backtop


Print 59 comment(s) - last by Poikilothermic.. on May 24 at 5:23 PM


"You cannot be serious!!"

Users are greeted with this message when trying to login to PSN through Sony's website
Sony strikes again!

It's getting rather difficult to be surprised by Sony's lack of security credentials when it comes to its PlayStation Network (PSN) service. That's why today's latest revelation can't be too much of a shocker to those that have been following this ongoing saga.

According to Joystiq, Sony has once again taken web access to PSN offline after users found a gaping loophole in the password recovery functionality on the site. "A new hack is currently doing the rounds in dark corners of the internet that allows the attacker the ability to change your password using only your account’s email and date of birth," reports Nyleveia.

Considering that information like birth dates and email addresses were obtained when PSN was initially hacked, it looks as though anyone with access to the "master list" would have the ability to change your account password.

Nyleveia goes on to warn:

I would suggest that you secure your accounts now by creating a completely new email that you will not use ANYWHERE ELSE, and switching your PSN account to use this new email. You risk having your account stolen, when this hack becomes more public, if you do not make sure that your PSN account’s email is one that cannot be affiliated with or otherwise traced to you.

Sony is currently aware of the situation and is taking steps to resolve the issue as soon as possible. For more information on the exploit, check out Nyleveia's FAQ.

Perhaps the Japanese government was wise to take a wait and see approach with regards to allowing PSN service to restart in Japan…



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

The Japanese Government...
By Burnc4 on 5/18/2011 2:00:08 PM , Rating: 5
...is looking pretty smart right now.




RE: The Japanese Government...
By Kurz on 5/18/11, Rating: -1
RE: The Japanese Government...
By gamerk2 on 5/18/2011 2:29:53 PM , Rating: 4
A plant 30 miles from NYC is also built on a faultline in a Tsunami prone area; whats your point?


By snakeInTheGrass on 5/18/2011 9:30:12 PM , Rating: 2
I guess his point is that the US government is inept for letting people build power plants and cities near/on the New Madrid fault line, anywhere on the West Coast... or any coast, if a tsunami is a danger - with La Palma a potentially HUGE tsunami threat with projected waves up to 50m and 20km inland penetration on the East Coast. Or near any river. But sure, the Japanese are just fools.

The real joke is that the Japanese government wanted to keep their own citizens from getting hit by more of this crap, and Sony bringing the service online elsewhere may have (did?) put those users at risk again anyway, assuming this password change can be applied to Japanese accounts. Go Sony!


RE: The Japanese Government...
By EricMartello on 5/19/11, Rating: 0
RE: The Japanese Government...
By Hieyeck on 5/19/2011 8:30:52 AM , Rating: 5
Conversely, the US government supported the construction and re-construction of a major city whose foundation is mostly soggy marshland, just miles from the Gulf of Mexico that is BELOW sea level.

Hum. Maybe governments everywhere can be pretty bloody stupid.


RE: The Japanese Government...
By Dr of crap on 5/19/2011 8:44:46 AM , Rating: 2
And that's priceless!!!

And don't forget they opening fo the flood gastes and the flooding of thousands of homes to save thousand others!!

Who insures these homes, or are they non-insurable?

Of course the first problem is who would live/build there? And that goes for in/on a flood plain as well!


RE: The Japanese Government...
By EricMartello on 5/20/2011 6:38:16 AM , Rating: 2
A flood is nowhere near as bad as nuclear contamination caused by a power plant meltdown. The radiation will make the surrounding area toxic and unusable for many, many years. Floods may cause a lot of damage but we can rebuild it...tho in the case of New Orleans, who is dumber - the goverment for building a city below sea level, right next to the gulf or the people for living there. I'd say the latter are just as guilty if not moreso.


RE: The Japanese Government...
By Integral9 on 5/18/2011 2:30:08 PM , Rating: 5
Can you name a place in Japan that's not on a fault line or in a Tsunami prone area?


RE: The Japanese Government...
By Motoman on 5/18/11, Rating: 0
RE: The Japanese Government...
By Arsynic on 5/18/2011 2:57:57 PM , Rating: 2
The plant wasn't damaged by the earthquake nor the tsunami. There was a design flaw with the backup power generators that made them vulnerable to flooding.


RE: The Japanese Government...
By semiconshawn on 5/18/11, Rating: 0
RE: The Japanese Government...
By Motoman on 5/18/11, Rating: 0
RE: The Japanese Government...
By Akrovah on 5/18/2011 7:21:13 PM , Rating: 2
ROFLMAO


RE: The Japanese Government...
By omnicronx on 5/18/2011 3:46:52 PM , Rating: 5
The plant survived the earth quake, all control rods went safely into place and all the reactors were shut down without issue.

The plant also survived the Tsunami just fine (they have large tsunami walls for protection, but the wave was too big and merely crashed over it), but the unprotected backup generators that were the ONLY backup mechanism were not water insulated. They flooded and lost all methods to cool the reactors. You are making it out as though the flooding caused massive damage which is just not the case.

Had these backup generators been properly protected, or had their been true redundancy systems in place (one would think you should have a backup backup for such a thing), this most likely never would have happened.

So its more like 'Properly protected generators, no meltdown, no problem', Earthquake/Tsunami stricken country or not..


RE: The Japanese Government...
By paydirt on 5/18/11, Rating: -1
RE: The Japanese Government...
By geddarkstorm on 5/18/2011 4:26:18 PM , Rating: 3
Because the plant lost electrical power. The backup generators were to supply electricity to the water pumps that circulated water in the reactor chambers, keeping them cool.

The earthquake didn't damage the plant that much, but it took out the electrical grid that fed the plant, and the plant had shut down its own reactors and was no longer generating electricity either. The tsunami then took out the backup generators for the water pumps because of a really stupid design: putting the generators in a floodable area; not insulating the generators from water; and having only those backup generators for electrical power, with no other safety systems in place to keep the reactors stable.


RE: The Japanese Government...
By semiconshawn on 5/18/11, Rating: -1
RE: The Japanese Government...
By geddarkstorm on 5/18/2011 4:39:39 PM , Rating: 3
Bad design changes everything. A modern plant in that exact location would have had no trouble with the quake or tsunami.

And no, the plant itself did just fine weathering the dual disasters other than the stupid PLACEMENT of its backup generators (and having no protection for such generators). They were put in a bad location, that's it. That's the issue. Not where the plant itself was built (of course, this is ignoring the fact all they had were those generators for backup, which is bad enough as it is).


RE: The Japanese Government...
By semiconshawn on 5/18/11, Rating: 0
RE: The Japanese Government...
By geddarkstorm on 5/18/2011 5:19:26 PM , Rating: 2
And if they had moved the generators up one floor there would have been no issue.

There's a difference between having a full set of armor with an -unavoidable- weak point (have to be able to move your neck, and breathe), verses completely leaving oneself open to disaster by making a very easy to fix, stupid decision, that is not required or necessary in any way. They weren't making a tradeoff, they were being shortsighted. That is a world of difference from your example, and puts the responsibility of the disaster squarely and solely on them.

The exact same can be said for Sony and the PSN. They avoided setting up critical security that they had no reason forcing them not to establish, and have been burned for it. Sony is wholly at fault for its own irresponsibility.


By snakeInTheGrass on 5/18/2011 9:37:16 PM , Rating: 2
This was basically an Achilles heel, if you want to go with a battle analogy. Somebody was probably aware of it, but that fact is that you could have had a plant that withstood both the quake and tsunami, so allowing something to be built there in the first place wasn't the stupid thing, it was whoever didn't make sure they had a generator that could withstand flooding. And apparently until pretty recently they weren't aware that there had ever been a tsunami that large in the past either.

So in a big picture, sure it was the quake/tsunami that did it, but it wasn't the plant, wasn't the control rods, etc., it was a generator out in the open which would have been easily remedied.


RE: The Japanese Government...
By tayb on 5/18/2011 7:43:18 PM , Rating: 2
The plant survived fine. The backup generators were horribly designed and should have been sheltered just as well as the reactors were. If the generators were better protected there would have been no damage to the reactors at all. As it stands a natural disaster did cause the damage however that does not mean the unprotected generators should go unnoticed.

If a car thief breaks my window, hot wires my car, and steals it that is theft. If my windows are down and my key is in the ignition it is still theft but I most definitely shoulder some of the blame.



RE: The Japanese Government...
By SunTzu on 5/18/2011 7:44:53 PM , Rating: 2
Ive seen the pictures (im currently interning at one of the few companies that design and build nuclear powerplants on a major scale) and i can tell you that the damage was *extensive*. Im not talking about the images you see on TV, im talking about the ones taken by the engineers trying to prevent this from happening again. It wasnt a case of some water leaking in and causing a short, the damage was far bigger then that.

There were secondary systems in place. Primarily, the plant can generate power on its own. Secondarily, you have batteries that the cooling can run on. Third, you've got backup generators, and backup-backup generators, and fourth, you can manually pump in water.

The problem was that noone expected an earthquake of this magnitude, and a tsunami that big. It was a massive error, but one the japanese government made, and not the designers. You build to spec, and the entity ordering decides the spec.


RE: The Japanese Government...
By semiconshawn on 5/18/2011 4:21:29 PM , Rating: 2
Im sorry but the plant did not survive the tsunami just fine. How can you say that then follow it with
quote:
(they have large tsunami walls for protection, but the wave was too big and merely crashed over it), but the unprotected backup generators that were the ONLY backup mechanism were not water insulated

That says it all. The waves caused by the earthquake overwhelmed the safety measures installed at the plant taking out the only back up power for the cooling system. Doesnt matter if the flood wiped it off the map or got one gallon of sea water in the wrong place this plant did not survive the tsunami.


RE: The Japanese Government...
By geddarkstorm on 5/18/2011 4:30:54 PM , Rating: 2
The fact the ONLY SAFETY MEASURE was backup generators (think the gas generators you can use in your house in case of power outage) is the problem. No sane engineering practice would do that in this day and age, let alone put the ONLY safety mechanism in a place where it can get flooded in the first place, and then not protecting it from water. Let's not even talk about the fact that having active powered systems for safety is as dumb as it gets -- any disaster could conceivably knock those out.

The only thing the tsunami did was exploit this horrendous design problem that there is no excuse for. It is not something inherent to nuclear plants or the region or the location, just idiotic planning.


RE: The Japanese Government...
By SunTzu on 5/18/2011 7:47:11 PM , Rating: 2
If you had any kind of knowledge of the situation in Fukushima-Daiichi, you would know that this wasnt the only safety measure. Why do you think it took so long for the fuel rods to melt?

If you actually believe there is a system built today that doesnt require active cooling, you need to learn how to read.


RE: The Japanese Government...
By geddarkstorm on 5/19/2011 12:19:13 PM , Rating: 2
You're absolutely right. And there was a person working in the plant during the disaster I was getting updates from; they indeed had emergency systems that were still running they were doing everything they could with to prevent disaster from growing. And they did a good job given the circumstances.

But nothing excuses having floodable backup generators for the active, cooling system. And yes, the pumps can be used manually, but how do you manually use pumps in a radiation flooded area? Not that easy! Nor can manual ever work as well as full electrical power.

And no, active cooling is needed when you're running the plant to generate power, but what about a deadman switch for simply shutting down the reactors to prevent meltdown? Looking at the reactor design, where the water could simply drain from gravity if the pumps shut off... Seriously, we're not talking about keeping an actively running reactor cool enough while still generating power, we're talking about killing the reactor to prevent shut down, and that should require active systems to prevent, not cause. I'm sure it costs a lot, and requires a completely different plant than this type, but better that than a meltdown.

And this really does all tie into PSN in the sense of skirting safety measures for the sake of cost and maintenance. I don't blame the engineers, as they only have the materials and money they are provided to work with. Though, I the actual design was still poor.


RE: The Japanese Government...
By geddarkstorm on 5/19/2011 12:25:15 PM , Rating: 2
"...about killing the reactor to prevent meltdown" There we go.

In any case, armchair arguments change nothing, what's important is people like you who are studying this learn from it and correct what flaws can be. Nothing can be completely safe from natural disasters, but they can still be vastly improved over this.


RE: The Japanese Government...
By EricMartello on 5/19/2011 5:38:21 AM , Rating: 2
quote:
The only thing the tsunami did was exploit this horrendous design problem that there is no excuse for. It is not something inherent to nuclear plants or the region or the location, just idiotic planning.


You're a moron, seriously. Why are you trolling the comments with this nonsense? You think that it was a mere case of water spilling over the walls and taking out the backup generators? Hah...and you think that was the only failsafe in place? REALLY?

The entire country of Japan is a poor location for building nuclear power plants. The combination of earthquake and tsunamis which frequent the area make it so...and therefore these power plants should not even be in a place like Japan to begin with.


RE: The Japanese Government...
By geddarkstorm on 5/19/2011 12:21:56 PM , Rating: 2
Really? Do you think Fukushima was the only plant that was hit, or took damage? What about all the other nuclear plants in the area? They seemed to do just fine, didn't they? I wonder why.


RE: The Japanese Government...
By HoosierEngineer5 on 5/18/2011 5:42:36 PM , Rating: 2
I heard the cooling system even had battery backups to last 8 hours (if I recall correctly). Likely, the original plan was to get the generators back up and working in that amount of time. Obviously, it didn't happen.


By PoikilothermicX on 5/24/2011 5:23:13 PM , Rating: 2
They did have back up and it worked for longer than expected. The problem is there is honestly no way to plan for 40-50ft waves of water nor can you plan for said wall of water to go 6 MILES in land... which also means that when the water receded 6 miles worth of crap were hammering the plant as they were washed out to sea.

Adding to the issues is the unique (totally f'd up) electrical grid of Japan. The North uses a 50hz system, the South is on a 60hz system. They're separate isolated systems. The destruction made travel very difficult and while any country would have "plug and play" compatibility with generators Japan doesn't have that ability because of the wonky set up they have.

It's amazing that a plant built in the 60s (designed in the 40s or 50s?) and set to be decommissioned shortly, survived a far more powerful quake then the design specified. Additionally the plant survived the largest tsunami in modern history. There is no way you plan or test for anything like that. I mean what if a volcano engulfed a power plant? What are you supposed to do about that?

The problem was the response. Hindsight is 20/20 but I do wonder if the US Military would have been better equipped to deal with the problems but I also believe that TEPCO is rather incompetent given all the info coming out now. They didn't help the situation but it's done now.


RE: The Japanese Government...
By icanhascpu on 5/18/2011 7:38:48 PM , Rating: 2
Switch to secondary auxiliary power!


RE: The Japanese Government...
By Uncle on 5/19/2011 12:37:44 PM , Rating: 2
Agree. The Government shows that it actually cares about its citizens well-being as best it can under the circumstances. Whereas in N.America its "Get those servers on line ya dumb shits, do you know how much money were losing, our shareholders are going to be furious and kick our butts."


RE: The Japanese Government...
By Reclaimer77 on 5/19/2011 12:55:20 PM , Rating: 2
Sony took PSN down on their own accord because of a POTENTIAL exploit that harmed no one.

So no, the Japanese government didn't do anything nor "looks smart" in this regard imo.


Xbox 360
By dcollins on 5/18/2011 2:02:56 PM , Rating: 2
So glad I just bought an XBOX 360. These PSN problems are bullshit.




RE: Xbox 360
By bug77 on 5/18/2011 2:42:46 PM , Rating: 3
Why? Do you think M$ is a master of security?
They may have more expertise than Sony, but I bet if the same group took a look at XBLA, they'd have another field day.


RE: Xbox 360
By Flunk on 5/18/2011 2:57:40 PM , Rating: 3
If you look into it, the way they breached Sony's security was fairly unsophisticated. Sony made a lot of really stupid mistakes with their PSN design.

You can't just postulate that Xbox Live must be as bad without doing a lot of research. The very fact that it hasn't been breached is enough to throw a lot of doubt on your argument right there.


RE: Xbox 360
By Strunf on 5/19/2011 7:46:36 AM , Rating: 2
Are you working for SONY or anywhere related to their security/IT staff or even part of the ones that are working against SONY? ... 90% of what I've read is based on assumptions, wild guessing and trash talking... the other 10% is what SONY itself said and that wasn't even very technical.


RE: Xbox 360
By omnicronx on 5/18/2011 3:32:53 PM , Rating: 5
Please stop making baseless blind comments.

There has never been in the history of Microsoft any kind of internal data breach like the one we are discussing today for ANY product or service.

Call me when MS starts using third party services to store personal information with unhashed credit cards and plain text information for pretty much everything else.

These are security basics that not only can I assure you MS employs, and most other large companies do too.

This security breach was the result of terrible security, plain and simple. So please stop trying to validate your purchase and pretend as though everyone else suffers from the pitfalls that is the lack of security at Sony corp...


RE: Xbox 360
By karielash on 5/19/2011 6:26:56 AM , Rating: 2

You could argue that the loss of the entire Windows Code base was a fairly significant security breach from an intellectual property point of view.

But other than that, you say you know what security MS employs, that means one of a couple of things:

1. you work with MS and are now discussing the levels of security they employ on a public, which is a security breach in itself.

2. You don't know what security they employ and are merely puffing gas out of your rear and smearing it all over a public forum... messy....

As for most other companies employing high levels of security on their shared data I will refer you to Epsilon (just the latest in a string of breaches) where basic precautions with the customer data of some of the biggest commercial institutions in the country were not taken.

Personally I would say a lot of other companies are in exactly the same boat as Sony are in except their boats haven't been sunk yet..... and little or nothing will be done about it until the Feds starting outfitting some of the CISO's responsible with those snazzy orange jump suits and inviting them for a long stay at a federal entertainment center.


RE: Xbox 360
By p05esto on 5/18/11, Rating: 0
RE: Xbox 360
By tayb on 5/18/2011 7:45:17 PM , Rating: 3
I guess I'll believe it when I see it but as of right now both of you just sound like fanboys and XBL is up and running while the PSN has been down for over a month. I've never experienced anything like what is happening with Sony right now. Not with Microsoft not with anyone or anything.


RE: Xbox 360
By bug77 on 5/19/2011 5:02:22 AM , Rating: 2
Nobody experienced what is happening with Sony right now. That doesn't automatically mean Sony is the worst of the bunch, it just means it was the first to fall.

And for your comment about fanboyism, it says more about you than it says about me. I own neither a PS nor an XBox.


RE: Xbox 360
By Reclaimer77 on 5/19/2011 1:01:47 PM , Rating: 2
quote:
Why? Do you think M$ is a master of security?


Maybe not but complete amatures brought PSN down for a month. You really don't think X-Box Live has been targeted before?

quote:
They may have more expertise than Sony, but I bet if the same group took a look at XBLA, they'd have another field day.


Wrong. Just way wrong. They just basically back doored their way into PSN. Hacking X-Box live is obviously far more of a challenge, and they would NOT have been able to steal customer information either.


At this point...
By Shig on 5/18/2011 3:32:53 PM , Rating: 3
I really believe Sony has multiple people on the inside leaking information out.

Sony Gate




RE: At this point...
By FS on 5/18/2011 5:14:54 PM , Rating: 2
There were a couple of news articles last month that mentioned it could be a [few] disgruntled Sony employee[s] behind this hack. Sony had laid off/fired many employees not that long before this whole mess began. Coincidence? very likely, but it's just as likely to be the case and therefore Sony not talking much, if at all, about it and finding the folks behind it internally.


RE: At this point...
By foolsgambit11 on 5/18/2011 6:33:01 PM , Rating: 5
The employees has installed a subroutine that was supposed to take the fractions of a penny rounded off on every PSN purchase and put them in a bank account, but the programmer must have misplaced a decimal point or something - he's always missing tiny things like that.


Heh...
By snapilica on 5/18/2011 1:48:55 PM , Rating: 2
A Picard facepalm just doesn't even cut it anymore. Just like someone else said the URL in the password reset confirmation email was probably something like "http://.../confirmreset?email=[address]".




RE: Heh...
By Brandon Hill (blog) on 5/18/2011 1:56:50 PM , Rating: 5
quote:
A Picard facepalm just doesn't even cut it anymore.


Hey, it's not just "any" Picard facepalm -- it's a double Picard facepalm ;)


RE: Heh...
By Huacanacha on 5/18/2011 3:02:48 PM , Rating: 2
https: //store.playstation.com/accounts/security/resetPass word.action?token=SSP9XAK2OVGIEKY05S5IEXYISQSTD6YQ0 PZK05OIH3AGJSOQ8T11IUAYHLG8T34K

This is it... slightly modified to protect the innocent (me) from the bungling (Sony, as if you need to ask). I updated already, can't remember exactly what was required but pretty sure it wasn't DOB so mayhap that's encoded in the token.


Wow
By Ammohunt on 5/18/2011 1:53:03 PM , Rating: 4
Amateur hour at sony hate to be part of that IT organization!




RE: Wow
By Arsynic on 5/18/2011 2:59:37 PM , Rating: 3
Sony decided to go cheap with it's IT department. So you say you "like computers"? Can you start tomorrow?


RE: Wow
By Mitch101 on 5/18/2011 3:42:18 PM , Rating: 1
Not if your contractor and bill by the hour. Lots of overtime right now.


Free game are nice but...
By m0mentary on 5/19/2011 1:13:54 PM , Rating: 2
why not allow users to change their PSN ID as well?




By Flunk on 5/18/2011 2:55:05 PM , Rating: 1
This whole debacle is a huge embarrassment for Sony, but it's also almost an advertisement for Xbox Live. Microsoft hasn't managed to lose it's customer database (yet), perhaps it's due to experience with this sort of thing but it really paints them in a more positive light.




Xbox
By Raiders12 on 5/19/2011 7:44:38 AM , Rating: 1
To think for my 1 month of work travel I was going to bring my PS3 and think I could enjoy Netflix and such...

Good thing I brought my trusty Xbox 360, I knew there was a reason I liked Microsoft. Not quite the tyrant everyone likes to think...




It's time
By MeesterNid on 5/18/11, Rating: 0
"Let's face it, we're not changing the world. We're building a product that helps people buy more crap - and watch porn." -- Seagate CEO Bill Watkins














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki