PlayStation Network Hack Will Cost Sony $170M 189
alphadogg writes "Sony expects the PlayStation Network hack will cost it $170 million this financial year, it said Monday. Unknown hackers hit the network gaming service for PlayStation 3 consoles in April, penetrating the system and stealing personal information from the roughly 77 million accounts on the PlayStation Network and sister Qriocity service. A second attack was directed at the Sony Online Entertainment network used for PC gaming. Sony responded to the attacks by taking the systems offline."
Does the $170 million figure include compensation for PSN subscribers who suffered from the outage?
Re:Was it worth it? (Score:3, Informative)
"Lets not forget Sony started the fight with the community"
Hmm, I thought the community started the fight by using OtherOS to hack the PS3's security.
Re:Define "suffered from the outage" (Score:4, Informative)
It's NOT the "Not Available" part that's the problem here... It's the leakage of info that's the real issue. 77 million. At least part of them with credit cards, some of those in the clear in violation of PCI security standards.
Re:When trying to talk to the GPU (Score:5, Informative)
Wait-- What!?
The PS3 has had a long standing, and almost glacially low, level of dedicated hacker interest compared to other contemporary systems which were targeted almost immediately after launch. Fail0verflow themselves even pointed out this timeline in their presentation.
http://www.youtube.com/watch?v=4loZGYqaZ7I [youtube.com]i
Throwing the bone to the homebrew community, however sparse on meat, was one of the biggest, if not *THE* biggest things (Given the very very sorry PKI implementation discovered years later...) sony did to help ensure profitability of their system in the face of piracy, since it removed the MOTIVE to hack the console! Why fix what isnt broken? If the console lets you run your own code already, why dig deeper?
The hackers like Geohot who were fuzzing the hypervisor were doing so to get a little more meat on that bone-- Not to raid the table, like you are implying. It wasn't until AFTER Sony took that bone away that the angry pitchfork carrying hackers teamed up to oust the baron from his lofty castle.
By taking the bone away totally, they created HUGE incentive to hack the system, along with deeply seated enmity. That enmity was kindled once before by the sony rootkit debacle, and once restoked, seems to have been one of the major motivational forces behind the seemingly systematic attacks against sony's infrastructure.
To do this right next time, to avoid further hacker enmity, and to prevent piracy on their next console (this one is irreversibly compromised), Sony needs to do the following:
1) Re-enable OtherOS like functionality, with access to the GPU. Access does not == white papers, so a sufficiently advanced custom GPU would take a lot of effort to map out functionality by the community, and would be an activity many would consider *fun*. While they are mapping out what the hardware can do, they are NOT trying to make copied games run. Without a whitepaper to work from, it would be very hard to compete with licensed commercial games. Your average NES emulator or Tetris clone would be about what you would expect to come out. Hardly a competitor for the latest Gears of War, or Red Faction type games.
2) Implement a correct and proper PKI. Give otherOS application code a unique public key to enable execution. Bonus if it uses a totally different private key too.
3) Stop retroactively removing features from consoles. It does not matter how unprofitable that functionality is-- DONT TOUCH IT!
4) Treat users with some dignity, stop warehousing their personal information, and store what information they DO collect on a server that isnt pitifully protected.
But no. You have already made up your mind that Geohot is Teh Badz, that hackers hacked the PS3 exclusively to cheat on online latter play, and that sony is the victim of these dreadful offenses.
No amount of factual reporting will change your mind either.
Please, correct me if I am mistaken in this evaluation, but your tone kept consistently on target with that viewpoint.