Playstation Network suspended 'for day or two'

Naive wish - I hope they will go bankrupt. Would be well deserved for what they have shown so far when it comes to innovation, ethics and customer relationships.

Sony’s War On Makers, Hackers, And Innovators has an excellent summary of their ridiculous actions for past years.

 

Sony hires cyber sleuths to catch hackers

Reuters
updated 5/3/2011 7:55:52 PM ET



BOSTON/NEW YORK — Sony has hired outside investigators to help clean its networks and catch the people behind a massive breach that exposed the personal data of more than 100 million video game users.

The Japanese electronics giant has retained a team from privately held Data Forte that is led by a former special agent with the U.S. Naval Criminal Investigative Service to work alongside the FBI agents, who are also probing the matter.

Sony said on Tuesday that it has also brought on cyber-security detectives from Guidance Software and consultants from Robert Half International Inc.'s subsidiary Protiviti to help with the clean-up.

Officials with Sony and the three firms did not respond to requests for information about the investigation. Agents with the U.S. Federal Bureau of Investigation have said little about the matter, except that they are looking into the breach of data, which might include some credit card numbers.

"It's a significant operation," said David Baker, vice president of services with electronic security firm IOActive, which is not involved in the investigation.

He said that card issuers Mastercard and Visa Inc. had likely appointed a firm to investigate.

Sony also said that it hired the law firm Baker & McKenzie to help it with the investigation.

http://www.msnbc.msn.com/id/42888279/ns/technology_and_science-security/#

 

Smart move.
Those NCIS agents are extraordinary, they're able to counter a hack faster, by having TWO agents using ONE keyboard.
And the ultimate solution to a network hack? Simply pull the power cord!
Youtube clip --http://www.youtube.com/v/u8qgehH3kEQ--
j/k of course, seems like a serious team being put together.
I only wonder if they have the necessary jurisdiction; will their investigation be allowed to be continued into 'certain' countries...

 

After hacks, Sony finds traces of Anonymous group: http://www.cnn.com/2011/TECH/gaming.gadgets/05/04/sony.anonymous/index.html

TH

 

What I am really interested is, how they are going reimburse the PSN users, especially the PSN Plus users? I am losing precious subscription time.

Luckily I had cancelled my card just few days before the hack as I was having some problem with paypal. I have a new card issued, but now I have to think twice before saving my CC data with Sony. I would rather put my info every time, before making a purchase.

 

I dont get all the sony hatred.
we have no idea how the network was secured.
we have no idea if there was an insider
reserve your judgement until sony publish the report of everything that was found out by the third party company doing the security audit.
I would like the point out that no system is secure. if a group of people can "secure a system" another group of people can take it down.
I will happily buy more sony products.

 

PRESS RELEASE

 

Have you read the info Doktornotor linked a few post above?
It gives a pretty good idea why many folks dislike Sony's customer approach.
As in; 'Whatever the law might be, we will sue customers & companies into oblivion. Customer, you are wellcome to try to outspend our legal team, companies, you can try to stay afloat while we use decade-long litigation against you'.

It is known that Sony used outdated OS's on their PSN servers, outdated Apache version, crappy encryption policy regarding important customer data (as in 'a lot stored in plain text') etc; all in all not such a smart approach, imao.
No 'hatred' though on my side, Iodore. They haven't killed any innocent babies.
'Dislike' is a more suitable term.

 

On the contrary. There was a recent meeting of the Federal House Subcommittee on Commerce, Manufacturing, and Trade. Sony declined to show up, and was blasted in abstentia.

During the hearing, an expert revealed the following:

So it indeed looks like negligence on the part of Sony.

Also, just my personal opinion here, but whoever dropped that Anonymous file is likely trying to capitalize on the recent DDoS attacks in order to cover their tracks and deflect blame. Anonymous typically attacks for show and then claim credit in a hugely public manner. This was kept quiet extremely well. It doesn't match their MO.

Still, Sony are trying to implicate them nevertheless, even if they have to do it indirectly.

Note that Anonymous called for a cease fire to the DDoS attacks on April 7th, ten days before the intrusion into the PSN. I don't know how Sony could be busy 'defending' against an attack that had stopped ten days prior.

 

Anonymous Denies Stealing Credit Cards -Computerworld
Anonymous story - Daily KOS

I have a problem with Anonymous using the trademark phrase "We are Legion", it is also a phrase used by those possessed by evil spirits. They should change their trademark phrase and sign it with a pgp key or encrypt the file they leave behind providing a key on some anonymous site to decrypt the message.

 

Sony is playing the blame game, with all the hype surrounding Anonymous, they are trying to blame it on them.
And I don't hate Sony, but I will not keep my credit card details with them. I will rather use it every time to purchase anything on the PS Network.

 

Sony Discloses Second Major Data Breach

Sony Discloses Second Major Data Breach

 

http://www.pcworld.com/article/227770/experts_on_psn_hack_sony_could_have_done_more.html#tk.hp_ess

from the article
it is suspected that Sony didn't use firewall...

 

.

Full story here:

http://news.softpedia.com/news/Sony-PSN-Hack-Attack-Launched-from-Amazon-s-Servers-200441.shtml

 

PlayStation Network starts to be relaunched: http://igl-security.blogspot.com/2011/05/psn-update-51411-51511-some-good-news.html

 

Sony blocked from restarting PSN in Japan

"Sony is not being allowed to restart its PlayStation Network (PSN) in Japan because it has not completed the measures needed to prevent a recurrence of the data breach. Kazushige Nobutani, director of the Media and Content Industry department at the Ministry of Economy, Trade and Industry told Dow Jones Newswires that Sony had not completed measures it said it would carry out at its 1 May press conference.
..."

From The H-Online/Heise Security.

 

I was able to download the new firmware but have been unable to logon to change my password.

 

I tried resetting my password last night also but got nothing until one of my sons friends told me to go to the PSN Blog.

Heres the PSN blog -http://blog.us.playstation.com/

Once there look to the right and you will see May 15th- "Update on Service Restoration Rollout" this tells about resetting the password.
Seems they had to turn off their service due to an extremely heavy load of passwords trying to be reset.

 

Direct information to resetting password can be found here - http://us.playstation.com/support/answer/index.htm?a_id=2360.

Should have posted this earlier.

 

@CJsDad

Thanks for the link, very helpful .

 

Apparently a lingering flaw in the way Sony handles password resets means that PSN accounts are still vulnerable. A blog post by Nyleveia details the supposed vulnerability.

Sony have taken down the web-based PSN password reset form, but some people in the comments section of the blog indicate the vulnerability is still usable through the PS3 or PSP password recovery options, though this remains unverified.

In light of the leak of information that started this mess, if this vulnerability is, in fact, real, that puts many accounts in jeopardy.