Ps3 suks

[Mikeyd2tall]

I wouldn't say they were ill prepared for hacking. They were actually the last pillar to fall, but they didn't ever expect their pillar to fall, and thus were hit hard when it did.

well said. but the psp was hacked also. i do belive that was one of the first with the wii.

[j0be]

Yeah. They learned a lot from the PSP, but they've now got even more experience with this now.

[cycogod]

the xbox and xbox 360 were both cracked wide open fairly early in their lifecycle. you could softmod or chip an original xbox (Jtag for xbox360) , pretty easy stuff but log in with a cracked xbox360 and the ban hammer comes pretty swift. . the ps3 was busted open and sony freaked out and then pissed the wrong people off. better check your credit cards and info... the ps3 was just starting to get good. if it's software based ,it's gonna get cracked- end of line.

[Ra1th]

so the plot thickens

http://ps3.ign.com/articles/116/1164186p1.html

sony just cant catch a break lately

[MrScott101]

already in the process of changing stuff around passwords and cards, this bites!! Not only do I not get to use my ps3 but now I have to change all my stuff. I had a ton of saved passwords for several sites on the ps3!

[Luna Guardian]

Luckily I only have to change my PSN password, still, this sucks

[j0be]

Just to kind of keep this in check, your saved browser passwords would not have been compromised. However, if you use the same password for your psn login and the email address associated with your account I would advise you to change your email password. Really, I would advise everyone to do regular password changes, but that's just me.

Also, there was no evidence that the perpetrators obtained credit card info, but they said it was possible.

My biggest disappointment in this is actually that Sony left people's passwords unsalted. That's just irresponsible.

[Luna Guardian]

So, the PSN should be up thiis week. Your thoughts?

Personally, I'm happy, but I still don't have the time to play

[cycogod]

I wonder how much has changed or been redesigned? I bet this is gonna be a secure sight, maybe even a pain to manage. There gonna be gun shy about this stuff from now on. Happiness more bronze trophies...

[j0be]

About the attack

• Not related to Anonymous, although they did bring up that they were being attacked by them for the past few months (repeatedly stated it was limited to DDoS).
• This intrusion was very skillful and passed their firewall and other security measures because it looked like a normal transaction. It then made a tunnel and had a command attached as a trigger, at which point it was able to be manipulated remotely.
• The attack used a known vulnerability. However, this vulnerability was not known to the management (really hope I understood that part correctly since it's a biggie). Since then, security measures have been improved against that mechanism of attack.
• Because it was an advanced attack and left "no traces", they didn't learn of it until the 19th/20th of April. They still aren't aware of the scope of the data compromised, but say that CC info was a low possibility, since it was stored in a different part of the database and not likely read.
• It took them until the 27th of April to confirm that data was compromised. They had been working with 3 different analysis entities starting from the 20th.
• Information of up to 78 million accounts were taken, but some were likely duplicate/backup accounts. They later were asked about sales data, said that 37 million PS3s and 16 million PSPs had connected to PSN (install base of 50/69mil). There were 10 million Credit Cards connected to PSN at some point.
• From what I understood, it seems that Sony will be doing more testing/inspection of its security measures to prevent future incidents like this. At the time though, SNEI believed their security to be good enough.

Compromised Information

• Hirai said that no improper CC usage has been reported and they have no evidence of CC info being compromised. They said that Sony will pay for CC reissuing and assist with monitoring/insurance programs for customers. If there are any improper charges, they will be handled on a case-by-case basis.
• CC info was encrypted and stored in a different part of the database from user personal information. Because of this, user information and CC information are being categorized separately.
• User passwords were not encrypted, but were hashed.
• Is still analyzing data of the attack, so they weren't saying a whole lot about what had been taken.

Investigation

• Entities from outside of Japan have contacted Sony and requested that they cooperate with their investigation process. FBI HQ seems to be the most involved currently. List of questions from USA House of Representatives has been received.
• Didn't give any more information, just said that investigations had been started globally.
• They weren't aware of the extent of the attack until the 27th of April, the conference was delayed because there was much more that they wanted to work out (in terms of compensation and other considerations).

Resumption of Services and Compensation

• PSN compensation and CC-type compensation are being considered separately. Sony says they will cover credit card reissuing fees and will assist with credit monitoring/insurance programs.
• Again saying that PSN will be online "within a week." Going to be incrementally bringing services back online. Different regions may see services at different times.
• All PSN users will get one free month of PSN+ (current PSN+ subscribers will also get 30 free days), Qrocity subscribers will get a free month, and there will be some titles available for free download. Will differ based on region and their plans are not finalized as of yet.
• All services to be back online within a month.
• As far as cost to Sony, they weren't sure and it'd vary by region, but $15-$20 for PSN+ and a few thousand yen for the titles.

Immediate Actions Being Taken

• Moving the data center from San Diego to a more secure location and adding new detection measures, firewalls, and encryption to make data more secure. Creating a new job position to monitor security. These things have already been done to an extent, but they wouldn't comment specifically out of security considerations.
• Sony is going to have a way for users to look at purchase history online (I think before PSN is actually up) to check for any abnormalities.
• Sony will allow users to leave PSN. They are looking into ways to refund any balances on PSN or PSN+ fees if those exist for the user. There was one conflicting answer about this, but I'm pretty sure they're working on a system to allow users to leave and erase their info if they desire.
• Firmware will need to be updated as soon as PSN is back up and users will need to change their password. Passwords can only be changed on the PS3 system the account was created or via a verified email address. That seemed like a super important point, but it was only mentioned once. However, that means people don't have to worry about a mad dash to change their password before a hacker does. As far as users changing a password from "A" to "B" and then back to "A," they'll alert users if they're doing something like that, or if it's close to their username or something.
• Apparently the updates in Japan were even slower than the ones in the US/EU, so in Japan they're probably going to set up a blog similar to the NA/EU.
• Tablet/NGP launch dates will not be affected.
• They'll possibly be taking measures against the root key thing, although this part wasn't clear and was there was a lot of rambling.
• Want to re-earn user trust as well as developer trust on the PSN ecosystem.
• They actually apologized for the incident!!