Sony Delays PlayStation Network Reactivation 317
i4u writes "Earlier this week chatter in an IRC network led to speculation of a third attack on Sony's network. For its part, the company steadfastly promised that at least some services would resume by the end of this week. But now it looks like Sony has given up on that goal. The PSN reactivation has been delayed. Sony's explanation? They were 'unaware' of the extent of the attacks on their system."
Not Aware? (Score:5, Interesting)
Re: (Score:2)
Sony security is handled with 3 chimps and a hamster. You can't expect anything more from that motley crew, except the complete works of Shakespeare done on a typewriter.
Re:Not Aware? (Score:5, Funny)
I've seen hamsters escape.
I've seen chips use tools at the zoo.
Don't degrade them by lumping them in with Sony Security.
Re: (Score:2)
I've seen chips use tools at the zoo.
British chips or US chips?
Re: (Score:2)
Re: (Score:2)
Yeah, but they had help from the fish.
Re:Not Aware? (Score:5, Funny)
Re:Not Aware? (Score:5, Insightful)
Well, what ARE they doing scheduling reactivation if they are not aware of the extent of the attacks? Something tells me that Sony just has poor handle on everything security related.
Really? This is something you are berating Sony for?
They are doing the exact right thing here. First, they assessed the damage and worked to get PSN up as fast as possible. During that process, they discovered that the intrusion was more extensive than they thought, and instead of simply bringing PSN back up on their original schedule, they are allowing new information to alter their plans.
If this were some Linux archive, like for example sourceforge, or the Debian repositories, and they did the exact same thing, you'd be heaping praise upon them for doing the right thing and not adhering to bullshit corporate image demands, but since it's Sony who's doing the right thing, it must be bad somehow, right?
Re: (Score:3)
Debian.org was compromised back in 2003. You can read a blow-by-blow account of the attack at: http://lists.debian.org/debian-devel-announce/2003/11/msg00012.html [debian.org] and http://lists.debian.org/debian-devel-announce/2003/12/msg00001.html [debian.org]
It took Debian about 3 weeks to get all affected services back online after the attack.
Re: (Score:3)
More importantly, if it takes a woman 9 months to make a baby, why can't 9 women make a baby in 1 month!?
Re:Not Aware? (Score:5, Insightful)
Just re-image all servers running the thing, one by one, to ensure no backdoors remain, and bring it all back up.
One would assume they are also beefing up security to prevent this from happening again. Re-imaging the servers back to the state that let them get hacked in the first place is probably not sufficient. Tell you the truth I can't see how they could do anything substantial within a period of weeks to take them from the clearly messed up state they are in now to a state where people will trust their info with Sony again. Something like this should take months.. but the horde of angry gamers won't wait that long.
In this case we have an army of paying customers locked out of a major feature of the product.
Indeed. That month of free access to something most people don't care about isn't gonna cut it for many. Sony is gonna have to make some serious reparations here. They've probably already lost a metric ass-tonne of customers regardless of what they do at this point, and there are probably a group of customers who don't care about this outage and will stick with playstation regardless. The larger middle angry gamer group however, they are going to need to find the right balance between cost of lost business and cost of keeping that business. Should be interesting to see what they do.
Re: (Score:2)
One would assume they are also beefing up security to prevent this from happening again. Re-imaging the servers back to the state that let them get hacked in the first place is probably not sufficient.
Running up-to-date software would probably be a good start. The rest isn't rocket science either. Creating secure networks is not some esoteric art. I mean, plenty companies out there run their servers for years without having issues like that. Some even do it on *gasp* Windows servers! Maybe Sony needs to hire some of people who manage that?
In any case, I don't think it's something that can take months. I just can't think of any activities that would take that long. Especially when you're a company scrambl
Re: (Score:3, Informative)
Running up-to-date software would probably be a good start. The rest isn't rocket science either. Creating secure networks is not some esoteric art. I mean, plenty companies out there run their servers for years without having issues like that. Some even do it on *gasp* Windows servers! Maybe Sony needs to hire some of people who manage that?
There are good evidences that their servers were up to date:
http://forum.beyond3d.com/showpost.php?p=1549251&postcount=491 [beyond3d.com]
http://www.quartertothree.com/game-talk/showpost.php?p=2673715&postcount=961 [quartertothree.com]
Noboby has fully assessed what happened. Nobody but the usual mythomaniac guys that crowd the big net.
Re: (Score:3)
What is it about PSN that warrants such a long downtime? Just re-image all servers running the thing, one by one, to ensure no backdoors remain, and bring it all back up. It doesn't take two weeks!
I suspect that restoring their user data from backups was never tested and turns out to be harder then they hope. Perhaps they now find themselves writing a lot of custom code trying to rebuild a database without dangling links and halfway up to date. I also think that Sony worked hard at digging themselves a very deep karma hole and now they have fallen into it.
Re:Not Aware? (Score:5, Informative)
Just re-image all servers running the thing, one by one, to ensure no backdoors remain, and bring it all back up
This, ladies and gentlemen, is a perfect example of how Sony /not/ should do it.
The gentleman known as "shutdown -p now", seems to suggest that Sony should use their energy to get the servers back into a state where they can be re-breached within minutes of going back online!
Of course, this is exactly what we should expect from armchair know-it-alls. One should not trust sysadmins / system engineers who knows the situation and how to take care of it. The armchair know-it-all will scream "No! They made it this bad in the first place" - without caring one moment to think about the layer known as "management". The layer that demands that "if it works, do not touch it at all! it works! Downtime is Verboten!"
It doesn't take two weeks!
They have to: .. this is probably done within a day or two.
1. Remake installation routine
2. Reinstall servers
3. Reinstall software
4. Reload the user data
Then they have to:
5. Harden the new systems.
6. Harden the firewalls.
7. Pentest the shit out of it
8. Get it audited.
9. Re-harden, according to audit-report
10. Get audited again.
11. Repeat the two steps above until audit report is clean.
And this didn't even touch onto the huge topic of making sure that there isn't any breach of workstations that can be used to gain administrative access to the systems and so forth. It doesn't touch upon the topic of verifying user data integrity. It doesn't touch upon the topic of checking for backdoors that gains the attacker elevated access to the network, without admin privileges (but with an easier attack vector from being completely outside).
Meh!
Re:Not Aware? (Score:4, Interesting)
What is it about PSN that warrants such a long downtime? Just re-image all servers running the thing, one by one, to ensure no backdoors remain, and bring it all back up. It doesn't take two weeks!
Are you serious? There are 60 million PS3s that implicitly trust PSN. If the service is hacked then it's not hard to imagine the damage that could be done. Someone could remotely brick boxes, wipe trophies, spam users with messages, clear accounts or otherwise maliciously interfere with the service.
As for the time frame I suggest if you drew a network plan of PSN or a similarly sized service that you're probably looking at hundreds of servers for login, downloads, streaming downloads, web, messaging, databases, credit card processing, Home and so forth. Reviewing the security around each, and the code they run and ensuring appropriate changes and hardening the perimeter and setting up a DMZ and so forth is time consuming. Apparently they're even moving datacentres and doing a few other things on their existing roadmap.
Two weeks is ambitious to say the least. I expect when it does come back up it will be a skeleton service with services coming back on line after that.
Re:Not Aware? (Score:5, Insightful)
Wow, this is a new low for Slashdot. I'm a "shill" for not being a fucking moron who thinks it's impossible for Sony to ever do anything right? When your shit gets hacked, you take it offline until you can put it back up safely. This isn't being a "shill", it's just being rational and not being a whiny little bitch just because we are supposed to hate some company.
Re:Not Aware? (Score:5, Insightful)
Re:Not Aware? (Score:4, Insightful)
And something tells me you should read up on your computer forensics. Not knowing the extent of the damage immediately is common in most computer forensics investigation. At the end of the day you're simply pointing your finger at Sony without evidence or legitimate reason. Skepticism is good, criticism without reason or evidence is foolish.
Re:Not Aware? (Score:4, Insightful)
I'd think with any complex system it would be easy to get to a state where you believe that you have figured out the extent of the damage but then later discover some damage that you missed in the intial investigation.
After discovering you missed something you would then have to do a load more investigation as to the implications of the stuff you missed.
Who & Why (Score:5, Interesting)
is this black hat or revenge for the removal of install other os?
Re:Who & Why (Score:4, Funny)
Yay, let's take revenge on the removal of OtherOS by removing the remaining features from our PlayStations, and those of all our friends! Pissing off the gaming community is sure to garner their support and goodwill!
Re:Who & Why (Score:5, Interesting)
As for the support/goodwill thing, I suspect that those doing the attacks aren't really interested in that. The professional thieves, of course, don't care; because they are there for the money. Any ideological attackers don't care because they are there to make Sony bleed and/or clearly demonstrate the vulnerability of services and hardware cryptographically locked to a single service. The support of Sony's customers is worthless to them; because(by design) Sony's customers have basically no power. Creating as much angst and suffering among those customers, on the other hand(in addition to any amusement that might be derived) hurts Sony's commercial standing.
Re: (Score:2)
They can just not play games that require an online connection.
And if they have a problem with it, I'm sure there is a line in the EULA that gives Sony the right to shut down the PSN.
Re:Who & Why (Score:4, Insightful)
Pissing off the gaming community is sure to garner their support and goodwill!
Given that OtherOS was always a geek feature, there was never any support to speak of in the first place. The majority of PS users simply didn't care (and many didn't even know to care).
On the other hand, right now, Sony's image is significantly tarnished by them not being able to deal with the problem for so long. They can blame it on hackers all they want, but it's abundantly clear by now that it's also a matter of their incompetence that lead to the hack in the first place, and delays their efforts to recover. In the end, users don't really matter - all they know is that PSN is down (and will remain down, per TFA) while e.g Xbox Live works just fine.
So, as far as garnering support goes, this hack is definitely not taking any points. But as pure spiteful revenge? It's wildly successful, if you ask me.
Re: (Score:2)
...and it certainly doesn't help that it happened the week of the release of Portal 2 and Mortal Kombat.
Hell, I haven't played Portal 2 Co-Op yet because PSN isn't up and my grand plan was to buy the PS3 version, redeem the PC copy to my Steam account, then have my nephew come over, log on his own PSN/Steam accounts so we could play MP together while only buying one copy. We both beat the single player the same day PSN went down.
Re:Who & Why (Score:5, Insightful)
Yay, let's take revenge on the removal of OtherOS by removing the remaining features from our PlayStations, and those of all our friends! Pissing off the gaming community is sure to garner their support and goodwill!
The "gaming community"? Do you mean the petulant whiners who think George Hotz is paying his lawyers in stolen CC numbers? Or the ones who seem completely oblivious to the months of identity theft hell they're about to face because of Sony's incompetence?
Of course, leaving all that information completely unsecured would've been perfectly okay, if not for those meddling kids.
In seriousness, Sony's incompetence is borderline illegal. But, you think this is homebrew's fault?
Re:Who & Why (Score:4, Insightful)
Yes, I'm sure Sony just accidentally forced hackers to break into their system. Just like when you forget to lock your doors, you are forcing someone to rob you.
Re: (Score:2)
If you leave your keys the ignition in the car here and it gets stolen, guess who gets charges brought against them.
Re: (Score:2)
Actually, yes, it is illegal to leave keys in your car ignition.
So both get the charges and insurance doesn't cover it.
Re: (Score:2)
What state are you referring to? Please provide a legal citation to support your claim.
Re: (Score:2)
Texas Transportation Code 545.404 [state.tx.us]
Re: (Score:2)
TX Transportation Code 545.404 [state.tx.us]
Re: (Score:3)
there's a problem with Sony having no liability, as it was not their information to be careless with.
i sincerely hope breaches like this lead to legislation that forces a duty of care for any company that collects customer information.
if Sony have indeed been negligent in their security practices (which i think most slashdotters would agree they have been), they should be legally liable for it. as should anybody who holds information about others.
medical records are kept safe by law. CC details should be
Re:Who & Why (Score:5, Interesting)
Incorrect if you live in Texas; it's illegal to leave your keys in an unattended car.
Here's a link from the Texas DMV stating as such: http://www.txdmv.gov/protection/auto_theft/hold_key.htm [txdmv.gov]
Here's a link to the actual statute: http://www.statutes.legis.state.tx.us/Docs/TN/htm/TN.545.htm#545.404 [state.tx.us]
This .PDF will show that one and some other minor offenses you might not have been aware of.
http://www.tmcec.com/public/files/File/The%20Recorder/2003/NL11_03.pdf [tmcec.com]
Re: (Score:3)
Actually, Sony CLAIMS that hackers broke into their systems. They CLAIM to have found an incriminating file which they ATTRIBUTE TO Anonymous. Actually, none of us knows what the hell happened. Personally, I'm not believing much that Sony says. How's that saying go? "Pictures, or it didn't happen!"
Re: (Score:3)
Irrelevant. Try to imagine the thief explaining the same concept to a cop. Think he'll get half the jail time? No. Claims adjusters and cops have different remits.
Re: (Score:3)
Yea, I mean look at the way Sony was dressed. She deserved to bet raped.
Re:Who & Why (Score:5, Insightful)
Occam's Razor may apply. - I thought I read that they were running an unpatched version of Apache on a system without a firewall, including here on /. The motive could have simply been "low hanging fruit with a high return". The real question is "why the hell did it take so long for someone to pwn them?"
Assigning it to "them black hat hackers" seems akin to them blaming Anonymous. Normally, if it was done for hactivism, someone would have taken credit for it by now. The simplest explanation would appear to be that they did it to make money.
Re: (Score:2)
No, because the white hats figured out how to put the feature back, and stopped there. Everyone could have stopped there, and it'd all be cool.
The bad part started with GeoHot cracking the second key and Sony taking vengeance. That opened the floodgates. What's happening now is the real underworld criminals, seeing ready-made scapegoats and knowing Sony will perceive an advantage in blaming those, decided on a mutually-advantageous transaction.
Maybe that was a protest after all (Score:2, Insightful)
My senses suggest me that the theft of personal data is just a coveup story by Sony. /dev/null.
I think some angry hacker just wiped out their servers, and backups are as usual stored on
And so they have to rebuild the whole thing.
Anyway revenge is complete regardless of whom did that.
Sad that users are possibly affected as well.
Re:Maybe that was a protest after all (Score:4, Interesting)
My senses suggest me that the theft of personal data is just a coveup story by Sony.
Because Sony would want to willingly pay for millions of dollars in identity theft services when no personal data was taken?
Re: (Score:2)
It makes for a decent PR move regardless of anything being taken and helps reinforce the story that it was a theft operation. I'm not passing judgement on the validity of either theory.
Re:Maybe that was a protest after all (Score:4, Insightful)
Re: (Score:2)
I agree with your assessment it makes no sense at all form them say the account information was stolen unless they either know it was or can't be sure it was not. If they knew the data was not leaked they would not be writing checks for identity theft protection.
I don't understand the big mystery here. I suspect the issue is there is something very fundamentally broken about how the PSN does authentication and or authorization, and they can't figure out a way to fix it without breaking all the existing so
Re: (Score:2)
Maybe they just don't want to admit that they got a sizeable blow from these hacktivits.
Maybe for them blaming criminals is better.
I just don't see it. In the eyes of the law the hacktivists would be vandals, it might not be as serious a crime as larceny but its still a crime. I don't know about the Japanese public but the American public if anything takes a dimer view of vandalism than theft. So strictly from a PR point of view I don't see how "Crackers broke in a stole from us" is really all that different from "Crackers broke in a trashed our stuff".
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
I think some angry hacker just wiped out their servers, and backups are as usual stored on /dev/null.
Well, silly them! I always put my backups on /dev/random. Never had a problem recovering them.
Of course, my db stores Youtube comments, so your mileage may vary...
And? (Score:3, Insightful)
I cant say I'm surprised, if they have to rebuild their network expect it to take months, this really isnt a case of patching a windows server and rebooting.
I expect one of the things keeping them offline will be the credit card companies, they are probably the ones in control right now.
Shocking (Score:2)
What are they, trying to write their own web server from a scratch?
Besides, they will probably get an earful from the "security companies" they have hired, because it implies that even after all the audits not all security holes were found.
I know what's holding everything up. (Score:5, Funny)
This could take ages.
Original source (Score:4, Informative)
If you'd like to actually ready what Sony has to say for themselves instead of giving clicks to the self-promoting second-hand site: http://blog.us.playstation.com/2011/05/06/service-restoration-update/ [playstation.com]
Re: (Score:2)
this blows. we should all go out and kill anyone who claims to be anonymous, this is freaking stupid go away you dam hackers
This was the only post that mentioned Anonymous in the first 50 comments. Looks like Sony's users are starting to blame them for the breach and the downtime.
Re: (Score:2, Troll)
DON'T CLICK THE LINK!! It's nothing more than official Sony brainwashing!
Re: (Score:2, Funny)
Judging from the graphics on their website, the real problem is that somebody poured Coca-Cola in their servers.
Re: (Score:2)
Re: (Score:2)
Alright Sony. Time for you to stop what you're doing and execute plan B. Nuke n' pave your servers and rebuild from the ground up. Then, import user data and purchases from backups. Screw trying to reverse engineer the security damage. You can do that on your own time and a separate test network. Just get those customers up an running ASAP!
Might still take months,...,years. And if they do not do it better this time, they will just get hacked again. It is now known that they are an easy target. I agree that the attack analysis is a red herring. It is however quite possible that is the only thing they can do at the moment, or rather the outside security experts they brought in. Don't forget this is a Japanese company. TEPCO comes to mind.
Re: (Score:2)
That sounds like a great plan. Put the system back online without knowing how it was cracked. That way everyone can get their new CC number stolen too! Customers will love that....
Re: (Score:2)
Yes, backups. Help me out here, alright? Just where is /dev/null/? Do we keep it in the server room, or under the boss's desk, or where?
Hmm ... (Score:3)
Translation:
"Someone changed the passwords to something other than the defaults and we can't get back into the servers again."
Translating corporate-speak (Score:5, Interesting)
Sony:
"We're still working to confirm the security of the network infrastructure, as well as working with a variety of outside entities to confirm with them of the security of the system. Verifying the system security is vital for the process of restoration. Additional comprehensive system checks and testing are still required, and we must complete that process before bringing the systems online."
To understand this, read VISA International's "What to Do if Compromised. [visa.com].
"Working with a variety of outside entities to confirm with them of the security of the system." means VISA International and/or MasterCard, Inc have invoked their contractual rights to send in auditors, security experts, and computer forensics experts. They do that for big security breaches. "Additional comprehensive system checks and testing are still required, and we must complete that process before bringing the systems online." means "VISA, etc. won't let us go back on line until we pass their security tests."
So Sony isn't entirely in control of when they go back on line.
Re: (Score:3, Interesting)
Damn good thing, too. I have no particular love for the credit card companies, but I trust them to act in their best interest here, which is:
A) Ensure that people are happy with using their credit cards (which means their data isn't getting stolen, and they aren't needing to replace their cards, and ideally anybody whose card info did get stolen gets it re-issued with a new number and expiration immediately).
B) Ensure that they aren't going to have to eat a bunch of fraudulent charges (a large batch of frau
Re: (Score:3)
Concerning 1.B: Merchants are the ones held responsible in cases of fraud. If you steal a credit card and buy $1000 worth of Wal-Mart shit, then Wal-Mart is out $1000 unless they can figure out who you are and either have you arrested so you can pay restitution or sue the crap out of you. Generally, most companies are forced to pick option C which is: bitch about it, fire someone and do nothing to stop it from happening again.
That's where your point 1.C comes in. VISA is going to do exactly 1.C by threateni
Re: (Score:3)
If you owe the bank $100, they are in control. If you owe the bank a few billion, you are in control.
No way in hell will VISA or MC terminate Sony's merchant contract. When the client is that large, normal rules no longer apply.
Re: (Score:3)
So Sony isn't entirely in control of when they go back on line.
Sir –
Why not provide the service for free until Sony fixes their payment problem?
Pandimentional Super-Inteligent Mice. (Score:2)
Perhaps this is just further testing of their hypothesis:
If you only slightly abuse the consumers, they will dump you for another company that treats them better; However, If you abuse your customers thoroughly enough they will never leave you.
Instead they'll start making excuses for their abusers: "It's not Sony's fault! They were pwn'd by 1337 haxorz, see they still love me, they promise not to be reckless like that ever again..."
Ultimately, after being subjected to enough abuse, they begin lying to themselves: "I'm sorry, Sony, please don't raise the prices. You can charge me again, I'm just grateful for the DRM you let me pay for, I'll try not to loose my downloaded data anymore... You're right, I should have backed up my data -- How stupid of me to think you'd let me re-download without paying, It's not like it costs you nothing to retransmit me the file -- I'll pay for a better connection next time."
"We're sorry for wanting to use the hardware the way we want -- You're right Sony, Hackers ARE bad. I see now that I should loathe Anonymous and Mr. Hotz -- People like that rob me of my PSN, and cause cheating -- It's not like I should expect my player hosted online matches to work without your amazing authentication server to coordinate the connection -- Yes, I'm sorry, I am too untrustworthy to be given the option of entering the IP addresses of our peers, please give me back the central network! I'll behave! I promise!"
Bionic Commando Rearmed 2 (Score:2)
Outdated servers? yes, 2.2.11 and 2.2.10 (Score:3)
There has ben some rumours, back and for, discussing about what versions where installed in Sony servers.
Based on this nmap of the network:
http://pastebin.com/bAUHxtNr [pastebin.com]
Nmap scan report for account.rc.ac.playstation.net (199.108.4.177)
Host is up (0.077s latency).
Scanned at 2011-04-05 22:53:40 MDT for 428s
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
443/tcp open ssl/http Apache httpd 2.2.11 ((Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i)
Nmap scan report for login.rc.ac.playstation.net (199.108.4.162)
Host is up (0.085s latency).
Scanned at 2011-04-05 22:53:40 MDT for 428s
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
443/tcp open ssl/http Apache httpd 2.2.11 ((Unix) mod_ssl/2.2.11 OpenSSL/0.9.
Nmap scan report for commerce.rc.ac.playstation.net (199.108.4.135)
Host is up (0.071s latency).
Scanned at 2011-04-05 22:53:40 MDT for 428s
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp closed http
443/tcp open ssl/http Apache httpd 2.2.11 ((Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i)
Nmap scan report for auth.rc.ac.playstation.net (199.108.4.136)
Host is up (0.075s latency).
Scanned at 2011-04-05 22:53:40 MDT for 428s
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
443/tcp open ssl/http Apache httpd 2.2.11 ((Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i)
Nmap scan report for store.rc.ac.playstation.net (199.108.4.140)
Host is up (0.070s latency).
Scanned at 2011-04-05 22:53:40 MDT for 428s
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
443/tcp open ssl/http Apache httpd 2.2.11 ((Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i)
Nmap scan report for rc.store.playstation.net (199.108.4.141)
Host is up (0.080s latency).
Scanned at 2011-04-05 22:53:40 MDT for 428s
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.11 ((Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i)
443/tcp open ssl/http Apache httpd 2.2.11 ((Unix) mod_ssl/2.2.11 OpenSSL/0.9.8i)
Nmap scan report for native.rc.ac.playstation.net (199.108.4.144)
Host is up (0.073s latency).
Scanned at 2011-04-05 22:53:40 MDT for 428s
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
443/tcp open ssl/http Apache httpd 2.2.11 (mod_ssl/2.2.11 OpenSSL/0.9.8i)
* login server 2.2.11 (version from 2008)
* account server 2.2.11 (version from 2008)
* commerce server 2.2.11 (version from 2008)
* auth server 2.2.11 (version from 2008)
* store server 2.2.11 (version from 2008)
* rc store server 2.2.11 (version from 2008)
* native server 2.2.11 (version from 2008)
There are some talking about the server auth.np.ac.playstation.net. That one was updated.
Nmap scan report for auth.np.ac.playstation.net (199.108.4.73)
Host is up (0.070s latency).
Scanned at 2011-04-05 22:53:40 MDT for 428s
Not shown: 999 filtered ports
PORT STATE SERVICE VERSION
443/tcp open ssl/http Apache httpd 2.2.17
TL:DR
YES, Sony was using outdated servers. Unpatched? no idea.
Two weeks was fraudulently optimistic (Score:4, Interesting)
Look at what they're doing here:
- completely rearchitecting their security and network
- completely reimplementing their security and network
- physically moving the servers
- redeploying this worldwide
Two weeks? I don't f@#4ing think so. They're just stringing you along or they really do have no idea what they're doing (I'll buy either).
I wouldn't use it for a couple weeks either till they work out the bugs. Me, I've been playing Portal 2 on PC.
Re:Two weeks was fraudulently optimistic (Score:5, Funny)
Look at what they're doing here:
- completely rearchitecting their security and network
- completely reimplementing their security and network
- physically moving the servers
- redeploying this worldwide
You forgot:
* deploying mirrorshades razorgirls to the BAMA Sprawl to hunt the console cowboys who cracked their ICE
* impersonating the Eastern Seaboard Fission Authority
* burning Chrome
I love living in the squalid cyberfuture.
Re: (Score:2)
I would mod you up if I could, Hiro
Re: (Score:2)
If they are doing anything at all a this time. It is quite possible they are still trying to grasp what the external security experts have told them. In my opinion that could well have been "You cannot repair this trash. Throw it _all_ away, sack the incompetent idiots responsible for this (and that includes management) and start over. Time: 1-2 years at least."
Damned if they do, damned if they don't. (Score:4, Insightful)
Re: (Score:2)
I hate to defend Sony here (it'll probably cost me some karma), but it seems like they're in a "damned if you do and damned if you don't" scenario. A week and a half ago, they disclosed the nature of the personal information breach and everyone seemed to be clamoring about how long it took them to say something. In this case, they release more information during their press conference a few days later, then they discovered that it was a bit worse than they had thought and now everyone is pointing the finger at them because they released information that was incorrect. In a perfect world, we would all be able to release completely accurate information right after the event, but everyone here knows the difficulty in that.
No, Sony's in the typical "damned because they didn't" scenario.
Damned because they didn't respect consumer rights.
Damned because they didn't test their system's security.
Damned because they didn't realize that taunting hackers was a bad idea.
Damned because they built a shitty network and stored unencrypted credit card data (if at this point you still believe their bullshit about it being encrypted, you're the dippest of shits). Several friends have been hit with fraudulent charges in the last few weeks, a
Thwir system is just far to broken (Score:2)
My guess: The external IT security experts they have had to contract are refusing to sign off on the "repaired" system, because it is just far too broken. Maybe it cannot be repaired at all, which would mean either a few more months of outage or a good likelihood of getting hacked again in a short time.
So what if it happens again? (Score:2)
Will Sony keep delaying the reactivation? :P
Re: (Score:2)
Re: (Score:2)
How much do you want to bet? ;)
Re: (Score:2)
Direct Fucking Link Here (Score:2)
Rather than Slashdot linking to some site called "I4U" which links to Joystiq, which links to the article on Sony's playstation site, how about we just fucking link to the Sony article and do away with the blog self-promotion chain?
http://blog.us.playstation.com/2011/05/06/service-restoration-update/ [playstation.com]
Sony... (Score:3)
Fuck the PSN. (Score:2)
So when do I get to use my PSPgo? (Score:2)
I just got a PSP go thinking it would be perfect to compliment my kindle for an upcoming international flight. But I can't even play the games that came with it since the game installer disk needs to authenticate with the PSN to install the games.
I have been considering shipping it and the bonus game disk back for service, maybe they can load the games for me.
Sony's punishment? (Score:3)
Does anyone have any news if Sony will get any punishment for this from VISA/MS/Gov? I'm really interested who this works out regarding PCI/PA-DSS. Seems Sony should have gotten a whoops for this
If we don't see any harsh punishment for breaking PCI-DSS then the whole certification process/requirements are a farce and don't apply to big corporations.
Honestly, this is pathetic. (Score:4, Interesting)
I happened to use the same ID/PW on both my PSN and my LOTRO account. Three months ago, someone had the ID to the LOTRO account and sold all my stuff. Long story short, Sony has NO F'ING CLUE how long they were being exploited. I never logged in anywhere other than personal machines to LOTRO, so there is NO WAY it could have been stolen from anywhere else. They were broken into over three months ago and they never knew it. They only just found out because some silly kid who had access decided to put a file on their servers that they FINALLY SAW. This honestly is pathetic. I have no faith in Sony anymore. They lost me and everyone I advise in a technical capacity. They will never know how many people that is, but I will. Standard response now is. Go with Xbox for games, Western Digital streaming device for Netflix, and a stand alone blue ray player if needed. At least Microsoft knows it is a target and has some semblance of a clue for NOT putting all of their proverbial eggs in one basket. I don't even know how to express the anger that I have for something that I thought would be safe and turned out to have them just having completely no clue on. For a major corporation, this is pathetic. There is no going back from this. Everyone in my family and everyone who I consult at work and personally will be told what happened and how long it has happened. I have already had people say "I thought Sony was a good company." Well, they weren't. To them, this is PR, to me, this is my personal information and my time spent in a game. Wasted, because of their hubris. Thanks Sony. You just lost me, my family and everyone whose ear I can bend. You won't care, but I do.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
They have a right to drive traffic to their site for ad hits too, err, I mean to do whatever it is they were doing.
Re: (Score:2)
Re: (Score:2)
I am totally fed up with you anti-Sony people having a field day with this story. IT HAPPENED. It could have happened to your sacred Apple, Microsoft, or Nintendo
Says a lot when Sony's karma is in worse shape than Microsoft's.
As long as people are stupid enough to keep giving money to Sony, they have no real incentive to change.
Get a real penis first (Score:2)
I, for one, am NOT pissed about the Sony breaches. (plural, of course) I think it's fucking hilarious. What's even funnier is, all the people who gave Sony their credit card info have probably used those same credit cards on Google, Amazon, one or more other online games, Ebay, Newegg, hell, they probably entered their credentials into eggdrop.com and iloveyou.net. The Sony breaches are just the beginning of the story! Consumers just don't learn . . .
Re: (Score:3)
It could have happened to your sacred Apple, Microsoft, or Nintendo.
No company is sacred. Yes, that includes your beloved Sony.
Then I get all excited to read, just to hear some basement dwelling fucktard bitch about the rootkit from almost a decade ago. Give me a break. You can buy or steal good music everywhere, just because Justin Timberlake's CD fuck up your shit and your're 36 doesn't make it an issue for everyone.
You're missing the point. It's the lack of concern for their customers that had people pissed off, not the fact that everyone complaining about the rootkit that happened 6 years ago was personally affected. You didn't care when Sony showed its colors before, but now all of a sudden you're all pissy about it because it affects you. Believe it or not, but a major reason why I never bought a PS is because of the rootkit thing. I'm not exactly regr
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I haven't. But I also do not have a $35-billion company with 167,000 employees and hundreds of millions of customers and 65 years of experience with which to deploy one and properly react to emergencies like this without totally flubbing it up.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)