Squid Division

Sony Shitshow

Recommended Posts

...Sony... they have been spreading malware, and disrupting non-sony hardware people owned... failed attempt to hide the faulty battery issue...

I must not read enough news, I didn't hear about those things. Can you link some news stories?

Share this post


Link to post
Share on other sites

i think the malware thing is from the anti-copy stuff they had on cds for a while? the hardware is when they had a firmware update for ps3 that broke functionality for some third party peripherals.

Share this post


Link to post
Share on other sites

This is a huge bummer. I always had the sense that the PS3 was one of the few consoles that actually managed to be secure on all fronts. Now within a few months, both the software auth and the PSN account have been torn apart by hackers. In terms of how they communicated this issue (which strikes me as more of a customer service thing than a PR thing), I feel they've failed both their clients and their business partners (Portal Kombat, as was mentioned earlier is a good example).

It makes me long for a time when all a console did was play a game, and inputting your name was just so your brother wouldn't play your zelda save.

Share this post


Link to post
Share on other sites
Interesting chatlog from IRC re: PSN and (and seems from this convo) frankly bollocks security.

http://www.psx-sense.nl/46022/chatlog-hackers-credit-card-gegevens-niet-voldoende-encrypted/

I'm positive this was posted before.

I wonder if people are going to switch to PSN cards only now? While your credit cards will be safe if you use this method.... they are just so wasteful! A whole game case for one tiny card?

The latest Sony blog update only bothers to say that assure that our trophies and PS+ cloud saves are safe and that they are "evaluating" ways to compensate us.

So.. yeah, we can guarantee your trophies are safe, but your info... Uh... BEHIND YOU A THREE HEADED-MONKEY! :blink:

Does Sony really think we need to hear our trophies are safe? Did anybody think for a second that they could be in danger? Does anybody really care that much?

The "funny" part is that they intend to compensate for our "extraordinarily patience"... :hah:

Share this post


Link to post
Share on other sites
I must not read enough news, I didn't hear about those things. Can you link some news stories?

The most prominent malware case:

http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal

And then there was been the issues with certain versions of their copy protection system used by games which disrupted CD recorders or some advanced CD players, this happened with both SecuROM and some of the audio CD copy protections. The latter violated the CD standard and Philips demanded Sony not to label those discs as CompactDisc (because they were not).

And the faulty battery issue:

http://en.wikipedia.org/wiki/Sony#Laptop_batteries_dysfunction

It was quite big news that a lot of laptop manufacturers had a battery recall. All those batteries were made by Sony.

Share this post


Link to post
Share on other sites
Apologies.

There is no need for that, I just pointed it out so people wouldn't read the same long conversation twice, while it was a different site, they conversation posted is the same.

We've all posted something that's been posted before so, no worries.

Share this post


Link to post
Share on other sites

I really had no clue what was going on with this until a few hours ago I bothered to look it up, but going over the Geohot thing that this seems to have stemmed from, Sony was kind of asking for it. They got access to a bunch of information they really shouldn't have just because people viewed Geohot's video or website and in return this group has taken a bunch of information from Sony. Fair's fair, court order or not.

That said, I don't see what the point is to use the same heavy handed tactics Sony (and almost every mega multimedia corporation) uses on the general public who uses the internet. It's just as ass backwards, even more so with the credit card numbers being taken.

As far as personal information, I'm not sure if that's something to be alarmed about like some. Since I'm one of those jerks that Googles people for fun, it's not like anyone's personal address is very hidden. I guess it's the worry that that information will be used in conjuction with the stolen credit card information?

First of all, if the hackers have access to our passwords, this means Sony are terrible at computer security (nobody, not even Sony, should have access to our PSN passwords). Secondly, if they knew that credit card details couldn't possibly have been compromised, they would have said so. They said they're not sure, and they're having an external company look into it.

This.

It seems rather incompetent of Sony to have unencrypted passwords available for any hacker. My understanding is the modern way of doing things is that companies that require passwords for their services do not actually allow their employees to see the passwords in any way possible.

Anyway, I guess I'll ask for another debit card next week. Funny thing is two months ago somehow my debit card number was stolen and being charged all over Xbox live, yet I don't actually have a 360. I'd really rather not risk it and find out since my debit card has way less in the amount of covered fraudulent charges than my credit card.

Share this post


Link to post
Share on other sites

Does your bank not adhere to the newer rules regarding debit cards, which is zero liability for any and all fraudulent online transactions? I know there was a considerable divide in coverage some years ago but this is no longer an issue with the majority of banks — particularly any issuing VISA debit cards, as I believe it's mandatory with VISA.

Regarding passwords, I continue to be dumbfounded by how many companies store their passwords either as plaintext or in a way that's relatively easy to decrypt. I mean, how many fucking times does this kind of thing need to happen? Actually it'll probably always happen because in my professional experience every single e-commerce company whether they be big or small tends to adopt a 'it'll never happen to us' kind of mentality.

A tip I often give out regarding passwords is to use an acronym which slightly varies with every site you use it on. So for example, 'i like using this password for many things' would be 'ilutpfmt' — quite impossible to guess, and extremely difficult to work out if someone's watching you type it in over your shoulder.

You can then make it site-specific by using a basic formula, such as attaching the first letter of the site's name to the beginning of your password. So in Idle Thumbs' case, the password would become 'iilutpfmt'. On Mojo it'd be 'milutpfmt', etc. You can use your imagination to quite easily make this a bit more sophisticated yet easily memorable.

It's a good approach because then you not only have a fuckin' hard password to guess, brute force, or observe, but also if they do get it (the site itself leaking your password like with PSN being the only realistic way this'd happen) it's not going to get them anywhere on other sites you use. :tup: Using a variation of this technique I have literally hundreds of unique passwords out there yet I never struggle to remember a single one of them.

Share this post


Link to post
Share on other sites
Regarding passwords, I continue to be dumbfounded by how many companies store their passwords either as plaintext or in a way that's relatively easy to decrypt. I mean, how many fucking times does this kind of thing need to happen? Actually it'll probably always happen because in my professional experience every single e-commerce company whether they be big or small tends to adopt a 'it'll never happen to us' kind of mentality.

Totally agreed. Kinda reminds me of how practically no sites use HTTPS... which, while I'm no expert, seems like something that should be practically universal.

Share this post


Link to post
Share on other sites
Does your bank not adhere to the newer rules regarding debit cards, which is zero liability for any and all fraudulent online transactions? I know there was a considerable divide in coverage some years ago but this is no longer an issue with the majority of banks — particularly any issuing VISA debit cards, as I believe it's mandatory with VISA.

Well it's a credit union, I don't know if that makes a ton of difference, but I'm pretty sure they only zero it out somewhere between $200-500. I could be wrong though if there is a newer law passed in the last requiring all banks and credit card companies to cover all fraudulent charges no matter how high.

Possibly credit card companies have a limit as well though. I've had my credit card number used for fraudulent things three times over now and I hardly ever touch the thing outside of Amazon purchases (and it's an Amazon card) or in real life for gas, but I've tried prying the rep on the phone to see the limit but they seemed to just skirt the issue.

Regarding passwords, I continue to be dumbfounded by how many companies store their passwords either as plaintext or in a way that's relatively easy to decrypt. I mean, how many fucking times does this kind of thing need to happen? Actually it'll probably always happen because in my professional experience every single e-commerce company whether they be big or small tends to adopt a 'it'll never happen to us' kind of mentality.

This seems so incredibly incompetent that I want to say it isn't true, especially for the big high tech Sony, but all signs seem to say it is. I'm always annoyed if I have to reset a password or I register somewhere and a company just sends me an e-mail with it spelled out right there. Come on now, I thought this was Web 2.0 and all that shit.

Share this post


Link to post
Share on other sites
I am aware that there are rules you should follow, but that doesn't mean that Sony did it. To me Sony isn't a trust worthy company, and it's not just the sleazy EULAs they try to hide behind, or the way they try to get away with violating customer rights. Or the fact that they have been removing functinality from already bought products. It is also the fact that they have been spreading malware, and disrupting non-sony hardware people owned. And there is of course their shady business practices like fake film critics that give low ratings for films of competing studios, the plan to break the lives of people (/activists) critical of their company, or their failed attempt to hide the faulty battery issue.
So basicly you're one of those pro piracy people that was against sony the instant they tried to shut down geohotz and the other hackers then?

Share this post


Link to post
Share on other sites
So basicly you're one of those pro piracy people that was against sony the instant they tried to shut down geohotz and the other hackers then?

I'm not pro piracy. But I am on geohotz' side concerning that conflict.

Share this post


Link to post
Share on other sites
I'm always annoyed if I have to reset a password or I register somewhere and a company just sends me an e-mail with it spelled out right there. Come on now, I thought this was Web 2.0 and all that shit.

If you receive an email with your password after registering for the first this doesn't necessarily mean they're storing a clear text or decryptable version of your password, though. It's lame to do it, but they could still be hashing your password in all the right ways.

Share this post


Link to post
Share on other sites

Looks like Sony is getting ready to announce a compensation package soon that will include

-Free content of some kind(my guess is a PSN game)

30 day PS Plus and Qrocity subscription for all users

Share this post


Link to post
Share on other sites
If you receive an email with your password after registering for the first this doesn't necessarily mean they're storing a clear text or decryptable version of your password, though. It's lame to do it, but they could still be hashing your password in all the right ways.

Ah, I guess that makes sense. That eases my mind a little bit to at least give everyone the benefit of the doubt.

On the offer, am I correct in thinking that any content you get for free with a Plus account is not yours to keep? As far as the hopefulness of a free PSN game, I'm already foaming at the mouth! I want Stacking!!!

Share this post


Link to post
Share on other sites
Ah, I guess that makes sense. That eases my mind a little bit to at least give everyone the benefit of the doubt.

On the offer, am I correct in thinking that any content you get for free with a Plus account is not yours to keep? As far as the hopefulness of a free PSN game, I'm already foaming at the mouth! I want Stacking!!!

I think you lose access to any games you've downloaded while on the service, but any content you actually purchase with discounts is yours even if the subscription lapses. If they give us stacking, you could always play it and beat it in the month before the free sub lapses.

Share this post


Link to post
Share on other sites
I'm not pro piracy. But I am on geohotz' side concerning that conflict.

Why? I don't get this angle.

You think you should have the freedom to do whatever you want with the devices you buy? No problem, but freedom comes at a price. Would you be willing to pay $1000 for a PS3? (this wouldn't have been a ridiculous amount at launch)

I totally agree that Sony litigated in a matter that bordered on being illegal, but that doesn't make geohotz right.

Share this post


Link to post
Share on other sites
If you receive an email with your password after registering for the first this doesn't necessarily mean they're storing a clear text or decryptable version of your password, though. It's lame to do it, but they could still be hashing your password in all the right ways.

This is off topic, but there's this one stupid mailing list that keeps REGULARLY SENDING ME THE PASSWORD. Like once a month. It's not like a mailing list password is a security problem, but it's so stupid anyway:

This is a reminder, sent out once a month, about your mail.osgi.org mailing list memberships. It includes your subscription info and how to use it to change it or unsubscribe from a list. ... BLABLABLA... your passwords: blablabla

Share this post


Link to post
Share on other sites

According to this, they did hash the passwords. So if they're still saying the hackers got our passwords, this means they didn't salt them, which is still almost as bad.

Share this post


Link to post
Share on other sites
You think you should have the freedom to do whatever you want with the devices you buy? No problem, but freedom comes at a price. Would you be willing to pay $1000 for a PS3? (this wouldn't have been a ridiculous amount at launch)

I don't get the point you are making. so, it is ok for product manufacturer to apply arbitrary limits on the product you bought after you bought it? It's ok for the manufacturer to remove features of a product you bought after you bought it?

I believe in the right to tinker.

No, I wouldn't pay $1000 for a PS3. It's simply not worth that much money. But when I buy a product I do expect that I can do anything with that product I want to. Sure. I'd lose things like warranty when I break the seal.

Share this post


Link to post
Share on other sites

Does that mean my password is safe as long as I didn't use a dictionary word or the like (I use complex gibberish passwords)?

Share this post


Link to post
Share on other sites
Does that mean my password is safe as long as I didn't use a dictionary word or the like (I use complex gibberish passwords)?

With the hash, they have to dictionary/brute attack everything; however, since they have unlimited time, they could potentially find out the passwords; also however though, you are required to change the password on PSN now. That won't stupid people from going from "password" to "password1" or something like that though. There's 70 million people and changes are, not all of them are smart.

Having said that, you should be 100% safe as long as you change your password to another non-dictionary gibberish password.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now