Sony/Anonymous Nonsense & the PSN Outage ... also GeoHotz

[Mormz]

PS3 online has never not been free.

I don't think this is entirely due to the Geohot thing, but I'm sure that quite a big part of it has to do with it.

I think the lawsuit between Sony and Geohot is absurd, however, I don't think hacking PSN will mend any wounds. In fact, it will probably end with Sony going after Geohot and anyone attempting the same things much harder than before.

That being said, I'd like to fucking play online on my PS3 again. Xbox isn't fun to play online anymore.

Oh it is?... okay I was hearing about credit cards and stuff and assumed they went back on that, my bad. But hey the Linux thing is still valid

That's for stuff like DLC and Playstation Plus. I was confused at first, too because I don't use a credit card with my PS3. Apparently Sony doesn't want to bill you if your billing address is a P.O. Box?

 

[Dashell]

That's for stuff like DLC and Playstation Plus.

In my defense, that's what Rob told me earlier today and he probably told it better or said something different that I'm remembering wrong.

 

[Mormz]

No worries, completely understandable. Like I said, I was a bit confused about why credit card information was being stolen as well.

 

[X-SOLDIER]

I swear, if I hear one more thing about people bitching out Sony before someone starts asking who actually stole the information, and what can be done to ensure that they get severely punished for causing this, I'm gonna be seriously bent. Come on, people. There isn't just some mysterious black-masked goon who steals information and then turns into a shadow and vanishes.

CATCH THIS ASSHOLE.


X

 

[Mormz]

I'm not sure it will be quite so easy. I don't think this was carried out by one individual. It's probable there were hundreds considering all the talk before-hand. So, let's say there are 100 hackers and each one is behind 7 proxies - that's 700 proxies. Good luck catching them.

I do agree people should not be so rash with Sony, however, Sony could at least divulge information a bit faster than they are.

 

[Ⓐaron]

I swear, if I hear one more thing about people bitching out Sony before someone starts asking who actually stole the information, and what can be done to ensure that they get severely punished for causing this, I'm gonna be seriously bent. Come on, people. There isn't just some mysterious black-masked goon who steals information and then turns into a shadow and vanishes.

CATCH THIS ASSHOLE.


X

Well, there are plenty of valid reasons to bitch about Sony. There just isn't any in relation to the theft of data. That's definitely not their fault.

Of course I'm sure you weren't talking about all bitching about Sony but I just felt like pointing that out

 

[Dashell]

I swear, if I hear one more thing about people bitching out Sony before someone starts asking who actually stole the information, and what can be done to ensure that they get severely punished for causing this, I'm gonna be seriously bent. Come on, people. There isn't just some mysterious black-masked goon who steals information and then turns into a shadow and vanishes.

Yeah, dunno why I bothered to post an opinion on TLS of all places. If you look closely and squint really hard, you'll see that all I was doing was correcting some information in this thread. People were assuming the original guy who got sued was someone who tried to pirate a bunch of games or something. That's not true. Yes, what he did could cause piracy, but so could things like Homebrew for Nintendo. Maybe you weren't talking about me but I'm pretty sure you were

Do you see Nintendo out suing the people who made Homebrew? Or is that an exception for some reason? I use Homebrew, I love it. I make custom New Super Mario Brothers Will level, and play custom Mario Kart Wii courses, and have never pirated one single thing (EDIT using homebrew I never pirated I mean). Should I be sued? Cause I do something that MAY cause me to pirate?

I SAID whoever did this was petty and childish. I SAID I want them to catch the guy. I ALSO said if ALL that happens is people lose faith in Sony, I won't lose sleep over it. This would imply that I DO NOT want anyone to lose their credit card info or anything like that. Yes, absolutely catch this asshole! I'm on Sony's side as far as the hacking goes, but they ARE a bunch of dicks for suing someone for what's pocket change to them.

EDIT
And I'm NOT saying Sony didn't have the legal right to sue him, just that I really believe they shouldn't have.

EDIT 2:
That sounded really angry, it wasn't supposed to

 

[Dana Scully]

Sony Computer Entertainment has issued an update on last week's "external intrusion" on its PlayStation Network, an attack that forced the network offline and may have exposed the personal information of millions of members. On the company's PlayStation.blog, senior director of corporate communications Patrick Seybold writes that the PlayStation maker will be "taking steps to make our services safer and more secure than ever before."
That includes "a new system software update that will require all users to change their password once PlayStation Network is restored." Presumably, that software update will come to both the PSP and PlayStation 3 within the week. Currently, PSN accounts are locked out of the system, making a change to personal information and passwords impossible.
Furthermore, Sony says it is "initiating several measures that will significantly enhance all aspects of PlayStation Network's security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway."
Sony writes that it still plans to have its PlayStation Network back online by next week, offering the caveat "we want to be very clear that we will only restore operations when we are confident that the network is secure."
For PSN account holders who may be concerned about the damage already done to their personal information or credit cards, Sony offers the following updates.
On the safety of your personal and financial information...

The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
​

On the credit card details that PlayStation Network and Qriocity do and do not store...

While all credit card information stored in our systems is encrypted and there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained. Keep in mind, however that your credit card security code (sometimes called a CVC or CSC number) has not been obtained because we never requested it from anyone who has joined the PlayStation Network or Qriocity, and is therefore not stored anywhere in our system.
​

sauce

There you go, confirmation that the CC stuff was all encrypted and it doesn't even look like it was taken in the first place.

Also, Geohotz denies any involvement.

Also also:

Spoiler

oh snap

 

[Dashell]

Well that's good to know the CC info was probably not compromised but why did Sony wait so long to say the CC info may have been compromised? You'd think they'd want to get that info out sooner.

 

[Dana Scully]

Well that's good to know the CC info was NOT compromised but why did Sony wait so long to say the CC info may have been compromised? You'd think they'd want to get that info out sooner.

Because they didn't know for sure that personal info was stolen until Tuesday, and didn't want to cause an unnecessary panic.

 

[Makoeyes987]

It's like when a kid pees the bed and they wait until 12 noon to say something.

They just don't want to admit they made a huge mess.

 

[Alex]

Yeah, dunno why I bothered to post an opinion on TLS of all places.

lol whut

 

[X-SOLDIER]

Well, there are plenty of valid reasons to bitch about Sony. There just isn't any in relation to the theft of data. That's definitely not their fault.

Of course I'm sure you weren't talking about all bitching about Sony but I just felt like pointing that out

Lol. You ass. You know what I meant.

Yeah, dunno why I bothered to post an opinion on TLS of all places. If you look closely and squint really hard, you'll see that all I was doing was correcting some information in this thread. People were assuming the original guy who got sued was someone who tried to pirate a bunch of games or something. That's not true. Yes, what he did could cause piracy, but so could things like Homebrew for Nintendo. Maybe you weren't talking about me but I'm pretty sure you were

Wasn't referring to you at all. I was talking about the media's coverage of the recent data loss fiasco, and how everyone is focused on beating the shit out of Sony while they work to fix the issue. I hadn't even read your post on the other page when I posted that. TBH, I still haven't and now need to go back and read it just to understand what you're talking about.



In thread related news, it looks like there's a rumor that Sony's sending out new SDK to developers that they're supposed to start using before PSN comes back online in the next 7 days. Here's to hoping this ends up for the better. I know that it's not worth the issues & data loss, but I'd rather something like this happens now, so that all their information will be more secure against attempts at stronger / more sophisticated attacks in the future, because let's be honest, this COULD have been worse.


X

 

[ForceStealer]

ITT: Quex leaping to assumptions left and right.

 

[X-SOLDIER]

No, the initial guy that started this whole mess was only trying to get what Sony promised them. Linux to work on his system. While it's true it COULD lead to pirating, this wasn't his plan. Sony promised that they would allow Linux to be run their PS3 and, at first they did, then later they took that away. This guy just wanted to be able to run Linux, NOT pirate. IMO they went way overboard with suing the guy, but he was kind of an idiot for giving out the information on HOW to put Linux on the system. However, it's STILL ridiculous to sue him for so much, and Sony is nothing but a group of bullies for doing it. They have basically torn this guy apart because they didn't keep a promise. They also promised online gaming would be free, and they went back on that.

The whole thing with Geohotz was yes, he wanted to be able to run Linux on his PS3, because it was originally a feature. I'm assuming that Sony most likely removed it, because future features that they're adding have the possibility of being compromised by allowing a second operating system on the PS3, so they took it off. I know people who had used Linux on it and were bummed about not having it anymore, but I'd personall rather have improved services for what the system was built for.

Now if having the ability to run Linux was a feature that was built in to the system directly, it would be different. Using Linux on a PS3 still requires customization of the box, and while having that door open is nice, it's not something that Sony supports directly. It's not like if you had one of the older PS2 backwards compatible PS3s, and they suddenly turned that feature off one day. Linux booting on the PS3 is a free Operating System that you put on the PS3 on your own time, because there was a door that allowed for it. That's all.

Now here's where it gets more specific. Geohotz could have gone about making a custom firmware version that would still allow him to use Linux if that's really what his problem was. Simple problem, simple solution.

Instead he publicly posted an encryption key on his blog, and then bragged about it. This is a key that other people can and have directly used for piracy, like the PSN-capable Reboot firmware. The key also may or may not have lead to the security breach that caused all the data loss, but Gethotz wasn't directly responsible, but his incredibly poor choice of actions more than likely lead to this. That, and the fact that this is the attitude he had, and how he chose to deal with the situation, are why I supported Sony throwing the entire legal book at him upfront, not to mention what's happened/happening now.

NOW BEFORE YOU GET ALL PISSY @ ME WITH YOUR NERD RAGE READ THE REST OF THIS!

However, I do not think that this hacking and what not is justified. I think it's petty and childish and I really hope they find out who did it. I don't want anyone to lose their identity, or their Credit Card numbers, but if ALL that happens from this is people lose faith in Sony, I won't lose sleep over it.

No pissy nerd rage or hard feelings here, just clarifying my point of view for you. In light of the previous misunderstanding, I felt that you deserved a real response from me about the whole Geohotz situation.


X

 

[Masamune]

It's like when a kid pees the bed and they wait until 12 noon to say something.

They just don't want to admit they made a huge mess.

When you say "kid"....

 

[Makoeyes987]

No, asshole, I don't soil myself or my bed!

Thank you for your concern though, I appreciate your care.

 

[X-SOLDIER]

Man, there hasn't been this much love in a thread in a long time.

I've missed you assholes.



X

 

[Tetsujin]

No, asshole, I don't soil myself or my bed!

Riiiight...

 

[Ryushikaze]

No, asshole, I don't soil myself or my bed! :monster

Only the beds of others.

 

[Dashell]

ITT: Quex leaping to assumptions left and right.

This could be posted in so many topics

Instead he publicly posted an encryption key on his blog, and then bragged about it. This is a key that other people can and have directly used for piracy, like the PSN-capable Reboot firmware. The key also may or may not have lead to the security breach that caused all the data loss, but Gethotz wasn't directly responsible, but his incredibly poor choice of actions more than likely lead to this. That, and the fact that this is the attitude he had, and how he chose to deal with the situation, are why I supported Sony throwing the entire legal book at him upfront, not to mention what's happened/happening now.

I agree that the guy was a moron for doing what he did. He wanted others to be able to use Linux as well though, so he posted the key. It was stupid and he should have just shared it with his close friends and he sure as hell shouldn't have posted it on his blog. I just feel that legal action was really overboard. He didn't mean any harm, and even though he bragged about it and what not, he didn't do any piracy or anything like that. He basically just tinkered with the system and got sued for it. Doesn't seem right to me.

Maybe I'm looking at it wrong though. I don't know the guy. Maybe he's really a jerk and wanted to try to bring down Sony this way or something. It just almost frightens me that he got sued for tinkering with the system, because that's something Rob has done with our Wii before... I'd hate to see him get sued

EDIT
and may I ask what the differences is between what this guy did and what Homebrew does? They could both lead to piracy really...

EDIT 2:

I don't get the guy drinking the soda though.
Oh NM, he's in all the commercials.

 

[X-SOLDIER]

I will most certainly explain the difference.

• Homebrew: You'll be using Custom Firmware, which is basically a custom version of the Operating System that the PS3 uses. Custom versions that aren't released by Sony may allow you to still run Linux on a PS3, while still being able to connect to PSN & play games, but you're not going to get any support from Sony, and if they shut it down with an update, it's up to you to fix it.

There are SOME custom firmwares that are designed for cheating / piracy, like the Reboot firmware that was posted about earlier in this thread that lets people get on PSN and use dummy credit card information to download games for free. However, if he's decided to make a custom firmware that kept the ability to use Linux, no one would have made a huge deal about it, because while it COULD lead to piracy, that's not what it's intended for.

• What he did: Geohotz publicly released Sony's security encryption key, which would allow any knowledgable individual to bypass the security systems in place specifically to prevent hacking. Someone could also use it to build firmware, but it's most useful to pirates. To use a comparison from my first post in this thread that a user on Joystiq made, this is basically like publicizing a banks RSA key and then saying you didn't intend for people to use it to commit fraud. Essentially rather than could lead to piracy like a self-made firmware would have done if it was misused, this WILL lead to piracy.

Whether or not the release of that key was what allowed the PSN outage and information loss to happen isn't clear, but I'm fairly sure that it played a large part in whoever's ability to do what they did.

THAT'S why I think he's a piece of shit who deserved to get legally assraped by Sony.


X

 

[The Twilight Mexican]

Wacky timing all this goes down the week before this fella dies:

http://www.gamespot.com/news/6310241.html?

 

[Dashell]

I see what you're saying (to X-Soldier), but to me it's like gun control; a company produces firearms, that doesn't make them responsible for murders. Hotz reiterated repeatedly that he intended this to be used to get "OtherOS" back, and that was his only ever intention. It just bothers me that they came down so hard on someone who's just a tinkerer. As I said, doesn't seem right.

And also for those talking about how this guy wanted to pirate and what not, the PS3, like the Xbox360, depends on a hypervisor for security enforcement. Unlike the 360, the PS3 allows users to run ordinary Linux if they wish, but it still runs under management by the hypervisor. The hypervisor does not allow the Linux kernel to access various devices, such as the GPU. If a way was found to compromise the hypervisor, direct access to the hardware is possible, and other less privileged code could be monitored and controlled by the attacker.

Hacking the hypervisor is not the only step required to run pirated games. Each game has an encryption key stored in an area of the disc called ROM Mark. The drive firmware reads this key and supplies it to the hypervisor to use to decrypt the game during loading. The hypervisor would need to be subverted to reveal this key for each game.

(okay I got that from here:
http://rdist.root.org/2010/01/27/how-the-ps3-hypervisor-was-hacked/)

So that just pretty much proves Hotz did not give away the means to pirate. The means to pirate would have to be undertaken by someone who went one step further. So it's not the gun manufacturer who produced the firearm so much (Hotz), but the guy who bought a stock of them so he get a group together to rob a bank (a would-be pirate)

Whether or not the release of that key was what allowed the PSN outage and information loss to happen isn't clear, but I'm fairly sure that it played a large part in whoever's ability to do what they did.

Okay but we don't know ,it could have been an exploit on their servers, but I'll wait for Sony to give the verdict on that

and sorry I edited like 10 times but I just found that so

 

[Dashell]

I have to BUY candy

and what if I found a gun on the ground and shot someone? Are they responsible then or me?

EDIT
okay did I hallucinate another post here?.. or...