Sony Sued for PSN Security Breach

omgpwn666

omgpwn666

Guy gamer and proud!
Member
Level 5
Joined
Jun 14, 2008
Messages
2,546
Trophies
0
Age
32
Location
Florida
XP
608
Country
United States
shinkukage09 said:
Also, was the rumor that everyone's stuff was just on unencrypted, plaintext files? IF it's true, then guess what, it's a fact that their security sucked.
Click to expand...

No one knows what kind of security they have except for Sony and the hackers. So far the people saying they suck are using speculation. Which is fair, everyone is entitled to say what they think from the info they've gathered.
 
S

ShadowSoldier

Well-Known Member
Member
Level 13
Joined
Oct 8, 2009
Messages
9,382
Trophies
0
XP
3,878
Country
Canada
TwinRetro said:
opengts said:
Romnerd said:
Note to admin - Please can you create an emoticon similar to this
hate2.gif
for Sony ......
rolleyes.gif
Click to expand...

sorry, just couldn't help it..
ps.gif
Click to expand...

This might be the best first post in all of GBAtemp history.
Click to expand...

I agree, welcome to GBAtemp. You should be admin.
 
twiztidsinz

twiztidsinz

Taiju Yamada Fan
Member
Level 2
Joined
Dec 23, 2008
Messages
4,979
Trophies
0
Website
Visit site
XP
220
Country
United States
omgpwn666 said:
shinkukage09 said:
Also, was the rumor that everyone's stuff was just on unencrypted, plaintext files? IF it's true, then guess what, it's a fact that their security sucked.

No one knows what kind of security they have except for Sony and the hackers. So far the people saying they suck are using speculation. Which is fair, everyone is entitled to say what they think from the info they've gathered.

I believe fail0verflow came out and said that PS3 sends unencrypted data, relying simply on SSL certificates which were vulnerable or spoofable or something like that (or removable all together?).



QUOTE(godreborn @ Apr 27 2011, 11:49 PM)
Click to expand...
the tos stating that sony is not liable for unauthorized access and/or theft of credit card numbers and other information means nothing. the only way something like this would hold merit is if a company (sony) made reasonable attempts to protect this information. the fact that they didn't makes such a thing as worthless as the paper it's written on.
Click to expand...
The wording on that is in reference to your account and achievements and things like that, NOT to information like credit cards and personal data which is supposed to be encrypted (by law if I'm not mistaken) because of the risks that information poses.
 
omgpwn666

omgpwn666

Guy gamer and proud!
Member
Level 5
Joined
Jun 14, 2008
Messages
2,546
Trophies
0
Age
32
Location
Florida
XP
608
Country
United States
twiztidsinz said:
omgpwn666 said:
shinkukage09 said:
Also, was the rumor that everyone's stuff was just on unencrypted, plaintext files? IF it's true, then guess what, it's a fact that their security sucked.

No one knows what kind of security they have except for Sony and the hackers. So far the people saying they suck are using speculation. Which is fair, everyone is entitled to say what they think from the info they've gathered.

I believe fail0verflow came out and said that PS3 sends unencrypted data, relying simply on SSL certificates which were vulnerable or spoofable or something like that (or removable all together?).



QUOTE(godreborn @ Apr 27 2011, 11:49 PM)
Click to expand...
the tos stating that sony is not liable for unauthorized access and/or theft of credit card numbers and other information means nothing. the only way something like this would hold merit is if a company (sony) made reasonable attempts to protect this information. the fact that they didn't makes such a thing as worthless as the paper it's written on.
Click to expand...
The wording on that is in reference to your account and achievements and things like that, NOT to information like credit cards and personal data which is supposed to be encrypted (by law if I'm not mistaken) because of the risks that information poses.
Click to expand...

Yeah, possibly. I thought it was encrypted, then unencrypted, then sent out as unencrypted by hackers. Not too sure, so you should probably get your security info from twiz.
 
twiztidsinz

twiztidsinz

Taiju Yamada Fan
Member
Level 2
Joined
Dec 23, 2008
Messages
4,979
Trophies
0
Website
Visit site
XP
220
Country
United States
omgpwn666 said:
Yeah, possibly. I thought it was encrypted, then unencrypted, then sent out as unencrypted by hackers. Not too sure, so you should probably get your security info from twiz.
Doing a little searching (this is the first link I clicked from my first search actually), I came across this:
http://pastebin.com/pazcH1mp
(It comes from a comment on Kotaku, which I cannot find.)
QUOTEFor all of you Sony apologists, here is why this is a big deal.

Lets put everything into perspective.

December 2010: failOverflow/George Hotz hack the PS3.
January 2011: Sony files a lawsuit against failOverflow and George Hotz.
February 2011: PSN's network traffic is detailed. Personal information is stored locally and sent unencrypted to Sony via PSN.
April 2011: PSN is breached.

As a credit card merchant, Sony has some obligations. As defined in the Payment Card Industry Data Security Standard (PCI DSS) Sony is supposed to do the following:

1) Build and Maintain a Secure Network
2) Protect Card holder Data
3) Maintain a Vulnerability Management Program
4) Implement Strong Access Control Measures
5) Regularly Monitor and Test Networks
6) Maintain an Information Security Policy

[en.wikipedia.org]

They failed to do this.

The biggest weakness is Sony assumed that PSN was a private network. A network between a secure PS3 and PSN. How do we know this is Sony's assumption? Because in a detailed analysis of the network transmissions between a PS3 and PSN a hacker discovered that user credit card data was transmitted to PSN unencrypted.
Click to expand...
Uncited in the link, but here's the wikipedia entry: http://en.wikipedia.org/wiki/Payment_Card_...rd#Requirements

Point 4 of the PCI DSS requirements: Encrypt transmission of cardholder data across open, public networks
The fact is, and NO ONE can deny it: Sony fucked up. Big time.


Here's an article from ArsTechnica about the lack of encryption on credit card info:
http://arstechnica.com/gaming/news/2011/02...rd-security.ars

I'm done looking up info. The majority of people already know this stuff or are being intentionally blind to facts... and I'd rather play some Minecraft or read some comics than trawling the internet for more stories that were news 2 months ago.
 
S

ShadowSoldier

Well-Known Member
Member
Level 13
Joined
Oct 8, 2009
Messages
9,382
Trophies
0
XP
3,878
Country
Canada
Schlupi

Schlupi

Gbatemp's Official Earthbound Maniac™
Member
Level 5
Joined
Aug 31, 2007
Messages
3,985
Trophies
0
Age
32
Location
Rozen Queen Co, Chicago Branch
Website
Starmen.net
XP
735
Country
United States
ShadowSoldier said:
Snailface said:
The US Supreme Court just threw Sony a big bone today, lol.

http://www.latimes.com/business/sc-dc-0428...0,1239412.story
Click to expand...

I wonder if that's good.. or bad.

In a way it's good because you don't have a big group.

But bad because you have multiple lawsuits instead of just one, and each person could sue for a different amount....
Click to expand...

Yeah but if the singular people don't win the case then...

And some people like to fall behind class action suits, but they don't like to do it individually because it's more of a hassle.

Trust me I have seen class action suits fall through and almost nobody filed individually.

I wonder how this will go...
 
Thesolcity

Thesolcity

Wherever the light shines, it casts a shadow.
Member
Level 7
Joined
Oct 2, 2010
Messages
2,209
Trophies
1
Location
San Miguel
XP
1,138
Country
United States
Snailface

Snailface

My frothing demand for 3ds homebrew is increasing
Member
Level 10
Joined
Sep 20, 2010
Messages
4,324
Trophies
2
Age
40
Location
Engine Room with Cyan, watching him learn.
XP
2,256
ShadowSoldier said:
Snailface said:
The US Supreme Court just threw Sony a big bone today, lol.

http://www.latimes.com/business/sc-dc-0428...0,1239412.story
Click to expand...

I wonder if that's good.. or bad.

In a way it's good because you don't have a big group.

But bad because you have multiple lawsuits instead of just one, and each person could sue for a different amount....
Click to expand...
It's bad for consumers because it's not economically viable for them to sue a large company for small amounts of money individually, the legal overhead would prevent most people from getting their money back.
 
twiztidsinz

twiztidsinz

Taiju Yamada Fan
Member
Level 2
Joined
Dec 23, 2008
Messages
4,979
Trophies
0
Website
Visit site
XP
220
Country
United States
Schlupi said:
Snailface said:
The US Supreme Court just threw Sony a big bone today, lol.

http://www.latimes.com/business/sc-dc-0428...0,1239412.story

You kidding me? What a crock of bullshit.
QUOTE said:
The court itself divided along partisan lines. All five Republican appointes formed the majority, and four Democratic appointees dissented.
Click to expand...
SHOCKING.
Republicans one again fuck the little guy over in favor of the gigantic corporate interest.

QUOTE(TwinRetro @ Apr 28 2011, 01:30 AM)
Click to expand...
Proof positive that even the supreme court can be bought.
Click to expand...
Not all... just the Republican ones.
 
Snailface

Snailface

My frothing demand for 3ds homebrew is increasing
Member
Level 10
Joined
Sep 20, 2010
Messages
4,324
Trophies
2
Age
40
Location
Engine Room with Cyan, watching him learn.
XP
2,256
ShadowSoldier said:
Snailface said:
The US Supreme Court just threw Sony a big bone today, lol.

http://www.latimes.com/business/sc-dc-0428...0,1239412.story
Click to expand...

I wonder if that's good.. or bad.

In a way it's good because you don't have a big group.

But bad because you have multiple lawsuits instead of just one, and each person could sue for a different amount....
Click to expand...
It's bad. Here's a different way of explaining it:

Let's say you have 100,000 people suing a big company for a $100 error on their ISP billing statement,

With a class action suit you could have a firm of say 5 lawyers representing the class of 100,000 collectively suing for $10 million dollars (100,000 X $100)
The legal expenses would be extremely low per person and could easily be made up in the settlement or judgement. People would get the money their entitled to (assuming the lawyers aren't shysters) and the ISP would learn a $10 million lesson and might try harder to refrain from overcharging.

In individual case suits you would need 100,000 lawyers, one for each unique case! And each case would only be worth about $100 so who's going to bother with the expense and time? To prove a point? The net result is very few lawsuits, no compensation for the wronged customers, and a big company that got away with murder (so to speak).

Now this is starting to set in, it really scares me to think what companies might try to get away with now since class action suits have been effectively blocked. Look for a lot of "accidental" overcharges on your statements, for example -- and that's just the tip of the iceberg. And they'll know damn well your not going to be able to do anything about it. Watch out. This is scary.
 
MelodieOctavia

MelodieOctavia

Just your friendly neighborhood Transbian.
Former Staff
Level 15
Joined
Aug 29, 2008
Messages
6,258
Trophies
2
Age
39
Location
Hiatus Hell
Website
yourmom.com
XP
4,692
Country
Djibouti
Snailface said:
ShadowSoldier said:
Snailface said:
The US Supreme Court just threw Sony a big bone today, lol.

http://www.latimes.com/business/sc-dc-0428...0,1239412.story
Click to expand...

I wonder if that's good.. or bad.

In a way it's good because you don't have a big group.

But bad because you have multiple lawsuits instead of just one, and each person could sue for a different amount....
Click to expand...
It's bad. Here's a different way of explaining it:

Let's say you have 100,000 people suing a big company for a $100 error on their ISP billing statement,

With a class action suit you could have a firm of say 5 lawyers representing the class of 100,000 collectively suing for $10 million dollars (100,000 X $100)

In individual case suits you would need 100,000 lawyers, one for each unique case! And each case would only be worth about $100 so who's going to bother with the expense and time? To prove a point?

Now this is starting to set in, it really scares me to think what companies might try to get away with now since class action suits have been effectively blocked. Look for a lot of "accidental" overcharges on your statements, for example -- and that's just the tip of the iceberg. And they'll know damn well your not going to be able to do anything about it. Watch out. This is scary.
Click to expand...

For some reason, I have a feeling that this is too large a precedent to let go, just like that. I don't think this is the end of class action lawsuits.

Either way though, if CALs are blocked altogether...Well, that means big corps are going to need to sue everyone individually in turn. You can't have it both ways.
 

Site & Scene News

Go to forum More news

Popular threads in this forum

Hacking Gaming Homebrew Homebrew app  SUYU Discord get deleted

Disney's New X-Files Reboot Already Has A Mulder & Scully Return Problem

Mig switch flashcard clones are coming

Gaming  Nintendo Switch 2 OFFICIAL IMAGES LEAKED Mod edit: Confirmed FAKE!

Nintendo themed items taken down from Steam Workshop (Garry’s Mod)

Twitter (now X) will have monthly subscription to fight against bots

Sony makes 26 billion dollar offer to buy Paramount

Homebrew game "Famidash" gets major beta update

General chit-chat
Help Users
  • No one is chatting at the moment.
    Psionic Roshambo @ Psionic Roshambo: https://www.youtube.com/watch?v=dZbUuSmFgMo