Quake3World.com Forums
     General Discussion
        So this PSN/Sony Hacker Drama...
Post new topicReply to topic
Login | Profile | | FAQ | Search | IRC




Previous topic | Next topic 
Topic Starter Topic: Re: So this PSN/Sony Hacker Drama...
Transient
Arrr?
Arrr?
Joined: 09 Feb 2001
Posts: 35465
PostPosted: 05-01-2011 07:57 PM           Profile Send private message  E-mail  Edit post Reply with quote


Class action lawsuits to follow...



_________________
YourGrandpa wrote:
I'm satisfied with voicing my opinion and moving on.
Top
                 
Eraser
Cool #9
Cool #9
Joined: 01 Dec 2000
Posts: 44149
PostPosted: 05-01-2011 11:24 PM           Profile   Send private message  E-mail  Edit post Reply with quote


Transient wrote:
Class action lawsuits to follow...

First one has already been announced last week actually
Top
                 
Foo
Timed Out
Timed Out
Joined: 02 Aug 2000
Posts: 38067
PostPosted: 05-01-2011 11:55 PM           Profile   Send private message  E-mail  Edit post Reply with quote


The results of that could be interesting for companies like EA that regularly close off online services.
Top
                 
Eraser
Cool #9
Cool #9
Joined: 01 Dec 2000
Posts: 44149
PostPosted: 05-02-2011 12:09 AM           Profile   Send private message  E-mail  Edit post Reply with quote


Depends on whether or not they're suing over the unavailability of the system or the loss of private information, including credit card details.

I don't think they're suing over the system being unavailable, as Sony pretty much covered that in their terms of service. As a consumer, you pretty much have no leg to stand on in this case because you accepted their ToS, which in this area, apparently don't state anything unreasonable. There was a short article about this on Kotaku or Slashdot (can't remember which) last week.
Top
                 
GONNAFISTYA
Glayven?
Glayven?
Joined: 23 Jan 2005
Posts: 13025
PostPosted: 05-02-2011 12:45 AM           Profile Send private message  E-mail  Edit post Reply with quote


It's not too bad when you think about it. When you accept Apple's ToS they'll sew your mouth to a chinese person's ass and feed him burritos.
Top
                 
Transient
Arrr?
Arrr?
Joined: 09 Feb 2001
Posts: 35465
PostPosted: 05-02-2011 03:28 AM           Profile Send private message  E-mail  Edit post Reply with quote


Or give him a choice between cuddlefish and vanilla pudding.



_________________
YourGrandpa wrote:
I'm satisfied with voicing my opinion and moving on.
Top
                 
VolumetricSteve
Insane Quaker
Insane Quaker
Joined: 05 Nov 2010
Posts: 449
PostPosted: 05-02-2011 08:00 AM           Profile Send private message  E-mail  Edit post Reply with quote


Jumping in:

Screw Sony. This is retarded. When the PS3 was coming out, they promised linux, multiple video outs, two gigabit ports, full PS1/PS2 backwards compatibility, blu-ray support and a ton of other garbage, the thing was slated to be a modern day C64....Today, we've finally arrived at ...most bluray movies work....and...it plays PS3 games, which need to be patched, getting one step closer to the shoddy design that goes into PC stuff. I remember the thing with rootkits on audio CDs too. I can't think of too many other companies that have expressed SO CLEARLY that they couldn't possibly give less of a crap about their customers, old and new, than Sony has. Ugh.
Top
                 
bitWISE
god xor reason
god xor reason
Joined: 08 Dec 1999
Posts: 21100
PostPosted: 05-02-2011 08:56 AM           Profile   Send private message  E-mail  Edit post Reply with quote


Yea, wasn't removing the OtherOS feature supposed to prevent this? lol
Top
                 
VolumetricSteve
Insane Quaker
Insane Quaker
Joined: 05 Nov 2010
Posts: 449
PostPosted: 05-02-2011 10:52 AM           Profile Send private message  E-mail  Edit post Reply with quote


Removing the OtherOS feature accomplished two things:

* Pissing me off

* Pissing lots of other people off

They justified it by saying it'd reduced their support call volume. I don't give a crap about THEIR problems, I bought a product they advertised with certain features, and then took them away because...they don't feel like dealing with it? I'll most likely never buy a Sony product first hand ever again. They don't need any more of my money, or anyone else's.
Top
                 
U4EA
i liek boobies
i liek boobies
Joined: 26 Nov 2000
Posts: 11930
PostPosted: 05-02-2011 08:55 PM           Profile Send private message  E-mail  Edit post Reply with quote


Here's your bow of apology from Sony execs, CEO Kazuo Hirai [center], senior vice presidents Shiro Kambe [left] and Shinji Hasejima [right]:

Image

Oh, and btw there's a newly reported SOE breach: Sony admitted that some credit card numbers and bank account numbers from European customers held on an oudated database may have been obtained in this newly discovered SOE breach.
Top
                 
MKJ
Messatsu Ko Jy-ouu
Messatsu Ko Jy-ouu
Joined: 24 Nov 2000
Posts: 44139
PostPosted: 05-03-2011 12:50 AM           Profile   Send private message  E-mail  Edit post Reply with quote


doesnt get more lolleriffic than this.
Top
                 
U4EA
i liek boobies
i liek boobies
Joined: 26 Nov 2000
Posts: 11930
PostPosted: 05-05-2011 03:21 AM           Profile Send private message  E-mail  Edit post Reply with quote


Sony wrote:
We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”
Top
                 
U4EA
i liek boobies
i liek boobies
Joined: 26 Nov 2000
Posts: 11930
PostPosted: 05-06-2011 03:49 AM           Profile Send private message  E-mail  Edit post Reply with quote


Anonymous responds.
Top
                 
AmIdYfReAk
Elite
Elite
Joined: 10 Feb 2000
Posts: 28023
PostPosted: 05-07-2011 01:43 PM           Profile Send private message  E-mail  Edit post Reply with quote


That is a good read.
Top
                 
mrd
Elite
Elite
Joined: 25 Mar 2000
Posts: 10055
PostPosted: 05-07-2011 02:17 PM           Profile Send private message  E-mail  Edit post Reply with quote


It certainly seems out of character for them considering the other stuff they've been engaged in.
Top
                 
mrd
Elite
Elite
Joined: 25 Mar 2000
Posts: 10055
PostPosted: 05-07-2011 02:29 PM           Profile Send private message  E-mail  Edit post Reply with quote


A third attack planned: http://news.cnet.com/friday-poll-hacker ... 444-1.html

Quote:
The next blow, should it happen, could prove to be one of the worst public relations disasters to ever strike a consumer electronics company. Hackers say they have access to some of Sony's servers and plan to publicize all or some of the information they can copy from those servers. This may include consumers' credit card details. (A source tells CNET that this group of hackers claims to have access to Sony's servers, which are different from the servers already hacked to expose more than 77 million user accounts.)

Such private information would undoubtedly travel quickly around the world through torrents and download sites. Sadly, the vessel for this material would most likely be a simple text file, perhaps only 10MB-20MB in size. That may not sound like a large file, but in terms of pure text, its a bible's worth of names and numbers. Countless credit/debit cards would have to be replaced, and identities would have to be protected (for free, courtesy of Sony). Trust would be lost, perhaps never to be gained again.
Top
                 
Transient
Arrr?
Arrr?
Joined: 09 Feb 2001
Posts: 35465
PostPosted: 05-07-2011 02:54 PM           Profile Send private message  E-mail  Edit post Reply with quote


That's just peachy. :disgust:



_________________
YourGrandpa wrote:
I'm satisfied with voicing my opinion and moving on.
Top
                 
Tsakali
opa!
opa!
Joined: 02 Mar 2000
Posts: 14658
PostPosted: 05-07-2011 03:41 PM           Profile Send private message  E-mail  Edit post Reply with quote


ouch. being that i don't know shit about high level security and hacking, not sure how much of this was their own fault,and not sure that if someone with the right knowhow targets you if there is really anything realistic you can do to prevent it.
Top
                 
mrd
Elite
Elite
Joined: 25 Mar 2000
Posts: 10055
PostPosted: 05-07-2011 04:16 PM           Profile Send private message  E-mail  Edit post Reply with quote


I'm honestly surprised that Sony didn't take their entire company's network off the internet when they discovered the first breach. Obviously this is a huge step to take but when your entire global reputation is on the line, huge steps have to be taken. I think it was pretty naive of them to think that if their PSN got fucked over that something else was not in the pipe or already in the process of happening. The timing of all these events together is problematic for Sony, what with Anonymous claiming to have their own on-going operation in the midst of all this other hacking and distribution of their data.

It's the same old story, and you hit it on the head Tsakali, if there is a will, there is a way. The problem with network security is that breaches of this scale are so uncommon that they are essentially a black swan. Network ops get complacent because they just see the same bullshit all day, every day in the logs. From their perspective, a well planned attack is virtually impossible to predict or prepare for and indeed, a well planned attack would get through anyway, as this one did. I think as this progresses people are going to start realizing that nothing is sacred and nothing is safe, because it isn't. I personally don't have much pity for any of the people who lost their shit nor do I have pity for Sony. Be more diligent with who you give your fucking personal information to, especially when it's a multi-billion dollar corporation who likes to do shit like store all data collected from every user, ever, in a large server farm.

This could get interesting in the next few days...
Top
                 
Foo
Timed Out
Timed Out
Joined: 02 Aug 2000
Posts: 38067
PostPosted: 05-07-2011 05:49 PM           Profile   Send private message  E-mail  Edit post Reply with quote


mrd wrote:
I'm honestly surprised that Sony didn't take their entire company's network off the internet when they discovered the first breach.

That just wouldn't happen. Corporations are big beasts and there's no way there's a single IT faction responsible for the entire infrastructure. They're separate business units and lots of isolated silos. If your website gets hacked you don't shut down your company's internal domain controllers, but that's essentially the kind of thinking you'd need to take a company with multiple online presences 'off the grid'. There'd be no logic in doing that.

Quote:
Obviously this is a huge step to take but when your entire global reputation is on the line, huge steps have to be taken.


I think they did take a huge step. Downing the entire PSN is a huge step.

Quote:
I think it was pretty naive of them to think that if their PSN got fucked over that something else was not in the pipe or already in the process of happening.

Absolutely. Though this is a classic IT problem - You run day-to-day with a particular number of operatives, and as soon as a big problem hits, you divert many of them into fixing that problem. If a second problem comes your way at that same time, most of your operatives are distracted with the first problem. Sony did the only logical thing which was engaging with an outside specialist to bulk up the number of operatives they had. The problem with this of course is that outside parties aren't intimate with your systems. You still have to take some people away from the front line and divert them to the issue. So you still weaken your overall IT operations ability whenever you're responding to a crisis.

Quote:
The problem with network security is that breaches of this scale are so uncommon that they are essentially a black swan.


I disagree. They're certainly a big scary unknown to your day-to-day sysadmin (myself included), but there are security specialists that deal with this kind of thing every day in other fields such as banking and stocks, and there's a big body of knowledge building up around the subject that has been accumulating for decades. Of course, this knowledge tends to be concentrated around a few specialist consulting outfits, but I don't think it's reasonable to say that this kind of attack is a 'black swan'.

Quote:
Network ops get complacent because they just see the same bullshit all day, every day in the logs. From their perspective, a well planned attack is virtually impossible to predict or prepare for and indeed, a well planned attack would get through anyway, as this one did.


True. Or more accurately, it's very rare that management dedicates sufficient man hours to what is perceived as a low-likelihood risk, especially if your business isn't one of the classic targets (banking, politics). The answer to this is adopting and applying appropriate strategies and principles, such as Defense in depth. Of course, if you're a network admin in a team of 5 that would need a team of 10 to have the time just to implement those things, stuff just isn't going to get done.

Ultimately I think the Sony breaches are a direct consequence of this - Sony had x number of IT staff and those staff implemented these systems, but didn't choose to spend or weren't permitted to spend sufficient time implementing security into those systems. Or they didn't have sufficient knowledge/training to know that they should even be doing it. Stuff like hashing and salting passwords stored in a database are fundamental web programming basics, but personally I've seen it demonstrated time and time again that many (perfectly intelligent and otherwise capable) developers simply never got taught this, and other very important concepts.

There are also still wide gulfs of misunderstanding between developers and operations, and there's a necessary symbiotic relationship between them that simply isn't present in most organizations. This results in devs releasing insecure systems and ops implementing them while each side will rely on being able to blame the other. This is the 'not my problem' culture that I reckon probably got Sony into this doo-doo.


Edit: LOL WALL OF TEXT
Top
                 
mrd
Elite
Elite
Joined: 25 Mar 2000
Posts: 10055
PostPosted: 05-08-2011 01:50 PM           Profile Send private message  E-mail  Edit post Reply with quote


Aye, good points. I guess it's easy for me to say "Sony should have done this and done that" after everything has happened and as a third-party observer. I suppose when you're in the thick of it and your multi-billion dollar company is getting fucked by random dude #742 on the internet, its a bit unnerving. But... what you said about the not-my-problem culture is essentially what it boils down to. Maybe they should start teaching more network admins to get into network programming and developing their own applications, etc. instead of relying on third party software? Or is that generally what happens at the moment?

ps - I love walls of text
Top
                 
Foo
Timed Out
Timed Out
Joined: 02 Aug 2000
Posts: 38067
PostPosted: 05-09-2011 05:37 AM           Profile   Send private message  E-mail  Edit post Reply with quote


mrd wrote:
Maybe they should start teaching more network admins to get into network programming and developing their own applications, etc. instead of relying on third party software? Or is that generally what happens at the moment?


Tricky. Each is its own dedicated role nowadays, as each takes someone concentrating at it full-time for years to develop necessary skills and a body of knowledge.

2 things apparently went wrong on a fundamental level over at Sony:

1. Someone breached the network perimeter - Sysadmin issue
2. The data that was obtained during the breach was able to be read - Developer issue

I'm hoping more info becomes available over the next couple of months (I'd love it if there were an HBGary-style email leak as well) as this appears to be a great case study for how to do things wrong.
Top
                 
Eraser
Cool #9
Cool #9
Joined: 01 Dec 2000
Posts: 44149
PostPosted: 05-09-2011 05:47 AM           Profile   Send private message  E-mail  Edit post Reply with quote


mrd wrote:
Be more diligent with who you give your fucking personal information to, especially when it's a multi-billion dollar corporation who likes to do shit like store all data collected from every user, ever, in a large server farm.


That's an Utopian ideology. These days, you cannot do anything that involves computers without divulging personal information. One could say that you simply shouldn't give up personal info like your name or address, but then you're opting out of so many services Internet provides that I don't think it's realistic to not give up some portion of your private info.

I'm not talking about putting your whole life on Facebook here, but something simple as placing an online order with your creditcard simply requires you to give up name and address info. And still, even the more diligent people would expect a large company like Sony to have their shit together, right? That may be naive, but compared to "www.bobs-second-hand-cars-and-assault-rifles.com" Sony should be a lot more worthy of that trust.
Top
                 
Eraser
Cool #9
Cool #9
Joined: 01 Dec 2000
Posts: 44149
PostPosted: 05-09-2011 05:53 AM           Profile   Send private message  E-mail  Edit post Reply with quote


mrd wrote:
Maybe they should start teaching more network admins to get into network programming and developing their own applications, etc. instead of relying on third party software? Or is that generally what happens at the moment?


I don't think that's what happening and I don't think it should either. You see, if everyone will start developing their software for themselves, each and everyone will fall into the same traps. One piece of software that's constantly being reviewed by different people and used on thousands of online services has a lot bigger chance of becoming secure than if you have 100 different applications that power one or two websites. All 100 are most likely to share the same faults.

Of course, software being popular in use also means it's a meaty target for hackers. Hack it, and you've got yourself access to countless of sites and services, which may not all be as strict in keeping up with the latest software updates as they should be.
Top
                 
Kenrohan
Gibblet
Gibblet
Joined: 09 May 2011
Posts: 14
PostPosted: 05-09-2011 10:24 AM           Profile Send private message  E-mail  Edit post Reply with quote


The Hacker managed to bring down all of Sony, websites, games everything is down. =(
Top
                 
Transient
Arrr?
Arrr?
Joined: 09 Feb 2001
Posts: 35465
PostPosted: 05-09-2011 11:07 AM           Profile Send private message  E-mail  Edit post Reply with quote


Sony Offering Free ‘AllClear ID Plus’ Identity Theft Protection in the United States through Debix, Inc.
http://blog.us.playstation.com/2011/05/ ... debix-inc/



_________________
YourGrandpa wrote:
I'm satisfied with voicing my opinion and moving on.
Top
                 
mrd
Elite
Elite
Joined: 25 Mar 2000
Posts: 10055
PostPosted: 05-10-2011 09:33 PM           Profile Send private message  E-mail  Edit post Reply with quote


Eraser wrote:
mrd wrote:
Be more diligent with who you give your fucking personal information to, especially when it's a multi-billion dollar corporation who likes to do shit like store all data collected from every user, ever, in a large server farm.


That's an Utopian ideology. These days, you cannot do anything that involves computers without divulging personal information. One could say that you simply shouldn't give up personal info like your name or address, but then you're opting out of so many services Internet provides that I don't think it's realistic to not give up some portion of your private info.

I'm not talking about putting your whole life on Facebook here, but something simple as placing an online order with your creditcard simply requires you to give up name and address info. And still, even the more diligent people would expect a large company like Sony to have their shit together, right? That may be naive, but compared to "www.bobs-second-hand-cars-and-assault-rifles.com" Sony should be a lot more worthy of that trust.


I suppose you're right. I try to give only as much info. out as is needed to complete whatever the transaction is. I honestly don't trust anyone, especially not a faceless corporation over the internet. I've actually been thinking I should change my credit card number simply because of all this bullshit that's been going on lately. I would agree that Sony should be more trustworthy than bob's rifles.com but it's really hard to say. Sometimes the little guys are the ones who put more work in where it counts. To draw a comparison, take a look at most Linux distros. They're free, open source and developed by countless folk in their spare time. Many people would argue they are better than Windows in almost every aspect, which is expensive, slow, closed-source and developed by a massive bureaucratic process. Obviously it's not the same situation as X-company getting hacked, I'm just trying to draw a correlation between the little guys and a solid product/work ethic.

RE: You make some valid points about the software but I guess my point was driving toward competent software engineers/network administrators who design custom software that is catered specifically to their network architecture and would not be used in any other situation. Obviously this would mean a lot of redundant code being generated and such but... to me, when the alternative is a compromised system, I would rather go the extra mile and instill something unique. And you've already mentioned why this could be a useful tactic... if 10,000 companies all use XYZ program to do their firewalling or whatever, and all the hackers know it... hack one company, you've hacked 10,000. If most sysadmins were also fluent, competent and driven software engineers, my guess is that it would be a lot harder to hack into them. Pair them up with a good electrical engineer or two and design some custom hardware... it'd be nigh on fucking impossible to breach that sort of arrangement. I guess that is sort of Utopian too, but I don't think it should be.
Top
                 
Κracus
Lead Pipe Mafia
Lead Pipe Mafia
Joined: 15 Oct 2007
Posts: 5955
PostPosted: 05-11-2011 07:50 AM           Profile   Send private message  E-mail  Edit post Reply with quote


I hacked PSN. It was fun.
Top
                 
Eraser
Cool #9
Cool #9
Joined: 01 Dec 2000
Posts: 44149
PostPosted: 05-11-2011 12:37 PM           Profile   Send private message  E-mail  Edit post Reply with quote


Hacked it with a lead pipe I bet
Top
                 
r0n1n
Insane Quaker
Insane Quaker
Joined: 19 Dec 2002
Posts: 445
PostPosted: 05-14-2011 06:39 PM           Profile Send private message  E-mail  Edit post Reply with quote


Looks like psn is back up. You'll have to change your password once you try and login though. Hard to believe that was 24 days or so of down time.
Top
                 
o'dium
Eh?
Eh?
Joined: 25 Mar 2001
Posts: 32049
PostPosted: 05-15-2011 02:53 AM           Profile   Send private message  E-mail  Edit post Reply with quote


Whats the free stuff games wise? ATM I'm still on the fence about upgrading because I never bothered to stick a USB HDD on it to play backup games anyway, but if theres some half decent free shit (that isn't Resistance) then I may just upgrade for a larf...
Top
                 
brisk
puzl
puzl
Joined: 06 May 2000
Posts: 30344
PostPosted: 05-15-2011 03:42 AM           Profile Send private message  E-mail  Edit post Reply with quote


I'm not upgrading. Showtime is the killer homebrew app everyone wanted for the PS3 and theres no way i'm gonna lose it. Sony should just sign it for them and make it an official downloadable app. Or better yet, give proper MKV support to the actual PS3 video player :up:
Top
                 
MKJ
Messatsu Ko Jy-ouu
Messatsu Ko Jy-ouu
Joined: 24 Nov 2000
Posts: 44139
PostPosted: 05-15-2011 06:22 AM           Profile   Send private message  E-mail  Edit post Reply with quote


lets see how long it takes for it to be hacked again
Top
                 
Don Carlos
Unquantifiable Abstract
Unquantifiable Abstract
Joined: 31 Dec 1969
Posts: 52137
PostPosted: 05-15-2011 07:39 AM           Profile   Send private message  E-mail  Edit post Reply with quote


Wont be long...
Top
                 
o'dium
Eh?
Eh?
Joined: 25 Mar 2001
Posts: 32049
PostPosted: 05-15-2011 07:52 AM           Profile   Send private message  E-mail  Edit post Reply with quote


Was reading DCEmu forums earlier and theres already talk of an exploit found... That doesn't mean that NETWORK is hacked again, but it does mean theres a possible backdoor to getting homebrew back...

The same thing happened with PSP ages ago. They kept making the system harder and harder to crack and then one day decided to re-write huge chunks to make it impossible for hackers, btu actually ended up adding more holes that could be exploited.
Top
                 
Quake3World.com | Forum Index | General Discussion


Post new topic Reply to topic


cron
Quake3World.com
© ZeniMax. Zenimax, QUAKE III ARENA, Id Software and associated trademarks are trademarks of the ZeniMax group of companies. All rights reserved.
This is an unofficial fan website without any affiliation with or endorsement by ZeniMax.
All views and opinions expressed are those of the author.