PSN's Downtime Explained

[El Zorro de la Estrella]

This.

This is just me, but it's hard to care about a string of events that have absolutely no bearing on what I do, being an Xbox own instead of PS3.

Y'know what they say: You get what you pay for.

That.

[DZComposer]

Anonymous may or may not be responsible for the data breach. Anonymous usually only DDoSes things anyway.

Likely someone took advantage of the chaos that several thousand LOICs were causing to slip in and take the info, possible even a rouge "member" of the group.

I would hope that this kind of data theft was not their original intention, you know, since they claim to be doing it for the end users. Stealing their personal information would be rather hypocritical.

One of these days, Anonymous is going to bark up the wrong tree. They already kind of did with Matercard, some of them were arrested.

[Vulvokunvrii]

Oops...i just made a topic about this a momnet ago..... :lol:

[DoctorAllosaurus]

This.

This is just me, but it's hard to care about a string of events that have absolutely no bearing on what I do, being an Xbox own instead of PS3.

Y'know what they say: You get what you pay for.

Oh, not this "You get what you pay for" garbage again. I bet if it was a pay service, it would've still been hacked.

[DZComposer]

This.

This is just me, but it's hard to care about a string of events that have absolutely no bearing on what I do, being an Xbox own instead of PS3.

Y'know what they say: You get what you pay for.

"You get what you pay for" is not the case when it comes to data breaches. Major banks have been hacked before, for instance.

There are several factors that go into it. Poor network design and security policies, social engineering, failure to update servers/application software, user error, zero-day exploits, etc. Incompetent IT security personnel add to the problem, but even competent teams are not infallible, especially when it comes to Zero-Day exploits or security-poor 3rd-party software.

My guess is that someone found a hole where they could perform an SQL-injection attack. Then it was as simple as "SELECT * FROM customers;" or at most "SELECT * FROM customer_data_1 INNER JOIN customer_data_2 ON customer_data_2.userid = customer_data_1.userid;"

Though they could have really fucked things up if they had gotten drop access on the DB and used it. "DROP TABLE customers;" is not a friendly query to the data stored in that table, as it deletes the entire table!

[Arashikage]

This.

This is just me, but it's hard to care about a string of events that have absolutely no bearing on what I do, being an Xbox own instead of PS3.

Y'know what they say: You get what you pay for.

If you don't care, why are you posting here?

[CrypticQuery]

It appears that Sony has enlisted the help of higher authority, including the FBI.

http://www.gamespot....ws/6310487.html

Hopefully whoever screwed with 77 million+ users' information will get what's coming to them!

____

PSN will apparently be back up by next week;

http://kotaku.com/#!5796429

[Harmony Descent]

It appears that Sony has enlisted the help of higher authority, including the FBI.

http://www.gamespot....ws/6310487.html

Hopefully whoever screwed with 77 million+ users' information will get what's coming to them!

____

PSN will apparently be back up by next week;

http://kotaku.com/#!5796429

...THANK GOD!!! I was getting tired of playing single player on almost every game I have. I'm almost out of games to beat T_T

[CrypticQuery]

UPDATE: U.S. Homeland Security is now involved ;

http://kotaku.com/#!5797288

http://www.youtube.com/watch?v=IUH3JQjcweM&feature=player_embedded

[CrypticQuery]

Apologies for the double-post, though this should most definitely be brought to attention;

Kaz Hirai is addressing the media in Tokyo tomorrow, in concern with the PSN breach, according to Reuters.

http://www.gameinformer.com/b/news/archive/2011/04/30/kaz-addresses-psn.aspx

[Deploy]

PSN's coming back with free Playstation Plus bonuses!!

YAAAAAAAAAAAAAAAAAAAAAAAAY

[CrypticQuery]

PSN's coming back with free Playstation Plus bonuses!!

YAAAAAAAAAAAAAAAAAAAAAAAAY

Deploy speaks the truth, and PSN should be back up COMPLETELY within 1-2 weeks;

http://www.g4tv.com/thefeed/blog/post/712289/sony-discusses-new-plans-for-playstation-network/

[Fire Yoshi]

Encryption.

Nuff said.

[DZComposer]

Encryption isn't a panacea.

Effective encryption needs an advanced algorithm. Encryption, though, always has a weakness: the data must be able to be unencrypted. This is different from Hashing, where you can't un-hash the data. From what I was reading, the data was encrypted, but once the hackers had it, they could do whatever they wanted to it, from complex cracking algorithms to simple brute-force.

Passwords are usually stored as hashes. When you log-in, the software hashes what you enter, and then compares the result with the stored hash value. If they match, you're allowed in.

That said, there is really good encryption out there. But, here is the main problem with encrypting everything: It's computationally expensive. Some DBMSes, Oracle comes to mind, can encrypt on the DB itself, but most of the time the encryption is handled by the application software and the encrypted value is stored in the database. Either way, the encryption and/or decryption algorithm needs to be run for EVERY. SINGLE. QUERY. For comparison, it takes about 10 DB queries to render this forum page. Now imagine a DB on the scale of the PSN back-end with hundreds of thousands of records, and millions of simultaneous queries going on, all of which have to encrypt/decrypt. The poor CPUs. See why encrypting everything isn't smart for a gaming platform?

SQL injection is still dangerous, because, as I said earlier, once they have a copy of the encrypted data, they can do whatever they want to it to try to crack it.

That's why data security goes beyond encryption. Encryption is the last line of defense.

There is a saying in IT Security: "The good guys have to be right every single time. The bad guys only have to be right once."

[Deploy]

I can't wait to get free stuff when PSN returns. :P

[Thu'um]

No more arguing/bickering if it resorts to name calling. D:

Btw, I like how Anonymous does their videos.

user i knew there was a reason i liked you. we think the same. i like their vides too.

My link intense, thats if it is real.

My link but they arn't doing only bad guys, they fight these guys too.

[El Zorro de la Estrella]

Important Info for you PS3 people:

http://www.gameinformer.com/b/news/archive/2011/05/05/cnet-says-hackers-planning-another-attack-on-sony.aspx

Looks bad

[Deploy]

Dear, Hackers...

Bill Murray REPRESENTS!!! :D

[Harmony Descent]

I'm already expect 2-4 more weeks of downtime on PSN -_-;;

[DZComposer]

Sounds to me like the PSN database was a) terribly designed, and b) the interface with it was not properly sanitizing input.

They're like rewriting a lot of code. They need to get it right. If they rush, the new code will be just as vulnerable as the old.

Yeah, it sucks to wait, but they need to do it right. Especially with the lawsuits likely to follow.

[GameMasterGuy]

Don't have a PSP or PS3. Lucky me.

[Vy'drach]

Don't have a PSP or PS3. Lucky me.

Well that was rather unhelpful.

Anyway, Sony is expecting to have the PSN back up within a week.

http://blog.us.playstation.com/2011/05/06/service-restoration-update/

[CrypticQuery]

Sony is apparently mulling over a reward in (conjunction with law enforcement) for information leading to the identification of the individuals who have hacked PSN;

http://www.gameinformer.com/b/news/archive/2011/05/07/sony-might-offer-a-reward-to-help-catch-hackers.aspx

[Thu'um]

Sony is apparently mulling over a reward in (conjunction with law enforcement) for information leading to the identification of the individuals who have hacked PSN;

http://www.gameinformer.com/b/news/archive/2011/05/07/sony-might-offer-a-reward-to-help-catch-hackers.aspx

mabye a bad idea. angering them could lead to more attacks

[Harmony Descent]

PSN is back up, guys