew store that functions similar to the PlayStation Store. You pick an application, and it's downloaded and installed automatically. All of this is possible on official firmware without modifying the device at all, and the homebrew selection is all completely legal.
I have a text reader, Google Maps app, Email client, and even Open Tyrian, among others, all running on 6.38, and it's all legal.
A PSP Go without PSN access is by no means useless.
SmokeStacks on
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
Can someone explain to me what these security terms mean exactly?
Hashing takes an input (like a password) and turns it into a 'hashed', unique output. Generally you hash passwords and store the hashes, rather than storing the passwords in plaintext (because you are fucked if someone finds the password list somehow). Here's a pretty straightforward explanation of what salting does. MD5 is a popular hash function.
More than that: Hashing your passwords and doing nothing else to them is a bad idea. If I'm a hacker who has an account with your service, I know my own password, and can use that with my hashed password to break the hash. That's why, usually, a hashed password is also salted, which means that random data is interspersed into it to make that process more difficult.
Hashing passwords without salting them is a pretty big no-no in the security world. Even if you're salting the passwords, if you're using stupid encryption like MD5 hashes or DES crypt, or using very little in the way of salting, you're hosed. For comparison, Gawker both salted and hashed their passwords (DES crypt with 12 bits of salting). When they were hacked wide open, most security analysts agreed they were extremely lacking in their cryptography.
So keep in mind Sony didn't salt the passwords, and we've got a reference point to go on.
Hmm, fuck their shitty compensation. I want in on whatever class-action lawsuits succeed on them.
If you're in America, Whoops! The Supreme Court just decided that if Sony doesn't want to, they don't have to go through class-action lawsuits. They can relegate you to individual arbitration - where the arbitrator's bread is pretty fucking well buttered on Sony's side.
Pretty good timing for them on that point.
TetraNitroCubane on
0
Options
Descendant XSkyrim is my god now.Outpost 31Registered Userregular
edited May 2011
So the way I understand it, PSN+ users get some games free. I can't think of what games offhand, but I'm pretty sure that there are a few games that are gratis when you get a PSN+ account.
Given that pretty much everyone will be gutting PSN+ for everything they can when everything is back up, do you get to keep the free games after you no longer have a PSN+ account? I believe that I heard in the past that anything you got free from PSN+ went away after your subscription was up...
Descendant X on
Garry: I know you gentlemen have been through a lot, but when you find the time I'd rather not spend the rest of the winter TIED TO THIS FUCKING COUCH!
Posts
Hashing takes an input (like a password) and turns it into a 'hashed', unique output. Generally you hash passwords and store the hashes, rather than storing the passwords in plaintext (because you are fucked if someone finds the password list somehow). Here's a pretty straightforward explanation of what salting does. MD5 is a popular hash function.
Well, I'm not an expert on it, so people please correct me if I'm wrong, but
Encryption is when you take a set of data, perform some operation on it, and then output another set of data that can be returned to its original state using a key. If someone has the correct key, they have access to the encrypted data.
Hashing is where you take a set of data, perform some operation on it, and then output, more-or-less, a number. It's a one-way function-- the hash isn't long enough to store the actual data, so it's impossible to retrieve the data used to make the hash if that's all you have. When used for passwords, the system can check if the password is correct without actually storing it.
Edit: The hell, forums? This isn't my whole post.
This is the problem, Sony. You don't know what to share and what not to share.
Which is why I firmly believe it's probably what Sony used.
Damn what a clusterfuck, i hope they get the law all over this to slap Sony down. Bowing does not count.
This only makes sense if you are idiot who has never opened a intro level network security textbook. If this is indeed the case then it is an outstanding level of stupidity by Sony. Breathtaking.
The golden rule of client-server security is that you do not trust the client. Ever.
EDIT: Master key being secure or not you cannot have implicitly trusted clients and a secure network - it's unpossible.
I made a game, it has penguins in it. It's pay what you like on Gumroad.
Currently Ebaying Nothing at all but I might do in the future.
Well, considering the whole redev fiasco, I'd have to say... They didn't read those particular textbooks.
The known vulnerability was LEAVING THE GOOSING DOOR OPEN.
I made a game, it has penguins in it. It's pay what you like on Gumroad.
Currently Ebaying Nothing at all but I might do in the future.
I should totally work for Sony's PR firm, hah.
// Switch: SW-5306-0651-6424 //
It's a month of a service I'm not interested in to begin with anyway.
Satans..... hints.....
I know lolSony and everything, but in all seriousness, they are either thoroughly incompetent, or... I dunno. I cannot think of a single reason, outside of conspiracy theories that they're hiding another massive cockup, why they would deal with all this so poorly.
Agreed. Sony might think it's worth $49.99/£39.99 a year, but I certainly don't.
Edit: and it seems pretty clear that they are trying to make money from this fuck up. Hoping people will spend money on the Playstation Store with the PS+ discount.
Edit2: To clarify, they obv have lost money from it, but their reasons for giving people PS+ are profit motivated.
// Switch: SW-5306-0651-6424 //
The only.
Do you genuinely hold this opinion?
Switch: US 1651-2551-4335 JP 6310-4664-2624
MH3U Monster Cheat Sheet / MH3U Veggie Elder Ticket Guide
The month of PSN+ is bull. The free software better be good. The problem I see it's has to be something that works with the Go. I'm guessing it will also a game owned by Sony. A PS1 game is not going to cut it for me nor will a Mini. But what other games came be played on both a PSP & a PS3?
* I didn't watch the conference, just going on what I read in the thread.
This would be super. A shitty game and an advertisement for their paid service is not.
I actually think you're probably putting more thought into this than Sony did
While there is no evidence at this time that credit card data was taken, the company is committed to helping its customers protect their personal data and will provide a complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs. The implementation will be at a local level and further details will be made available shortly in each region."
Just sayin, Sony is offering something similar, I'd assume.
This, barring any effect of the recent Supreme Court decision...
PSN: SirGrinchX
Oculus Rift: Sir_Grinch
Exactly. What a shitty move; I'll be skipping that...
No credit card is needed for PSN+ or anything else on the store.
Then again, I am using Discover.
http://www.youtube.com/watch?v=p06h47glDKc
My Backloggery
There are ways to get purchased games up and running on a Go with the latest official firmware, as well as a large library of homebrew. I sent the guy with a Go a PM telling him this, and offering him instructions if he wanted them, and got no reply.
There is even a Homebrew store that functions similar to the PlayStation Store. You pick an application, and it's downloaded and installed automatically. All of this is possible on official firmware without modifying the device at all, and the homebrew selection is all completely legal.
I have a text reader, Google Maps app, Email client, and even Open Tyrian, among others, all running on 6.38, and it's all legal.
A PSP Go without PSN access is by no means useless.
More than that: Hashing your passwords and doing nothing else to them is a bad idea. If I'm a hacker who has an account with your service, I know my own password, and can use that with my hashed password to break the hash. That's why, usually, a hashed password is also salted, which means that random data is interspersed into it to make that process more difficult.
Hashing passwords without salting them is a pretty big no-no in the security world. Even if you're salting the passwords, if you're using stupid encryption like MD5 hashes or DES crypt, or using very little in the way of salting, you're hosed. For comparison, Gawker both salted and hashed their passwords (DES crypt with 12 bits of salting). When they were hacked wide open, most security analysts agreed they were extremely lacking in their cryptography.
So keep in mind Sony didn't salt the passwords, and we've got a reference point to go on.
If you're in America, Whoops! The Supreme Court just decided that if Sony doesn't want to, they don't have to go through class-action lawsuits. They can relegate you to individual arbitration - where the arbitrator's bread is pretty fucking well buttered on Sony's side.
Pretty good timing for them on that point.
Given that pretty much everyone will be gutting PSN+ for everything they can when everything is back up, do you get to keep the free games after you no longer have a PSN+ account? I believe that I heard in the past that anything you got free from PSN+ went away after your subscription was up...