I'm fully behind this. The series was far too good to just let die.
What's a strategy guide? I've been gaming since the early 80s and have never bought one.
While security is definitely better when disconnected from the internet, even then systems are still not necessarily 100% secure. Social engineering is still one of the most common forms of hacking in use today.
True, but it appears Sony wasn't even 50% secure. They really shouldn't be throwing stones. Storing user data for a high visibility internet connected service like the PSN in plain text in 2011 is just bonkers.
@TheMonkeyMen You're joking right? If I took down the firewall where I work I'd be fired, and rightly so. It doesn't matter how secure our stuff may appear. Not having a firewall is daft.
If the hackers extracted data from the database then they have it permanently. Changing your password isn't going to change that.
But yes, I wouldn't have thought the data in the PSN account would be enough to run around and get new credit cards and falsify documents. Someone malicious could still probably cause some chaos with it, but it's hard to see what the hackers would gain from doing that.
We don't know anything about the encryption unfortunately. The encryption on the PS3 had some fatal flaws that made it very easy to break so Sony's track record here isn't great. Hopefully the encryption here is much stronger. Time will tell.
Yes, unfortunately that is possible. Many here are being a bit quick to celebrate.
Still, this is a good sign. There hasn't been massive credit card theft already. Hopefully it stays that way.
Sony say the table containing the credit card data was encrypted. That's good. It doesn't necessarily mean the communication between users PS3s and the PSN was encrypted. We also don't know if the encryption on the table was any good. If they made the same mistake with the random seeds as they did in the PS3's encryption then the data in that table may not be very safe from the hackers at all. It's anyone's guess really.
So it doesn't matter if Sony doesn't look after the data we trust them with?
The hackers can rot in jail for all I care, but that doesn't make Sony blameless.
I'm angry at both.
It's unlikely the games will need an update unless they're especially tied into the PSN such as those that list DLC in the game menus. Games don't usually store personal details or credit card information after all. It's possible they still may make improvements here anyway though as better protection for communication between games and the PSN would help prevent cheating in online games.
Sony will be primarily be working on ensuring the PSN store and account ...
@Solderone Tracking back proxied and VPN protected IPs only works in the movies, not in reality. Numerous ISPs around the world, Asia and Europe especially, do not turn over IPs, MAC addresses or other records on demand.
MAC addresses are almost as useless as IPs for tracking too because they're easy to spoof. I doubt someone would hack the PSN using their real MAC address.
Most routers don't keep logs for very long either so good luck getting that in...
@UnwanteDreamz People have been dumping TCP connections from the PSN for years. Any kid with a computer and time to waste can try to figure out the data going back and forth if they feel like it. When the PS3 was hacked the hackers gained the ability to inject certificates into it's SSL certificate store which in turn allowed access to unencrypted communication between the PS3 and the PSN. Fail0verflow said as much in their video ages back.
You can pretend all you like th...
@UnwanteDreamz "Just because hackers got to it dosent mean they didnt secure it prperly."
Actually it means exactly that. Clearly you do not understand encryption technology. Misinformation like this is exactly what the article is complaining about.
Sony isn't the victim. We are.
The hackers are criminals, but that doesn't leave Sony blameless. Clearly they didn't secure our personal information properly.
Actually you're just proving the author's point. It's really, really hard to break encryption. The only reason they managed to do it with the PS3 is because Sony stuffed up their encryption implementation with some newbie mistake.
The data being sent is far more important than the storage because hackers don't have access to the storage unless they physically break into the data center.
IP addresses can't identify people. If they're using proxies and VPNs then their real IP won't even be visible. They could even just be doing the hacking using their neighbor's wifi too. IP addresses are useless for tracking.
Because the bad guys already have the credit card info most likely. They'll have just copied it to their own computers. It's too late for Sony to do anything about it now.
But they can't stop pirates so instead DRM ends up only annoying those of us who actually buy games.