Poll: Compensation for PSN users?

[Kron_the_mad wants to be deleted]

Well, some sort of compensation for deliberately stupid security measures coupled with goading hackers (very bad hackers) into an attack that has caused the loss of consumer credit card information that is supposed to be protected by any company holding them under the laws of countless countries (making the EULA get out clause unlawful in a lot of places) is a pretty big thing.

It's not just network downtime theres a lot that can be done just with personal details let alone bank accounts and card numbers.

I get that there is no perfect security, but it was a downright idiotic setup if all the information coming out is to be believed.

 

[matsugawa]

I wouldn't mind some kind of "store credit" toward PSN purchases, but I won't hold it against them if nothing comes of it. I just want the network back up so I can buy the full versions of the games I just got demos for.

 

[Echo136]

Seriously, unless you actually got scammed, or you have a Playstation Plus account, you dont deserve shit.

What? Sure you do, someone is out there selling your personal info cause Sony dropped the ball. That's worth something in my book.

People give away all that information freely all the time on facebook and other social sites. The fact that people are only now getting angry about it is purely ironic.

 

[Echo136]

Edit: Doublepost

 

[Snork Maiden]

No system is full-proof. Saying it was inadequate simply because someone got at it is a little naive.

Sure no system is foolproof, but that doesn't mean that we don't get to judge Sony's measures to determine if they were indeed adequate.

Well as far as I'm aware we don't know the full ins and outs of their measures, so we can't.

No kidding. The underlying issue is that all computer networks are made by normal people. I'm sure there are plenty of hackers out there (or maybe fired Sony employees) that have more skill than the average Sony staff member. All networks are made by people, all people are flawed, thus all networks are inherently flawed. Sony may have had top-of-the-line security, but all it takes is one person with more skill than whoever is at Sony to get into the network. That's why the US Government is known to hire people who manage to break into their security systems. If there's someone out there who's good enough to break through your security, you want him to be on your payroll.

The big issue isn't that Sony was hacked, it's that the information was stored in such a way that it was easily available to hackers. Sony are saying that CC info *could* of been compromised to cover there asses - chances are it hasn't, because it should (and probably WAS because there's regulations about this kind of thing) of been hashed which means it's basically unfeasible for a hacker to get their hands on the info even if they have access to the system.

Of course the main issue is that other private information was given up, especially passwords. There's no reason at all that hackers should have access to everyone's passwords, since you can use the exact same techniques to hide them from hackers. As well as this you have to remember Sony took a week after taking the servers down to actually tell anyone something might be wrong - surely bad form.

 

[omega 616]

I would say PS+ people and DCUO people should get money back.

Sony don't owe us anything 'cos PSN is free but they will give us something as a way of getting some good PR back.

Sony doesn't really owe you anything over the loss of the free service, but they CERTAINLY owe you for losing your private data.

Why?

It card be hard to change your personal data and inform your bank of the problem.

It wasn't like Sony just had a sale of PSN users information, hackers are the ones who took the data.

At the most it's a minor inconvenience.

Unless you know what they used to secure it, the topic is pointless.

The same goes for steam though, I was shocked when I bought a game this morning (my second ever) I had to put no info in at all!

I was thinking I would have to atleast put the 3 digit code on the back of the card in but it was just click it through. If that got hacked it would be equally as bad.

If I told you that I would watch your dog and take care of while you were away, and then while your dog was in my care, I didn't watch it carefully enough and it ran out into the street and was hit by a car, wouldn't I then owe you for letting your dog get hit by a car?

That's what happened here; Sony let 77 million dogs get hit by a car.

They very fact that they lost our data is in and of itself a wrongful thing for them to do. And yes, it's really a pain in the ass when your major credit card that you use for your bills and other services is suddenly unusable.

They don't really match up, if you were looking after my cash and you had it on the passanger seat of you car while you parked in a car park, when it got lifted I would hold you responable.

If I asked you hold my cash and you put it in a safe and secure place then, I could hardley hold you responsable for that.

I doubt sony just left the data on a train (cookies for that referance), I think they put it in atleast a safe place, the fact somebody hacked it isn't sonys fault.

The question tho is how safe was the place that they put it in? They were entrusted with the personal info of 77 million people.

Unfortunately for Sony, as the amount of responsibility that you undertake goes up, so does your duty to uphold that responsiblity.

For example, if i entrust you with 100 dollars of my money, and you hide it in lets say a 50 dollar Wal-Mart safe, then you probably satisfied your duty to protect my property

However, if I entrust you with the HOPE DIAMOND, and you put it in a 50 dollar Wal-Mart safe, then you have failed miserably in your duty.

That's the question here, a lot of us are arguing that Sony didn't take adequate measures given the enormity and gravity of the amount of information that they were entrusted with.

I would say PS+ people and DCUO people should get money back.

Sony don't owe us anything 'cos PSN is free but they will give us something as a way of getting some good PR back.

Sony doesn't really owe you anything over the loss of the free service, but they CERTAINLY owe you for losing your private data.

Why?

It card be hard to change your personal data and inform your bank of the problem.

It wasn't like Sony just had a sale of PSN users information, hackers are the ones who took the data.

At the most it's a minor inconvenience.

If I told you that I would watch your dog and take care of while you were away, and then while your dog was in my care, I didn't watch it carefully enough and it ran out into the street and was hit by a car, wouldn't I then owe you for letting your dog get hit by a car?

That's what happened here; Sony let 77 million dogs get hit by a car.

They very fact that they lost our data is in and of itself a wrongful thing for them to do. And yes, it's really a pain in the ass when your major credit card that you use for your bills and other services is suddenly unusable.

They don't really match up, if you were looking after my cash and you had it on the passanger seat of you car while you parked in a car park, when it got lifted I would hold you responable.

If I asked you hold my cash and you put it in a safe and secure place then, I could hardley hold you responsable for that.

I doubt sony just left the data on a train (cookies for that referance), I think they put it in atleast a safe place, the fact somebody hacked it isn't sonys fault.

Sony don't owe us anything 'cos PSN is free but they will give us something as a way of getting some good PR back.

I would say they owe us more than an explanation at this point.
And if this breach is the only reason someone might sign up for credit monitoring, I think they should be compensated.

I already had one so I only had to change a few passwords but if this prompted me to sign up to one, I would be joining that class action lawsuit.

Why? It's not like Sony set there security as the number 4 as a password and that was it. If hackers want to hack something they will, blaming Sony for people hacking it is stupid to me.

Would be like blaming your car company if somebody broke into it and stole your radio.

No, it's not like that at all.
As they decided to have such an elaborate online component, they do need to have some sort of assurance to the users that the data entered is safe. If they were unable to do so, they should've set everything up differently... which they could have. BUT, they were more interested in making it easier for us to make little microtransactions on PSN and in the end, they couldn't back it up.

If we are able to sue the hackers, we should but we shouldn't forget who laid out everything (including the challenge) to them.

Don't banks say there going to secure your money but look what happened all over the world, wide spread recession. I am also pretty sure banks still get robbed, would you sue the bank for getting robbed?

Even the most secure thing can still be robbed. Have you never watched Oceans 11,12 or 13?

Joking aside, I don't know secure our data is/was but I can't imagine them just password protecting it with a simple password, that a 4 year old could hack.

As long as there were was a system in place that was thought to be sufficant at the time, I can't fault them.

I haven't been hawking around PSN twitter or there forums for info, so I am not 100% up to date on the whole affair but I doubt there saying "our password for all of the private data was: "password" ... whoops! Sorry for that boo boo".

If your bank gets robbed, they still give you your money you know. As for the financial meltdown, the only people that think that worked out fairly are politicians and the top people at the top financial institutions because they really should be rotting in jail.

My point is that they wanted to make security loose enough that you didn't have to put in your CC info every time you made a transaction because they wanted everybody to make a lot of transactions. Since they made everything that way, their security should've been able to back it up. Maybe you're right and there's no way they could've kept everything safe but then they should've said "you have to enter your CC info with every transaction so your data remains secure."

See abouve for my steam comment.

What would you suggest 'cos every shop I know online has more or less the exact same system, were most of your data is kept so you have to put in little to no info to speed it up.

 

[badgersprite]

I think we should get PSN credit. Basically the equivalent of a free game.

 

[DudeistBelieve]

If they want to keep their customers and save their reputation they should.

 

[Wintermoot]

(accidentally answered no should be maybe, thought you wanted compensation for the down time)
yes! they should have installed better security!
on the other hand YOU (the consumer) agreed to provide this information to Sony (but still doesn't justify how bad the treat the consumers)

 

[hermes]

Was it 77 million users? How do you bankroll a sorry-gift for that many people?

Easy, you get a couple downloadable games and set the price to 0,00...

The people who develop the games don't require money from Sony for their work to be given away?

I am sure Sony can spare some money to the developers it would save from the wave of lawsuits, costumers boycotts and fanboys jumping boat it will get depending on how PR handles the situation when the dust has settled (probably easier with 1st party games, but still). It is not like those developers are getting any revenue these days, anyway...

 

[hermes]

No system is full-proof. Saying it was inadequate simply because someone got at it is a little naive.

Sure no system is foolproof, but that doesn't mean that we don't get to judge Sony's measures to determine if they were indeed adequate.

Well as far as I'm aware we don't know the full ins and outs of their measures, so we can't.

No kidding. The underlying issue is that all computer networks are made by normal people. I'm sure there are plenty of hackers out there (or maybe fired Sony employees) that have more skill than the average Sony staff member. All networks are made by people, all people are flawed, thus all networks are inherently flawed. Sony may have had top-of-the-line security, but all it takes is one person with more skill than whoever is at Sony to get into the network. That's why the US Government is known to hire people who manage to break into their security systems. If there's someone out there who's good enough to break through your security, you want him to be on your payroll.

The big issue isn't that Sony was hacked, it's that the information was stored in such a way that it was easily available to hackers. Sony are saying that CC info *could* of been compromised to cover there asses - chances are it hasn't, because it should (and probably WAS because there's regulations about this kind of thing) of been hashed which means it's basically unfeasible for a hacker to get their hands on the info even if they have access to the system.

Of course the main issue is that other private information was given up, especially passwords. There's no reason at all that hackers should have access to everyone's passwords, since you can use the exact same techniques to hide them from hackers. As well as this you have to remember Sony took a week after taking the servers down to actually tell anyone something might be wrong - surely bad form.

The information was not stored in an easily hackable way... not that easily. Rumors of CC info stored in plain text files on the PSN are not real. Most likely, CC info was encrypted. The main problem was not HOW Sony stored the data but WHERE and IN WHICH WAY.

However, it is important that you know that only a hash doesn't make CC info or passwords unreadable. Unless some extra measures are taken, hashed information can be read *almost* as easily as unprotected data. Of course, considering its current record, I don't think Sony took any of the extra measures.

 

[Snork Maiden]

The information was not stored in an easily hackable way... not that easily. Rumors of CC info stored in plain text files on the PSN are not real. Most likely, CC info was encrypted. The main problem was not HOW Sony stored the data but WHERE and IN WHICH WAY.

Well I did say it was unlikely that anyone had anyones CC details. I actually have no idea what my point was supposed to be - sorry :/ Tired ramblings right there.

I'm intrigued as to why you think it's "almost as easy" to read hashed data as unhashed, especially if its salted (which it almost certainly will be). I was under the impression that it was only easy if you knew the hash algorithm used, and even then you'd have to brute force the hash which (for any good hash used) would likely make it unfeasible to steal CC data in a sensible timeframe and basically impossible to crack any reasonable chunk of the 77Million. Is there some newfangled way I haven't heard of?

 

[hermes]

The information was not stored in an easily hackable way... not that easily. Rumors of CC info stored in plain text files on the PSN are not real. Most likely, CC info was encrypted. The main problem was not HOW Sony stored the data but WHERE and IN WHICH WAY.

Well I did say it was unlikely that anyone had anyones CC details. I actually have no idea what my point was supposed to be - sorry :/ Tired ramblings right there.

I'm intrigued as to why you think it's "almost as easy" to read hashed data as unhashed, especially if its salted (which it almost certainly will be). I was under the impression that it was only easy if you knew the hash algorithm used, and even then you'd have to brute force the hash which (for any good hash used) would likely make it unfeasible to steal CC data in a sensible timeframe and basically impossible to crack any reasonable chunk of the 77Million. Is there some newfangled way I haven't heard of?

The truth is, we don't know if it was salted. Salting the hash is a relatively new technique, and I wouldn't be surprised a lot of hash implementations are not salted. In case the hash is not salted, they can read the data with a rainbow tables attack, which I guess any hacker skilled enough to enter into the PSN tried among its first tests.

 

[JimmyC99]

I say no as it simply hasnt effected my that much, i can wait till it's back to get my PC version of Portal 2 and sync my trophies. in the mean time im going to play Portal 2 again, and then maby some Fallout NV

 

[ComicsAreWeird]

Some kind of compensation would be nice...like credit in the PSN Store. But i dont think they´ll go there.

 

[Snork Maiden]

The information was not stored in an easily hackable way... not that easily. Rumors of CC info stored in plain text files on the PSN are not real. Most likely, CC info was encrypted. The main problem was not HOW Sony stored the data but WHERE and IN WHICH WAY.

Well I did say it was unlikely that anyone had anyones CC details. I actually have no idea what my point was supposed to be - sorry :/ Tired ramblings right there.

I'm intrigued as to why you think it's "almost as easy" to read hashed data as unhashed, especially if its salted (which it almost certainly will be). I was under the impression that it was only easy if you knew the hash algorithm used, and even then you'd have to brute force the hash which (for any good hash used) would likely make it unfeasible to steal CC data in a sensible timeframe and basically impossible to crack any reasonable chunk of the 77Million. Is there some newfangled way I haven't heard of?

The truth is, we don't know if it was salted. Salting the hash is a relatively new technique, and I wouldn't be surprised a lot of hash implementations are not salted. In case the hash is not salted, they can read the data with a rainbow tables attack, which I guess any hacker skilled enough to enter into the PSN tried among its first tests.

Salting the hash is a new technique... what?

http://msdn.microsoft.com/en-gb/magazine/cc164107.aspx

dated 2003 - why you should Salt passwords, and some handy .NET code samples showing how to do it. Even if the PSN was built before 2003 I'd fully expect them to of implemented proper salt/hashes by now - doing so wouldn't even affect the users since you'd just silently update code to salt user input, and then salt everything in the database.

 

[hermes]

The information was not stored in an easily hackable way... not that easily. Rumors of CC info stored in plain text files on the PSN are not real. Most likely, CC info was encrypted. The main problem was not HOW Sony stored the data but WHERE and IN WHICH WAY.

Well I did say it was unlikely that anyone had anyones CC details. I actually have no idea what my point was supposed to be - sorry :/ Tired ramblings right there.

I'm intrigued as to why you think it's "almost as easy" to read hashed data as unhashed, especially if its salted (which it almost certainly will be). I was under the impression that it was only easy if you knew the hash algorithm used, and even then you'd have to brute force the hash which (for any good hash used) would likely make it unfeasible to steal CC data in a sensible timeframe and basically impossible to crack any reasonable chunk of the 77Million. Is there some newfangled way I haven't heard of?

The truth is, we don't know if it was salted. Salting the hash is a relatively new technique, and I wouldn't be surprised a lot of hash implementations are not salted. In case the hash is not salted, they can read the data with a rainbow tables attack, which I guess any hacker skilled enough to enter into the PSN tried among its first tests.

Salting the hash is a new technique... what?

http://msdn.microsoft.com/en-gb/magazine/cc164107.aspx

dated 2003 - why you should Salt passwords, and some handy .NET code samples showing how to do it. Even if the PSN was built before 2003 I'd fully expect them to of implemented proper salt/hashes by now - doing so wouldn't even affect the users since you'd just silently update code to salt user input, and then salt everything in the database.

Salting as such is from 2006. New updates has been developed in the last years...

I tend to agree that Sony's code should be up to the state of the art, but since they failed to identify the 29th of February and haven't been able to implement cross-game chat, I wouldn't put that much trust into that...

 

[Radoh]

At this point I honestly don't think that Sony could offer anything for free that holds actual value.
If they lose twenty percent of their market that would be a serious blow, not to mention the class-action lawsuit going down, or other legal actions to be taken now that someone's trying to sell the info that got taken.
If they gave away some free stuff, it would only serve as the final nail in the coffin before they drift into gaming history.

 

[Snork Maiden]

Salting as such is from 2006. New updates has been developed in the last years...

I AM just a novice when it comes to encryption, so I don't really know what you mean when you say "Salting as such is from 2006" - but as far as I'm aware salting is salting, and the primary change is the size of the salt (ie. make the salt 128-Bit or something). Even Wiki says "While 12 bits was good enough for most purposes in the 1970s..." which suggests salting has been around since... well since computer security has been around.

 

[airrazor7]

have Threads of Fate on the PSone classics store for $15 bucks when PSN is working again and I'd be happy with that.

EDIT: but other than that I just want PSN back up so I can keep communicating with and playing games with a friend of mine from another town and for sony to tighten their security; nothing else