The Glade 4.0

"Turn the lights down, the party just got wilder."
It is currently Sun Nov 24, 2024 1:26 am

All times are UTC - 6 hours [ DST ]




Post new topic Reply to topic  [ 264 posts ]  Go to page Previous  1 ... 3, 4, 5, 6, 7, 8, 9 ... 11  Next
Author Message
 Post subject:
PostPosted: Tue May 03, 2011 2:16 pm 
Offline
The Scaled Claw
User avatar

Joined: Thu Sep 03, 2009 1:15 am
Posts: 190
http://kotaku.com/#!5798109/sony-declin ... or-answers


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Tue May 03, 2011 2:20 pm 
Offline
User avatar

Joined: Wed Sep 02, 2009 7:59 pm
Posts: 9412
Hopwin wrote:
Great, I quit EQ 10 years ago and now my data has been exposed/compromised/whatever.

What a coincidence! You quit EQ around the same time they fired their database guy!

_________________
"Aaaah! Emotions are weird!" - Amdee
"... Mirrorshades prevent the forces of normalcy from realizing that one is crazed and possibly dangerous. They are the symbol of the sun-staring visionary, the biker, the rocker, the policeman, and similar outlaws." - Bruce Sterling, preface to Mirrorshades


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue May 03, 2011 3:02 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
So, it's really Hopwin's fault? If he had kept his sub active they could have paid the server admin responsible for patching and upgrades?


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Tue May 03, 2011 3:03 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
Sean wrote:
http://kotaku.com/#!5798109/sony-declines-to-testify-at-congressional-hearings-but-is-cooperating-with-request-for-answers


I honestly think they aren't testifying because they don't have a freaking clue whats going on. I mean we are 3 weeks into this and they are still discovering what happened.


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Tue May 03, 2011 3:29 pm 
Offline
User avatar

Joined: Fri Sep 04, 2009 7:40 am
Posts: 4281
Midgen wrote:
So, it's really Hopwin's fault? If he had kept his sub active they could have paid the server admin responsible for patching and upgrades?


Yup. I'm pretty sure that's what they were paying their database guy, the amount of Hop's monthly sub. No wonder he left!


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Tue May 03, 2011 5:21 pm 
Offline
The Dancing Cat
User avatar

Joined: Wed Nov 04, 2009 2:21 pm
Posts: 9354
Location: Ohio
I suck

_________________
Quote:
In comic strips the person on the left always speaks first. - George Carlin


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Wed May 04, 2011 10:35 am 
Offline
Lean, Mean, Googling Machine
User avatar

Joined: Thu Sep 03, 2009 9:35 am
Posts: 2903
Location: Maze of twisty little passages, all alike
Xequecal wrote:
More info on this has come out, apparently SOE was running really old versions of Apache (2.2.17) from 2005 with known vulnerabilities and that let people get in and access their databases.

This may be true, but the specifics are garbled. 2.2.17 is the latest stable release of Apache 2. I can't find a timeline, but the first CVE-2006-wxyz reference I can find in the changelog was for 2.0.59, so they were running something less than that.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed May 04, 2011 11:54 am 
Offline
The Scaled Claw
User avatar

Joined: Thu Sep 03, 2009 1:15 am
Posts: 190
Annnnnnnnnnd Canada comes out swinging.

Canada Wants $1 Billion From Sony:
http://www.joystiq.com/2011/05/04/canad ... e-tune-of/


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed May 04, 2011 12:28 pm 
Offline
Web Ninja
User avatar

Joined: Wed Sep 02, 2009 8:32 pm
Posts: 8248
Location: The Tunt Mansion
Release to congress today announced that ALL (77 million) PSN/Qriocity accounts have been compromised in some way, though Sony still can't confirm what information was actually taken. 12.3 million CC numbers were on file, a little over 5 million of which were in the US.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed May 04, 2011 1:22 pm 
Offline
Lean, Mean, Googling Machine
User avatar

Joined: Thu Sep 03, 2009 9:35 am
Posts: 2903
Location: Maze of twisty little passages, all alike
Netcraft shows that soe.com switched from the Apache 2.0.x series (2.0.59) to the 2.2.x series (2.2.3) in late 2006 (not unreasonable). However, they never upgraded again. 2.2.3 was released in July of 2006. At the time of the incident, they were over 4 years and 14 releases behind. I highly doubt they backported security patches along the way.

What's even more shameless about this is that they obviously didn't even try to hide their Apache version (not that I believe in security through obscurity, but most big operations like this do, just on general principle).

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.


Top
 Profile  
Reply with quote  
PostPosted: Wed May 04, 2011 2:40 pm 
Offline

Joined: Sat Oct 24, 2009 5:44 pm
Posts: 2315
2.2.17 is a later release than 2.2.3? Ok, that boggles the mind.

The real problem is they're running MMOs, and the intrustion happened on April 16. They can't just roll everything back three weeks from backup. That means there's no way they can ever be sure they've cleaned out whatever backdoors the hackers may or may not have installed on their systems.


Top
 Profile  
Reply with quote  
PostPosted: Wed May 04, 2011 3:01 pm 
Offline
Lean, Mean, Googling Machine
User avatar

Joined: Thu Sep 03, 2009 9:35 am
Posts: 2903
Location: Maze of twisty little passages, all alike
Xequecal wrote:
2.2.17 is a later release than 2.2.3? Ok, that boggles the mind.

Most OSS projects follow the convention that a version string is not to be treated as a literal decimal number. The decimal just acts as a field separator. Each field is simply incremented:

<major version>.<minor version>.<release no>.<build no>

The build number is usually omitted for public releases, at least once development has reached a stable milestone.

Odd numbered minor versions usually (bot not always) indicate an "unstable" (i.e. testing/development) branch. So 2.2.17 is the 18th release of the 2.2 series (2.2.0 was the first). This is a distinctly different critter from 2.2.1.7.

Commercial Windows software tends to be all over the map, and the versioning of Windows itself is a complete ****. The actual internal version number of Winows 7 is actually 6.1, for instance...

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed May 04, 2011 3:02 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
An update (nothing really new here)

http://www.soe.com/securityupdate/recentupdates.vm

soe.com wrote:
May 4, 2011

We want to thank you again for your patience as we work to get the SOE services back up and running. We received several questions and comments relating to the criminal attack to our network and would like to address some of the most common questions today. We are also going to continue to post updates to this website with new information as they become available.

We appreciate your continued patience and feedback.

Thank you,
Sony Online Entertainment

When will SOE's services be back online?
We have been working around the clock to restore operations as quickly as possible, and we expect to have some of our games and services up and running soon. However, we want to be very clear that we will only restore operations when we believe that the network is secure.

How is the SOE intrusion related to the PSN/Qriocity intrusion? Was this a second attack on SOE?
While the two systems are distinct and operated separately, given that they are both under the Sony umbrella, there is some degree of overlap in design. The attacks were similar in nature. This is NOT a second attack; new information has been discovered as part of our ongoing investigation into the criminal attack in April.

How is SOE planning to notify customers whose data may have been stolen?
We are sending out customer service notification emails to the email addresses we have on file for the accounts that were affected. These emails will be sent by Innovyx, our third party email distributor, and contained either 'soe.innovyx.net' or 'soe.sony.com' in the sender field.

SOE initially thought no data was extracted, what changed?
Essentially the perpetrators used sophisticated means not only to access the data, but also to cover their tracks. We committed to continue the investigation and in doing so, uncovered further information that we did not have when we initially believed the data was not stolen.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed May 04, 2011 3:06 pm 
Offline
Lean, Mean, Googling Machine
User avatar

Joined: Thu Sep 03, 2009 9:35 am
Posts: 2903
Location: Maze of twisty little passages, all alike
Heh.

"It's not our fault; the hackers were sophisticated! You can't expect us to anticipate that!"

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed May 04, 2011 3:39 pm 
Offline

Joined: Thu Sep 03, 2009 10:03 am
Posts: 4922
Hackers go in, data comes out. Never a miscommunication.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed May 04, 2011 3:42 pm 
Offline
Lean, Mean, Googling Machine
User avatar

Joined: Thu Sep 03, 2009 9:35 am
Posts: 2903
Location: Maze of twisty little passages, all alike
They can't explain that.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Wed May 04, 2011 3:46 pm 
Offline
Web Ninja
User avatar

Joined: Wed Sep 02, 2009 8:32 pm
Posts: 8248
Location: The Tunt Mansion
Image


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed May 04, 2011 3:57 pm 
Offline
Near Ground
User avatar

Joined: Wed Sep 02, 2009 10:38 pm
Posts: 6782
Location: Chattanooga, TN
That dog won't hunt, monsignor.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed May 04, 2011 4:07 pm 
Offline
I am here, click me!
User avatar

Joined: Wed Sep 02, 2009 8:00 pm
Posts: 3676
I hear you'll be getting a free month of playstation plus for the trouble of all of your personal info and CC numbers being stolen. Sounds like a good deal to me! Wish I had my information stolen, too!

_________________
Los Angeles Kings 2014 Stanley Cup Champions

"I love this **** team right here."
-Jonathan Quick


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed May 04, 2011 4:15 pm 
Offline
Near Ground
User avatar

Joined: Wed Sep 02, 2009 10:38 pm
Posts: 6782
Location: Chattanooga, TN
Sony PSN: the Venus Flytrap of the gaming world.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed May 04, 2011 4:21 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
I bet Sony's "Lesson's Learned" document resulting from this would be a fun read! =)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed May 04, 2011 4:43 pm 
Offline
Near Ground
User avatar

Joined: Wed Sep 02, 2009 10:38 pm
Posts: 6782
Location: Chattanooga, TN
But...Sony doesn't learn lessons. It's always everyone else's fault. :)


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed May 04, 2011 5:20 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
That's what I mean....

I just wonder if Sony is going to try to take any civil action, or if they will just let the 'authorities' handle it?

See where I'm going with this?


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed May 04, 2011 7:35 pm 
Offline
Grrr... Eat your oatmeal!!
User avatar

Joined: Wed Sep 02, 2009 11:07 pm
Posts: 5073
I am wondering if there will be a class action suit against Sony over this.

_________________
Darksiege
Traveller, Calé, Whisperer
Lead me not into temptation; for I know a shortcut


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Wed May 04, 2011 7:50 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
there are already several... There are also several States AG's going after them. I suspect some are going to wait until all of the damage is known, so it's only going to get worse...


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 264 posts ]  Go to page Previous  1 ... 3, 4, 5, 6, 7, 8, 9 ... 11  Next

All times are UTC - 6 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 11 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group