Sony's PSN down "for a day or two"

[Morfiend]

Codemasters hacked. Just got this in my email.

[Hawkbit]

Codemasters is on top of it though.  It's only been 13 days since the intrusion.  Thanks for letting us know... or not. 

[Chimpy]

Codemasters is on top of it though.  It's only been 13 days since the intrusion.  Thanks for letting us know... or not. 

I saw an article about Codemasters being hacked last week on the BBC site.

[Merusk]

I got that e-mail too and I'm trying to figure out why they have my e-mail at all.

[Hawkbit]

Codemasters is on top of it though.  It's only been 13 days since the intrusion.  Thanks for letting us know... or not. 

I saw an article about Codemasters being hacked last week on the BBC site.

OOP, sorry.  I realize that sounded shitty towards Morfiend.  Didn't mean it that way...  I meant to direct my shittiness towards Codemasters, who waited a full 13 days after intrusion to let their user base know. 

[apocrypha]

Sega's Sega Pass website hacked, 1.3 million users "email addresses, dates of birth and encrypted passwords" taken.

LulzSec seems to claim it wasn't them, and also posts a manifesto of sorts.

Starting to feel like we need a separate thread on internet security and a discussion about any realistic ways to protect yourself from identity theft/credit card fraud without simply stopping using the internet.

[Yegolev]

Admiral Adama says: don't network the computers.

[Cadaverine]

Starting to feel like we need a separate thread on internet security and a discussion about any realistic ways to protect yourself from identity theft/credit card fraud without simply stopping using the internet.

I don't think there is any answer other than not using the internet.  It doesn't matter how well protected my computer is, or how strong of a password I make for my account, if the idiots at Sony, Sega, or wherever aren't keeping their end of things secure as well.

[kildorn]

Starting to feel like we need a separate thread on internet security and a discussion about any realistic ways to protect yourself from identity theft/credit card fraud without simply stopping using the internet.

I don't think there is any answer other than not using the internet.  It doesn't matter how well protected my computer is, or how strong of a password I make for my account, if the idiots at Sony, Sega, or wherever aren't keeping their end of things secure as well.

Things like keepass so you can have different passwords for everything (just only use local repos, never trust some "cloud" solution to keep the files), and bank with a company that will waive fraud charges. It's a pain in the ass, especially from the identity part of the equation, but about your only option. Right now the negatives from having shit security are pretty much nothing compared to the costs of having good security, so nobody seems to run good security. I mean, most of these hacks are well beyond shit security and right into shit network design, shit process, and shit coding.. but it all winds up being the same for the company's PR. Evil unstoppable hackers (use 8 year old idiotic code exploit to) break into our network and steal YOUR data(that we never really needed for anything more than marketing reasons anyways)! Those fiends!

What this had made me more aware of are really shitty billing implementations. There seem to be an increasing number of sites where I don't need to input my CCV to buy things with saved CC information. As idiotic as the CCV is (I know, we can protect the card's inherent insecurity in the form of being just a number typed in by... putting another number on the OTHER SIDE OF IT!), it's even dumber for companies to be apparently caching it.

[Merusk]

NPR Just did a piece on this in their Monday Tech segment.  It's odd listening to these guys try and ascribe more than just malfeasance to the motivation of Lulzsec and "Anonymous".   I wasn't aware Lulzsec were being classified as "Hactivists," for example. 

[Ingmar]

Seems pretty inevitable that one or more of them will get caught, eventually.

[Trippy]

Starting to feel like we need a separate thread on internet security and a discussion about any realistic ways to protect yourself from identity theft/credit card fraud without simply stopping using the internet.

A credit lock can reduce the chances of identity theft but it can also be an inconvenience to you depending on how frequently you open up new credit accounts. CC fraud there's not much you can do except to use a card(s) from a company that makes it easy to reverse charges.

For online accounts use different emails accounts and passwords for each account so a break in at one site won't compromise your other accounts. On security questions for non-financial/critical accounts lie -- do not use your real information like real birth date or any information that can discovered by looking at your Facebook page/blog/etc. like the real name(s) of your pet. As an aside companies like EA/Mythic that ask for things like your mother's maiden name on their game account signups need to be nuked from orbit. Fucking idiots.

[ffc]

I placed a security freeze with all 3 credit agencies years ago. At the time it was only available for CA and TX residents.  When I need to open new credit or get a credit check I call an automated number (probably online too) with my code and pay a small fee for a temporary unlock.  So far so good, but the same can be said of my homemade lion repellent.

[Ingmar]

So, someone got arrested, unclear if they actually are connected to LulzSec as of yet:

http://www.cnn.com/2011/WORLD/europe/06/21/uk.sony.hack.arrest/index.html?hpt=hp_t2

[Tale]

So, someone got arrested, unclear if they actually are connected to LulzSec as of yet:

http://www.cnn.com/2011/WORLD/europe/06/21/uk.sony.hack.arrest/index.html?hpt=hp_t2

It's bullshit. They've arrested a guy who fell out with Anonymous in May, who was NAMED by Anonymous back then, even giving his UK phone number! LulzSec seems to consist of key members of Anonymous who had since kept Ryan Cleary at arm's length.

Story from May 9, naming him: http://www.msnbc.msn.com/id/42963715/ns/technology_and_science-security/

It merely took a month and a half for the British police to do anything with this information.

Edit: A journalist even interviewed Ryan last month! http://www.thinq.co.uk/2011/5/9/exclusive-anonops-splinter-group-speaks-out/

[Salamok]

I was under the impression that credit lock is currently either unavailable or expensive if you do not have an ID theft/CC fraud police report to present to the CBs.  Fraud Alert seems to be the current cheap or free service available to replace it but I don't think it prevents your credit report getting pulled like a credit lock does.

[JWIV]

And another to the list. 

Bioware

[pants]

Yup, I just got that Bioware one too.

[brellium]

Awesome, changed my password again on my Yahoo account, seeing as I may have used the new password going back that far.

The good thing about having to change your password every 60 days at work is I have a good stable of passwords.

Also, changing the password was obnoxious, first it told me it didn't take, however I couldn't log back in and used the new password.

[HaemishM]

Yeah, I got the Bioware/EA email as well.

[Yegolev]

I got the email, and I had to change a lot of passwords at work because of suspected attack.  Dammit.

[brellium]

Seems pretty inevitable that one or more of them will get caught, eventually.

http://lulzsecexposed.blogspot.com/

And here is more

http://www.thesun.co.uk/sol/homepage/news/3653684/Bleary-eyed-internet-hacking-suspect-Ryan-Cleary-looks-wasted-after-inhaling-gas.html


BLEARY-eyed and puffy-cheeked, this is internet hacking suspect Ryan Cleary after inhaling lighter fuel at a fellow computer nerd's flat.
The dazed 19-year-old - remanded in custody today after being charged yesterday by cops probing the hacking of major corporations and security agencies - got so wasted he could barely speak.

[Trouble]

Most (all?) banks have services to let you generate temporary credit card numbers for online trasactions, with an exact limit and time period. Set one up for 3/6/12 months for subscription stuff with a low limit. Bank of america's website let's me do it within 3 clicks of logging in, instantly.

[tgr]

His mother reminds me of the main character in one of the barbarian movies. The snake guy.

[Tale]

Seems pretty inevitable that one or more of them will get caught, eventually.

http://lulzsecexposed.blogspot.com/

That stupid site has no more solid information on LulzSec than Andy Greenwald had in the article I linked June 15: http://forums.f13.net/index.php?topic=20908.msg941377#msg941377

[KallDrexx]

A hacker group actually released information on all Lulzsec members real life information (except 2 of them) here.  A lot of in depth information and logs from the members.

[Azazel]

Did EA just get hacked? I've got an email from "EA" saying that they've reset my password:
Though it may just as well be a phishing email as well

   from   EA Customer Support support@em.ea.com
reply-to   EA Customer Support <support-bwf1mvbbgwmbfsau65qw3ct1r5qmgh@em.ea.com>

Hello,

Your password was recently reset to ensure account security. Changing your password regularly is always helpful to protect your account. Please visit this https://www.ea.com/au/profile/reset-password?token=redacted&locale=en_AU to reset your password.

If you have any questions or if you experience any troubles during login please feel free to contact our support at 1-877-357-6007.

Sincerely,
Customer Support
Electronic Arts, Inc.

[caladein]

Got that too by the way.

[Tale]

A hacker group actually released information on all Lulzsec members real life information (except 2 of them) here.  A lot of in depth information and logs from the members.

Apparently there are three versions of that and nobody's sure what's right or wrong. This group claims they will be releasing the "real" version of LulzSec IDs: http://twitter.com/teamp0ison_

[01101010]

A hacker group actually released information on all Lulzsec members real life information (except 2 of them) here.  A lot of in depth information and logs from the members.

Apparently there are three versions of that and nobody's sure what's right or wrong. This group claims they will be releasing the "real" version of LulzSec IDs: http://twitter.com/teamp0ison_

Best way to cover your tracks ...

[Merusk]

... Because the DHS couldn't possibly have the resources to just track all 3 lists and discard the ones that weren't panning out, right?

[01101010]

... Because the DHS couldn't possibly have the resources to just track all 3 lists and discard the ones that weren't panning out, right?

Sure they have the resources... it's the use of those resources that I question.

[KallDrexx]

So in a non-gaming related, but security related note, Rent.com decided to send me an email about how I haven't logged in a while.  That's fine, those emails annoy me but not that much.

I then opened the email and and my face now hurts due to my massive facepalm.  Inside the email, I guess they assume I haven't logged in because I forgot my login credentials, and so they decided to be nice and send me (in plain text) my password to their site.......

[Azazel]

Reply to them with a link to one of the bajillion online security articles about the recent spate of hacks.

[Azazel]

Looks like the EA thing was legit, as my BF password didn't work anymore. I went directly to EA's site to change it though, rather than via the email link.

I'd change the email account I use for these games, but then, these game sites are the ones being hacked for the most part...