No, seriously. Sony has allowed someone to take all your information.

Most of this information has come from Something Awful or the following post:

I'm not exaggerating. (http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/)

Quotes:
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.

But that's not all, they also might have gotten this stuff!

It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained.

And as if this wasn't bad enough:


While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.


What can you do about it?

Passwords: Change 'em. As of right now, you aren't able to check and see what your PSN password was, unless you search your old emails. That service may be restored shortly.

Now is a great time to consider a password manager. LastPass is free, unless you want to use it on your phone, which costs $1/month.[/url] Keepass is also free, but its phone applications aren't entirely up to date right now. 1Password is $40. All three of these receive about equally good reviews, so it boils down to preference and how easily portable you need your addresses to be.

Credit Card: As of right now, check your emails for anything from [email protected]. That's how to see which card you've given them, and then you should tell your bank you're worried that it got compromised.

tl;dr: Worldwide, some ******* took all of your information from PSN, possibly including credit cards. It is the smart thing to do to change your passwords and the digits on your credit card. More information will be forthcoming.

Another block of information:


On April 20th, Playstation 3 users found themselves with limited online capability. Specifically, anything other than downloading updates for games stopped working. Those who attempted to sign on the 20th received error messages stating the PSN was “undergoing maintenance.” Sony elaborated on the 21st, noting that they were “investigating the cause” of the downtime and that they anticipated service would be restored in a day or two. On the 22nd, Sony admitted that the downtime was the result of “an external intrusion,” and on the 23rd the company said it was taking time to rebuild infrastructure for the sake of security. Today, Patrick Seybold, Sony's Senior Director of Corporate Communications & Social Media, stated that he had no estimated date for the services return nor did have any information on the nature of the external intrusion. Ars Technica reported that the company "has not yet determined if the personal information or credit card numbers of users have been compromised." (Quotes taken from Wikipedia).

Admittedly, I don’t really venture into the PS3 threads, so I don’t know the extent to which discussion has already occurred there, but this seemed like a big enough issue to warrant its own thread. Specifically, I figured there were a few areas of discussion that deserved attentioned:

Who’s responsible?
Since the beginning of the month, Anonymous (or a subgroup of Anonymous) has been attacking Sony (http://arstechnica.com/tech-policy/news/2011/04/anonymous-attacks-sony-to-protest-ps3-hacker-lawsuit.ars) in retaliation for the company’s lawsuit against hacker GeoHot. George Hortz, of course, is allegedly responsible for breaking Sony’s copy protection and offering an encrypted key to the public, which everyone’s favorite ad-man (http://www.readwriteweb.com/archives/irony_alert_in_the_middle_of_anti-jailbreaking_law.php) retweeted a few months ago.

The motive certainly fits, but this seems like a huge win, even for Anonymous. Either Sony was incredibly inept at securing their network, which doesn’t seem that out of the question given how ****tastic their hardware security was, or this attack has some serious manpower behind it. Anonymous is a pretty broad group and they’ve had success with major targets in the past, but this goes beyond script kiddy bull****. If Sony is indeed re-evaluating their network infrastructure, they must be dealing with some real vulnerabilities. If not Anonymous, then who? Is there even an "external threat" at all, or is Sony just covering up for their own internal incompetence?

How’d they do it?
This is the one where I’m going to need some help. Sony’s definitely been hush-hush about what exactly is going on, but if anyone has any idea as to how something like this could be executed I’d definitely be interested in hearing about it.

What happens next?
The only thing that seems at all comparable to what’s happening now is the Xbox live downtime that occurred back in December 2008. If I recall correctly, there was about a day of downtime, and Microsoft compensated people by giving away a free Arcade title and a day’s worth of playtime. Things are a bit different on the Sony side of things – their free service is more robust than Microsoft’s by virtue of including online play, and their pay service is a definite premium product. What sort of recompense does Sony owe customers, if any? Anyone who bought SOCOM 4 or Portal 2 last week got shafted pretty hard, and depending on how long this goes on it could have some pretty significant financial repercussions for Sony.

According to Reddit, what happened was that hackers were able to gain access to the Sony Developer network. From there they were able to obtain the data in some way that is not yet known.

There is very strong evidence that all the information stolen was stored in plain text, including user passwords and credit card details.

According to Reddit, what happened was that hackers were able to gain access to the Sony Developer network. From there they were able to obtain the data in some way that is not yet known.

There is very strong evidence that all the information stolen was stored in plain text, including user passwords and credit card details.

Can you indicate where this evidence came from?

There's a thread for this in Friendly Banter (http://www.giantitp.com/forums/showthread.php?t=196562)

There's a thread for this in Friendly Banter (http://www.giantitp.com/forums/showthread.php?t=196562)
Which should have been moved here. Now perhaps someone could get a mod to fuse the threads?

Anyway, kinda makes me glad I don't have a PS3 yet. Also makes me wonder if I should stick to buying prepaid points cards for online transactions when I do get one.

Zevox

Sony will not contact you in any way, including by email, asking for your credit card number, social security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking.

Unless of course, you happen to be called Geohot, have looked at Geohot's website, have had any sort of Paypal transaction with Geohot, in which case we will most definitely be asking for your personal details, along with a convenient time for the lawyers to kick your front door in. The Register, an IT news website, has a lot more detail on this and some of Sony's shadier dealings recently.

Shortly after hearing some of the recent nefarious activities of Sony, I ditched my PSP in disgust along with all my titles. I'll never go back.

Can you indicate where this evidence came from?

Theres some good evidence for it presented in the Reddit thread here: http://www.reddit.com/r/gaming/comments/gy1pg/sony_admits_utter_psn_failure_your_personal_data/c1r4yqj

Anyway, kinda makes me glad I don't have a PS3 yet. Also makes me wonder if I should stick to buying prepaid points cards for online transactions when I do get one.


This is pretty much me. Yikes.

Something that puzzles me is the following:

As far as I've followed these news, Sony has only indicated that the attack was done by "external sources". Yet, almost immediately, everybody has jumped on Anonymous, which they have denied almost instantly. Part of the association has solid foundation; Anonymous HAS attacked Sony and has a reason why to do so (whether that reason is good or not depends on whether you believe the lawsuit against GeoHot was reasonable or not), but the association with the latest attack is quickly going out of hand.

For one: how do you deal with a group of people who have no organization at all? They are loosely organized, but not organized in such a way they have a clear leader and chain of command. They are small groups that have a loose set of associations with each other (protesting against Scientology, doing pranks), which goes against the purpose of the attack if you think about it clearly. Anon has already claimed they (or at least, those who associate with Project Chanology and the prank attacks) didn't do it, but with their lack of organization, you can't really say they were or they weren't. If anything, that lack of organization makes those who support Anon but that aren't hackers collateral damage; that goes without mentioning that any hacker can just do what they want, and then claim they are part of Anonymous, since they're playing with the definition the group itself claims to have (the anonymous mass of people on the Internet developing into a sort of collective consciousness).

Still; isn't there any other suspects? I'm not saying Sony actually pulled this off and placed the blame on the usual suspects, but whomever did this really acted like a jerk. So yeah...you get a lot of access to loads of credit card info and whatnot, but a good deal of them are gonna be tagged, and unless you're skilled enough you'll get little out of it (not to mention that makes you no less and no more than a petty thief).

IMO, whomever did this was testing something. Maybe a vulnerability on Sony's defense systems, or just trying to build up some cred, but when the thing backfired, the cracker (is that term still used?) chilled out and allowed the fallout to reach the usual suspects (in this case, Anon). Perhaps the cracker IS part of Anon, and the group just decided "erm, dude, that's too far; some of us use the PSN too" and either decided to distance away from it. Whatever it is, it surprises me that no one thinks of other suspects (including individuals without affiliation to any known group of hackers) aside from Anon.

So yeah, aside from that puzzling thing...well, I got not much to say. The only thing I was planning was to buy PSX games through PSN, but through pre-paid cards. Find it's a great way to save on some money. And since I need to invest a lot on it (a USB cord just in case, and an extra Mem Stick for at least one of the games), hadn't had the chance to actually make an account or anything.

Unless of course, you happen to be called Geohot, have looked at Geohot's website, have had any sort of Paypal transaction with Geohot, in which case we will most definitely be asking for your personal details, along with a convenient time for the lawyers to kick your front door in. The Register, an IT news website, has a lot more detail on this and some of Sony's shadier dealings recently.

Shortly after hearing some of the recent nefarious activities of Sony, I ditched my PSP in disgust along with all my titles. I'll never go back.

Eh, that doesn't strike me as shady, just really heavy handed. I can understand going after GeoHot - the guy broke their security, then made it public in one of the most easily accessed manners possible. Not just, "Hey, I cracked it!" but, "Heres how you can, too!" A bit of hyperbole on my part, but its the equivalent of picking the lock on the local bank, then posting a flyer with the instructions on a telephone pole on the corner.

I can understand raging at intrusive DRM, but seriously, calling the company nefarious for trying to damage control a situation, especially seeing as how its led to a worse situation, is a little unfair. They're overreacting, the same way it would be overreacting if you went out to buy a moat and armed guard set for your house after getting burgled, but that's not nefarious. Nefarious would be, I dunno, using the entire GeoHot thing as an excuse to fake someone hacking into their system, that way they can sell more prepaid cards right after jacking up the price or something like that.

bleh, ill live. the only real thing ive lost out of this is that i cant get online for a while. that is a pain, but i have a PC so ill game on that for a while:smallsmile:

the actual issue itself is surprising that sony have reacted in the way they have. i can understand it, but it does seem extreme for what supposedly happened, of course, they seem to be hiding the facts, so maybe the truth is much darker, if thats the case, i might have more of an opinion, but for now, i just want my internet back, so i can play motorstorm and such online.

Security Breach / Playstation Network Card Fraud / Microsoft Laughing

This whole incident made me glad I used prepaid cards for everything.

I used my real card once before switching over entirely to prepaids :smallsigh:. I suppose I'll change my card but its not like there's really any money on there right now anyway, broke student wins again :smallcool:.

My roomate has been fuming in rage ever since the network has been done. Poor guy, forced to do nothing due to a work injury, and now without PS3.. :smallfrown:

Theres some good evidence for it presented in the Reddit thread here: http://www.reddit.com/r/gaming/comments/gy1pg/sony_admits_utter_psn_failure_your_personal_data/c1r4yqj

All this "good" evidence is mere speculation made based on what Sony failed to tell their consumers.

All this "good" evidence is mere speculation made based on what Sony failed to tell their consumers.

Well, theres more evidence today. Starting to get reports from all over of fraudulent purchases.

If the data was encrypted, it would have taken longer for this to start happening.

It wasn't.

Sony is in big trouble.

Well, theres more evidence today. Starting to get reports from all over of fraudulent purchases.

If the data was encrypted, it would have taken longer for this to start happening.

It wasn't.

Sony is in big trouble.

Yeah, Gamer blogger Shamus Young reports that his brother had his credit card information stolen. Read about it here (http://www.shamusyoung.com/twentysidedtale/?p=11467).

People have had their info compromised and Sony is 100% to blame. Glad that I've never owned anything beyond Nintendo stuff for consoles for the first time in my life. :smallbiggrin:

Well, theres more evidence today. Starting to get reports from all over of fraudulent purchases.

If the data was encrypted, it would have taken longer for this to start happening.

It wasn't.

Sony is in big trouble.


See this is what drives me nuts. There are people all over the internet picking up their internet shields and going on, at length, about how Sony is a victim and "the only people to blame are the hackers".

No, we trusted Sony with this information, they failed to protect it. The hackers are at fault, but Sony has quite a lot to answer for as well.

See this is what drives me nuts. There are people all over the internet picking up their internet shields and going on, at length, about how Sony is a victim and "the only people to blame are the hackers".

No, we trusted Sony with this information, they failed to protect it. The hackers are at fault, but Sony has quite a lot to answer for as well.

It's like a bank. You trust the bank with your money, it's their responsibility to keep it safe. If they fail because of resourceful criminals, they still failed in their responsibility.

It's like a bank. You trust the bank with your money, it's their responsibility to keep it safe. If they fail because of resourceful criminals, they still failed in their responsibility.

That could be part of why I'm angry. I've worked in finance for 13 years. If we ever screwed up this badly whole departments heads would roll. I've already primed my staff on the Sony situation in case customers call in saying their card has been compromised.

As usual, the PC gaming master race emerges unharmed, while the dirty peasant masses suffer and writhe under the monolithic and evil corporations and their colossal blunders.

That could be part of why I'm angry. I've worked in finance for 13 years. If we ever screwed up this badly whole departments heads would roll. I've already primed my staff on the Sony situation case customers call in saying their card has been compromised.

Luckily for everybody involved, there will be legal recourse and retaliation against Sony's irresponsibility.

Somewhere close, Microsoft is cackling maniacally...

I don't see why they would be that petty. They would probably be a bit more concerned about their own security setup so that the same thing doesn't happen twice.

That could be part of why I'm angry. I've worked in finance for 13 years. If we ever screwed up this badly whole departments heads would roll. I've already primed my staff on the Sony situation in case customers call in saying their card has been compromised.

I am curious now. Who do you work for?


I don't see why they would be that petty. They would probably be a bit more concerned about their own security setup so that the same thing doesn't happen twice.

I am pretty sure the following conversation took place at Microsoft and Nintendo:

High Up Manager: "By the way, we encrypt all our user data, right?"
Engineering Department Manager: "Yeah, we do."
High Up Manager: *relieved look* "Good. Just making sure."

I am pretty sure the following conversation took place at Microsoft and Nintendo:

High Up Manager: "By the way, we encrypt all our user data, right?"
Engineering Department Manager: "Yeah, we do."
High Up Manager: *relieved look* "Good. Just making sure."

http://www.zdnet.com/blog/security/xbox-live-hacked-accounts-stolen/131

Nope, not that encrypted. This happened before. This will happen again. No digital system is 100% safe.

Thank god I never got a PS3, because if I did, I'd be on the PSN all the time :smalleek:

I am curious now. Who do you work for?

Not to be a jerk, but it isn't really in my best interest to advertise that online, especially with this screenname (I'd rather the company not know my various online personas).

Not to be a jerk, but it isn't really in my best interest to advertise that online, especially with this screenname (I'd rather the company not know my various online personas).

And with good reasons.

Keep personnal life and professional life as separated as possible. none of my colleagues are on Facebook for that very reason, as much as I like them.


I like the way you have been proactive with your company. Did you submitted a memo so the company (which is probably Credit Card-related) could try to avoid fraud pre-emptively, rather than having to wait for them being reported?

Friend at work told me Interpol has taken over investigations. Basically, everyone who is remotely responsible for the hack is screwed for life. It takes 6 counts of this kind of fraud for life in prison. We are talking about 70 MILLION counts of international fraud.

Moral of the story: Don't mess with Sony. Sony doesn't like to get screwed by anybody except Mrs. Sony.

Not to be a jerk, but it isn't really in my best interest to advertise that online, especially with this screenname (I'd rather the company not know my various online personas).

's cool. I understand.

Friend at work told me Interpol has taken over investigations. Basically, everyone who is remotely responsible for the hack is screwed for life. It takes 6 counts of this kind of fraud for life in prison. We are talking about 70 MILLION counts of international fraud.

Moral of the story: Don't mess with Sony. Sony doesn't like to get screwed by anybody except Mrs. Sony.

Jeez. That's enough for 11666666.7 people to go to jail for life :smalleek:

The real problem with this is not that Sony got hacked. It happens. Protecting against hackers is by nature a reactionary game, so blaming them for failing in that regard is stupid.

The real problem is that it took Sony a week to divulge this information to their customers. That is incredibly irresponsible, and shows a lack of regard for anything but profit and covering their own asses. They should have released this to the public as soon as they suspected that it had happened.

Jeez. That's enough for 11666666.7 people to go to jail for life :smalleek:

Looks like the CIA will have leftover life sentences to distribute as they see fit... :smalltongue:

Friend at work told me Interpol has taken over investigations. Basically, everyone who is remotely responsible for the hack is screwed for life. It takes 6 counts of this kind of fraud for life in prison. We are talking about 70 MILLION counts of international fraud.

Moral of the story: Don't mess with Sony. Sony doesn't like to get screwed by anybody except Mrs. Sony.

It'll be interesting to see how our law develops and changes to cope with a system where robbing a bank and robbing a million banks are more or less equally difficult.

Bookworm: And that, my friends, is why I don't have Xbox Live, don't play MMOs that you have to pay for, etc :smalltongue:

Gaius: "Stop right there, Jaywalker scum! Even though your crime is minor, you have three options! Resist arrest! Pay your billion dollar bail! Or go to jail for life!"
"Dude, I have no money to pay for bail, kung fu prowess to resist arrest, or any other real skills."
"Imprisonment for life for you!"

Oh, INTERPOL'S on the case. I guess we can all stop worrying now!

Gaius: "Stop right there, Jaywalker scum! Even though your crime is minor, you have three options! Resist arrest! Pay your billion dollar bail! Or go to jail for life!"
"Dude, I have no money to pay for bail, kung fu prowess to resist arrest, or any other real skills."
"Imprisonment for life for you!"

haha! I was more thinking of anybody the CIA wants to arrest for terrorism-related activities without having proof. They simply pin one of these life sentence on him.

They'll have ennough to last them 50 years... :smalleek:

Friend at work told me Interpol has taken over investigations. Basically, everyone who is remotely responsible for the hack is screwed for life. It takes 6 counts of this kind of fraud for life in prison. We are talking about 70 MILLION counts of international fraud.

Moral of the story: Don't mess with Sony. Sony doesn't like to get screwed by anybody except Mrs. Sony.

Honestly, Sony'll be lucky if they can even find scapegoats to feasibly pin this on, let alone the people actually responsible. Electronic getaways are as easy as operating this proxy I'm using to access the internet from work (and which the company is probably monitoring to view my unauthorized posting on a gaming message board, but meh) if you're not egotistical enough to brag about it or sign your work. That's why people like the moran from HBGary are working on social engineering solutions (basically, tracking peoples' online time on public services like Facebook to determine who's doing what from where behind which proxy. As HBGary learned, this process is currently more or less useless).

Now, if the person responsible actually tries to use a purloined credit card, that's a different story. Heck, is it even fraud if he/she doesn't do anything with the data except make a smug point about how awesome he/she is? I'd need to ask a lawyer. But regardless, unless the hacker is very careless with how he uses the stolen data, I'd say Sony's in more trouble than he or she is.

It's like a bank. You trust the bank with your money, it's their responsibility to keep it safe. If they fail because of resourceful criminals, they still failed in their responsibility.

True...but how often do people blame the bank? I can understand if its something like the bank getting suckered by a ponzi scheme or sending all your money to a Nigerian prince scam. But if someone spends a couple weeks drilling through the floor of the million dollar vault, takes the time to carefully rewire the ten million dollar sensor network, then wipes out the cash stockpile, do you call up the bank and yell at them for not installing drill proof floors? Sony has security systems they clearly trusted, and with the amount of information they had in their possession I'd be willing to wager it was neither cheap nor easy to break. Storing info in plain text might have been a bit arrogant, but would not have directly affected their defenses.

Purely as an observer (I neither own a PS3 or play on PSN) I find the whole Sony hate interesting. Yes, they should have told customers sooner, and they probably shouldn't have kept sensitive data in plain text form. Yet the only comments I've seen in regards to the hackers who actually committed a crime is that if they get caught they'll end up with ridiculous sentences. There hasn't been any condemnations, no comments that people hope they get caught soon.

From what I hear, a guy called Mathieulh may have done it.

let me say this then. if someone managed to get to where the information was stored, the fact it was in plain text as opposed to encrypted is kind of irrelivant. im pretty sure, mr. hacker could sort that problem out in 5 minuites anyway, and we would all be in the same position.

If Interpol's involved, a proxy server was likely used and Sony likely couldn't provide information any earlier because it would, somehow, interfere with the investigation. Then again, we should totally do some namedrops of Video Game interpol characters... But all the ones I know of are for Nintendo systems.

Gaius: "Stop right there, Jaywalker scum! Even though your crime is minor, you have three options! Resist arrest! Pay your billion dollar bail! Or go to jail for life!"
"Dude, I have no money to pay for bail, kung fu prowess to resist arrest, or any other real skills."
"Imprisonment for life for you!"
Sounds like you need to either gain some levels, go hunting for loot to pay for your bail, or go talk to your local Thieves Guild Representative and pay him half.

Of course you could just go to jail and watch your skills drop(except sneak and lockpicking), but that's just a waste of time.



Sorry for this Elder Scrolls Interruption, We now return to your regularly broadcasted program.



let me say this then. if someone managed to get to where the information was stored, the fact it was in plain text as opposed to encrypted is kind of irrelivant. im pretty sure, mr. hacker could sort that problem out in 5 minuites anyway, and we would all be in the same position.

Ooh! Ooh! I know where it's safe from all (http://www.vgcats.com/comics/?strip_id=302) hackers!:smalltongue:

The real problem is that it took Sony a week to divulge this information to their customers. That is incredibly irresponsible, and shows a lack of regard for anything but profit and covering their own asses. They should have released this to the public as soon as they suspected that it had happened.Well it depends. Did they use that week to try to investigate it and try to fix the way it was hacked? Because if you were hacked, and then admit it before you fix it, all you're going to do is be hacked again.

Well it depends. Did they use that week to try to investigate it and try to fix the way it was hacked? Because if you were hacked, and then admit it before you fix it, all you're going to do is be hacked again.

The very first thing they did was take down PSN to prevent more hacking.

They knew, they just didn't tell anyone.

Apparently the card data was encrypted (http://www.zdnet.co.uk/news/security-management/2011/04/28/sony-confirms-encryption-of-psn-credit-card-data-40092628/)or so Sony says anyway.

If Interpol's involved, a proxy server was likely used and Sony likely couldn't provide information any earlier because it would, somehow, interfere with the investigation. Then again, we should totally do some namedrops of Video Game interpol characters... But all the ones I know of are for Nintendo systems.

Chun Li does not approve of your forgetfulness!



http://upload.wikimedia.org/wikipedia/en/f/fe/Super_Chun-Li.jpg

The very first thing they did was take down PSN to prevent more hacking.

They knew, they just didn't tell anyone.

They admitted it was an external intrusion almost immediately. It took them a week to tell the community just exactly what was compromised in terms of data.

I got an e-mail from Sony letting me know about this. They suggested, most importantly, that we change passwords on anything if we use the same password for it. So if your e-mail and PSN password are the same, change both.

Personally, I don't even remember my password... or ifthey had any of my credit card information...

Apparently the card data was encrypted (http://www.zdnet.co.uk/news/security-management/2011/04/28/sony-confirms-encryption-of-psn-credit-card-data-40092628/)or so Sony says anyway.

Obviously it wasn't very good since it was broken within a week.

I got an e-mail from Sony letting me know about this. They suggested, most importantly, that we change passwords on anything if we use the same password for it. So if your e-mail and PSN password are the same, change both.

Personally, I don't even remember my password... or ifthey had any of my credit card information...

I don't either, but I remember buying some DLC for Valkyria Chronicles, so I'm probably in trouble. I have credit monitoring in place already and alerts on all my accounts for any transaction over $100, so I should be good to go.

I'm pretty sure I used my low security password and my spam email account, but it's still annoying.

I don't either, but I remember buying some DLC for Valkyria Chronicles, so I'm probably in trouble. I have credit monitoring in place already and alerts on all my accounts for any transaction over $100, so I should be good to go.

I'm pretty sure I used my low security password and my spam email account, but it's still annoying.

Yeah. I wouldn't like working in Sony right now. :smalltongue:

Chun Li does not approve of your forgetfulness!
My apologies, Chun Li. I'm afraid I don't play Mortal Kombat, so I had ignorance on the matter.

My apologies, Chun Li. I'm afraid I don't play Mortal Kombat, so I had ignorance on the matter.

You mean Street Fighter, right?

Keep this up and she'll really get ticked off! :smallbiggrin:

Mortal Kombat, Street Fighter, Killer Instinct, Virtua Fighter, eh, To-may-to to-mah-to. :smalltongue:

You mean Street Fighter, right?

Keep this up and she'll really get ticked off! :smallbiggrin:
Eh, if you're not a big fighting game player, it's easy to get the characters from the more prominent series of the genre mixed up. A year ago I certainly couldn't have told you what series Chun-Li was from. Probably wouldn't have mistaken her for a Mortal Kombat character since I did play some Mortal Kombat as a kid, but I definitely couldn't have pegged whether she was from Street Fighter, King of Fighters, Virtua Fighter, or whatever else.

Zevox

You mean Street Fighter, right?

Keep this up and she'll really get ticked off! :smallbiggrin:

Well, since he was talking about a video game character who was an interpol agent, wasn't Sonya also an interpol girl?

Well, since he was talking about a video game character who was an interpol agent, wasn't Sonya also an interpol girl?

Sonya Blade was US Special Forces, but close enough I guess.

Sonya Blade was US Special Forces, but close enough I guess.

Oh.. Nevermind then..

Eh, if you're not a big fighting game player, it's easy to get the characters from the more prominent series of the genre mixed up. A year ago I certainly couldn't have told you what series Chun-Li was from. Probably wouldn't have mistaken her for a Mortal Kombat character since I did play some Mortal Kombat as a kid, but I definitely couldn't have pegged whether she was from Street Fighter, King of Fighters, Virtua Fighter, or whatever else.

Zevox

I was teasing. Oracle was already "in the doghouse" with her (as much as one can be with a sprite-turned-polygon anyway) for forgetting she existed in the first place - putting her in the wrong game, and her series' primary competitor in the states at that, is liable to have her show up at his door.

In short, I found it funny, is all :smallbiggrin:

Yeah, the Mortal Kombat thing was also a tease, I specifically picked that one out because it was as far away yet believable as I could get. It's like, you know, when someone calls Rings in Sonic games Coins.

That said, while I was aware of Chun Li's existence, I had no blickin' idea that she was Interpol. I thought her day job was just performing at the Magician's in Bleak. (Ha, see, I do know of her!)

Yeah, the Mortal Kombat thing was also a tease, I specifically picked that one out because it was as far away yet believable as I could get. It's like, you know, when someone calls Rings in Sonic games Coins.

That said, while I was aware of Chun Li's existence, I had no blickin' idea that she was Interpol. I thought her day job was just performing at the Magician's in Bleak. (Ha, see, I do know of her!)

I always call Sonic's rings coins. It infuriates my roommate. I don't do it on purpose, but it is still quite funny.

Bringing this topic back on topic, here are a couple of news stories I spotted today.

"A new survey has found that one-fifth of PlayStation 3 owners in the U.S. are considering a switch to the Xbox 360 in the wake of the Great PlayStation Network Security Breach." Link. (http://www.escapistmagazine.com/news/view/109646-One-Fifth-of-PS3-Owners-Are-Eyeing-the-Exit)

And another, much more important one:


"The hackers that hacked PSN are selling off the DB," Keven Stevens, a security analyst with Trend Micro, wrote on Twitter. "They reportedly have 2.2 million credit cards with CVVs." With that ominous notice, the word went out that PSN customers who provided their credit card details to Sony are indeed facing a very real risk of fraud. He said the hackers are claiming the database includes full names, addresses, telephone numbers, email addresses, passwords, dates of birth, credit card numbers, CVV2s ["card verification values," the three-digit security code used to confirm the validity of the card in transactions where the card isn't present] and expiration dates - in other words, pretty much everything. Source (http://www.escapistmagazine.com/news/view/109661-Hackers-Offer-PSN-Credit-Cards-For-Sale)

2.2 million is much smaller than the 77 million number we heard earlier, but is still absolutely massive. I can't recall a data theft that even comes close to that number ever happening.

Stevens acknowledged that he hasn't seen the database and so cannot verify the truth of the claims

*snip*

"Sony is saying the credit cards were encrypted, but we are hearing that the hackers made it into the main database, which would have given them access to everything, including credit card numbers," he said.

Call me crazy, but this might be an inside job.

Edit: PSN credit card data was encrypted, 'no evidence' it was taken - Sony - News at GameSpot (http://www.gamespot.com/news/6310549.html?tag=latestheadlines%3Btitle%3B3)

Credit card companies find no PSN-related activity, all eyes on Hirai - News at GameSpot (http://www.gamespot.com/news/6310570.html?tag=latestheadlines%3Btitle%3B1)

Lets see...

1) CC data was definately encrypted, the banks require it. In the very* unlikely situation Sony ignored this requirement, they would be in massive trouble.

2) Sony have a requirement to protect ALL user data. What concerns me is not that they were breached, but the massive scale of the breach. People loosing data is a common occurance. Amazon lost a few hundred thousand customer records a while back. USB stick get left on the bus all the time. The problem is that Sony lost the entire database.

Why was there no limit in place? why does someone have the power to access the entire database in one go? No-one needs that EVER. Even if you wanted to e-mail all 77M customers all you need is the e-mail address not the entire db. Also - what fool puts 77M e-mails in one mass e-mail?.

3) "1/5 people thinking of switching" is a nonsense number. I bet everyone on PSN is thinking of switching or they haven't understood what has happened.

4) Its pointless to switch. Your data is out, switching to xbox/pc doesn't get it back. If Sony have any sense they will have the most secure network on the planet next week and this will not happen again.

* ^ 100

..The problem is that Sony lost the entire database.

Why was there no limit in place? why does someone have the power to access the entire database in one go? No-one needs that EVER. Even if you wanted to e-mail all 77M customers all you need is the e-mail address not the entire db. Also - what fool puts 77M e-mails in one mass e-mail?
While your principle is absolutely right (certain privileges ought to be restricted from all users), speaking in terms of a normalized database (which are supposed to be typical for cash transaction use), there wouldn't be much of a reason to have the kind of limit you're talking about. From their point of view, your name, e-mail address, phone number, and home address all rely on the same primary key (Not being a Sony customer, I wouldn't know, likely a Console System Number or a unique customer ID). In other words, it'd be redundant to split your e-mail addresses off to another table or a separate database entirely- and its basically part of a Database Admin's job to prevent redundancies, they probably spent an entire semester in school doing just that as their coursework. Saves them the processing cycles from doing Joins every command, makes it easier to program for, prevents duplicate data from being updated incorrectly.

In terms of Database programming, the "limit" would likely be enforced by the query, and not the database table itself. Given that the system had been compromised, it's quite possible that the external source had access to run whatever read-only queries they could write (possibly write queries as well, but the situation as-is implies that's not the case because if it was- HOO BOY IF IT WAS). If Sony wanted to send an e-mail out to all their users, they probably had a stored procedure or something sat up to retrieve the e-mail addresses from the top 100* customers starting at $intTheLastNumberWhenWeRanThis, send the e-mail, wait a bit, and run again, until the Count of e-mail addresses in your query result equalled zero. It's bad practice to send out 77 million e-mail addresses at once, just ask your ISP- they will probably cut your head off.

Summary, the principle of databases is that you store all the relevant information in a table, and then you narrow that information down to what you need with a query. Presumedly, the hackers (crackers, whatever the heck they preferred to be called, I don't care) had the ability to write their own read-only queries, so they just wrote one without a limit. It was necessary for Sony to have an account that had read-only access query privileges for, at the very least, the capability to add support for future applications and the ability to perform essential customer service.

*random example number pulled out of nowhere

Some PSN users are reporting credit card fraud... (http://news.yahoo.com/s/pcworld/20110430/tc_pcworld/playstationnetworkusersreportingcreditcardfraud) Statistically, its believable that some users may be experiencing ID Theft from a different source. But, it is still very worrying, especially in the case of the guy who (supposedly) only used his credit card for the PSN.

Also, according to another Yahoo headline, Sony's supposed to make a big announcement Sunday regarding what they've found out, and when the PSN will be back up.

So exactly how worried should I be if I only used prepaid cards with my PSN account?

So exactly how worried should I be if I only used prepaid cards with my PSN account?

You shouldn't. They still have your login, password, and all your other personal details but they can't buy anything in your name.

Can probably still sign up for stuff, so be careful, but they will go for the people with credit cards first.

If Interpol's involved, a proxy server was likely used and Sony likely couldn't provide information any earlier because it would, somehow, interfere with the investigation. Then again, we should totally do some namedrops of Video Game interpol characters... But all the ones I know of are for Nintendo systems.

If you want a Playstation Exclusive Interpol member, Sly Cooper had Carmelita Fox, Nadia or what ever her name was from the second game and possibly Sly himself after the end of the third game.

On topic, I already canceled my credit card, but I've had my information swiped from the CDC and all of my Credit info is apparently somehow locked and can't even be monitored.

According to the latest PS blog update we get free Playstation Plus for a month and some games will be free for download when PSN goes back up, which should be in a few days, although there's still no specific date