By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - Sony Discussion - Sony hit with second attack, loses 12,700 Credit Card Numbers

irstupid on 03 May 2011
theprof00 said:
Grimes said:
makingmusic476 said:

This wasn't a second attack.  This was part of the first attack, only it wasn't until yesterday that SOE had become aware that they had also been hit.

Also, I'm not sure why people are giving Sony so much shit over this.  The attack was so severe the FBI and Homeland Security have gotten involved.  You're going to stop buying their products because some really damn good hackers decided Sony was their next target?


From what I've read, the intrusions were through an existing vulnerability that wasn't patched. It may have not taken "damn good hackers" as you call it, but merely criminals who took advantage of poor maintenance.

An existing vulnerability in the movie mission impossible was a person flying to another building and rapelling down a room's height. to activate a terminal within a 15 minute time frame.

 

I kid, I kid. Just don't infer anything more from "existing vulnerablity", other than they knew about the vulnerability.  

no it would be like if in the second death star they made an air duct the same as the first death star.  Sony KNEW of the flaw and had not fixed it.  Its their own dumb fault for getting thier death star blown up again



Around the Network
thranx on 03 May 2011
pitzy272 said:
twesterm said:

Ugh, as I said in the other thread I'm through with Sony this gen if true.

Even with the joke of giving us 30 free days of PSNPlus as a sign of an apology, I was willing to let this blow over.  I was even heavily considering getting an NGP over the 3DS because it does look like a cool device and the 3DS is only meh.  Now though, if true, screw Sony.  There's no chance I'll buy the NGP, I'll buy no multiplats for the PS3, and I'll simply borrow any exclusive I want to play.

It's amazing how little they care for their customers.

 

Lastly, did Microsoft not have an XBL breech a few years back? I heard this mentioned several times on IGN recently. Anyone know if this is true? Please tell me it is, b/c it shows even more how unfair people are being. But you know what? If a similar thing did happen to XBL, they deserved grace just the same as Sony does. Stuff happens. People make mistakes. So do all of us.

As far as I can tell, and I posted in  another thread specificaly on this, all of the MS intrustions were through phishing and all they have done is hacked peoples personal accounts through phishing. Xbox live has not been breached in a similar way. Live has not had any databases hacked into nor massive leaks of personal data.

 

here is the thread about it: http://gamrconnect.vgchartz.com/thread.php?id=128029&page=1#

And my post about the hacks: http://gamrconnect.vgchartz.com/post.php?id=4030456



theprof00 on 03 May 2011
irstupid said:
theprof00 said:
Grimes said:
makingmusic476 said:

This wasn't a second attack.  This was part of the first attack, only it wasn't until yesterday that SOE had become aware that they had also been hit.

Also, I'm not sure why people are giving Sony so much shit over this.  The attack was so severe the FBI and Homeland Security have gotten involved.  You're going to stop buying their products because some really damn good hackers decided Sony was their next target?


From what I've read, the intrusions were through an existing vulnerability that wasn't patched. It may have not taken "damn good hackers" as you call it, but merely criminals who took advantage of poor maintenance.

An existing vulnerability in the movie mission impossible was a person flying to another building and rapelling down a room's height. to activate a terminal within a 15 minute time frame.

 

I kid, I kid. Just don't infer anything more from "existing vulnerablity", other than they knew about the vulnerability.  

no it would be like if in the second death star they made an air duct the same as the first death star.  Sony KNEW of the flaw and had not fixed it.  Its their own dumb fault for getting thier death star blown up again

No one's refuting that point. I agree.

I'm responding to the bolded (which I just bolded). Just because something has a known vulnerablity, it doesn't mean just anyone can get the info, and it doesn't even mean that good hackers can get the info.

I'm just saying that "known vulnerability" implies nothing more than the words themselves. It is a vulnerability that is known. Just because something is described as "outdated" and "vulnerable", it doesn't relate to anything more than equal opposite force.

Like your example, the Death Star has that tunnel because the core needs to have ventilation. It must exist. What they can do, is put turrets all around it, and make it near impossible to get at. However, every once in a while a superhero is able to break in and wreck house. Understand? The builders knew the vulnerability was there, but did not expect a a hero with a Darth Vader level of force ability would do that.

Again, I'm not saying a superhuman did the hack. I'm saying "known vulnerability" can just as much imply superhuman efforts, as toddler effort. Let's not let "partisan biases" morph this story into a series of exaggerations.



irstupid on 03 May 2011
theprof00 said:
irstupid said:
theprof00 said:
Grimes said:
makingmusic476 said:

This wasn't a second attack.  This was part of the first attack, only it wasn't until yesterday that SOE had become aware that they had also been hit.

Also, I'm not sure why people are giving Sony so much shit over this.  The attack was so severe the FBI and Homeland Security have gotten involved.  You're going to stop buying their products because some really damn good hackers decided Sony was their next target?


From what I've read, the intrusions were through an existing vulnerability that wasn't patched. It may have not taken "damn good hackers" as you call it, but merely criminals who took advantage of poor maintenance.

An existing vulnerability in the movie mission impossible was a person flying to another building and rapelling down a room's height. to activate a terminal within a 15 minute time frame.

 

I kid, I kid. Just don't infer anything more from "existing vulnerablity", other than they knew about the vulnerability.  

no it would be like if in the second death star they made an air duct the same as the first death star.  Sony KNEW of the flaw and had not fixed it.  Its their own dumb fault for getting thier death star blown up again

No one's refuting that point. I agree.

I'm responding to the bolded (which I just bolded). Just because something has a known vulnerablity, it doesn't mean just anyone can get the info, and it doesn't even mean that good hackers can get the info.

I'm just saying that "known vulnerability" implies nothing more than the words themselves. It is a vulnerability that is known. Just because something is described as "outdated" and "vulnerable", it doesn't relate to anything more than equal opposite force.

Like your example, the Death Star has that tunnel because the core needs to have ventilation. It must exist. What they can do, is put turrets all around it, and make it near impossible to get at. However, every once in a while a superhero is able to break in and wreck house. Understand? The builders knew the vulnerability was there, but did not expect a a hero with a Darth Vader level of force ability would do that.

Again, I'm not saying a superhuman did the hack. I'm saying "known vulnerability" can just as much imply superhuman efforts, as toddler effort. Let's not let "partisan biases" morph this story into a series of exaggerations.

well that vent, all they had to do was put up a few random bars in the tunnel, or have it turn once in a while.

so even if they get past all the turrets and what not else that made it SEEMINGLY IMPOSSIBLE to get to, there is still a fail safe in teh end of the missile hitting bars or the vent shaft turning so it hits a wall.

if sony knw of a potential vulnerability, they can as you said make it damn near impossible to get to, but nothing is impossible.  BUT THEN have a fail safe, such as ENCRYPTING the data.  If my memory serves correct, wasn't the data all just sitting there in non-encrypted form?



thranx on 03 May 2011
theprof00 said:
irstupid said:
theprof00 said:
Grimes said:
makingmusic476 said:

This wasn't a second attack.  This was part of the first attack, only it wasn't until yesterday that SOE had become aware that they had also been hit.

Also, I'm not sure why people are giving Sony so much shit over this.  The attack was so severe the FBI and Homeland Security have gotten involved.  You're going to stop buying their products because some really damn good hackers decided Sony was their next target?


From what I've read, the intrusions were through an existing vulnerability that wasn't patched. It may have not taken "damn good hackers" as you call it, but merely criminals who took advantage of poor maintenance.

An existing vulnerability in the movie mission impossible was a person flying to another building and rapelling down a room's height. to activate a terminal within a 15 minute time frame.

 

I kid, I kid. Just don't infer anything more from "existing vulnerablity", other than they knew about the vulnerability.  

no it would be like if in the second death star they made an air duct the same as the first death star.  Sony KNEW of the flaw and had not fixed it.  Its their own dumb fault for getting thier death star blown up again

No one's refuting that point. I agree.

I'm responding to the bolded (which I just bolded). Just because something has a known vulnerablity, it doesn't mean just anyone can get the info, and it doesn't even mean that good hackers can get the info.

I'm just saying that "known vulnerability" implies nothing more than the words themselves. It is a vulnerability that is known. Just because something is described as "outdated" and "vulnerable", it doesn't relate to anything more than equal opposite force.

Like your example, the Death Star has that tunnel because the core needs to have ventilation. It must exist. What they can do, is put turrets all around it, and make it near impossible to get at. However, every once in a while a superhero is able to break in and wreck house. Understand? The builders knew the vulnerability was there, but did not expect a a hero with a Darth Vader level of force ability would do that.

Again, I'm not saying a superhuman did the hack. I'm saying "known vulnerability" can just as much imply superhuman efforts, as toddler effort. Let's not let "partisan biases" morph this story into a series of exaggerations.


I could be wrong but from what i have read sony was behind by two versions on the OS they used on their serves (11 months was what I saw after the OS updates were released) these updaates fixed said vulnerability that these hackers used. So had sony updated their software they would not have been vulnerable. Hence taking advantage of poor maintenence. That is what I have read so far. So it basicaly comes down to Sony not doing their job of keeping their hardware/software reasonably updated.



Around the Network
theprof00 on 03 May 2011
thranx said:


I could be wrong but from what i have read sony was behind by two versions on the OS they used on their serves (11 months was what I saw after the OS updates were released) these updaates fixed said vulnerability that these hackers used. So had sony updated their software they would not have been vulnerable. Hence taking advantage of poor maintenence. That is what I have read so far. So it basicaly comes down to Sony not doing their job of keeping their hardware/software reasonably updated.

again, I'm not disputing that. I agree that they were behind on their defense.

What I'm saying is, just because the lock on my front door is "accessible with the right key", mean that all burglars have that key. Maybe my door has an eye scanner. Some thug might have an eye-scanner hack, but chances are they don't. Yaknow what I mean?

Anyway, it doesn't matter. The most important thing is why this is happening now, and why credit card companies haven't seen any wierd access. 

I believe this is just a message from a very pro hacker. 

Look, just because some guy can run his own fake server in his house and see what information is being sent and where it's going, it doesn't mean that anyone can access the database. Things being said "in theory" doesn't equal them being easy to do. 



MrT-Tar on 03 May 2011

ouch, this really isn't looking good

I really feel for Sony at the moment




scabab07 on 03 May 2011

You watch, all of this will be the downfall of the Playstation name. Ive always said when Xbox 720 and PS4 come out Sony wont stand a chance but this will be the end of Sony for sure now.



Smashed on 03 May 2011
scabab07 said:

You watch, all of this will be the downfall of the Playstation name. Ive always said when Xbox 720 and PS4 come out Sony wont stand a chance but this will be the end of Sony for sure now.


Reported, troll.

Don't speak about things you know nothing of.



huaxiong90 on 03 May 2011
EyeAmTJ said:

In the mean time I'm enjoying XBOX Live

Cool story bro.

OT: While it wasn't a second attack, things are worse than ever for Sony at the moment.



Rockstar: Announce Bully 2 already and make gamers proud!

Kojima: Come out with Project S already!