If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Kotaku)   Do you have a Playstation account? You might want to reset your password. Yes, again   (kotaku.com) divider line 40
    More: Interesting, PlayStation, passwords, breaching experiment, PSN  
•       •       •

2659 clicks; posted to Geek » on 15 Aug 2012 at 2:41 PM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



40 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread
 
2012-08-15 02:09:27 PM
Ooh, I hope they give us free game downloads again!
 
2012-08-15 02:45:51 PM
Hoax.

/ sony can eat a bag of dicks anyway
 
2012-08-15 02:46:48 PM
Probably shouldn't have put this up quite yet.
 
2012-08-15 02:51:17 PM
Does this mean another 3 months of no net access on the PS3??? Can our next set of free video game downloads include more recent titles?
 
wee [TotalFark]
2012-08-15 02:52:03 PM
I'm still dealing with the fallout from having my info stolen.

So I don't use the PS3 much anymore, and when I do it's with a password used only there and a pre-paid credit card I gave them.
 
2012-08-15 02:53:51 PM
I'm okay leaving it alone this time. It's already a password I only use for that account.

But still, Sony, let's have a little talk. You see those guys in your IT security department? Fire them.

Then go recruiting at your local tech school. Let the geeks there go nuts and show you all the tricks they know, then patch those holes.
 
2012-08-15 02:55:36 PM
There is a reason to have a Playstation beside the ability to rip SACDs?
 
2012-08-15 02:56:09 PM
According to the update, it was a hoax.
 
2012-08-15 03:00:36 PM

wee: I'm still dealing with the fallout from having my info stolen.

So I don't use the PS3 much anymore, and when I do it's with a password used only there and a pre-paid credit card I gave them.


I never attached a credit/debit card to my PS3 account. I don't use it much for video gaming, just netflix and as a bluray player.
 
2012-08-15 03:03:51 PM

wee: I'm still dealing with the fallout from having my info stolen.

So I don't use the PS3 much anymore, and when I do it's with a password used only there and a pre-paid credit card I gave them.


What sort of fallout did you get? Passwords and CC info were encrypted, so at best they got your address and name.
 
2012-08-15 03:04:58 PM

wee: I'm still dealing with the fallout from having my info stolen.

So I don't use the PS3 much anymore, and when I do it's with a password used only there and a pre-paid credit card I gave them.


I haven't even looked at the store since that little event. Shiat happens, but the whole "let's not tell anyone for a week" thing really pissed me off. Aside from Netflix, in fact, I barely even use the PS3 anymore.

/ Elder Scrolls on a console is no Elder Scrolls anyway, and I've been playing Skyrim lately
 
2012-08-15 03:07:57 PM

Vegan Meat Popsicle: wee: I'm still dealing with the fallout from having my info stolen.

So I don't use the PS3 much anymore, and when I do it's with a password used only there and a pre-paid credit card I gave them.

I haven't even looked at the store since that little event. Shiat happens, but the whole "let's not tell anyone for a week" thing really pissed me off. Aside from Netflix, in fact, I barely even use the PS3 anymore.

/ Elder Scrolls on a console is no Elder Scrolls anyway, and I've been playing Skyrim lately


They admitted it quite quickly, actually. Once they realized info has been stolen they reported it fully. I think a lot of folks really don't understand the timeline of what really happened.

Still sucks they never caught the bastards who broke in.
 
2012-08-15 03:20:21 PM
nah, I'll pass this time thanks.
 
2012-08-15 03:27:54 PM
files.abovetopsecret.com
 
2012-08-15 03:58:56 PM

Antimatter:
They admitted it quite quickly, actually. Once they realized info has been stolen they reported it fully. I think a lot of folks really don't understand the timeline of what really happened.


Allot of people have unrealistic expectations about everything.
 
2012-08-15 04:05:24 PM
Hack is fake. List is identical to the March hack.
 
2012-08-15 04:11:46 PM
Glad this seems to be bogus. I don't even know my PS3 pw anymore. Which is kind of a problem, actually.
 
2012-08-15 04:14:52 PM

Antimatter: wee: I'm still dealing with the fallout from having my info stolen.

So I don't use the PS3 much anymore, and when I do it's with a password used only there and a pre-paid credit card I gave them.

What sort of fallout did you get? Passwords and CC info were encrypted, so at best they got your address and name.


Even if they got your CC, most companies have no-fault clauses if someone gets your number. And a quick check into charges would easily show which ones were made by someone with your number. My debit card got scanned two years ago and my bank canned it the next day when someone tried to overcharge on it in a different Province. A few simple precautions like charging and withdrawal limits can go a long way to making sure you don't get ripped off.
 
2012-08-15 04:39:21 PM

sjmcc13: Allot


i2.kym-cdn.com
/close enough
 
2012-08-15 04:41:52 PM
Infamous became one of my all-time favorite PS3 games after the last time. Of course, Sony still came out ahead because that made me buy Infamous 2 and Festival of Blood at full price.
 
2012-08-15 04:46:00 PM
Man, that would suck if PS3 owners couldn't play that online game of theirs.
 
2012-08-15 04:49:19 PM

Great Janitor: wee: I'm still dealing with the fallout from having my info stolen.

So I don't use the PS3 much anymore, and when I do it's with a password used only there and a pre-paid credit card I gave them.

I never attached a credit/debit card to my PS3 account. I don't use it much for video gaming, just netflix and as a bluray player.


Solution:
webassetse.scea.com

Why anyone would even think of putting a credit card on their account is beyond me.
 
2012-08-15 04:50:03 PM
Hack site publishes hack report. Go figure.

/Kotaku blows donkey dick.
 
2012-08-15 04:55:56 PM

GreenAdder: Man, that would suck if PS3 owners couldn't play that online game of theirs.


Hey, I like Little Big Planet.
 
2012-08-15 04:56:28 PM

Klivian: I'm okay leaving it alone this time. It's already a password I only use for that account.

But still, Sony, let's have a little talk. You see those guys in your IT security department? Fire them.

Then go recruiting at your local tech school. Let the geeks there go nuts and show you all the tricks they know, then patch those holes.


Apparently you don't know anything about computer security. You do realize that no security system is perfect, right? Large entities are sitting ducks because their security policies and protocols are static. Hackers are a bunch of separated groups that can try new techniques all day. Even if Sony hires the most genius security experts ever, this stuff will keep happening. There is no stopping it. The only perfect security system would be if you threw your computer into the Sun to be incinerated. At least in that case, no one will be able to access the data (not even you).
 
2012-08-15 05:01:48 PM
Great Janitor: I never attached a credit/debit card to my PS3 account. I don't use it much for video gaming, just netflix and as a bluray player.

I bought an original 60GB unit from a friend for $200 because it was collecting dust in her entertainment center.

I played most of the small handful of games that I wanted to play (that were PS3 exclusives), uncharted, heavy rain (and soon, ratchet and clank).

// now it's sitting in MY entertainment center, collecting dust :P

// that account is tied to nothing else, if that account is compromised, then they get ... an empty account. I never even added any friends to that account (because everything I played on the PS3 was single player, and the vast majority of my gaming friends are on the 360).

So that being said, and now that I own both a PS3 and an XBOX, I feel no qualms or hesitation about posting this again.

lordargent.com
 
2012-08-15 05:05:57 PM
torusXL: Apparently you don't know anything about computer security. You do realize that no security system is perfect, right? Large entities are sitting ducks because their security policies and protocols are static.

Not true, a large entity should be continually reviewing their security system in order to find new holes and counter threats. It's called penetration testing.

And true, you can't stop very skilled very dedicated hackers all of the time, but you can greatly increase your chances.

And that's where the rub comes in, if I company does their due diligence and still gets hacked, you can't fault them. But if they half ass it (like Sony did, or like Apple recently did), then you're damn right they are going to catch some heat.
 
2012-08-15 05:11:01 PM

lordargent: torusXL: Apparently you don't know anything about computer security. You do realize that no security system is perfect, right? Large entities are sitting ducks because their security policies and protocols are static.

Not true, a large entity should be continually reviewing their security system in order to find new holes and counter threats. It's called penetration testing.

And true, you can't stop very skilled very dedicated hackers all of the time, but you can greatly increase your chances.

And that's where the rub comes in, if I company does their due diligence and still gets hacked, you can't fault them. But if they half ass it (like Sony did, or like Apple recently did), then you're damn right they are going to catch some heat.


True, Sony should catch some heat if they have lax oversights in their security protocols. And I agree fully that companies should continually revise the security systems - that's what I implied when I said companies have static policies (i.e....static security policies are the problem). Also I don't think Klivian's idea to fire all the IT guys is fair. It'd be totally unfair to fire the security analyst peon within Sony who is at the mercy of Sony's retarded company policies.

Sony runs the business. Sony owns the business. Sony should be responsible. Sony should take the heat, and Sony should create better policies. So should any company that handles sensitive customer data.
 
2012-08-15 05:16:24 PM

torusXL: lordargent: torusXL: Apparently you don't know anything about computer security. You do realize that no security system is perfect, right? Large entities are sitting ducks because their security policies and protocols are static.

Not true, a large entity should be continually reviewing their security system in order to find new holes and counter threats. It's called penetration testing.

And true, you can't stop very skilled very dedicated hackers all of the time, but you can greatly increase your chances.

And that's where the rub comes in, if I company does their due diligence and still gets hacked, you can't fault them. But if they half ass it (like Sony did, or like Apple recently did), then you're damn right they are going to catch some heat.

True, Sony should catch some heat if they have lax oversights in their security protocols. And I agree fully that companies should continually revise the security systems - that's what I implied when I said companies have static policies (i.e....static security policies are the problem). Also I don't think Klivian's idea to fire all the IT guys is fair. It'd be totally unfair to fire the security analyst peon within Sony who is at the mercy of Sony's retarded company policies.

Sony runs the business. Sony owns the business. Sony should be responsible. Sony should take the heat, and Sony should create better policies. So should any company that handles sensitive customer data.


btw I was more addressing Klivian's flawed idea that it's possible to find the l33test hackers out there and patch up the security holes perfectly. It just won't happen. That still doesn't absolve Sony of responsibility - the fact that Sony wants to collect and store sensitive customer info gives them full responsibility, even if a perfect security system is impossible. It's the responsibility they take on when running such an operation, and the risk customers run when giving out that data.
 
wee [TotalFark]
2012-08-15 05:35:38 PM

Antimatter: wee: I'm still dealing with the fallout from having my info stolen.

So I don't use the PS3 much anymore, and when I do it's with a password used only there and a pre-paid credit card I gave them.

What sort of fallout did you get? Passwords and CC info were encrypted, so at best they got your address and name.


They got my CC # and bought around $6000 worth of stuff from Dell and around $3000 from walmart.com. AMEX called me after they denied these transactions, canceled my card and sent me a new one. I've had three different bill collectors contact me on behalf of the debt Dell apparently thinks I owe them. Last bill collector sent me a nastygram two weeks ago.

Vegan Meat Popsicle: I haven't even looked at the store since that little event. Shiat happens, but the whole "let's not tell anyone for a week" thing really pissed me off. Aside from Netflix, in fact, I barely even use the PS3 anymore.


I use mine as a blu-ray player and that's pretty much it. In fact, it's turned off most of the time. I stream stuff off the Roku now. it's quieter anyway.

And while shiat does happen, Sony was using a very old and unpatched OS for the PSN servers. Script kiddies who were barely born when that version of Red Hat came out could have broken into them. There was no excuse for having such crusty old servers (almost) publicly accessible. Nor for delaying in tell us.
 
2012-08-15 05:36:44 PM

lordargent: Great Janitor: I never attached a credit/debit card to my PS3 account. I don't use it much for video gaming, just netflix and as a bluray player.

I bought an original 60GB unit from a friend for $200 because it was collecting dust in her entertainment center.

I played most of the small handful of games that I wanted to play (that were PS3 exclusives), uncharted, heavy rain (and soon, ratchet and clank).

// now it's sitting in MY entertainment center, collecting dust :P

// that account is tied to nothing else, if that account is compromised, then they get ... an empty account. I never even added any friends to that account (because everything I played on the PS3 was single player, and the vast majority of my gaming friends are on the 360).

So that being said, and now that I own both a PS3 and an XBOX, I feel no qualms or hesitation about posting this again.

[lordargent.com image 312x445]


I love my ps3, but i've not been doing a ton of gaming on it lately. Mainly because I just haven't had time to hit the backlog. Got several Vita games I need to finish, several older ps3 games, about a dozen ps2 RPG's, some ps1 games and psone classics, and about 9/10th the games I bought in steam sales.

Luckily, the fall release calendar is rather sparse, which should help. Currently only have Gw 2, Borderlands 2, and Persona 4 the golden. Might be able to attack the ps2 backlog this fall as a result.

Had a 360 as well, but it didn't get much use with a gaming pc in the house. It's videocard broke a few years back and ms wanted too much to fix it, so I never got it done.
 
2012-08-15 05:39:12 PM

wee: They got my CC # and bought around $6000 worth of stuff from Dell and around $3000 from walmart.com. AMEX called me after they denied these transactions, canceled my card and sent me a new one. I've had three different bill collectors contact me on behalf of the debt Dell apparently thinks I owe them. Last bill collector sent me a nastygram two weeks ago.


Are you sure it's from the hack? To my knowledge, they were encrypted, and I don't recall any successful attempts to break that encryption.
 
2012-08-15 05:46:06 PM

wee: And while shiat does happen, Sony was using a very old and unpatched OS for the PSN servers. Script kiddies who were barely born when that version of Red Hat came out could have broken into them. There was no excuse for having such crusty old servers (almost) publicly accessible. Nor for delaying in tell us.


Actually, they were not publicly accessible. The hackers used custom firmware to spoof being a dev system, then hacked their way in with some amazon cloud servers. I'm more wondering why developers had access to payment information. And again, they admitted the attack early on, and once they realized info had been taken, they were up front with it. They were hacked on the 19th, went public on the 22nd, and brought psn down. After calling in outside investigators, they confirmed info had been taken the 26th.
 
2012-08-15 05:50:02 PM

Antimatter: wee: And while shiat does happen, Sony was using a very old and unpatched OS for the PSN servers. Script kiddies who were barely born when that version of Red Hat came out could have broken into them. There was no excuse for having such crusty old servers (almost) publicly accessible. Nor for delaying in tell us.

Actually, they were not publicly accessible. The hackers used custom firmware to spoof being a dev system, then hacked their way in with some amazon cloud servers. I'm more wondering why developers had access to payment information. And again, they admitted the attack early on, and once they realized info had been taken, they were up front with it. They were hacked on the 19th, went public on the 22nd, and brought psn down. After calling in outside investigators, they confirmed info had been taken the 26th.


Hey Antimatter, who's your employer?
 
2012-08-15 05:52:09 PM

Antimatter: wee: They got my CC # and bought around $6000 worth of stuff from Dell and around $3000 from walmart.com. AMEX called me after they denied these transactions, canceled my card and sent me a new one. I've had three different bill collectors contact me on behalf of the debt Dell apparently thinks I owe them. Last bill collector sent me a nastygram two weeks ago.

Are you sure it's from the hack? To my knowledge, they were encrypted, and I don't recall any successful attempts to break that encryption.


Yeah, the type of encryption used would not have been so easily hacked. In fact, I'd go ahead and say that it is about a 99.99% chance that his credit card number was stolen from somewhere else.
 
2012-08-15 06:17:56 PM
Yeah turns out it is just a repost of the shiat from march and not a new hack at all. go back to sleep.
 
2012-08-15 06:24:07 PM

SoothinglyDeranged: Antimatter: wee: They got my CC # and bought around $6000 worth of stuff from Dell and around $3000 from walmart.com. AMEX called me after they denied these transactions, canceled my card and sent me a new one. I've had three different bill collectors contact me on behalf of the debt Dell apparently thinks I owe them. Last bill collector sent me a nastygram two weeks ago.

Are you sure it's from the hack? To my knowledge, they were encrypted, and I don't recall any successful attempts to break that encryption.

Yeah, the type of encryption used would not have been so easily hacked. In fact, I'd go ahead and say that it is about a 99.99% chance that his credit card number was stolen from somewhere else.


My thoughts exactly. I was going to respond to him directly with "I call bullshiat!", but I now realize he has already convinced himself it was from PSN and nothing in the world, certainly not "facts", will convince him otherwise.
 
wee [TotalFark]
2012-08-15 06:49:36 PM

Antimatter: I'm more wondering why developers had access to payment information.


Because those payment systems were running apparently unpatched and on the same network/vlan as the PSN dev servers. Maybe there was some sort of payment API that needed access?

SoothinglyDeranged: Yeah, the type of encryption used would not have been so easily hacked. In fact, I'd go ahead and say that it is about a 99.99% chance that his credit card number was stolen from somewhere else.


Of course I don't know for sure, but the timing was awful coincidental. And I hadn't used that card except for gas and the grocery store for nearly a month prior. Actually, I hadn't really used it much at all aside from the usual places at least since before Christmas. But for all I know they called AMEX and spoofed them, or someone else. They had my name and address, after all.

The AMEX fraud department lady actually asked if I had a PSN account, though, right off the bat. When I replied that I did, she asked if I'd heard from Sony, I said I had late the week before, and from there she started the process of getting a new card, without any other questions being asked.

OgreMagi: My thoughts exactly. I was going to respond to him directly with "I call bullshiat!", but I now realize he has already convinced himself it was from PSN and nothing in the world, certainly not "facts", will convince him otherwise.


Oh bite me.
 
2012-08-15 11:20:44 PM
I love my 60gb launch ps3. From my cold dead hands...

That is all.
 
2012-08-16 03:04:13 AM

wee: And I hadn't used that card except for gas and the grocery store for nearly a month prior


A lot of credit card thefts are done with fake payment machines and they have been used at gas stations for that many times. That being said, yeah, they could have weaseled the information out of some AMEX rep that doesn't otherwise give too much of a crap. *shrug*
 
Displayed 40 of 40 comments

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report