Forgot your password?
typodupeerror
Security Sony IT Games

Sony Rebuilding PlayStation Network Security After Attack 220

Posted by samzenpus
from the another-brick-in-the-wall dept.
alphadogg writes "The outage of Sony's PlayStation Network and Qriocity service, now in its fourth day, looks set to continue after the company said on Sunday that it is 'rebuilding' its system to better guard against attacks. Sony said on Saturday that the outage was caused by an 'external intrusion' into the network, but has yet to detail the problem. The PlayStation Network is used for PlayStation 3 online gaming and sales of software to consoles and the PlayStation Portable. The Qriocity service runs on the same network infrastructure and provides audio and video to Sony consumer electronics products."
This discussion has been archived. No new comments can be posted.

Sony Rebuilding PlayStation Network Security After Attack

Comments Filter:
  • by Anonymous Coward on Sunday April 24, 2011 @05:15PM (#35923838)

    Someone insert a Sony music CD into a computer there?

  • Is any of this the result of Sony's PSN being a free service? Could something like this happen just as easily on Xbox Live, or would it be more difficult since they charge for the service and are therefore able to put more money into it?
    • by Anonymous Coward

      Are you seriously suggesting that Sony deosn't have enough resources to develop a decent service that is critical to their business?

      • by Decessus (835669)
        No, I wasn't suggesting anything. I know Sony is a large company with a lot of money and resources, but I'm pretty ignorant as to how they allocate all of those resources. It was something I was curious about, so I asked.
    • by Tridus (79566)

      Isn't that like saying that Windows should have fewer security holes then Linux because they charge for the product and are therefore able to put more money into it? It's nonsense.

      It's nonsense.

      • by Required Snark (1702878) on Sunday April 24, 2011 @05:44PM (#35924056)

        Isn't that like saying that Windows should have fewer security holes then Linux because they charge for the product and are therefore able to put more money into it? It's nonsense.

        In a weird way, your question mimics the claim made by MicroSoft: Windows is better because you have to pay for it, and so MS has a stake in providing a good and reliable user experience. In fact, this argument works in some business/government circles, because they feel that without a business organization backing up the product, there is no accountability.

        So for some users, it is NOT nonsense. Even when real world experience shows MS does a worse job then open source alternatives.

        • So that is IBM/HP/Red Hat exactly? I know how I find security of mind. It is when my accountant chokes on the bill and gasps while clutching his heart, "there isn't enough money in the world to pay this hourly rate". Then I know I went right and got an IBM guy in to do the job.

          Seriously, how do you expect me to sleep well at night with some MSCE guy charging minimum wage? Dammit, your bill got to bleed the company dry. That is a sign of quality.

      • by Decessus (835669)
        Yeah, I wasn't trying to imply that it was the only reason for the problems. I actually wasn't trying to imply anything. I was just wondering if it could have any part in the problem at all.
      • by SeaFox (739806)

        Shit. Mod parent up!

      • No. Because Linux benefits from thousands of contributors with a stake in its stability. PSN probably has a smaller development team since it charges nothing.

        In this case it's two closed source solutions. One of which has a far larger revenue stream.

    • This is almost surely a result of either:

      1. No real active "attack", just Sony needing an excuse to have the network down for a week to retrofit security to stop consoles with modified software from connecting ("I know !! we'll blame teh haxx0rs and play the victim rather than look like ones at fault for not providing service for a week! Since people are messing with our consoles, it's not really a lie!"), or
      2. An attack motivated by Sony's anti-consumer practices

      I really doubt it's a money issue.

  • How bad does the security have to initially be for it to be better to take the whole thing down and start over?

    • by nurb432 (527695)

      Sometimes that is the safest thing to do. Besides, all they will lose is millions of users data.. It's not like they really care, they know you cant go anywhere else.

    • Re:How bad? (Score:5, Insightful)

      by moniker (9961) on Sunday April 24, 2011 @05:37PM (#35923990)

      Nonexistent.

      Sony probably relied entirely on client side security, assuming that the PS3 was unbreakable.

      That, and thanks to their attempts to keep people on the latest "secure" firmware, PSN services that shouldn't be PSN services like Netflix and Hulu are now hosed (except for some people who apparently use the same password for all their accounts and can hit cancel at the login screen). If Netflix hadn't allowed the PSN-free disc to be disabled, we could be using it right now.

      • by malkavian (9512)

        Now I'm as disenchanted with Sony as the next geek.. But plucking claims out of thin air doesn't really help..
        The real answer is that it can actually be pretty good, just someone found a way in that's pretty pervasive to their design or implementation.
        Still, no matter how good (or not) it was before, it can obviously be improved.. Someone will almost certainly break the next version, if they try hard enough (quite a few will probably be picked up on the IDS, and perhaps charged before then).
        How good it re

        • by moniker (9961)

          Now I'm as disenchanted with Sony as the next geek.. But plucking claims out of thin air doesn't really help..

          behold, thin air [google.com]

      • Re: (Score:2, Informative)

        by Anonymous Coward

        My netflix works regardless of my PSN connection. My PSN and Netflix accounts do not use the same password either. Netflix asks to log in to PSN twice, and when it cannot it just continues on and works normally (this has happened on several occasions when my PSN log in did not work for whatever reason). I was actually quite surprised at this; I thought netflix actually had put some thought into designing a robust system. Does this not work for everyone?

        • by mckorr (1274964)
          Works on my fat (the original model from 1st release), but not on the slim purchased this past week, despite having the same firmware version. I have no idea why one can use Netflix and the other can't.
      • by dave562 (969951)

        Netflix is not hosed. It works as long as you allow the login process to time out a couple of times. I use a unique password for every online service I am a part of and I was able to access Netflix last night.

        • by moniker (9961)

          Thanks, I had only previously seen people stating that you had to hit cancel, which didn't work for me.

          So, if you can just let the login timeout, why ask for a login? Other than scaring people into updating their firmware?

  • by qubezz (520511) on Sunday April 24, 2011 @05:49PM (#35924102)
    In Soviet Russia ... customers cripple Sony's hardware!
  • Netflix (Score:5, Informative)

    by pitchpipe (708843) on Sunday April 24, 2011 @06:01PM (#35924210)
    For those of you that use your PS3 mainly for streaming Netflix (like me), just keep hitting login after you've gone to the red 'Netflix' screen. It will try to login and fail about 3 to 5 times in a row. Then you will be able to access your Netflix account like normal.
    • Hate to say it, but the AppleTV is looking pretty good right now.

      Also the iPad2 which can handle Netflix video just fine and mirror to a TV.

      Or of course there is the Roku box solution too.

      Tying the ability for Netflix to function to the ability of PSN to function is madness. I liked the PS3 for Netflix playback but there's no way I'm relying on it going forward.

      • Unfortunately, it isn't madness. It just isn't being done for your benefit.

        From the perspective of designing failure-tolerant systems, artificially coupling distinct functions is, indeed, completely nuts. However, if your primary objective is control, rather than failure tolerance, reducing the number of things that your device is good for when severed from the mothership is entirely sensible. All kinds of DRM and trusted-client related problems become easier if you can force the client to talk to you at
        • However, if your primary objective is control, rather than failure tolerance, reducing the number of things that your device is good for when severed from the mothership is entirely sensible

          The problem with that thought is, there are two motherships.

          Every other device on the planet (that I know of), talks to the Netflix mothership.

          Only the PS3 software (that I'm aware of), introduces another player in that chain. The PS3 Netflix app responds to not one, but two motherships - Netflix and the PSN.

          That's the

        • by thsths (31372)

          > However, if your primary objective is control, rather than failure tolerance, reducing the number of things that your device is good for when severed from the mothership is entirely sensible.

          You mean it makes it easier to take features away after the sale? :-)

    • And if you're one of the poor unfortunate souls who use Hulu Plus, you're SOL.
  • It's too bad they couldn't have done it proactively while the system was online instead of after the fact.

  • PSN (Score:3, Interesting)

    by Rotting (7243) * on Sunday April 24, 2011 @09:08PM (#35925446)

    I wonder if the system that was compromised contained the credit card data they have stored for the PSN accounts.

    • Re:PSN (Score:4, Informative)

      by TheNinjaroach (878876) on Monday April 25, 2011 @10:09AM (#35928900)
      I can't imagine the PSN is anything less than PCI-E compliant. That means they can't store the credit card number -- only the last four digits of it. The first time they charge your card, an authorization number is provided along with the transaction. Future transactions then re-use that authorization number, which is validated to make sure that the repeated transactions come only from the same merchant as the initial charge.
      • by sycorob (180615)

        Not true at all. They can store the credit card number, but they have to encrypt it. The encryption keys are supposed to be stored away from the encrypted data.

        If they couldn't store the CC number, you would have to enter it in every time, which I don't think is the case with PSN.

        • If they couldn't store the CC number, you would have to enter it in every time, which I don't think is the case with PSN.

          Apparently you didn't read anything I wrote. You don't have to re-enter the CC every time because PCI-E compliant shops store and re-use an authorization number they receive the first time you make a purchase.

  • by gearloos (816828) on Sunday April 24, 2011 @10:39PM (#35925978)
    Sony is such a wonderful company, I'm sure they will be happy to give me a partial refund for not being able to use the GT5 online features this month. They were so nice when they told me they would automatically remove the other OS software for me, I didn't have to do a thing. Just agree to let them do it. If I didn't agree, I was no longer able to use the PS3 for any network games as promised, but I give them that one- they knew it was for my own good. They were also really looking out for me and even put software on music CD's and DVD's (the last place you would expect to find executable code) and it would install all by itself and I didn't even have to worry about all the windows setup junk. To top it off, they even scanned my hard drive to let me know if anyone had put shared music on it! all for free! they never charged me a thing for doing any of this! What a nice company. Obama even went and had his recent fund raiser at Sony. They must be great! No politician would ever be dirty!
  • I feel a enormeous curiosity about what the problem is. Is something mundane?, like a cascade error, or really a intrusion?. I feel I would love to read a novel or a article about the issue here :D

    Sony has ben fighting the esence of hacking on latelly. The problem with GeoHot and the hackers is political. The hackers think that can open the hardware that own, and toy with it, and spread any information that learn from the machine. Sony want to use the system to stop these people from doing so, and seems v

Man is the best computer we can put aboard a spacecraft ... and the only one that can be mass produced with unskilled labor. -- Wernher von Braun

Working...