PSN outage info - PS3ers - must read!

Started by spaceboy, April 26, 2011, 05:23:22 PM

Previous topic - Next topic

0 Members and 3 Guests are viewing this topic.

spaceboy

So to any of you that have a PS3 and have signed up for PSN you already know about the hacking incident and subsequent downtime.  Please read the letter in the link below (you should be getting this I guess to your email account, but I thought I'd post it here too)

http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
http://mygamepages.com  forums and member created pages

PZ


JRD

Artificial Intelligence is no match for Natural Stupidity

mmosu

Sounds like a lot of "We don't have all the answers, but until then, let's just assume we're all screwed"

spaceboy

yeah, but they have confirmed some of the info, it's only the CC info that they haven't confirmed it seems.
http://mygamepages.com  forums and member created pages

PZ

My wife just read me an article that indicated millions of credit card numbers were compromised.  Who knows what the real story is, but I suspect we should expect the worst.  Sony (or any other lucid for-profit business) is never going to admit openly that they allowed credit card information to be hacked.  The resultant law suits would continue into the next millenium.

RedRaven

Cheers Spaceboy, will make sure the PS3 owners I know who are not OWG members get the info too.

Part of me thinks it is good when massive companies are kept on their toes in this way, but NEVER if it is the end user that is targeted. And in light of recent events in Japan it also borders on the mean and spiteful, after all they could of just as easily hacked Microsoft, or even bigger multi-national companies that are engaged in all manor of shady, underhand and outright illegal activities. Why not target Oil companies, Corporate Banks, companies involved in de-forestation etc ?

Fehu, Uruz, Thurisaz, Ansuz, Raido, Kenaz, Gebo, Wunjo, Hagalaz, Nauthiz, Isa, Jera, Eithwaz, Perth, Algiz, Sowilo, Tiwaz, Berkano, Ehwaz, Mannaz, Laguz, Ingwaz, Othila.

mandru

Looking at the letter to the PS3 community on the link spaceboy provided one thing stands out clearly to me.

The letter has the suggestion that you should watch your credit card statement closely for suspicious activity and the instructions for how to obtain a free credit report were included but wouldn't avoiding unauthorized charges be better than trying to clean up after being robbed?

I would suggest that if you have a CC on file with PS3 go to the company that issued your card, explain to them what has happened with this security breach, give them a copy of the letter from PS3 and request new card number.

It is my understanding that when most card companies are made aware that the security of a card number is in jeopardy they will typically reissue a new card without fees or penalties.  The letter from PS3 may also be useful in avoiding fees or penalties for the switch.

Scary stuff guys.   :shocked
- mandru
Gramma said "Never turn your back 'till you've cut their heads off"

Fiach

Thanks for the heads up spaceboy, my wifes card was compromised a year or so ago, 10K ran up in a week on it, luckily we didnt have to pay, but I will keep an eye out when the statement arrives :)
WITH A GUN FOR A LOVER AND A SHOT FOR THE PAIN.

Guests are not allowed to view images in posts, please Register or Login

Art Blade

I agree with mandru about simply and immediately getting a new CC and have the CC company block anything related to the old one.

As to what Red said.. you don't want to know what has happened and is happening all the time out there on the net regarding intrusion and data theft. Usually it doesn't make it to the headlines as companies and whatever institutions involved will do everything possible to stay away from publicity. Those who have access to that kind of information (about thefts and intrusions and so on) won't be surprised at all about what happened to Sony.

What surprises me, however, is that big companies, including banks, keep closing their eyes when it comes to their own security as in "we're safe. Oops, how did that happen?!" -- many times stuff like that happens because security is being breached by third party components (let's call them "advertisements and special offers") being patched into a until-then secure system and because too many departments (again, additionally external services, too) are working independently, adding and changing parts of the system without, for reasons only known to themselves, checking with other departments involved to make sure their new stuff is compatible with the system. I won't go more into detail here, by now you'll already have got the message.
[titlebar]Vision without action is a daydream. Action without vision is a nightmare.[/titlebar]What doesn't kill us, makes us weirder.

Binnatics

Here's just one of the reactions at the site quoted: "Thankfully no evidence at this time that credit card data was taken."

I suggest that is 'sarcasticly' ment... I do think that there is a risk. But why the hell would they want to attack PSN? If it's some kind of an activist/anarchist he or she would have attacked other networks, not a gaming network. Maybe it's a freak who hates gaming.... One of these 'fathers shouting in the desert' because their son / daughter has gone mad gaming. He shouldn't be hunting for CC info I guess. Anyway, the most secure thing to do is what Mandru mentioned, I agree with that. I think they will be willing to help out, and who knows later present the bill to Sony.

Damn what a story. Maybe we should check Wikileaks... if it's still accessable that is...
"Responsibility is not a matter of giving or taking, responsibility is something you share" -Binnatics

spaceboy

Yeah that was good advice mandru, so I did go ahead and call to get a new card sent.  The CS rep was aware from hearing it in the news and gave me no grief to change.  She was very helpful.  I'm not sure I needed to do it, but all it means is changing out other places I have that card setup for purchasing.  Better safe than sorry.

For why Sony, I suppose it could have to do with the whole Sony suing Geohotz for jailbreaking the PS3 and posting on the 'net how to do it.  They came to an agreement of sorts but not before Sony got the ire of Anonymous the hacking group.  They did attack Sony's websites already, but said they'd leave PSN alone so as not to "hurt" gamers.

They haven't claimed this attack, it could just be some other hacker that was also pissed about geohotz, or just saw an opportunity thinking Anonymous would be blamed.

Crazy times my friends...
http://mygamepages.com  forums and member created pages

Binnatics

I remember hearing a DJ on the local radio being 'actually surprised' about anything being free on the internet... he suggested that in time we'll be paying for whatever we want to access, thinking of social media, online gaming, maybe even uploading stuff... He could be right, in fact internet still is a new fenomena in the world, and all different companies are struggling to get their needs and deeds out of it.
I wonder what this whole happening on the PSN would mean in this perspective... It could mean an extra pulse to Sony making the PSN a payed service, since they will have to spend truckloads of axtra funds to enrich their defence systems. On the other hand it could mean they won't, since this happening will cause them customers and they surtainly don't want to loose more...

Who knows what will happen to the internet in the near future..
"Responsibility is not a matter of giving or taking, responsibility is something you share" -Binnatics

mandru

Hopefully spaceboy Sony has plugged this current gap in their security now that they can see where the open door was and this won't be an ongoing issue.
- mandru
Gramma said "Never turn your back 'till you've cut their heads off"

Art Blade

Motivations to hack a system could be business competition and rivalry. Who'd gain the most? A direct rival? A security company (Hey, we can protect you!)? Some angry ex-employee who wants to show them? A not yet too famous hacker? That someone could also be a target, like the example given above of perhaps someone hacking PSN hoping Anonymous would be blamed.
[titlebar]Vision without action is a daydream. Action without vision is a nightmare.[/titlebar]What doesn't kill us, makes us weirder.

spaceboy

yeah I hope so Mandru, it's been down a full week and no ETA (though it's expected within the week).  They say they are rebuilding it (from scratch?).  I'll wait as long as it takes to get it done right.  Plenty of fun to be had offline as well.

@ binnatics - I doubt they'd start charging at least not right now.  It would be an even bigger PR nightmare.  They do have an optional paid service (that I subscribe to) that gives you free games and discounts, plus cloud saving of save files, perhaps they'll w@&k to promote that more.
http://mygamepages.com  forums and member created pages

Art Blade

Regarding "nothing is free" -- that DJ probably didn't know about or underestimated banner ads and advertisements in general. Look at youtube.. worth billions of dollars.
[titlebar]Vision without action is a daydream. Action without vision is a nightmare.[/titlebar]What doesn't kill us, makes us weirder.

JRD

Regardless of what actually happened to the CC data or how the hacker`s gonna use it, I`m sure all web users will feel the consequences.

Our security measures are as tight as the threats we are able to foresee. When a breach like that happens, exposing around 70 million credit card numbers (that`s what I read, at least) you can bet that tighter measures are on the way, all filled with a well justified dose of paranoia.  :-(

It will translate into new security protocols, more passwords, more hassle and in the end, a new hacker will bring it all down, two days or twenty years from now.  >:((
Artificial Intelligence is no match for Natural Stupidity

Art Blade

They've got to think about secure ways of payments. And of how to secure personal data in general. The best idea I've come across so far is a single-use credit card number that authorises just one time the amount specified by the account holder and then it expires. Unfortunately that's not commonplace. As to security.. there is no security. If the stakes are high enough there will be attempts to break through.. nothing we can do about that.

Security doesn't create itself. It's humans behind it, they create security systems. If you put those humans on the other side, they'll breach them. Same thing, only a matter of perspective.
[titlebar]Vision without action is a daydream. Action without vision is a nightmare.[/titlebar]What doesn't kill us, makes us weirder.

spaceboy

oh Art - You're perfect for Portal!  GLaDOS will love you, you monster.
http://mygamepages.com  forums and member created pages

mandru

Quote from: Art Blade on April 27, 2011, 12:01:54 PM
They've got to think about secure ways of payments. And of how to secure personal data in general. The best idea I've come across so far is a single-use credit card number that authorises just one time the amount specified by the account holder and then it expires.

That gave me an idea.

I would think that there should be a way for the credit card companies to set up a "Single Vendor Credit Billing" number when requested by the customer for payment to a service provider through their normal card but only that vendor is able to draw on it for reoccurring charges like a monthly or other regular membership fee.

If some other agency not matching the profile of the approved vendor attempts to place a charge on that dedicated charge number the account snaps shut and the customer is notified immediately of the denial of an attempted misuse so that they can reestablish a new single vendor credit number in a timely fashion so that there will not be any loss of service.
- mandru
Gramma said "Never turn your back 'till you've cut their heads off"

Art Blade

While in my country we still don't have those single-use CC, we do have a system that allows an account holder to tell someone (a company) to withdraw money from the account specified. I believe it's called "direct debiting." Typically the account holder is able to withdraw the money, without explaining why, in return from the one who initially took it within six weeks in case something came up. The bank may also receive orders to cancel all of those direct debiting transactions.
[titlebar]Vision without action is a daydream. Action without vision is a nightmare.[/titlebar]What doesn't kill us, makes us weirder.

Art Blade

Quote from: spaceboy on April 27, 2011, 12:07:08 PM
oh Art - You're perfect for Portal!  GLaDOS will love you, you monster.

:-D
[titlebar]Vision without action is a daydream. Action without vision is a nightmare.[/titlebar]What doesn't kill us, makes us weirder.

Binnatics

This direct-debit sounds good. Am I right that this means in fact a 'positive credit card', where you replace 'card' for 'account'? You put money on a specific area, and give a company access to that specific area to withdraw what you owe them. And the bank gives you the power to undo certain transactions if it's gotten hacked or whatever, a kind of ensurance, like CC's have?
That sounds good.

Me so far, I'm happy with I-deal. As long as you trust the company you're paying, it's a good and safe way in my opinion. I only do online bussiness when I'm absolutely sure the company isn't a fake. So once I'm paying I know it's okay. In this way, I don't leave delicate info somewhere, as far as I know.

What you guys think of the I-deal way of paying?
"Responsibility is not a matter of giving or taking, responsibility is something you share" -Binnatics

Art Blade

never heard of I-deal, but then again, I never do online business.

The direct-debiting is related to your regular bank account. It has nothing to do with CC (but CC would use the same bank account). So a regular example would be frequent payments such as paying the rent for your apartment or monthly bills for your mobile phone and that kind of thing. All you do is fill in a form with your bank account details, allowing the company (like, your mobile phone provider) to help themselves to whatever you owe them, like your landlord would always withdraw the monthly rent every 1st of a month. In case you see someone withdrew money from your account you don't recognise, you can tell your bank to get that money back from the account of the one who took it from yours. That's the way I pay most of my stuff, everything that is on a regular and frequent basis. Particularly useful if those amounts change for some reason, I don't have to do a thing, they just withdraw what is needed.
[titlebar]Vision without action is a daydream. Action without vision is a nightmare.[/titlebar]What doesn't kill us, makes us weirder.

Tags:
🡱 🡳

Similar topics (1)