PSN Phasing Back Into Existence With Enhanced Security

 Pages 1 2 3 4 5 NEXT
 

PSN Phasing Back Into Existence With Enhanced Security

image

Sony will soon restore the PlayStation Network in a "phased rollout," adding enhanced security features and giving away customer appreciation bonuses.

The recent attack on Sony's PlayStation Network captivated many nations around the world as people began to wonder just how safe their personal data was in the digital realm. With the PSN shutdown now approaching 11 days, Sony has announced that it'll be restoring certain aspects of the service this week, while other features will return in phases.

The "phased rollout" of services will begin with the restoration of the ability for PS3 and PSP owners to play games online, which is a big one. Logging in to the PSN will require users to change their passwords as part of newly implemented security measures. The first phase will also include returned access to Qriocity music services, to unexpired movie rentals, PlayStation Home, PSN friends lists, and chat.

The PlayStation Store won't be brought back immediately, much to the chagrin of game developers that rely on it for revenue. Sony says it'll "continue to reinforce and verify security for transactions before resuming the PlayStation Store and other Qriocity operations, scheduled for this month." This appears to mean that the rest of the PSN will be back sometime in May.

Sony also detailed the measures that it took to ensure that it won't be attacked again in the same manner. Here they are, straight from Sony's press release:

Working closely with several outside security firms, the company has implemented significant security measures to further detect unauthorized activity and provide consumers with greater protection of their personal information. The company is also creating the position of Chief Information Security Officer, directly reporting to Shinji Hasejima, Chief Information Officer of Sony Corporation, to add a new position of expertise in and accountability for customer data protection and supplement existing information security personnel. The new security measures implemented include, but are not limited to, the following:

  • Added automated software monitoring and configuration management to help defend against new attacks
  • Enhanced levels of data protection and encryption
  • Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns
  • Implementation of additional firewalls

Sony is still investigating the attack and plans to prosecute whoever's responsible to the full extent of the law, one would assume. Beyond words, Sony plans to apologize in two ways for the PSN downtime and the possibility of a stranger now knowing where its customers live. First, Sony is going to provide a "complimentary offering to assist users in enrolling in identity theft protection services and/or similar programs." This will occur at the local level, with more details coming later. Second, a "welcome back" program will offer free PlayStation Network downloads, a free 30-day membership to PlayStation Plus, and a free 30-day membership to Music Unlimited powered by Qriocity. The exact content to be made available for free download will also be region specific and announced at a later date.

Best case scenario here is that the attacker(s) didn't actually steal any personal data, which isn't 100% confirmed yet, and every PSN user will just get a bunch of free games or DLC and access to premium PlayStation Plus features for being a good sport. For me personally, the badness level of having my identity stolen versus the goodness level of getting a videogame I want for free is a toss up, so this is a step in the right direction.

Permalink

Good. See good things are happening from this. Good job Sony, I am proud of you guys. Now just don't miss something like this again.

Well hopefully this will resolve well enough in the end, that Sony won't suffer too much. Backlash has happened, and I'm sure there are now more X-box owners and less PS3 owners. As for me, I still stand by it. Hopefully the hackers won't be dicks and attack again.

Long as my information remains safe, I'll have no issue with PSN. A month of complimentary service for the worry and downtime seems fair.

They can phase back into existence with all the security they want. They already lost me as a customer.

If Sony's serious about this, I might just be able to download a copy of the Red Dead Undead thingy for free. If so, all is forgiven. :P

They will seriously need to do some damage control. I was talking to a co-worker who buys games for her kids and doesn't follow the news as much, and her faith in Sony has seriously been rocked. She didn't use her credit card to buy anything on the service, nor did I, but despite our differences as consumers, both of us are very disappointed in Sony. I am only lucky that I diversify my passwords. My co-worker is lucky that she barely uses PSN services since her kids live in the Philippines. At the very least, she is minimally effected and will get some free games for her kids when they return to Canada.

did i hear free Dead Money DLC?
I never really feared this as much as a lot of other ppl and i think this was actually quite well handled by Sony to make sure they had the info so everyone didnt lose there shit when this happened
good on ya Sony

Just in case people don't realise this regarding the free PS+

It's for a MONTH. After that it continues automatically. You have to manually set for it to not roll over.

I can see A LOT of people not realising this and ending up being charged for what is a 'free' thing.

Personally I woulda been happy with a £5 off voucher for anything in the store.

I want FREE stuff Sony. How about some free L.A. Noire DLC?

Once the paranoia that some hacker will change my password is proven false (I hope, cue nervous laughter> I actually might think this was worth it seeing as I rarely go online to play.
<edit> fingers crossed for free Honest Hearts!

Good. They say that it'll be back by the end of May by the latest. I don't care how long it takes to get it back up, keeping my info safe and getting these neckbearded cunts behind bars should be the first priority, and it looks like Sony realises this. They seem to have realised how badly they handled this in the beginning and decided to man up and get some shit done.
Good job Sony, as long as you're doing all you can do. Just remember, I can wait to play Portal 2 online, my personal and financial info is a bit more important to me at the moment. Don't rush PSN back out of pressure, take your time and ensure everything is perfectly safe before that.

Edit: as for the free month of PS+, here's my plan:
1. get PS+
2. download every bit of free shit
3. ????
4. PROFIT!!!

Enhanced levels of data protection and encryption

So... what? Are we storing the plain text user data as anagrams? That would be a bit of an improvement.

The damage is already done sony :( Also i doubt the ones responsible for this will ever be caught. If they have not bragged at this point it means they are real pros. Chances of the FBI's miserably underfunded, under-trained, and understaffed cyber crime division will catch them is rather low. Sucks but i don't think the headline "PSN Hackers Caught" is going to be up anytime soon, and if it is they will be false alarms.

Well, I'm not tossing out my PS3 just yet. But I'm buying prepaid network cards from now on.

even tho im a xbox owner i kinda feel ps3 users are getting the shaft again if some scumbag stole all my info ps3 had to do a bit more then 1 month of free stuff to get me to come back

Now we can finally start putting this behind us.

Like BP's catastrophic oil spill in the Gulf, everyone will forget about it soon enough.

Tom Goldman:

For me personally, the badness level of having my identity stolen versus the goodness level of getting a videogame I want for free is a toss up,

Permalink

This particular line bothers me. Does this mean that if I offer you a free copy of Brink, you will give me your info? Who, realistically speaking, would say that having their data stolen is equivalent to a new videogame? Stolen data like this is estimated to cost an average of $318.00 per compromised record.

http://www.escapistmagazine.com/news/view/109611-Credit-Card-Breach-May-Cost-Sony-24-Billion

Cool. I like getting things for free.

"Added automated software monitoring and configuration management to help defend against new attacks"

Decoded: Turned on logging

"Enhanced levels of data protection and encryption"

Decoded: Enabled SSL

"Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns"

Decoded: Hired a person to read the logs

"Implementation of additional firewalls"

Decoded: Installed a firewall

Tom Goldman:

from Sony's press release:

Working closely with several outside security firms,

They can work as close as the want with the "best" security firm like the one that was gonna take down the hackers in the wikileaks issue but i dont think that is gonna help, the answer is to treat better the costumers, dont go making claims and sues to the paying costumers.

Work with the new tallent A.K.A. the hackers A.K.A. George hots, if there is people out there that can do a Ddos attack to PayPal, MasterCard, and Swiss bank PostFinance im sure they can take out a videogame company infrastructure

So they finally did what should always have been in place... great job Sony, you rock!

Sounds like everything should be going uphill from here then. I'm glad.

At least this whole thing has been a wake up call to companies who lack security they should've had implemented in the first place.

EDIT: Also when my copy of Mortal Kombat arrives it will be good to know that I'll be able to jump online soon.

I'm still iffy about whether to return or not, but I probably will. Just going to avoid buying anything with my card from now on and just get pre-paid for anything that's worth the trip to the store :s

As for the damage done, I'd say that Sony should have done this "enhanced security" BEFORE they went and got hacked. I don't expect a few bonuses tossed in to win everyone with half a brain back; a better way would be to get on their hands and knees and start begging for people not to leave them behind >.> Far as I'm concerned, it was THEIR fuck-up for not doing things right, and that's that, no matter who's fault it was.

Doesn't mean that I no longer want to see the cocksucker who now knows where I live (probably some guy in Peruvia or some obscure place like that) brought down. I most certainly do, but Sony can't just say "we're sorry, here's a cookie" and that just makes everything better by itself >.<

Yeah, I'm sorry but not good enough by a long shot.

I called up the other day to cancel my cards that I could have used (since you could not actually log in and see what card you used, I had to cancel them all). That sadly included my debit card from my bank as well because I might have used that.

I wasn't that upset about the whole thing as I figured I'd get a new card in a few days and just use my wife's card till then.

Nope, they canceled ALL of our cards. I went out yesterday to go shopping for the weekend. I didn't even think about my wife's card not working because I didn't cancel it....so I went shopping and no dice on her card. I still didn't think it was a big deal, I'd just run over to the bank and get the temporary card they were talking about...no biggie right?

Nope, it was friday. I have had direct deposit for my checks for so long I forgot what fridays were like at a bank. I waited in line about 20 minutes and finally just gave up (wasn't even a 3rd of the way through the line). We ended up having reheated soup (Still good, but not exactly what I wanted for dinner last night!).

Today I went back to the bank and waited about 25 minutes all together to be seen. Got my temporary card (which only lets you spend 100$ a day) and some actual cash out of my bank. I also transfered all my excess cash into a secure savings account to be extra careful. I was finally able to go shopping and at least I have enough cash now to last till I get my regular card back at this point.

The entire experience has sucked though. Add to that the bank constantly trying to get me to sign up for "identity theft protection" for only 1$ (for the first 30 days and then $15.99 every month after that", the extreme annoyance of dealing with their dumb automated systems in the first place and well......I'm not giving Sony any of my credit card information ever again. I guess it was partially my fault for not keeping track of what card I used with them, but honestly I never thought such a large company would be compromised. I used to have a seperate credit card I only used for online purchases etc....but after so many years I ditched it. Perhaps I'll go back to doing that again just to be extra safe in the future.

No matter what a "free" month of PSN + (what does that ever really give you anyway...never even looked into it) is certainly not going to make up for all the frustration I've had over this.

Sorry for the double post but as an aside, I never got any emails or information from Sony itself about the identity theft. Many people (even bank employees) have no idea about the theft. I havn't bought anything off PSN for years so if I hadn't visited the Escapist (which luckily I do every day) I would have been totally in the dark. I don't think that is acceptable at all....sony should have emailed everyone who had potential security issues and included the information that may have been compromised (would have been nice if they included the last 4 numbers of the credit card used as well to prevent us from having to cancel them ALL).

Oh well....color me frustrated and not amused.

As I commented before, and shall mention again, this is a huge marketing strategy, and even if it is an act of kindness, they thought out the benefits of this little arangement.

As I mentioned in the smaller topic:

Sony gives free PSN+ to everyone for a month, exposing them to the benefits

People begin to like it more

free PSN+ ends

If even 10% of said people decide to subscribe to get PSN+, then sony just made a profit.

Sony uses profits to pay for current lawsuit against them.

People should realize this, at least a portion of people...

Bobbity:
If Sony's serious about this, I might just be able to download a copy of the Red Dead Undead thingy for free. If so, all is forgiven. :P

It was epic...very much so. I would say it almost makes rape forgivable....almost.

Jackson - Deathclaw:
did i hear free Dead Money DLC?
I never really feared this as much as a lot of other ppl and i think this was actually quite well handled by Sony to make sure they had the info so everyone didnt lose there shit when this happened
good on ya Sony

Also most were blaming sony as if they had a hand in the theft of the stuff. Like the executives were going to be using their credit information to buy coffee makers.

BanthaFodder:
Good. They say that it'll be back by the end of May by the latest. I don't care how long it takes to get it back up, keeping my info safe and getting these neckbearded cunts behind bars should be the first priority, and it looks like Sony realises this. They seem to have realised how badly they handled this in the beginning and decided to man up and get some shit done.
Good job Sony, as long as you're doing all you can do. Just remember, I can wait to play Portal 2 online, my personal and financial info is a bit more important to me at the moment. Don't rush PSN back out of pressure, take your time and ensure everything is perfectly safe before that.

Edit: as for the free month of PS+, here's my plan:
1. get PS+
2. download every bit of free shit
3. ????
4. PROFIT!!!

Neckbearded cunts? Whats a neckbearded?

Scars Unseen:

Enhanced levels of data protection and encryption

So... what? Are we storing the plain text user data as anagrams? That would be a bit of an improvement.

Everything i have read says that the information was encrypted. Don't know why it wouldn't be. There is no proof to verify that it wasn't encrypted either.

Milo Malo:

Tom Goldman:

from Sony's press release:

Working closely with several outside security firms,

They can work as close as the want with the "best" security firm like the one that was gonna take down the hackers in the wikileaks issue but i dont think that is gonna help, the answer is to treat better the costumers, dont go making claims and sues to the paying costumers.

Work with the new tallent A.K.A. the hackers A.K.A. George hots, if there is people out there that can do a Ddos attack to PayPal, MasterCard, and Swiss bank PostFinance im sure they can take out a videogame company infrastructure

I may not be a genius but i remember like 90% of everything i read and everything i hear. And i remember reading about how to preform a DDoS attack all you have to do is download a program that comes whit instructions. So really any 12 year old that isn't illiterate can do it. I wouldn't think preforming a DDoS attack is very impressive.

swytchblayd:
I'm still iffy about whether to return or not, but I probably will. Just going to avoid buying anything with my card from now on and just get pre-paid for anything that's worth the trip to the store :s

As for the damage done, I'd say that Sony should have done this "enhanced security" BEFORE they went and got hacked. I don't expect a few bonuses tossed in to win everyone with half a brain back; a better way would be to get on their hands and knees and start begging for people not to leave them behind >.> Far as I'm concerned, it was THEIR fuck-up for not doing things right, and that's that, no matter who's fault it was.

Doesn't mean that I no longer want to see the cocksucker who now knows where I live (probably some guy in Peruvia or some obscure place like that) brought down. I most certainly do, but Sony can't just say "we're sorry, here's a cookie" and that just makes everything better by itself >.<

I don't see why so many people think it was sonys fault. If you make an unbreakable shield someone will make a sword that can break it. It will go on forever. They probably already had security and all that but someone got through it and that made them beef it up. And anyone with half a brain would know that the company involved isn't nearly as in the wrong as the people who stole the information int he first place.

Donnyp:

Scars Unseen:

Enhanced levels of data protection and encryption

So... what? Are we storing the plain text user data as anagrams? That would be a bit of an improvement.

Everything i have read says that the information was encrypted. Don't know why it wouldn't be. There is no proof to verify that it wasn't encrypted either.

Sure, there's no proof, unless you want to count Sony's own words.

From http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/

The personal data table, which is a separate data set, was not encrypted

Scars Unseen:

Donnyp:

Scars Unseen:

So... what? Are we storing the plain text user data as anagrams? That would be a bit of an improvement.

Everything i have read says that the information was encrypted. Don't know why it wouldn't be. There is no proof to verify that it wasn't encrypted either.

Sure, there's no proof, unless you want to count Sony's own words.

From http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/

The personal data table, which is a separate data set, was not encrypted

I am a big enough man to admit i was wrong. I just got so used to reading people say No data was encrypted so often i skipped over the word User. I'm sorry.

And i had already read that and was about to quote it saying "look says it is encrypted for the stuff that matters" but i are slow right now i guess lol.

Good old faux internet outrage.

I'll be happy with online play back, they can take as long as they want with the rest.

It's coming back? YAY! So happy! And I get goodies? See Sony, this is why I love you.
Microsoft, you can learn a thing or two about telling me to eff off when my fourth xbox RRoDs.... Why do I keep buying Xboxes?

Captcha: swap ersionc

With who?

I'm a forgiving sort of guy. I'll let them off this one time. Fool me once, fool me twice, sort of thing. If this happens again, then bon voyage Sony. I doubt you'd survive another hit like this, if you manage to recover from it.

Besides, with so much scrutiny on Sony following this debacle, I'd be surprised if it wasn't one of the most secure networks in the industry once it comes back online anyway.

Prepare for a LOT of security updates in the future, peoples.

Alright now that's that's solved lets delve into how it happened. I'd love to see a mass crusade against the hackers and their affiliates that aided them.

This is a good chance to get the FBI behind possibly taking down websites and arresting actual people behind the attacks to get some consequences finally brought down on the hacking community. There are some good ones out there but now's a good time to find anywhere that could've been endorsing or involved and get rid of them.

Donnyp:

I don't see why so many people think it was sonys fault. If you make an unbreakable shield someone will make a sword that can break it. It will go on forever. They probably already had security and all that but someone got through it and that made them beef it up. And anyone with half a brain would know that the company involved isn't nearly as in the wrong as the people who stole the information int he first place.

Sadly it seems most gamers don't have half a brain especially when they're complaining but yeah you're absolutely right. Well we get free stuff and for all we know our personal data is fine, yay.

 Pages 1 2 3 4 5 NEXT

Reply to Thread

Posting on this forum is disabled.