|
|
|
Sony predicts large loss thanks to PSN breach and earthquake
|
|
The following comments relate to this news article:
article published on 23 May, 2011
Sony has given a revised forecast for their fiscal year today, adding a large loss resulting from the earthquake and tsunami tragedy in Japan and the security breach of the PlayStation Network.
The company says the PSN breach will cost Sony $171.1 million and the earthquake will cost them a devastating $1.8 billion.
PSN costs were mainly attributed to the cost of the free 1-year of ... [ read the full article ]
Please read the original article before posting your comments.
|
|
Dildor
Newbie
|
24. May 2011 @ 23:05 |
Link to this message
|
Originally posted by Oner:
Originally posted by Dildor:
Protecting a senior member I see who personally attacked my post in a sarcastic manner instead of giving constructive advice, or simply saying nothing at all.
I think you need to go over our rules again. Especially these parts ~
Quote:
No foul language, insults, personal attacks or otherwise rude messages.
Quote:
Administrative actions
Messages that break any of the rules above can be removed or edited by the moderators and administrators of these forums. Even if something isn't specifically mentioned in the rules, it doesn't mean that it would be permitted. It is up to the moderators and administrators to determine what is appropriate and what is not.
Users who willfully violate the forum rules can be banned by the moderators and administrators.
He did not "personally attack" your post. While he may have been a tiny bit sarcastic that is a very minimal thing, as the point of his comment is what is ACTUALLY more important.
If you want people to read what you have to say ~ make it clear for them to do so as most people (myself included) will not even bother through the strain & difficulty of what looks to be a run on sentence (even if punctuated properly) because it was a block/wall of text.
Originally posted by Smacks:
@Oner
Solid links to some factual information. Glad to see the truth rising above the speculation.
TY. Just passing on info as I come across it so as to keep proper & valid information out there. Now that is not to say ALL of Sony's networks are/were up to date, but for the PSN it seems it was, because they are still having intrusion issues with 2 recent events that happened yesterday and today I believe.
Get out the tampons, are you still thinking about this? It's been several hours since I last posted! What you consider a "tad bit of sarcasm" I consider trolling which is rude behavior. Of course you prefer him to me in your special club, that's why the rules are different. You should actually read what I originally posted and your friend should too, it is quite the truth about the video game industry and is really relevant to the article posted. I made paragraphs like you had recommenced. Thanks! So, I am not checking back her for your response...have a good one!
|
|
Advertisement
|
|
|
|
AfterDawn Addict
1 product review
|
24. May 2011 @ 23:42 |
Link to this message
|
Originally posted by Oner:
It is a misnomer that these "Multiple sources state s0ny had a system completely open for hackers". For more info and facts about it you can read here & here (posts #491 through about #512) about it. Along with the users information was protected with a cryptographic hash function (Source here)
Just a little issue with that...
Quote:
As it turns out, it is fairly simple to use Google's webcache to show what version of Apache the PSN servers were using back in March. According to a page request archived by Google on March 23, 2011, at that time Sony was running version 2.2.17 of the software. You can see from Apache's website that 2.2.17 is the latest stable version of the webserver available even today. This is a direct repudiation of the claims being made that Sony's webservers were out of date by as much as five years.
That is from the first article, which didn't mention the firewall at all...and Apache isn't what got hacked either.
The second link never even touched on the firewall issue.
Sony's own documents from their press conference show that they were not using firewalls on all access points...they show that it was a 2-prong attack; they attacked the application server directly, without going through a firewall, then injected code that allowed them to go strait to the database server...Sony admitted this themselves, so why do people keep trying to prove that their security was up to the task?
As for hashing the user information, they did not encrypt it while it was being transmitted, and hackers were in the servers for days, and they setup the PS3 to transmit your CC & address every time you log on, so they could have easily gotten a huge amount if information just from that. Sony was warned publicly and repeatedly, but sony was too busy suing Graf for working with Linux to bother with fixing massive security holes. Once it is in the system, I can't really say; I was not involved in the attack...but I highly doubt a company with backdoors on their app server would bother with 256 bit AES.
|
|
hearme0
Senior Member
|
25. May 2011 @ 13:56 |
Link to this message
|
|
These people will learn............How many times did "Lissenup" get banned for unleashing on others??
|
Moderator
16 product reviews
|
25. May 2011 @ 16:47 |
Link to this message
|
Originally posted by Dildor:
Get out the tampons, are you still thinking about this? It's been several hours since I last posted! What you consider a "tad bit of sarcasm" I consider trolling which is rude behavior. Of course you prefer him to me in your special club, that's why the rules are different. You should actually read what I originally posted and your friend should too, it is quite the truth about the video game industry and is really relevant to the article posted. I made paragraphs like you had recommenced. Thanks! So, I am not checking back her for your response...have a good one!
It seems pretty obvious you don't like to listen to advice (in addition to already having been warned) so I will just say this. What "you consider" about the rules is inconsequential to the situation as it is not your responsibility here. There is no "special club" only the one you THINK there is. Follow the rules (which you really need to take heed of) and there will be no issue. Can't be any more simpler and easier to understand than that.
Originally posted by hearme0:
These people will learn............How many times did "Lissenup" get banned for unleashing on others??
Exactly. QFT.
Originally posted by KillerBug:
Originally posted by Oner:
It is a misnomer that these "Multiple sources state s0ny had a system completely open for hackers". For more info and facts about it you can read here & here (posts #491 through about #512) about it. Along with the users information was protected with a cryptographic hash function (Source here)
Just a little issue with that...
Quote:
As it turns out, it is fairly simple to use Google's webcache to show what version of Apache the PSN servers were using back in March. According to a page request archived by Google on March 23, 2011, at that time Sony was running version 2.2.17 of the software. You can see from Apache's website that 2.2.17 is the latest stable version of the webserver available even today. This is a direct repudiation of the claims being made that Sony's webservers were out of date by as much as five years.
That is from the first article, which didn't mention the firewall at all...and Apache isn't what got hacked either.
The second link never even touched on the firewall issue.
Sony's own documents from their press conference show that they were not using firewalls on all access points...they show that it was a 2-prong attack; they attacked the application server directly, without going through a firewall, then injected code that allowed them to go strait to the database server...Sony admitted this themselves, so why do people keep trying to prove that their security was up to the task?
As for hashing the user information, they did not encrypt it while it was being transmitted, and hackers were in the servers for days, and they setup the PS3 to transmit your CC & address every time you log on, so they could have easily gotten a huge amount if information just from that. Sony was warned publicly and repeatedly, but sony was too busy suing Graf for working with Linux to bother with fixing massive security holes. Once it is in the system, I can't really say; I was not involved in the attack...but I highly doubt a company with backdoors on their app server would bother with 256 bit AES.
I never said "their security was up to the task". All I showed was how certain info was incorrect in relation to what's being misrepresented or mixed together. Then later I also stated
Quote:
There is a lot of misinformation out there. Hell it even got all the way up to the US Congress! Between the original "insecure servers" that stared about 4 or 5 months ago which was confused with the actual recent PSN outage (that I linked to above) to the Greece site attack yesterday and 1 or 2 other issues (one being confused as a hack when it was just a phishing scam) it gets quite confusing.
I even also said "they are still having intrusion issues" which obviously cannot be confused with "their security was up to the task" (again something I never said). Actually I really shouldn't even bother because we all know people will believe what they want, even if what they heard is second/third/fourth hand and by their "brother's, friend's, uncle who supposedly works at Sony as a janitor said...".
|
|
SomeBozo
Member
2 product reviews
|
25. May 2011 @ 17:15 |
Link to this message
|
Originally posted by Oner:
I even also said "they are still having intrusion issues" which obviously cannot be confused with "their security was up to the task" (again something I never said). Actually I really shouldn't even bother because we all know people will believe what they want, even if what they heard is second/third/fourth hand and by their "brother's, friend's, uncle who supposedly works at Sony as a janitor said...".
But i wonder if your comments add to the confusion. You are playing both sides of the issue, on one side you say a lot of information out there is false, erroneous and misleading, to which we can concluded that s0ny's infrastructure is secure no problems with intrusions. Yet within a few statements after you make the first you point you then say even within the last couple days s0ny's security has again been compromised by hackers.
It is confusing when you are defending s0ny as being secure and others provide good sources saying the contrary. At best you have only provided a rather generalized comment that many sources about s0ny's security problems are incorrect or misleading.
@Oner, will you please provide sources saying that s0ny's security is now secure against further attacks? A few of us have provided what i would think are solid, credible sources saying it isn't. If you can't, and reports that s0ny is continually getting hacked, it would appear the reports that s0ny's networks simply isn't secure must be true. Finally i don't see where anyone seriously commenting on this thread has tried to jump smear s0ny with the wild imaginary reports.
|
|
Advertisement
|
|
|
Moderator
16 product reviews
|
25. May 2011 @ 17:43 |
Link to this message
|
Originally posted by SomeBozo:
Originally posted by Oner:
I even also said "they are still having intrusion issues" which obviously cannot be confused with "their security was up to the task" (again something I never said). Actually I really shouldn't even bother because we all know people will believe what they want, even if what they heard is second/third/fourth hand and by their "brother's, friend's, uncle who supposedly works at Sony as a janitor said...".
But i wonder if your comments add to the confusion. You are playing both sides of the issue, on one side you say a lot of information out there is false, erroneous and misleading, to which we can concluded that s0ny's infrastructure is secure no problems with intrusions. Yet within a few statements after you make the first you point you then say even within the last couple days s0ny's security has again been compromised by hackers.
It is confusing when you are defending s0ny as being secure and others provide good sources saying the contrary. At best you have only provided a rather generalized comment that many sources about s0ny's security problems are incorrect or misleading.
@Oner, will you please provide sources saying that s0ny's security is now secure against further attacks? A few of us have provided what i would think are solid, credible sources saying it isn't. If you can't, and reports that s0ny is continually getting hacked, it would appear the reports that s0ny's networks simply isn't secure must be true. Finally i don't see where anyone seriously commenting on this thread has tried to jump smear s0ny with the wild imaginary reports.
I don't see how it is confusing, I linked to information that says in part this ~
Quote:
deathindustrial ~ I was curious about the source of the outdated Apache server / no firewall claims. For the moment I am having to assume that it is related to the IRC log that was making the rounds back in February 2011:
http://www.ps3hax.net/showpost.php?p=172049&postcount=180
Google's cache from March 23 shows the server in question displaying the banner for 2.2.17 of Apache which is current:
http://webcache.googleusercontent.com/search?q=cache:h9540GDnnIoJ:auth.np.ac.playstation.net:443/+auth.np.ac.playstation.net
Of which I clearly referenced to in post #24
Quote:
Between the original "insecure servers" that stared about 4 or 5 months ago which was confused with the actual recent PSN outage (that I linked to above)
In the same post I linked to it also says
Quote:
I then wanted to know what "forums" Dr.Spafford was using as his source for the congressional testimony (based on various news articles making the rounds) and so took a peek at his written submission and it contains this gem:
"I have no information about what protections they had in place, although some
news reports indicate that Sony was running software that was badly out of date, and had
been warned about that risk."
So anyone using Dr. Spafford as the source for the "they ran outdated software" claim did not actually read his submission - he doesn't know anything more than you or me. The situation is dire enough without media hacks making crap up.
Of which I was referencing in comment #24 as well with Dr. Spafford's questioning to Congress
Quote:
Hell it even got all the way up to the US Congress!
The main general point I was simply trying to make in all of this, is that there is misinformation out there that people mix and match when one thing has nothing to do with the other.
Hence the prime example (of the original beyond3D link & direct quote above) about Dr. Spafford's questioning going off old data from February that he got from blogs and forums but stated "although some news reports indicate" when they were not from "the news" (or maybe they were, but the "news" got it from blogs & forums about the IRC logs without proper fact checking for the greatest media spectacle headline to gain hits which is more than likely).
But in actuallity that doesn't even matter (whether the "news" or himself got the misinfo) because basically he was NOT going from first hand knowledge in regards to the PSN outage last month. It's clear the data he was quoting in Congress had NOTHING to do with the PSN Outage. That is what I am referencing as to how even misinformation can make it to Congress...let alone in forums.
I am not "playing both sides" of anything. I am just offering additional info that hopefully clears up specific irregularities. I also never said "s0ny's security is now secure against further attacks". So please don't put words in my mouth just as KillerBug mistakenly did with the "their security was up to the task" comment. Because I never said EITHER of those things.
This message has been edited since posting. Last time this message was edited on 25. May 2011 @ 18:57
|
|
