Playstation Network outage

[Rico]

Well, after a few weeks it still looks like the PS Network, Sony Online Entertainment, etc. will be still down for weeks.  Maybe until the end of May - or beyond.  I find this a bit shocking that it's taking them this long to restart it all.  They are going to be bleeding money from this one for a long while since games that require online connections won't work until this is restored.  I do like Sony products, but their security was obviously not up to what it should be.  Anyway, more on this issue here:  

http://arstechnica.com/gaming/news/2011/05/billion-dollar-psn-outage-may-not-be-fully-remedied-until-may-31.ars

[Jobydrone]

The whole situation has been pretty shocking and disturbing.  I've been watching my accounts like a hawk since this was announced.

[Rico]

Fortunately for me, the PSN didn't have any credit card info of mine.  I've never bought anything from them.  I mainly use the PS3 for the Blu-Ray player and to stream video files from my PC or Netflix.  But yeah, it's a pretty big mess.  My younger son Eric who is a computer science major has lost a lot of faith in Sony.  Anyway, I'll be most interested in how much they "step up" to compensate their customer base after all this.

[Jobydrone]

My problem is that I know I bought some stuff a year or so ago, but I have no idea which card I used, and there's no way to check while their account management servers are offline.  So basically I have to check every account I have open until there's some way of knowing.

I liked the idea that Sony Europe has stated they'll be giving away free games on PS3 and PSP as compensation, I guess as digital downloads.  Hopefully we get this in the US as well.

[billybob476]

It's not a question of bringing it back online, they could do that right now. They are redesigning a major portion of the basic structure of their systems to close the gaping security hole that was exploited. No point turning the system back on if it's just going to be hacked again.

This is a very big oversight on Sony's part and for a company as large as they are it's basically an unforgivable error. Unfortunately though, when it comes to online storage of sensitive data, I think you'll find more sites doing it 'wrong' then doing it right.

[Rico]

Oh, I realize all that Joe.  My point was, fix the hole!  I mean, is it really that hard to plug?  The hackers pointed it right out to them.  And I also have a hard time understanding how someone as big as Sony has such poor security to start with.  Anyway, I just hope my bank does a better job.  ;) 

[billybob476]

My understanding is that a complete fix requires a fairly substantial rewrite of the underlying server code. That combined with QA time easily puts it to the end of the month.

[X]

Oh, I realize all that Joe.  My point was, fix the hole!  I mean, is it really that hard to plug?  The hackers pointed it right out to them.  And I also have a hard time understanding how someone as big as Sony has such poor security to start with.  Anyway, I just hope my bank does a better job.  ;) 

I think that the reason they were easily exploited is because their gimick came back to bite them in the butts. The created PSN to go against the 360 and decided that they could win people by making it free. however, they knew going in that they would need to have a paying side to it to be able to support the framework of the PSN. IF you are putting out the console at a loss and hoping to make it up with first party titles, there is really not much money that you can put into a free network, if you still want to make money.

They tried to sale you something cheap and flawed and hope that it would move enough consoles so that when they had to switch to a paid format, people would already be too invested in the product to get upset.

Then their chickens came home to roost.

[KingIsaacLinksr]

This is just another Sony oversight.  Is this company trying to kill itself? 

Just sad. 

King

[Blackride]

Since they are doing credit card transactions they should be PCI compliant. I am not sure how many of you have been through PCI audits but they are a joke. I am not suprised at all that this kinda stuff happens.  Audits are nothing more than a third party company that comes and asks questions about your infrastructure. They really do not have hardware or software to confirm your PCI compliancy. They are dependent on the people taking the audit to answer correctly.

[QuadShot]

Blackride, I've been through PCI audits. I work for a for profit University and we were put through the wringer. Truly.

[KingIsaacLinksr]

Alright, I know that people make mistakes, but to me, this just looks like sheer negligence.  I don't think that just sending them free games is the right punishment for the possible damages they could have caused by this.  What do you guys think about this? 

King

[Jobydrone]

The longer it goes the more damaging it seems to get for Sony.  Now there are accusations that Sony actually knew about a fatal security flaw for months before the intrusion and did nothing about it.  If that can be proven then it's even more of a huge blow for Sony. 

I'll certainly take my free games of course, and probably have no problem using my credit card with them in the future.  I look at it like, stuff happens, you can't live in constant fear.  With all the scrutiny they are under now from the government and other sources I'm going to believe that when they are finally up and running again their service will have the highest security possible.  Frankly anyone and everyone is vulnerable to hackers.  Nothing is truly completely secure.

[Rico]

I have heard similar reports about them knowing about the security flaw too.  That seems to happen a lot when security issues happen in places.  Hey, I know there's a big, gaping hole but it would be too costly and time consuming to fix, so just cross your fingers. ;)

[billybob476]

I will remain silent regarding some project I've worked on...let's just say it happens more then you'd be comfortable believing.