| View previous topic :: View next topic |
| Author |
Message |
Ken_Gooner
Status: Offline
Joined: 03 Oct 2007
Posts: 1228
$poons: 264.70
Location: Gold Coast, Australia
|
 Posted: Fri Apr 29, 2011 8:36 am Post subject: |
|
|
 |
|
The hackers were probably opportunists. Seeing that Sony were probably focusing on Anonymous attacks, GeoHutz and co...
Perhaps the system was already struggling after those attacks and they left the door open for a proper, organised attack while they tended to the wounds gained from anon and co.
Of course, I know NOTHING of hacking. Seriously, I can't even hack a facebook account even if I know their password...
_________________
Oh to, oh to be, oh to be a gooner
|
|
| Back to top |
|
|
ANDYBALLINA
Status: Offline
Joined: 23 May 2008
Posts: 3461
$poons: 977.20
Location: Ballina
|
| Posted: Fri Apr 29, 2011 9:46 am Post subject: |
|
|
|
|
Some new's for you all.
Sony has confirmed that it hopes to restore some fuctionality to the PSN service by next Tuesday in a new statement on the PlayStation Blog.
"Our employees have been working day and night to restore operations as quickly as possible, and we expect to have some services up and running within a week from yesterday. However, we want to be very clear that we will only restore operations when we are confident that the network is secure."
Dated April 27, the update posted by Patrick Seybold (Sr. Director, Corporate Communications & Social Media), would put the estimated return date for PSN services as May 3, meaning that the service will have been offline for two weeks.
Although which services will be coming back online next week is unclear, Sony has stated they are working on new security measures for the future, as well as seeking out those responsible for the breach, confirming they "are working closely with a recognised technology security firm in order to find those responsible for this criminal act, no matter where in the world they might be located."
_________________
PSN: ANDYBALLINA1
|
|
| Back to top |
|
|
StorminNorman
Status: Offline
Joined: 13 Mar 2011
Posts: 809
$poons: 152.40
|
| Posted: Fri Apr 29, 2011 9:54 am Post subject: |
|
|
|
|
| Furianshi wrote: | | I must admit, I don't know much at all about Rebug (which I suppose was simple to code?). |
Rebug basically allows you to install firmware intended for a debug PS3 (aka TEST PS3) on a standard retail PS3. This doesn't actually turn your PS3 into a TEST PS3, as TEST PS3s have more hardware (extra RAM and hardware interrupt/breakpoint support) than retail models, but it does cause it to behave as though it's a TEST PS3 when connecting to the PSN.
Apparently, Sony believed that only people they trusted would ever be able to connect a TEST PS3 to the PSN and log on as though they were a developer, because it appears that almost no credential checking was done, and the units allowed for unlimited downloading from PSN without even checking the validity of supplied credit card info.
Basically, Sony made the fatal mistake of trusting the client system absolutely, and that's what's brought them undone. It's likely they'll now build much more secure TEST/debug units, and distribute them to developers, and then ban all older TEST PS3s from the PSN. If the TEST PS3 has the same remote bricking feature as the debug 360s do, then they can do that, too.
| Quote: | | Why wouldn't they defend themselves against it if they were aware? |
One thing that's become clear from all of this is that Sony's approach to platform security was either hilariously naive, or grossly incompetent.
| Quote: | | Regarding custom firmwares and user rights and the freedom to tinker, I previously haven't had a problem with this kind of thing. I'm not one to dabble myself, I buy my games consoles to use them as they were designed, for playing games. |
I'm a bit worried that someone might genuinely believe that there should be restrictions on what I can do with something I legally own like that, which is why I linked the Freedom To Tinker blog in the first place.
In reality, the problem here wasn't that people were tinkering/hacking their PS3s, it was that they were then able to use those modified units to expose how hilariously weak Sony's security is. If the PS3/PSN had good security, then they would never have been able to do this in the first place.
| Quote: | | Personally, I hope custom firmwares etc get stomped the **** out. If people want to create homebrew style apps, do it on a f***ing computer. Wanna run linux? Run it on a f****ing computer. |
The PS3 is a computer. More importantly, it's a computer with a really interesting CPU, which, as any good hacker will tell you, is like nectar to a bee.
_________________
Twitter | XBL: Tamaaya | PSN: stormo | GameCentre/Steam: StorminNorman
|
|
| Back to top |
|
|
theory
PALGN Moderator
Status: Offline
Joined: 17 May 2005
Posts: 9112
$poons: 1275.00
Location: Melbourne
|
| Posted: Fri Apr 29, 2011 9:55 am Post subject: |
|
|
|
|
| ANDYBALLINA wrote: | | Some new's for you all. |
Wow.
_________________
|
|
| Back to top |
|
|
Furianshi
PALGN Moderator
Status: Offline
Joined: 04 Apr 2006
Posts: 1470
$poons: 513.20
Location: Mackay
|
| Posted: Fri Apr 29, 2011 10:57 am Post subject: |
|
|
|
|
| StorminNorman wrote: | | Furianshi wrote: | | I must admit, I don't know much at all about Rebug (which I suppose was simple to code?). |
Rebug basically allows you to install firmware intended for a debug PS3 (aka TEST PS3) on a standard retail PS3. This doesn't actually turn your PS3 into a TEST PS3, as TEST PS3s have more hardware (extra RAM and hardware interrupt/breakpoint support) than retail models, but it does cause it to behave as though it's a TEST PS3 when connecting to the PSN.
Apparently, Sony believed that only people they trusted would ever be able to connect a TEST PS3 to the PSN and log on as though they were a developer, because it appears that almost no credential checking was done, and the units allowed for unlimited downloading from PSN without even checking the validity of supplied credit card info.
Basically, Sony made the fatal mistake of trusting the client system absolutely, and that's what's brought them undone. It's likely they'll now build much more secure TEST/debug units, and distribute them to developers, and then ban all older TEST PS3s from the PSN. If the TEST PS3 has the same remote bricking feature as the debug 360s do, then they can do that, too. |
Unless you're one of the hackers, I doubt you know all of this for sure. You're just going by what you've read and things are never as simple as they seem.
| StorminNorman wrote: | | Quote: | | Why wouldn't they defend themselves against it if they were aware? |
One thing that's become clear from all of this is that Sony's approach to platform security was either hilariously naive, or grossly incompetent. |
See above.
| StorminNorman wrote: | | Quote: | | Regarding custom firmwares and user rights and the freedom to tinker, I previously haven't had a problem with this kind of thing. I'm not one to dabble myself, I buy my games consoles to use them as they were designed, for playing games. |
I'm a bit worried that someone might genuinely believe that there should be restrictions on what I can do with something I legally own like that, which is why I linked the Freedom To Tinker blog in the first place.
In reality, the problem here wasn't that people were tinkering/hacking their PS3s, it was that they were then able to use those modified units to expose how hilariously weak Sony's security is. If the PS3/PSN had good security, then they would never have been able to do this in the first place. |
I think you've quoted the wrong part of my post here(?), as I'm clearly stating only that I personally prefer to use the hardware as designed.
| StorminNorman wrote: | | Quote: | | Personally, I hope custom firmwares etc get stomped the **** out. If people want to create homebrew style apps, do it on a f***ing computer. Wanna run linux? Run it on a f****ing computer. |
The PS3 is a computer. More importantly, it's a computer with a really interesting CPU, which, as any good hacker will tell you, is like nectar to a bee. |
You're being obtuse and I'm taking everything you say from here on with a grain of salt. The PS3 is first and foremost, a games console. Hacking it has ultimately led to the situation we are now in.
|
|
| Back to top |
|
|
Benza
Status: Offline
Joined: 11 Mar 2008
Posts: 14586
$poons: 119.20
|
| Posted: Fri Apr 29, 2011 10:57 am Post subject: |
|
|
|
|
| Quote: | | Personally, I hope custom firmwares etc get stomped the **** out. If people want to create homebrew style apps, do it on a f***ing computer. Wanna run linux? Run it on a f****ing computer. |
How about you do what you want with your PS3 and I'll do what I want with my PS3?
You just want to play games fine, that's not what everyone wants to do and there shouldn't be restrictions on what I can do with something I bought.
_________________
|
|
| Back to top |
|
|
Furianshi
PALGN Moderator
Status: Offline
Joined: 04 Apr 2006
Posts: 1470
$poons: 513.20
Location: Mackay
|
| Posted: Fri Apr 29, 2011 11:01 am Post subject: |
|
|
|
|
| Benza wrote: | | Quote: | | Personally, I hope custom firmwares etc get stomped the **** out. If people want to create homebrew style apps, do it on a f***ing computer. Wanna run linux? Run it on a f****ing computer. |
How about you do what you want with your PS3 and I'll do what I want with my PS3?
You just want to play games fine, that's not what everyone wants to do and there shouldn't be restrictions on what I can do with something I bought. |
Did you read my post? I have never previously had a problem with what other people do with their consoles. But now, what you do with your console has affected and encroached upon what I do with my console.
I'm no longer going to participate in a conversation that goes around in circles benza, so find someone else to spout your dribble to.
|
|
| Back to top |
|
|
Benza
Status: Offline
Joined: 11 Mar 2008
Posts: 14586
$poons: 119.20
|
| Posted: Fri Apr 29, 2011 11:06 am Post subject: |
|
|
|
|
Hacking the consoles didn't cause this, hacking PSN did. Those are two separate incidents.
Hacking your consoles can lead to hacking PSN but it can also be for stuff like my Wii is hacked to play imported games and my DSi has custom firmware on it to play MP3's.
What you're saying is that none of that should be allowed because of one possible outcome, that's a little like saying no one should be allowed to drink alcohol cause it can lead to some people drink driving. It's short sighted and kind of ignorant.
_________________
|
|
| Back to top |
|
|
Fyuusii
Status: Offline
Joined: 13 Jan 2010
Posts: 1103
$poons: 213.80
Location: Perth, WA
|
| Posted: Fri Apr 29, 2011 11:27 am Post subject: |
|
|
|
|
| Benza wrote: | | Quote: | | Personally, I hope custom firmwares etc get stomped the **** out. If people want to create homebrew style apps, do it on a f***ing computer. Wanna run linux? Run it on a f****ing computer. |
How about you do what you want with your PS3 and I'll do what I want with my PS3?
You just want to play games fine, that's not what everyone wants to do and there shouldn't be restrictions on what I can do with something I bought. |
I'm fairly certain the modification or reverse engineering of most electronic products is covered pretty strongly as a no-no in their respective TOU.
I see your point Benza, but you're splitting hairs; borderline trolling.
_________________
"Now I stand, the lion before the lambs... and they do not fear.
They cannot fear..." |
|
| Back to top |
|
|
Benza
Status: Offline
Joined: 11 Mar 2008
Posts: 14586
$poons: 119.20
|
| Posted: Fri Apr 29, 2011 11:38 am Post subject: |
|
|
|
|
the problem with the whole terms of use thing is that the law superscedes the terms of use. And the law is being incredibly inconsistent about weather it's legal or not.
For example, the US federal court declared that your right to jailbreak an iPhone superscedes the TOU and is legal.
But then doing basically the same thing on a PS3 is illegal.
It's a whole legal gray area that there doesn't seem to be a clear answer on.
That said I think morally I paid for it, it's mine. I can do whatever I want with it. The moment the transaction takes place and my money is in there hands they lose any right to say what I can and can't do with it.
_________________
|
|
| Back to top |
|
|
Smurf80
Status: Offline
Joined: 03 Apr 2008
Posts: 1929
$poons: 261.60
|
| Posted: Fri Apr 29, 2011 12:11 pm Post subject: |
|
|
|
|
I agree Benza with your point but if you want to continue to access Sony's services you will need to leave your console as "the manufacturer intended" If that doesnt interest you and neither does a warranty then go for your life. Thats the proviso.
_________________
Thanks to segax for the sig!
|
|
| Back to top |
|
|
Benza
Status: Offline
Joined: 11 Mar 2008
Posts: 14586
$poons: 119.20
|
| Posted: Fri Apr 29, 2011 12:20 pm Post subject: |
|
|
|
|
| Smurf80 wrote: | | I agree Benza with your point but if you want to continue to access Sony's services you will need to leave your console as "the manufacturer intended" If that doesnt interest you and neither does a warranty then go for your life. Thats the proviso. |
For sure, that's a service they offer and they have every right to revoke it. (And if the warranty on it is anything similar to the warranty on the x-box then fuck you aren't losing much)
_________________
|
|
| Back to top |
|
|
Chikasu
Status: Offline
Joined: 21 May 2010
Posts: 245
$poons: 28.60
|
| Posted: Fri Apr 29, 2011 12:46 pm Post subject: |
|
|
|
|
Inserts inevitible troll "shoulda bought an xbox"
now that thats done, i hate how some people have already started law suits about it.... surely sony will compensate anyone that they have wronged in this...
|
|
| Back to top |
|
|
StorminNorman
Status: Offline
Joined: 13 Mar 2011
Posts: 809
$poons: 152.40
|
| Posted: Fri Apr 29, 2011 12:57 pm Post subject: |
|
|
|
|
| Benza wrote: | | For sure, that's a service they offer and they have every right to revoke it. |
Actually, not so much. It turns out that if you advertise a service or feature as part of a product, then withdraw it, you can be left open for legal action (at least in the EU). Sony are currently fighting such a legal battle regarding their OtherOS removal.
Anyway, this arstechnica article mentions that it's possible the attack may have been carried out, at least in part, by an employee of Sony:
| Quote: | | The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack," Seybold wrote. He also pointed out that the information was behind both physical and electronic safeguards, which means the attack may have been carried out by an employee. |
_________________
Twitter | XBL: Tamaaya | PSN: stormo | GameCentre/Steam: StorminNorman
|
|
| Back to top |
|
|
Smurf80
Status: Offline
Joined: 03 Apr 2008
Posts: 1929
$poons: 261.60
|
| Posted: Fri Apr 29, 2011 1:04 pm Post subject: |
|
|
|
|
Quote the entire conversation StorminNorman as what Benza and I are saying is if you mod your console you forego your right to use PSN not remcving a feature such as otherOS.
Again what you are quoting is heresay rumour mill will run wild with this as I doubt we will ever know the full story.
_________________
Thanks to segax for the sig!
|
|
| Back to top |
|
|
Warpdogg
Status: Offline
Joined: 19 Apr 2007
Posts: 332
$poons: 91.20
Location: Victoria
|
| Posted: Fri Apr 29, 2011 2:41 pm Post subject: |
|
|
|
|
Benza, relax, Furianshi makes a valid point, you're arguing pointless semantics just for the sake of it. He doesn't give a shit what you do with your console as long as it doesn't affect his, which is fair, and applies to many things in life. He never once mentioned anything even slightly related to the points you are making, I think you're reading into it a little too much dude.
I say let the thread die now, discussion has been had, it's just becoming troll bait. Leave it until there's more news.
_________________
|
|
| Back to top |
|
|
TamTam79
Status: Offline
Joined: 06 Sep 2008
Posts: 1605
$poons: 244.00
|
| Posted: Fri Apr 29, 2011 2:45 pm Post subject: |
|
|
|
|
Eh, where has it been confirmed by anyone that the Rebug CFW was the root cause of this? SONY's security issues were made apparently clear months before this ever happened and Rebug's only been around in this form for about a month.
I think plenty of people are clinging to this "Blame Rebug! Blame CFW" because it ain't SONY and thats exactly what they want.
_________________
|
|
| Back to top |
|
|
Furianshi
PALGN Moderator
Status: Offline
Joined: 04 Apr 2006
Posts: 1470
$poons: 513.20
Location: Mackay
|
| Posted: Fri Apr 29, 2011 4:14 pm Post subject: |
|
|
|
|
| Quote: | Q: Will our download history/friends list/settings be affected by the PSN downtime?
A: No, they will not.
Q: Will trophies that were earned in single-player offline games during the outage be intact when the service resumes?
A: These trophies are intact and will be re-synched when the network is once again operational.
Q: Will my PS+ cloud saves be retrievable?
A: Yes, once PSN is restored.
Q: What if we have a subscription to PS3 MMOs DC Universe Online or Free Realms? Will we get compensation for that?
A: From Sony Online Entertainment: “We apologize for any inconvenience players may have experienced as a result of the recent service interruption. As a global leader in online gaming, SOE is committed to delivering stable and entertaining games for players of all ages. To thank players for their patience, we will be hosting special events across our game portfolio. We are also working on a “make good” plan for players of the PS3 versions of DC Universe Online and Free Realms. Details will be available soon on the individual game websites and forums.”
Q: Will there be a goodwill gesture for the time we haven’t been able to utilize PSN/Qriocity?
A: We are currently evaluating ways to show appreciation for your extraordinary patience as we work to get these services back online.
Thank you for your continued feedback. |
Link
finally Sony answers the important questions. 
|
|
| Back to top |
|
|
John Marston
Status: Offline
Joined: 09 Mar 2010
Posts: 1256
$poons: 27.80
Location: Grand Line
|
| Posted: Fri Apr 29, 2011 5:23 pm Post subject: |
|
|
|
|
Uh Oh
| Quote: | According to Kevin Stevens, an online security expert with TrendMicro, “low-level cybercriminals” are currently shopping around lists supposedly containing the credit card details of 2.2 million PlayStation Network members.
While Sony says it has “no evidence credit card numbers were stolen” in the attacks on the PlayStation Network, it has still recommended people make necessary precautions regarding their cards and bank accounts.
Stevens says the details are up for sale on the illegal forums of “carders” (people engaged in credit card fraud), and while he does not link these forums directly, says the sellers are claiming to be in possession of card holder’s names, addresses, phone numbers, email addresses, dates of birth and, perhaps most importantly, full credit card details, including their CVV2 numbers (those little numbers on the back of the card).
Now, these sellers could be full of shit. I could put a listing on craigslist right now selling the moon for $US50 and there’s nothing stopping me. Given the severity of the situation and the nature of the claims, though, let’s hope “full of shit” is all these people are. |
I really hope this is false.....
_________________
3ds code 1891 1272 0232 add us 
|
|
| Back to top |
|
|
fatpizza
Status: Offline
Joined: 09 Apr 2007
Posts: 1722
$poons: 348.20
Location: Perth
|
| Posted: Fri Apr 29, 2011 6:09 pm Post subject: |
|
|
|
|
Didn't Sony say they never kept a record of the CVV2 numbers?
_________________
|
|
| Back to top |
|
|
Fyuusii
Status: Offline
Joined: 13 Jan 2010
Posts: 1103
$poons: 213.80
Location: Perth, WA
|
| Posted: Fri Apr 29, 2011 6:14 pm Post subject: |
|
|
|
|
| Penny-Arcade wrote: |  |
_________________
"Now I stand, the lion before the lambs... and they do not fear.
They cannot fear..."
|
|
| Back to top |
|
|
TamTam79
Status: Offline
Joined: 06 Sep 2008
Posts: 1605
$poons: 244.00
|
| Posted: Fri Apr 29, 2011 6:14 pm Post subject: |
|
|
|
|
| fatpizza wrote: | | Didn't Sony say they never kept a record of the CVV2 numbers? |
You ever have to enter a CVV2 number twice on the PSN? I never did.
_________________
|
|
| Back to top |
|
|
Nietzsche
Status: Offline
Joined: 18 Nov 2008
Posts: 2543
$poons: 119.80
Location: Melbourne, Victoria, Australia, Earth
|
| Posted: Fri Apr 29, 2011 6:16 pm Post subject: |
|
|
|
|
"While Sony says it has “no evidence credit card numbers were stolen” in the attacks on the PlayStation Network, it has still recommended people make necessary precautions regarding their cards and bank accounts. "
Don't Pee Down My Back And Tell Me It's Raining
|
|
| Back to top |
|
|
John Marston
Status: Offline
Joined: 09 Mar 2010
Posts: 1256
$poons: 27.80
Location: Grand Line
|
| Posted: Fri Apr 29, 2011 6:24 pm Post subject: |
|
|
|
|
Am i the only one who is starting to doubt psn will be back up this Tuesday??? God i hope i am wrong...
_________________
3ds code 1891 1272 0232 add us
|
|
| Back to top |
|
|
fatpizza
Status: Offline
Joined: 09 Apr 2007
Posts: 1722
$poons: 348.20
Location: Perth
|
| Posted: Fri Apr 29, 2011 6:31 pm Post subject: |
|
|
|
|
| TamTam79 wrote: | | fatpizza wrote: | | Didn't Sony say they never kept a record of the CVV2 numbers? |
You ever have to enter a CVV2 number twice on the PSN? I never did. |
Maybe it was stored locally on your PS3 and is submitted whenever you add funds to your account?
Plus remember this from the Playstation Blog:
"While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system."
_________________
|
|
| Back to top |
|
|
|
