I actually blogged about this earlier today (won't post a link due to advertising, but it's in my profile...).

It's a good apology, but too little too late I think :shrug:

If you are encrypting something, I don't think salting it makes to much difference given that the idea of a salt is to prevent the use of rainbow tables for reversing hashes.

Rumors of a third attack planned by hackers this weekend.

http://news.cnet.com/8301-31021_3-20060227-260.html

A group of hackers says it is planning another wave of cyberattacks against Sony in retaliation for its handling of the PlayStation Network breach.

An observer of the Internet Relay Chat channel used by the hackers told CNET today that a third major attack is planned this weekend against Sony's Web site. The people involved plan to publicize all or some of the information they are able to copy from Sony's servers, which could include customer names, credit card numbers, and addresses, according to the source. The hackers claim they currently have access to some of Sony's servers.

Should the planned attack succeed, it would be the latest blow in a series of devastating security breaches of Sony's servers over the past month. The failure of Sony's server security has ignited investigations by the FBI, the Department of Justice, Congress, and the New York State Attorney General, a well as data security and privacy authorities in the U.K., Canada, and Taiwan.

Read more: http://news.cnet.com/8301-31021_3-20060227-260.html#ixzz1LaNUaDmL

Quite, however, by "encrypt" I expect it to be just hashing of a database field. It seems unlikely (to me) that Sony kept a table just for credit card info completely separate from the rest of the user's info. I could easily be wrong in that assumption and they are two separate tables with the credit card info properly encrypted, but if it is just hashed as I expect at this point, I wouldn't be surprised if it was not salted. Right now I don't have a very favorable looking on Sony's security policies.

What would be the point of hashing credit card data? You couldn't ever retrieve the data.

I still can't believe they were running stuff on unpatched, no-firewall servers. What a STUPID mistake. :shakehead:

Keeping casual copying of the info, I'd assume :shrug: Like I said right now I don't have high expectations for Sony's security policies, so maybe I'm just looking too down on them right now. After this mess is all cleared, I hope they do do a good job at encrypting the personal info of their customers.


I'm talking about the credit card numbers, and them being just hashed, not encrypted. When I said "assumption" I was talking about my assumption that Sony only hashed the credit card numbers rather than actually encrypting them.

A hash function has no inverse though. Where as a function to encrypt data does.

I was not aware of this, that makes me feel a little better about Sony's practices then, since the credit card info was then most likely properly encrypted.

Huh. I guess we'll just have to wait and see then...

Is it just me, or has anyone else noticed it seems to take a slightly longer amount of time for the maintenance message to come up when signing in? Compared to when they first shut it down. It came up almost right away, and now it takes a few seconds. For me, anyway.

Your losing it bro.

Wow, no encryption and unpatched servers; that is novice level mistakes. I have limited knowledge of Apache and databases and that even amazes me.

How on earth does a huge company like Sony make such silly mistakes??

that "welcome back" package compensation is a gimmick. Oh, yeah, a free month of PSN+ - and I have to keep paying if I want to retain access to my freebies. I'd rather they just let us dl one or two old PS1 games off of PSN, it's not like the old games are really worth anything anyway - but at least it'd be something I can keep.

EDIT: And I bet they're gonna pay more for investigator services than what they would've had to spend to update their security system!

They are also giving free stuff which you will be able to keep forever.

But its still owned and trademarked by the Sony corporation.

So your just borrowing it, in its eyes.

which is...? I've only heard about the PS+ thing, and extensions on subscriptions to things like DCUO and their Qriocity music thing or whatever. And they've made vague passings to offering "other" stuff, but haven't officially announced it yet.

We don't know the exact games but Sony Europe will be offering you 2 games out of a total of 5. Its about a $10 value.. :shrug:

huh. is this for European folks only? even if that were the case, I imagine them having something similar for other regions. otherwise you'd have people pointing fingers and yelling "racist!" all over the web at Sony.

Still down?

AFAIK...unfortunately :sadvaultboy:

there isn't confirmed reports of it going back up in japan, is there?

I read on the PS blog there in the "final stages" of making sure it's secure and what-not. I can't imagine it taking more than another few days. hopefully.

This, I hope.

Anyways yah, you have to continue to pay for PS+ to keep your freebies, unless they are actually giving stuff away.

If not, I guess Infamous will keep me happy until online returns. I hope I can get Killzone 3 as a freebie too, :biggrin:, but that is just wishful, very wishful thinking :violin:

well hopefully in a few days I will have the parts too hook up the PS3 to my monitor. Once it is all hooked up, Psn extravaganza!

http://www.youtube.com/watch?v=JYsKDaQIX54

This is like a really good horror movie. I honestly hope Sony can catch the criminals and put them behind bars!
Also have you guys noticed that no other game company has gotten involved? Why do you guys think about that? Is it just that they trust Sony?

What do you mean "involved"? I'm confused...

and horror movie? lol, who died? I thought this was all technology-oriented...



I hope you don't mean digitally? KZ3 is one of the most massive games in terms of the size of all the data. it would take a very, very long time to download.

They haven't said anything. For example: they haven't mentioned how this can affect them, etc.. When i said movie: I meant hackers, identity theft, conspiracies..