Sony: New PS3 firmware to accompany PSN relaunch, network being physically rebuilt

Oh, that's good to know that the Credit cards were encrypted...
Why not the rest of the data?

Honestly, I don't know what the implications of someone having a list of a few million addresses and phone numbers are. I don't think it will affect me in any way. In the random chance that I get a spam email, I'll just add it to my spam filter on Gmail. If I get a spam call, I'll just add it to my blocked callers list. And if I get something in the mail, AWESOME! I hardly ever get things in the mail anymore.

@killerjuice

it's less sensitive data I think. You usually depend on your other data security measures, which failed in this case, to protect that sort of data.

@killerjuice That spam mail makes GREAT kindling for emergency fires when Reapers come to destroy the galaxy and your power goes out!

@killerjuice
Anyone with your address, birthday, and name can do a lot of havoc. Most easily is making fake photo I.D.'s using your info and their photo and physical description, like illegals coming into the country. Also, those I.D.'s can then be used to pass stolen checks, writing the checks out to "you" and them cashing them, leaving you holding the bag on possibly thousands of dollars of theft that you have to prove you didn't do.

And I speak from experience, as this happened to me. Welcome to the world of identity theft.

@killerjuice

The biggest danger is simiar to the fallout from the Gawker Media incident, if one use the same e-mail/password combination for all websites like Amazon.com or worse, for online banking etc.

People...make sure your passwords are all different!

@FakeJamaican

its 2011 and honestly if you use the same Email + password for EVERYTHING then you deserve as much blame as Sony is getting. Any real person would have at least 2 emails and at LEAST 3-4 passwords. Unless you're really that brain dead not to remember 3 tiers of password safety.

lv 1. AIM-MSN-BOOKMARK SITES
lv 2. FACEBOOK, SOCIAL SITES, IMPORTANT EMAIL, PHONE PASS#
lv 3. ONLINE BANKING, E-STORES (including PSN), GOV'T SITES.

i thought this was a mutual understanding in this day and age where EVERYTHING we do is connected stored and shared.

@killerjuice
The thing is most people don't realize how much the internet already has on them. Try looking up your name or phone number at http://www.zabasearch.com/, http://www.whitepages.com/, or www.lookup.com. You may be in for a surprise.

The main issue I think is not the personal data but rather the possibility of password and credit card loss. I would say a certain amount of vigilence and inconvenience from changing passwords and reporting the card as lost should be enough.

@PR0F3TA

The scariest thing to me is that important email is a tier 2 password level for you.

Tier 1: Junk sites, forums, junky games.
Tier 2: Important sites. MMO games, social networking.
Tier 3: Online banking, things involving money or that could be used to cause finanicial harm or harm to your reputation.
God Tier: Your important email account (probably what you have your bank and important things tied to.) Given the fact that your email can be used to reset passwords for everything from MMOs, Paypal, and even banking, it should be your longest and most complicated password, not to mention be unique. Mine is 16 characters long.

Dont forget to outright lie on all your "security questions", as those are by far the easiest way to compromise an email account. I can't believe modern email companies still have these in existence. It's not that hard to learn the name of someone's favorite teacher or where they went to middle school.

@ruibing Heh. I completely failed to show up on two out of those three (got someone else with my name, but he lives on the other side of the country), and the lookup.com thing came up with my Facebook page and nothing else.

I feel like an Internet ninja or something.

@(Unverified) What about the millions of people on facebook and myspace? ( I'd be willing to bet that everyone bitching about this has one or both) Everything you ever wanted is there, with photos, So whats the point of using a mess of information from PSN?

@PR0F3TA A normal (real?) person, one that uses the internet for just casual emailing and facebooking, don't want to care or think about several different passwords or emails, and don't understand the difference between a weak or a strong password. A geek (also real?), I guess most of us here, do.

Different sites already want more odd characters or numbers, or no odd characters and numbers, and force me to come up with variations of my passwords. Though this would be a good thing, it drives me mental.

@ruibing

Agree on that one. I could go look my self up on the various online phonebooks we have here in Denmark, and they could fin my Name, adress and phone number.

To me the biggest deal here is the passwords for your account, and your CC info, which luckily enough was encrypted.

But i already canceled my Visa card, and i have changed my Gmail password just to be sure. I don't want to take any risks on this.

@R Planteer

sorry i tend not to join junk sites, junky forums, junky games so our tiers differ, whats with the down vote though? I was making a point that Planteer seemed to confirm, we all should use more then ONE password, what site or program your tier falls on is only as important as the person using it.

btw, temporaryinbox does wonders from junky sites.

@kentuckyfried
I always keep all my passwords the same. My passwords are all "password". This is a safe password that even hackers can't figure out.

call it old fashioned but if all i wanted was a bunch of names and addresses i would just use the yellow pages.

@(Unverified)

Okay, I'm curious, who the hell puts their real birthday when you register for a website? You guys seriously trust companies not to sell your info and for it never to fall in into the wrong hands? The only people who have that information is my utitlies and my bank. I don't think PSN, Facebook or JibJab need my real birthday... lol

@(Unverified)

I have an overly nosey ex. All my passwords and security questions are different and convoluted because she engages in what I call privacy theft. Even more annoying than identity theft.

Maybe someone could steal my identity and take her off my hands...........nah that'd never work.

@killerjuice
Well, if they had access to the encrypted table, they probably also had access to the encryption key in the system, so the fact that they were encypted is meaningless...

@(Unverified)

"Anyone with your address, birthday, and name can do a lot of havoc. Most easily is making fake photo I.D.'s using your info and their photo and physical description, like illegals coming into the country."

The thing with this is, anyone who wants to do this already has access to millions of names and addresses via a simple search online. What difference does it make if someone gets your name/address/birthday from a PSN hack or if they get it from a Google search result. Anyone who's bought property (at least where I live) has their information in their county assessor records online. This whole thing doesn't seem like a valid complaint.

The real complaint I can see was already mentioned, which is that you might need to change your password on a different site or e-mail if you used the same one on PSN.

@(Unverified)
So what if you had a fake birthday and address? As when I signed up for PSN it kept saying I needed an adult account (even though I was 18) so I lied and made my self 21 and used a pretty out-dated address.

Not sure why this got rated down? Sony have always been one of the main users of the reality distortion field that Apple uses too.

@Pyrii
Finally? I'm sure the guys who have been pulling 16-20 hour work days since last week appreciate this attempt to troll and depreciate their efforts by a lousy Furry. Maybe after you're done salamander yiffing or whatever the yell you people do, you'd realize why you were downvoted.

@SheppyReturns

Thanks for that dose of Irony there. I do love to see the irony.

@Pyrii

What Irony?

@JGray73

It took the a-holes some 4 to 5 years to hack it for the first time. With rebuilt network + better security, I'm guessing somewhere between 5 years to never.

Hopefully never...

@The Harbinger of Pie
No one knows exactly how much effort was put into hacking the system. You can say 5 years, but that would imply that the same person has been knocking at the door for 5 years hoping to get in.

It's more probable that over the years some hackers have tried and failed, but didn't have the expertise. If the right hacker would have cared about getting into PSN 4 years ago he/she probably could have got in. I don't recall GeoHotz mentioning specifically how much time he spent trying to hack the code.

@The Harbinger of Pie
"It took the a-holes some 4 to 5 years to hack it for the first time."
Time it took to hack the PS3 =/= Time it took to attack the PS3 servers
This could have very well happened when the PS3 first came out.
I remember back when I was using a bypass to pass the PS3 system firmware update that removed OtherOS with a mere computer bridging program.
(I later caved and updated when Sony removed the ability to bypass and haven't cared about the removal of OtherOS since.)

@The Harbinger of Pie If history has taught us anything, it's that:
1.) Any one can be killed
2.) Any network can be hacked. The Pentagon is under constant attack, and if memory serves me right, there have been a few infiltrations. So don't think that Sony is going to have some impenetrable fortress.

@Lerkero

I think they said they worked on it for about nine months, with maybe an extra month or two of testing. Either way you stack it, they did it in less than a year.

According to Hotz and failOverflow at the PS3 jailbreak unveiling, they claimed that if Sony had not taken out OtherOS, thus closing the system after the fact that millions of them were purchased opened, they would not have bothered at all. As their only concern was making the system open again.

I have no doubt in my mind, that had the PS3 launched without OtherOS back in 2006, Hotz would have hacked it the first year it came out, instead of spending the time jailbreaking the iPhone. - yeah, every jailbroken iPhone in existence, owes its freedom to Hotz. And the fact that Apple (or Google, or even your phone carrier, for that matter) cannot legally punish people for jailbreaking their phones, or force un-jailbreaking measures on jailbroken phones, is also largely Hotz's doing. It's a major win for the consumer. And a lot of the wonderful jailbreak perks to show up in the Android community, are a testament to that.

But like you said, it really comes down to the skill of the hackers involved, and how determined they are to get in. But it certainly did not hurt their cause, that Sony themselves left the encryption keys sitting right there for anyone who knew how to look, to see. What Sony did is kinda like if you left the keys to your car sitting in the ignition, but locked your car doors. Even if you have tinted windows, if someone walking down the street puts his/her face up to the glass close enough to look hard enough, they are going to see the keys just sitting there in the ignition. Then it's only a matter of smashing in the passenger side window and driving away with your car. Which is pretty much exactly what Hotz did - put his head up to the window, saw the keys sitting there in the ignition, and one quick brick through the window later, was taking the PS3 for the joyride of the century.

@Tachyonic Don't give me that 'we had no reason to look", Drinking the hacker coo laid much? Other OS was half ass, you could do very little with it,

@mmmfishtacos
How on earth do you know it was half assed. You have no idea was Hotz was using it for or wanted it for. If microsoft or apple decided to install their os with a feature and then later on decide to take it away im sure if you used that feature you would be upset too.

@tepster

This guy's basement: https://lh6.googleusercontent.com/_bvp9G59VEQw/Tbi9JE8NglI/AAAAAAAAALY/TGI3H6S7_Qc/s800/fast-and-furious-3-tokyo-drift-2006-07-g.jpg

@tepster Kevin Butler's one.

@BrianH

Summer starts on June 21st. Not April or May.

@FakeKevinButler

/smartass

@(Unverified)
Wait, why are you pissed that Sony encrypted your CC info?

@(Unverified) You're pissed they encrypted your cc info? What do you want them to do store it in pain text?

@(Unverified)

lol. 'pain' text :P convenient typo??

@(Unverified)
You don't know what "encrypted" means, do you?

@(Unverified)

I'm pissed too, there is NO reason for Sony to be storing credit card infomation, encrypted or not, they're not a payment processor. Leave that to the people with the PCI compliant servers.