PSN down

[knj]

Bleh, gotta change a bunch of passwords now .

Don't reuse passwords

That right, but SONY's advice is to change password anyway. I'm a little worried about my credit card, i think it might be smart to block your card for a week or so.

[Pericolos0]

I thought PSN was a piece of shit because it would never accept my credit card but now I'm actually happy it didn't O__O

[AlexM]

figures this happens the day I buy MvC3 :/

Considering other services have given out games for outages far smaller than this I'm feeling that relatively sony owes us a full retail game

[Vilham]

cards were encrypted, it remains to be seen to what level of complexity.

[BaRRaKID]

Apparently there's already someone trying to sell the CC numbers:

http://www.tgdaily.com/security-features/55643-over-2m-credit-card-numbers-up-for-sale-after-sony-hack

It doesn't really matter if Sony encrypted the CC numbers because they are just 16 digits long, and they almost always start with 4, that means that there are around 800.000.000.000.000 possibilities for a CC number (it's actually much less since the Issuer and Bank identification numbers are much smaller than 9999). Considering that 10 chars long passwords, which using a case sensitive algorithm have something like 80.000.000.000.000.000 (that's 80.000 times more than a CC number) possible combinations, are considered unsafe these days, decrypting CC numbers is a walk in the park.

The question here is if the hacker knows the encrypt algorithm used, and if Sony used a slow or fast algorithm. If they used something like MD5, SHA (which are fast algorithms) then I'm sure that all the numbers will be exposed, if they used a slow algorithm like for example BCrypt than it will be much harder, the difference being that with for example MD5 it takes about 40seconds (using a brute force attack, for CC numbers you can use an Hash table, which is much faster) to decrypt a 6chars long password and with BCrypt it would take around 12years.

Tl;dr: Sony should have never stored the CC numbers.

[Jetsetlemming]

"Don't store CC numbers" is so totally NOT the lesson here. It is, in fact, possible to make a service strong enough to be reasonably secure from outside intrusions. After the HL2 source code was stolen nobody's ever hacked Valve again. I feel confident with my payment info being stored there. And when websites DO have some dumb exploit to take advantage of so that someone can gain access to it, it doesn't always result in stolen information, as there ARE safe ways to keep data. Remember the Gawker Media thing? The reason that was so bad is because those geniuses were storing passwords as plain text locally. The real tl;dr here is that internet services with anything remotely important to protect need to spend the cash to hire people who know what they're doing to lock shit down properly.

[-HP-]

Figured this shit happened in the week Under Siege, pretty much the only portuguese game for the PS3 was gonna get release. I can only hope it wont hurt the sales, there's no telling but it probably will.

My PS3 is broken atm btw, I wonder if I should cancel my credit card. ffs

[deceiver]

So, apparently, we'll most likely get a free game and a free month of PSN+ for the whole debacle. Wonder what game or choice of games we'll get.

[Jetsetlemming]

I bet that forced update will come with a new TOS that forbids lawsuits, if that clause didn't already exist.

[AlexM]

you guys think the trophys I earned while it will down will sync when PSN comes back?

I had just finally gotten some time to sit down and play a bunch of games when PSN went down. Only game that's really affected is SF4 and MvC3, fighting games against the computer just aint that fun.

[KungFuSquirrel]

you guys think the trophys I earned while it will down will sync when PSN comes back?

I had just finally gotten some time to sit down and play a bunch of games when PSN went down. Only game that's really affected is SF4 and MvC3, fighting games against the computer just aint that fun.

Yeah, they should. PSN trophies actually only sync to the server when you view them - otherwise they're only stored on your local profile. So, next time you connect and perform the sync operation, you're gold.

[-HP-]

[sarge mat]

http://www.gamepro.com/article/news/219 ... nt=Twitter

Looks like Sony Online has also been attacked and taken down.

[Serenius]

Anyone else lose faith in humanity a little more after reading the story about gamers being more outraged at possibly losing their trophies than having their personal data stolen?

[Sentura]

Anyone else lose faith in humanity a little more after reading the story about gamers being more outraged at possibly losing their trophies than having their personal data stolen?

it kinda leads to the question, "are gamers people?"