The Glade 4.0

"Turn the lights down, the party just got wilder."
It is currently Sat Nov 23, 2024 10:48 pm

All times are UTC - 6 hours [ DST ]




Post new topic Reply to topic  [ 264 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6, 7 ... 11  Next
Author Message
 Post subject: Re: Re:
PostPosted: Thu Apr 28, 2011 4:59 pm 
Offline
User avatar

Joined: Sat Sep 05, 2009 9:09 pm
Posts: 614
Location: Salem, MA
I know no one is saying they are going to go off the grid, but saying you're not going get rid of Sony devices cause of this is just silly cause you're no more likely for this to happen with Sony than anyone else.

Raltar wrote:
fangirl much?


Not really, I like the PS3 over the 360 mainly because of Blu-ray, if i'm a fangirl of anything it would be Microsoft but for Windows as i'm more a PC gamer than a console gamer, in general I have preference for certain brands for certain products, but i'm not a blind fangirl of any one company and will buy any type of product from that company if I can. Really if anything the only type of fangirl I am is an anti-fangirl of Apple.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Apr 28, 2011 5:00 pm 
Offline
Web Ninja
User avatar

Joined: Wed Sep 02, 2009 8:32 pm
Posts: 8248
Location: The Tunt Mansion
Geohot comments on the issue: http://geohotgotsued.blogspot.com/2011/ ... -news.html

Quote:
To start, I sure am glad I don't have a PSN account about now. And, as a onetime victim of identity theft, I feel for everyone who's data has been stolen. I'm not going to make cracks at Sony for flipping a **** when /their/ data is compromised, and not even having the decency to apologize when it's your data that's misappropriated.

And to anyone who thinks I was involved in any way with this, I'm not crazy, and would prefer to not have the FBI knocking on my door. Running homebrew and exploring security on your devices is cool, hacking into someone elses server and stealing databases of user info is not cool. You make the hacking community look bad, even if it is aimed at douches like Sony.

One of the things I was contemplating back in early January was a PSN alternative, a place for jailbroken consoles to download homebrew and game without messing up anyone else's experience. Unfortunately events led me off of that path, but gamers, if I had succeeded you would have a place to game online with your PS3 right now. I'm one of the good guys. I used to play games online on PC, I hated cheaters then and I hate them now.

Also, let's not fault the Sony engineers for this, the same way I do not fault the engineers who designed the BMG rootkit. The fault lies with the executives who declared a war on hackers, laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts. Alienating the hacker community is not a good idea.

Now until more information is revealed on the technicals, I can only speculate, but I bet Sony's arrogance and misunderstanding of ownership put them in this position. Sony execs probably haughtily chuckled at the idea of threat modeling. Traditionally the trust boundary for a web service exists between the server and the client. But Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client(can't trust those pesky consumers), everything is good. Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server? This arrogance undermines a basic security principle, never trust the client. It's the same reason MW2 was covered in cheaters, EA even admitted to the mistake of trusting Sony's client. Sony needs to accept that they no longer own and control the PS3 when they sell it to you. Notice it's only PSN that gave away all your personal data, not Xbox Live when the 360 was hacked, not iTunes when the iPhone was jailbroken, and not GMail when Android was rooted. Because other companies aren't crazy.

And let's talk about Sony's use of the word illegal. It is illegal, criminally so, to break into someone else's servers. But when the same word is used to refer to streaming a song from a non RIAA approved website, or to *gasp* playing a homebrew game on your PS3, respect for the word and those who say it is lost.

Weighing in quickly on the whole hacker vs cracker thing. I am a hacker. Whoever did this were hackers also. The media will never start using the word cracker. To me, a hacker is just somebody with a set of skills; hacker is to computer as plumber is to pipes. And the same ethics should apply, if you want to mess with the pipes in your own house, go for it. But don't go breaking into people's houses and messing with their pipes. (Note that I do not endorse water piracy)

To the perpetrator, two things. You are clearly talented and will have plenty of money(or a jail sentence and bankruptcy) coming to you in the future. Don't be a dick and sell people's information. And I'd love to see a write up on how it all went down...lord knows we'll never get that from Sony, noobs probably had the password set to '4' or something. I mean, at least it was randomly generated.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Apr 28, 2011 5:07 pm 
Offline

Joined: Thu Sep 03, 2009 10:03 am
Posts: 4922
Quote:
Not really, I like the PS3 over the 360 mainly because of Blu-ray


Until I can stream Blu-ray through the Internet, I don't give a **** about it.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Apr 28, 2011 5:23 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
heh.. Blu Ray is a disc format...


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Thu Apr 28, 2011 5:25 pm 
Offline
Web Ninja
User avatar

Joined: Wed Sep 02, 2009 8:32 pm
Posts: 8248
Location: The Tunt Mansion
Lex Luthor wrote:
Until I can stream Blu-ray 1080p video and 5.1 channel sound through the Internet, I don't give a **** about it.


Netflix already streams 1080p/5.1 to PS3's.

Soooo... start giving a ****?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Apr 28, 2011 5:32 pm 
Offline
Near Ground
User avatar

Joined: Wed Sep 02, 2009 10:38 pm
Posts: 6782
Location: Chattanooga, TN
Tycho from Penny Arcade wrote:
There are differences of opinion here regarding how bad the Sony intrusion is. Well, not how bad it is. It’s pretty **** bad. It's mostly about whether or not the Internet will even remember something like this in another week's time. It took almost a week for them to speak with any clarity regarding the intrusion, and then when they did, it was worse than the rumors. Which I guess explains a lot.

They suggest that people might have stolen your credit card number. Not that they did, but that they might have, which is worse, and in my own (not especially complex) risk assessment utterly identical: cancel everything, full stop, consider this an opportunity to simmer a new password schema, activate 2-Step Authentication where available. Fume publicly. Also: shake my tiny fist at the unknowing and insensate sky.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Thu Apr 28, 2011 5:34 pm 
Offline
Grrr... Eat your oatmeal!!
User avatar

Joined: Wed Sep 02, 2009 11:07 pm
Posts: 5073
I would settle with being able to spray Napalm on the Executive board of Sony.

_________________
Darksiege
Traveller, Calé, Whisperer
Lead me not into temptation; for I know a shortcut


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Thu Apr 28, 2011 5:55 pm 
Offline
Consummate Professional
User avatar

Joined: Mon Sep 07, 2009 9:23 am
Posts: 920
Location: The battlefield. As always.
darksiege wrote:
FarSky wrote:
I canceled my debit card


I did this as well. Chase asked why, and as soon as the Word Sony left my mouth they had a temporary card in my hand and had ordered me a new one, completely expecting that response.

I had to change a couple of passwords, but not many.

I also contacted the credit groups and put that whole potential fraud, I hope someone pipe bombs the owner of SoE, alert on my credit stuff.


Conversely, my bank was "wtf is this" when I came in requesting a new card. I am mildly grumpy.

_________________
Image

Grenade 3 Sports Drink. It's fire in the hole.. Your hole!


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 28, 2011 6:48 pm 
Offline
Near Ground
User avatar

Joined: Wed Sep 02, 2009 10:38 pm
Posts: 6782
Location: Chattanooga, TN
I told mine that I wanted to cancel my card because it might have been compromised and I wanted to be on the safe side, and they were cool with it. All they wanted to know is if it was full-blown identity theft or if I just needed a new card. They even mentioned they had a "fun" account for stuff like this that would make it easier to track dangerous stuff like this if I wanted.


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Thu Apr 28, 2011 8:54 pm 
Offline

Joined: Thu Sep 03, 2009 10:03 am
Posts: 4922
Midgen wrote:
heh.. Blu Ray is a disc format...


I know... I meant quality equivalent.


Top
 Profile  
Reply with quote  
 Post subject: Re: Re:
PostPosted: Thu Apr 28, 2011 10:59 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
Lex Luthor wrote:
Until I can stream Blu-ray through the Internet, I don't give a **** about it

Lenas wrote:
Netflix already streams 1080p/5.1 to PS3's.

Soooo... start giving a ****?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Apr 29, 2011 11:55 am 
Offline

Joined: Thu Sep 03, 2009 10:03 am
Posts: 4922
Compressed 1080p isn't Blu-ray quality... and I have Netflix.


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 29, 2011 1:29 pm 
Offline
User avatar

Joined: Fri Sep 04, 2009 7:40 am
Posts: 4281
In other news, Hulu Plus is out for 360 today. Really drivin' that stake into Sony this week.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Apr 29, 2011 4:13 pm 
Offline
The Scaled Claw
User avatar

Joined: Thu Sep 03, 2009 1:15 am
Posts: 190
http://www.gameinformer.com/b/news/arch ... iracy.aspx

Quote:
UPDATE 4/29:

Hackers that claim to have the stolen PSN data are attempting to sell credit card information on several message boards. They claim to have names, addresses, phone numbers, email addresses, birth dates, and full credit card information (number, expiration, and security code) for sale. TrendMicro security expert Kevin Stevens says that they offered to sell the information back to Sony, but the company refused.

Stevens also says that 2.2 million credit cards are included in the database. Reports of fraudulent charges have been popping up on Twitter, on message boards, and in the inboxes of gaming journalists. There's no way to know for sure whether these claims are true, and even if they are there's no way to determine if they're tied to the PSN breach.

Source: cnet


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Fri Apr 29, 2011 5:18 pm 
Offline
The Scaled Claw
User avatar

Joined: Thu Sep 03, 2009 1:15 am
Posts: 190
Sasandra wrote:
honestly I would bet Sony's existing security measures were just as secure as say your bank.


If your bank stored all of your info in **** PlainText I'd suggest you get a new damn bank. All of your personal info on PSN is stored and transmitted in PlainText. The colossal level of **** right there is astounding.


Top
 Profile  
Reply with quote  
PostPosted: Fri Apr 29, 2011 5:22 pm 
Offline
User avatar

Joined: Thu Sep 24, 2009 4:57 am
Posts: 849
I should point out that my friend's credit card with the 1,500 charges was used solely for PSN. Even if you don't believe much in coincidences, it's pretty overwhelmingly in favor of it being a result of the PSN intrusion.

Incidentally it worked out alright for her, outside of losing the credit card (chose not to get a new one when getting the problem taken care of). Still was a pretty scary event to go through, though.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Apr 29, 2011 5:25 pm 
Offline
I am here, click me!
User avatar

Joined: Wed Sep 02, 2009 8:00 pm
Posts: 3676
I'm sure there are a lot of people on the PSN. But if even 2 of these people suddenly have charges they didn't make on their credit cards, it isn't that hard to make the connection. And it isn't just 2. These stories are popping up all over the place. Could some of them be Sony haters trying to stir the **** pot? Sure. But some of them are people I trust(I don't think Noggel would come in here and lie to us about his friend's card being used, for example). So yeah, your **** is compromised. Not canceling the card you used for the PSN is kinda like asking for it to be used at this point.

_________________
Los Angeles Kings 2014 Stanley Cup Champions

"I love this **** team right here."
-Jonathan Quick


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Apr 29, 2011 5:32 pm 
Offline
Web Ninja
User avatar

Joined: Wed Sep 02, 2009 8:32 pm
Posts: 8248
Location: The Tunt Mansion
I'm not sure it's completely legit that hackers are claiming to have CVC codes. Sony's official Q&A on the subject said they don't even store them. Sony would be very careful about making that statement. If they claimed not to store the codes and it's found out they do/did, that's an automatic class action waiting to happen.

Sony wrote:
Q: Was my credit card data taken?
A: While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system. UPDATE: While we do ask for CCV codes, we do not store them in our database.


Lucky for me I just realized I've never made a purchase on PSN with my current cards so I'm in the clear :p


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Apr 29, 2011 6:41 pm 
Offline
Manchurian Mod
User avatar

Joined: Fri Sep 04, 2009 9:40 am
Posts: 5866
A CCV code, if it's the number I'm thinking of, is only a three digit number. That's hardly a robust security system that prevents the use of a card.

I suppose I should clarify.

Let's suppose that you have just come into possession of a million distinct credit card numbers. Let's pick a random three-digit number. Say... 713. Out of the million credit card numbers you possess, that number's going to work for several of them. Statistically speaking, it's going to work for a thousand of them.

Now let's assume that you've just hacked Apple's entire app store database. You're able to take advantage of 0.1% of the credit cards you just stole. Have you stolen enough functioning credit card number and CCV combinations to make this effort worth your time?

_________________
Buckle your pants or they might fall down.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Apr 29, 2011 6:52 pm 
Offline
Web Ninja
User avatar

Joined: Wed Sep 02, 2009 8:32 pm
Posts: 8248
Location: The Tunt Mansion
Point made. Sony still claims that the credit card numbers themselves were encrypted, though, which aside from here-say I have yet to see proven false.

I wouldn't be surprised if the group did have contact information, but were only claiming to have CC information to a) make more trouble for Sony and b) get more money out of whoever wants to buy the info. Anyway, not saying I believe Sony. I'm not sure that I'll be buying more of their products after this whole jailbreak/hacker business over the last few months either. They could have handled things so much better, and none of this would have happened.


Top
 Profile  
Reply with quote  
PostPosted: Sun May 01, 2011 8:41 am 
Offline
Eatin yur toes.
User avatar

Joined: Mon Sep 07, 2009 2:49 am
Posts: 836
Encrypted does not mean secure. Sonys software has to decrypt the numbers to bill you. It's likely they were using standard db table or column encryption. This means it's easy to find the key to decrypt if you've owned the system; the encryption just protects when the data is transfered offsite away from the key - backup tapes, etc - not the case when your live app is compromised.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun May 01, 2011 12:12 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
Yes, protecting data-at-rest from someone who has access to your network is nearly impossible, regardless of whether it's encrypted or not.

And based on some of the comical quotes in their latest interview, it doesn't sound like Sony is even capable of basic vulnerability assessment and patching.

http://news.yahoo.com/s/pcworld/2011050 ... workattack

PCWorld via Yahoo News wrote:
Management at Sony Network Entertainment International, the company that manages the network platform for the two services, wasn't aware of the vulnerability, said Hasejima.


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Sun May 01, 2011 1:17 pm 
Offline
Grrr... Eat your oatmeal!!
User avatar

Joined: Wed Sep 02, 2009 11:07 pm
Posts: 5073
PCWorld via Yahoo News should have wrote:
"Originally I asked to kill myself and retain some honor, but now, they are forcing me to live with this shame and bring it on my family as well... They said LOL newb and told me I was pwnt", said Hasejima.


Corrected to satisfy my own personal irritation and inconvenience.

_________________
Darksiege
Traveller, Calé, Whisperer
Lead me not into temptation; for I know a shortcut


Last edited by darksiege on Sun May 01, 2011 6:10 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun May 01, 2011 4:46 pm 
Offline
Manchurian Mod
User avatar

Joined: Fri Sep 04, 2009 9:40 am
Posts: 5866
You have that backwards. Your lord does not ask you to kill yourself. (For that matter, he doesn't ask you to do anything, he just tells you what you're going to do). You request permission from your lord to kill yourself and regain your honor.

_________________
Buckle your pants or they might fall down.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Sun May 01, 2011 6:11 pm 
Offline
Grrr... Eat your oatmeal!!
User avatar

Joined: Wed Sep 02, 2009 11:07 pm
Posts: 5073
edited for accuracy.

_________________
Darksiege
Traveller, Calé, Whisperer
Lead me not into temptation; for I know a shortcut


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 264 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6, 7 ... 11  Next

All times are UTC - 6 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 12 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group