The Official PS3 thread - Aaaaannnnnnddddd we're back!
05-02-11 | 04:34 PM
#2777
DVD Talk God
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
lol. sony. i'd just give up at this point.
05-02-11 | 05:01 PM
#2778
DVD Talk Hall of Fame
Joined: Jun 2002
Posts: 8,487
Likes: 0
Received 0 Likes
on
0 Posts
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
05-02-11 | 05:46 PM
#2779
DVD Talk Special Edition
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
Following up on this morning's news that Sony Online Entertainment servers were offline across the board, Sony Online Entertainment announced that it has lost 12,700 customer credit card numbers as the result of an attack, and roughly 24.6 million accounts may have been breached.
The company took SOE servers offline after learning of the attack last evening, and today detailed the unfortunate results: "approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, the Netherlands, and Spain" were lost, apparently from "an outdated database from 2007." Of the 12,700 total, 4,300 are alleged to be from Japan, while the remainder come from the aforementioned four European countries.
Furthermore, Sony ties today's announcement directly to the recent attacks on PlayStation Network and Qriocity, with Sony saying SOE customer information was stolen on either April 16 or April 17. Sony has repeatedly stated that its PSN servers and SOE servers are not part of the same network, so it remains unclear just how these two attacks are tied together. Head past the break for the full statement from Sony.
The company took SOE servers offline after learning of the attack last evening, and today detailed the unfortunate results: "approximately 12,700 non-US credit or debit card numbers and expiration dates (but not credit card security codes), and about 10,700 direct debit records of certain customers in Austria, Germany, the Netherlands, and Spain" were lost, apparently from "an outdated database from 2007." Of the 12,700 total, 4,300 are alleged to be from Japan, while the remainder come from the aforementioned four European countries.
Furthermore, Sony ties today's announcement directly to the recent attacks on PlayStation Network and Qriocity, with Sony saying SOE customer information was stolen on either April 16 or April 17. Sony has repeatedly stated that its PSN servers and SOE servers are not part of the same network, so it remains unclear just how these two attacks are tied together. Head past the break for the full statement from Sony.
Last edited by Bob_Bobbson; 05-02-11 at 05:58 PM. Reason: Updated Info
05-02-11 | 07:11 PM
#2780
DVD Talk Godfather & 2020 TOTY Winner
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
We can get bin Laden, but can't catch these douchbags?
05-02-11 | 07:24 PM
#2781
DVD Talk Legend
05-02-11 | 07:31 PM
#2782
DVD Talk Legend
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
05-02-11 | 08:02 PM
#2783
DVD Talk Special Edition
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
Well, also keep in mind that this is S.O.E. the developers behind several MMO games, like DC Universe Online. It's separate from PSN, so if you never subscribed to one of their games, they won't have your info.
Still though, 2 branches of Sony infiltrated within a month, one may have credit card info stolen, the other definitely has CC info stolen. Both have personal info of users stolen.
Not a good month for Sony.
Still though, 2 branches of Sony infiltrated within a month, one may have credit card info stolen, the other definitely has CC info stolen. Both have personal info of users stolen.
Not a good month for Sony.
05-02-11 | 09:05 PM
#2784
DVD Talk Hall of Fame
Joined: Jan 2000
Posts: 7,936
Likes: 0
Received 0 Likes
on
0 Posts
From: Somewhere out there... YES THERE!!!
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
This is going to hurt sony pretty bad. I think the ps3 may make it out, but those mmo's are going to lose a lot of people because of this, monthly subs are their only way to make money after they have sold the product.
05-03-11 | 01:21 AM
#2785
DVD Talk Special Edition
05-03-11 | 01:23 AM
#2786
05-03-11 | 01:49 AM
#2787
DVD Talk Platinum Edition
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
Let's see that douche ad guy make a sarcastic commercial about this. What a colossal fuck up and the way they handled it is even worse. I wish I had gotten MK for the 360.
05-03-11 | 09:35 AM
#2788
DVD Talk Limited Edition
05-03-11 | 09:42 AM
#2789
Who agrees to something they didn't read!?
05-03-11 | 12:37 PM
#2790
DVD Talk Godfather & 2020 TOTY Winner
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
To the point addressed in our new thread title:
I'm certainly not up on this sort of thing at all, but it seems like maybe security wasn't as lax as we all are lead to believe.
Originally Posted by Playstation Blog
PlayStation Network Security Update
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
On Tuesday, April 26 we shared that some information that was compromised in connection with an illegal and unauthorized intrusion into our network. Once again, we’d like to apologize to the many users who were inconvenienced and worried about this situation.
We want to state this again given the increase in speculation about credit card information being used fraudulently. One report indicated that a group tried to sell millions of credit card numbers back to Sony. To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list.
One other point to clarify is from this weekend’s press conference. While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form. For a description of the difference between encryption and hashing, follow this link.
+ Posted by Patrick Seybold // Sr. Director, Corporate Communications & Social Media
On Tuesday, April 26 we shared that some information that was compromised in connection with an illegal and unauthorized intrusion into our network. Once again, we’d like to apologize to the many users who were inconvenienced and worried about this situation.
We want to state this again given the increase in speculation about credit card information being used fraudulently. One report indicated that a group tried to sell millions of credit card numbers back to Sony. To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list.
One other point to clarify is from this weekend’s press conference. While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form. For a description of the difference between encryption and hashing, follow this link.
Last edited by Decker; 05-03-11 at 12:50 PM.
05-03-11 | 12:45 PM
#2791
DVD Talk Special Edition
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
That is the point that confused me. I couldn't imagine store passwords in plain text. In some of the systems I support you can get to the passwd file but they look like: $1$mam19$4tEbpV6TPNAqeBdFKJkXi1$-1. I probably would have called that encrypted, but I'm guessing encrypted means its stored non-ascii perhaps.
05-03-11 | 02:27 PM
#2792
DVD Talk Legend
Joined: Apr 2003
Posts: 10,706
Likes: 0
Received 1 Like
on
1 Post
From: Picture a cup in the middle of the sea
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
Yeah, hashing is more heavily used now. Encryption is good if you want to be able to decrypt. With a hash key, a good one, you won't be able to decipher the data.
05-03-11 | 04:06 PM
#2794
DVD Talk Godfather & 2020 TOTY Winner
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
So if our personal data was actually well-protected, do we think that the info is actually still safe? Why isn't this a bigger story? I only found it in the Playstation Blog. Why isn't it being reported in Joystiq, Kotaku, etc?
Instead we get articles like this Canadian one that repeatedly criticizes Sony's practices, then briefly acknowledges that the data was hashed and that might have been adequate protection. Is encryption always safe? It seems disingenuous to rail on them if they might have actually been as diligent as we could have expected.
Instead we get articles like this Canadian one that repeatedly criticizes Sony's practices, then briefly acknowledges that the data was hashed and that might have been adequate protection. Is encryption always safe? It seems disingenuous to rail on them if they might have actually been as diligent as we could have expected.
05-03-11 | 05:04 PM
#2795
DVD Talk Platinum Edition
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
Woke up this morning to find my bank account was in the negative. Three charges to some international company all for the same amount went through and according to the bank more were pending. So they're re-issuing me new cards and reversing the transactions. Didn't think Sony had my cc info but then I remembered I've used it to purchase several games on the PSN store over the past few months.
05-03-11 | 05:43 PM
#2796
DVD Talk Legend
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
Woke up this morning to find my bank account was in the negative. Three charges to some international company all for the same amount went through and according to the bank more were pending. So they're re-issuing me new cards and reversing the transactions. Didn't think Sony had my cc info but then I remembered I've used it to purchase several games on the PSN store over the past few months.
So the card you used on PSN, you kept active? Up until the bank cancelling it of course.
I'm still waiting for my new card to show up in the mail. Cancelled my old card last week.
05-03-11 | 05:46 PM
#2797
DVD Talk Platinum Edition
Joined: Jan 2000
Posts: 3,613
Likes: 0
Received 0 Likes
on
0 Posts
From: Los Angeles, CA
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
Woke up this morning to find my bank account was in the negative. Three charges to some international company all for the same amount went through and according to the bank more were pending. So they're re-issuing me new cards and reversing the transactions. Didn't think Sony had my cc info but then I remembered I've used it to purchase several games on the PSN store over the past few months.
05-03-11 | 06:20 PM
#2798
DVD Talk Platinum Edition
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
05-03-11 | 06:24 PM
#2799
DVD Talk Platinum Edition
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
Yeah, I kept my card active and it was the same one I used to make PSN purchases. I probably should have canceled it last week but like I said I forgot about the games I purchased.
05-03-11 | 09:34 PM
#2800
DVD Talk Hall of Fame
Joined: Jan 2000
Posts: 7,936
Likes: 0
Received 0 Likes
on
0 Posts
From: Somewhere out there... YES THERE!!!
Re: The Official PS3 thread - Encryption? We don't need no stinkin' encryption.
Well one good thing about a new card for me is that I can use all those Redbox 1 use per card free rental codes again :P