Sony's PSN down "for a day or two"

[Ashamanchill]

If this thread has taught me anything, it is to never EVER piss off nerds.

[Morat20]

Wow. You want bad news? RSA got hacked. Apparently their IT people were pretty quick on the ball and moved promptly to limit damage, but it looks like the hackers got a hell of a lot more than RSA was hoping.

Like, say, token seeds and timestamps.

For those who don't know -- RSA is the guys that do SecureID, which is widely used by the US government and defense contracts to do two-factor authentication (key-generating keyfobs, basically). A sufficiently successful attack could give the hackers everything they need to generate the random token.

[Fordel]

But is my WoW account okay?

[Hawkbit]

Interestingly, the school I went back to finish my BS is beginning to offer an Internet Securities BS starting in the fall. 

I totally understand that Sony needs to get their security under control, but at the same time they need to get the store open.  I've been waiting on DLC for two of my games for weeks now and I'm hitting the point that I'm losing interest in playing them now.  If I were single with my indispensable income, I would have already picked up a 360 to cover this shit while PSN is down. 

[Morat20]

But is my WoW account okay?

I don't know if the WoW tokens use RSA, but now part of me thinks it wasn't defense department secrets that got RSA hacked -- it was WoW gold-farming.

[SurfD]

WoW authenticators are made by Vasco.  Do they use RSA tech?

[Fordel]

I have no idea! Hence the question. 

[Morat20]

WoW authenticators are made by Vasco.  Do they use RSA tech?

No. Vasco is seperate. (I just looked it up!).

I'm rather fond of RSA and two-factor authentication in general. A four to six digit pin backed by a 6-digit token is so much better and more secure, in general, than a regular password. Especially when your IT policy is something ridiculous like "12 character password, no dictionary words, one special character, one capital, one number, 30-day aging, and no reuse for a year.". People end up writing those down.

Of course, if you hack the token administrators that gets everyone just as if you'd stolen an unencrypted DB. OTOH, you can shut it all down and reissuse tokens centrally to a new seed.

[Zetor]

Yeah, this is the second stage of the RSA hack in March. The irony is pretty thick in this one (same when one of Comodo's RAs was compromised in mid-march and hackers were able to generate fraudulent certificates until the inevitable blacklisting). Who watches the watchmen, etc.

[Hawkbit]

PSN came back up last night.  It is slow and errors a lot, but at least it is working. 

[Tale]

LulzSec (who did the PBS Frontline 'Tupac is alive' hack) claims to have got into Sony's corporate servers http://twitter.com/LulzSec

Hey @Sony, you know we're making off with a bunch of your internal stuff right now and you haven't even noticed? Slow and steady, guys.
7:09 PM May 31st via web

We're currently grouping together the things we've taken from @Sony and are arranging them in a way that everyone will easily understand.
about 3 hours ago via web

Everything we have will be published in multiple ways to ensure maximum embarrassment and exposure for @Sony and their security flaws. :D
about 3 hours ago via web

Hold your F5s for now, we're getting all this juice in one place. Blame @Sony for storing their data in a stupid fashion. Silly Sony!
about 3 hours ago via web

[Rendakor]

How do we go about downloading our free games, now that the PSN is back up?

[bhodi]

Yep. And they're releasing stuff in about 3 hours.

LulzSec The Lulz Boat
Releasing mediafire/pastebin/torrent link to a large cache of compromised internal @Sony data in exactly 4 hours. #Sownage

[bhodi]

AAaaand it was a million entries of plaintext user information and 25k music codes from sonypictures.com

[Fordel]

Is there any legitimate reason to store things plain text, or is it just a lazy/cheap/stupid thing?

[bhodi]

There is no legitimate reason, no. Maybe incompetence? There's also no reason a trivial sql injection should grant access, either.

[kildorn]

There are reasons to store shit in plaintext. From that link's blurb, it wasn't usernames.txt, it was a SQL database of everything, but no fields were hashes or anything fancy. That's pretty inexcusable for passwords and codes, but not so much for usernames.

There's absolutely no reason to have a plain .txt file sitting around with anything important, or even more than like, 20 records. But I'll forgive you for not encrypting the username field of a sql database. But not the password field. You idiots.

Seriously, is there an internal Sony website SDK they've been passing around that just has shit code at it's base? How the shit do you have every website you run vulnerable to SQL injection?

Also: jesus, they had no password requirements, either. The user/pass list is up on pastebin as well, and they have a ton of six character all lowercase passwords.

[KallDrexx]

How do we go about downloading our free games, now that the PSN is back up?

Anyone know the answer to this?

[Minvaren]

Sony says check back soon. 

[Velorath]

Sony says check back soon. 

Clicking on that link made me almost want to buy Bonk's Adventure, and maybe that Japanese Wizardry game as well, but I managed to restrain myself.

[Hawkbit]

The welcome back program is live, though it just ate my first game choice - seems to error quite a bit. 

[UnSub]

The welcome back program is live, though it just ate my first game choice - seems to error quite a bit. 

So it is an appropriate warm welcome that is completely appropriate to Sony at the moment?

[Hawkbit]

Eh, it had a work around.  I had to go into account settings and find the 'purchases' there instead.  Their network is slow as hell, but I have to imagine thats about 10 million copies of LittleBigPlanet being downloaded at once. 

Give it a few days, I'll bet it gets to normal pretty fast. 

You'll all be happy to know that the movies they're allowing us to watch for this weekend only are: Ghostbusters, Bad Boys and Final Fantasy: Spirits Within.  Yeah...... Sony did no part of this 'welcome back' program out of the true spirit of welcoming their customers. 

Three shit movies for two days.  Check!
Infamous, to prep everyone for their Infamous 2 purchase.  Check!
LittleBigPlanet, for DLC sales and more LBP2 purchases.  Check!
Three other piddly games, two of which were nearly at system launch.  Check!
PSN Plus membership for 30 days to get people hooked on the service.  Check!

[tgr]

Three shit movies for two days.  Check!

How dare you call bad boys a shit movie.

[UnSub]

Three shit movies for two days.  Check!

How dare you call bad boys a shit movie.

You're right - "Bad Boys" would have to get on a tall ladder to reach the level of shit.

[Fabricated]

What a half-assed welcome back. Oh well, I had put off buying infamous and LBP forever so now I get them for free. Yay.

[Hawkbit]

Infamous is well worth it for free.  It's one of the few games I paid full price for that I felt I got my money worth.  I was wholly unimpressed with LBP, but I'm a broken individual. 

[KallDrexx]

Sony Europe now supposedly hacked

But at least I'm downloading my free games.  But god damn the system errors a lot.

*Edit* and seriously, what the fuck is up with having to download a patch for digital downloads, just fucking download the latest version the first time........

[Mrbloodworth]

Nintendo just got hacked.

So, Sony, The DoD, Nintendo, Gawker, Google, FBI Partner InfraGard and about 20 others in the past 6 months.

[Mrbloodworth]

Bethesda Software was just hacked.

[Yegolev]

Reports are the hackers then fell into the void when trying to jump over a rock.

[Engels]

I got mail from Codemasters (Dirt series) that they got hacked too.

[KallDrexx]

Epic software also hacked by LulzSec

[Yegolev]

Epic software also hacked by LulzSec

A link, good man.  Three points to Griffindor.

[Amaron]

It would be interesting to know how many of these hacked companies just recently started looking more closely for hacks.