Top
660°

Sony: We knew about PSN security flaws

Sony chief information officer, Shinji Hasejima made an astounding and disturbing admission in the Tokyo press conference: the company was fully aware of the "vulnerabilities" in PlayStation Network.

Hasejima stated: "The vulnerability of the network was a known vulnerability, one known of in the world. But Sony was not aware of it... was not convinced of it. We are now trying to improve aspects of it."

Read Full Story >>
strategyinformer.com
The story is too old to be commented.
Seraphemz1885d ago

Title is a bit misleading....he said that the world knew of it, but that they didn't.

Joni-Ice1885d ago (Edited 1885d ago )

Websites are trying HARD to get hits.

b_one1884d ago

nowdays i see similarity between sites and cheap brothels.

artynerd1884d ago

"The vulnerability of the network was a known vulnerability, one known of in the world. But Sony was not aware of it... was not convinced of it."

Typically Sony ego. Pride comes before the... what was it again?

DatNJDom811884d ago

Score another one for gaming journalism. Pathetic.

Dee_911884d ago

i didnt see anywhere where they mentioned they knew the flaws ..

sikbeta1884d ago

@Joni

They've been trying HARD since LONG AGO :P

Kleptic1884d ago

its the translation that mixes it up...Japanese to English translations always do that; it completely loses context...

hay1884d ago

The title is complete lie. It suggests that Sony said THEY did knew about vulnerability, which they didn't.

blackmagic1884d ago

Sony would never admit it even if they were fully aware of the vulnerability. Think how easy it would be to sue them if they said they knew about the vulnerability that compromised over 100 million user accounts.

evrfighter1884d ago

wait so he's saying everyone else knew about it before they did?

lol really?

WoW I'd just eat the negative press about being incompetent before I admitted to something like that.

lol Sony. You're all entertainment for me nowadays.

gamingdroid1884d ago (Edited 1884d ago )

Isn't it Sony's job to find out about vulnerabilities known to the world?

Considering they have un-patched systems? Systems without firewalls?

Furthermore, this part is disturbing:

"But Sony was not aware of it [vulnerability]... was not convinced of it."

Not convinced of a threat from a known vulnerability? However, that is most likely a bad translation....

thats_just_prime1884d ago

its funny tho if everyone in the world knew about this other then the people at $ony it means that $ony only hires the dumbest people in the world. Everyone else but $ony was able to figure this out ? what a joke. I think it be less embrassing for them to come out and tell the truth that they didnt give a shit

I_find_it_funny1884d ago (Edited 1884d ago )

strategy informer... I see what their strategy is

Millah1884d ago

I think it's funny how people will defend Sony no matter what, even when a Sony employee says something like this. Apparently you guys think it's okay for Sony to be clueless about an exploit that is "known of in the world."

That's completely disregarding the fact that Sony had been threatened for several weeks prior by Anonymous telling them to "expect us." Yet somehow this took Sony by complete surprise?

Eh but what does this guy know. It's not like he's a Sony executive or anything. The experts on N4G have all the inside details.

+ Show (10) more repliesLast reply 1884d ago
JonahFalcon1884d ago

"The vulnerability of the network was a known vulnerability, one known of in the world. But Sony was not aware of it... was not convinced of it."

In other words, they heard about it, didn't want to believe it.

Biggest1884d ago

The definition of "not aware" is not the same as "they heard about it." We already know the extent of the breach. It's not a big deal. It is more annoying that the PSN has been down for so long. I never got to activate my PC copy of Portal 2. Past that. . . No big deal.

Non_sequitur1884d ago

What I understand, from that statement, is that others with a similar security model were aware of the type of problems that the model could face while Sony wasn't aware of it. Unfortunately, Sony let their guard down believing it was safe and doubting anything could be wrong with it.

The_KELRaTH1884d ago

I probably wouldn't believe it either if it came from the likes of IGN etc etc lol

Christopher1884d ago

It's a poor translation. What it means is that others knew of it, but not Sony. They're not saying that they heard of it and didn't act upon it, they're saying that it was brought to their attention after the fact, meaning others knew of it before-hand but Sony did not.

Death1883d ago

Aware is the word people arent understanding. When he says Sony wasnt aware and further describes it as "not convinced" he means Sony knew their was an issue, but didn't feel it was relevant at the time. It would be like someone saying they seen your girlfriend with another guy. You would be aware of the possibility, but without seeing it for yourself you wouldn't be convinced.

Didn't we all read somewhere on N4G that the attack happened while they were gearing up SOE to more secure servers? My take on this is the attack happened due to the window of opportunity coming to an end soon.

-Death

+ Show (2) more repliesLast reply 1883d ago
fedexas1884d ago (Edited 1884d ago )

Oh c'mon, you know how the media operates now. Without a misleading title, they can't get hits, lol.

I just want PSN back up and more secured.

B1663r1884d ago OffTopicShow
fedexas1884d ago OffTopicShow
Raiden1884d ago

Prepare yourself to be charge a very large bill to be able to function online again, when the network is back up sorry, but they will charge you, 2.3billion year is too much to miss out on.

RedDead1884d ago

Basically some hackers released info online that Psn was vulnerable. Very vulnerable especially when it came to encryption. Sony did not take heed or believe it was vulnerable, then some 'bad' hackers finally decided to get in and actually do some damage. Is this what happened?

I remember someone talking about the encryption just generally not being there. An article about it. Sony did nothing with that info. Was that info right or wrong?

PirateThom1884d ago

Email, name, address, basic information - Unencrypted
Password - Hashed
Credit card details - Encrypted

king dong1884d ago

pirate thom

although i dont normally agree with you ( imo your one of the worst sony defenders on here). but seeing as they hash the password just to log-in to the psn, i am quite confident that the CC details were suitably protected aswell

DaTruth1884d ago (Edited 1884d ago )

Then I'm not surprised you don't normally agree with him; imo you're one of the worst Sony haters around here!

Legion1884d ago

@king dong

Hashing is not security it is simply putting that black cover in front of the playboy so it isn't openly visible to passers bye.

I recall a couple years into my military career that we had a computer program that was password protected and nobody could recall the password. It was of course hashed and it took me about 15 minutes to figure a way to get into grab it and allow me access to open it and then eventually change it.

That showed me a few things... one was that I finally was able to use my computer programming hobby to show off. Another was that I realized that computer software is only as good as the person that creates it and then those that maintain it.

We already know that sony is lacking in encryption knowledge and to not update security programs and not having the supposed public knowledge that was spread amongst the internet very early, Sony security systems were not doing their job. Plain and simple.

As for CC tables being encrypted... if those tables are linked to outside data then you don't need the tables to get the info... the tables only organize the information. (if they are anything like the tables that I am familiar with) And if they are anyway encrypted the way the code was supposed to encrypt and protect the PS3 then it is just a matter of time for that to be worked around.

nevimkdojsem21884d ago

"Hashing is not security it is simply putting that black cover in front of the playboy so it isn't openly visible to passers bye."

@Legion: you apparently don't know anything about cryptographic hash functions. If e.g. the word "fox" becomes "DFCD 3454 BBEA 788A 751A
696C 24D9 7009 CA99 2D17" after passing through SHA-1 hash function, how would you get back to "fox" again if you only had the hash return value? If you solve this problem, I can guarantee you will be considered the most brilliant mathematician of our time.

+ Show (2) more repliesLast reply 1884d ago
BX811884d ago (Edited 1884d ago )

LOL! Trying for hits? Sounds to me like they knew it was vulnerable but thought no one would take advantage of that. Maybe it's time to stop being a fanboy and become a consumer of a product.

Hagaf221884d ago

I agree!!! I have An original ps3 (phat 1st gen) and a slim. I have supported and defended Sony and the ps3 since day one, but the more I hear about this whole thing the more pissed i get. Sony has been extreme cowards when it comes to informing consumers- taking a week to inform consumers of the loss of personal data- and now it comes out that they "were unaware" of a vulnerability to their programming that the world knew about? Cmon- Sony is not some small computer software company- they are an electronics giant. There is no excuse for the ebcrytion short cuts and passive attempt to inform consumers. I deserve to get daily updates as to what's going on. Everyone who owns a Sony product does. Instead we get the same "working around the clock" bs. I believe Sony knew of the risk and accepted it as a risk worth taking over spending money to make it better. Sony needs to get over their arrogance and keep consumers in mind.

tplarkin71884d ago

Sony defined "not aware" as "...was not convinced of it" That means they were aware of the flaw, but prayed that nobody would notice.

More Sony complacency.

dragonelite1884d ago

Typically sony arrogance.
Just like how people would get a second job to buy a ps3 at launch. Or jack tretton would give every person 1k if they could find a ps3 on store shelves after launch day.

And then kevin butler it funny but i can expect people finding it annoying.

solar1884d ago

then that makes Sony look even more stupid.

Seraphemz1884d ago

I disagree. Does knowing about the failure rate make microsoft stupid, or just a company trying to work through an issue? Like Sony

HardCover1884d ago

Sony didn't know. They found out that somebody else did know once they hired the online security firm.

Sony says that, in hindsight, they could have been more secure (potentially underestimating hackers).

They're not saying "Yeah, we knew about it. We didn't care. We give out your personal information ALL THE TIME already, this is no big deal."

That's what I'm getting out of this.

Raiden1884d ago

Look forget what has been said so far, Sony should have informed there customer the moment they noticed the hack, On XBL if MS are doing any maintence, we are informed about it, either on the dashboard messager or email accounts, Sony never informed anyone until a week later. This is not right and this is why they have to questions that need answers. Xbox 360 may have had the RROD, but MS move fast enough to support it customer, 4 year extension warranty and free postage of replacement until, this is called customer service, this is a company looking out for it customers because they could not stop the production of the 360 while investigating the flaw. The PS3 has one of the largest fan base of gamers in the world and as a company they should have done the best for there customers. From my point of view they HAVE NOT, they let them down BIG TIME.

Masterchef20071884d ago (Edited 1884d ago )

I am getting sick of all these hate articles written by morons who have nothing better to do than wank off with (insert other console here) and their buddies.

I was just kidding. Anyways i hope all this hate press ends because its annoying to see how desperate some people can be just to take Sony down. We all know that no matter the hate Sony always gets back up on its feet.

+ Show (6) more repliesLast reply 1883d ago
Solidus187-SCMilk1884d ago (Edited 1884d ago )

of course it was know to the world, or else it would have never happened. Sony didnt know much about it tho. Its not like someone told them all about this hack and the ignored it. Kinda confusing when they say not "convinced" tho. Seems like they didnt understand how it could effect them.

This is nothing we already didnt know. Hackers knew about it, sony did not know much. Thats why it happened.

My CC ifo is safe, I just want them to bring PSN back up. My friends already beat dungeon hunter without me :(

edit- below Yeah, I started playing it with them while I was at their house, but they later played when I was at home. I wanted to play over PSN with them from my house. Dungeon hunter may be very generic(the mage looks %100 like gabriel from C:LOS), but its a good game and is alot of fun with friends.

fedexas1884d ago

And I want PSN back up for Blazblue CS2. :(

I feel your pain.

testerg351884d ago (Edited 1884d ago )

I guess I don't understand...

"of course it was know to the world, or else it would have never happened. Sony didnt know much about it tho." - So if the world knew about an exploit its ok if Sony ignored it?

"Seems like they didnt understand how it could effect them." - Then they need to get rid of their entire IT department. That's their job to know.

"Hackers knew about it, sony did not know much. Thats why it happened." - Sony said the world knew about and and they didn't? Seriously.. wtf.

You're ok with a major corporation, that collects users information and CC information, not keeping up with what's happening around them? I would understand if it was a new exploit, but since it was a known exploit, then that's unforgivable.

Solidus187-SCMilk1884d ago (Edited 1884d ago )

I just think that if they had know how bad this exploit could be, they would have done something sooner. This title makes it seem like the knew everything about it and still ignored it. But if you read it it seems like sony had no Idea how bad it could get.

Dont worry bro, you dont need to convince me. Ive always liked live more then PSN and I removed my CC info weeks before the hack because I saw an article about PSN not being secure and believed it to be true.

However, I dont think Sony knew how bad it could be and purposefully ignored the situation like the title implies.

So the level of incompetence of sony is up to the individual users to decide for themselvs. As for me, I already didnt trust them with my CC info.

GUYwhoPLAYSvideoGAME1884d ago (Edited 1884d ago )

i feel bad for people who have other systems and aren't here for playstation news, because that's all we've gotten for like the past month or so really.

anonymous, hackers...psn down...

interesting news and all but not for other people

DeeZee1884d ago

While most of the hottest stories have been PS3 related, anyone that's sick of Sony news can just filter it out and go to the other channels.

sleepy31884d ago

is there a way to give someone more than one bubble?

Tired1884d ago

Ouch! Someone is for the chop.

'...Not convinced of it.' ?

Whoever told them is wasn't an issue is going to get their arse handed back to them.

I hope this (at least part)admission of guilt doesn't open them up to every sue happy idiot out to make a quick buck.

Dear Sony....Get well soon x

BX811884d ago

Someone in that company has to be held responsible for this. Sony knew someone was going to try to steal information from them. That's why they have security. You don't set up security because you think no one is going to try and steal from you. With that said it's the head of security's job to make sure nothing happens to everyone's info. I know responsibility is a tough concept to grasp for a lot of gamers, especially kid gamers but something like this doesn't happen with out someone getting replaced. I hope Sony works this out and PSN gets back up soon but I'm glad they're taking the time to get it right.

-MoOkS-1884d ago (Edited 1884d ago )

Lol, so basically sony knew that there were possible security threats, anonymous even issued them a warning. How useless can one company be, honestly. They deserve harsh punishments for what they have allowed to happen to their consumers. I think the lack of action of their part is a testament to the fact that sony has zero regard for their supporters; they only want your money.

clintos591884d ago

I guess ms didnt know the risk of launching the 360 early to get that year headstart which lead to millions of rrod failures? MS also knew psn would be free & even though their one of the richest corporations in the world they love their fanbase so much that they make u pay to play your games online & they give u less exclusives. Amazing how such loyalty can go to one of the richest corporations in the world that gives u so much less then what its competitors have to offer. LOL.

Raiden1884d ago

WHO GOT HACK AGAIN, just go to bed and cry, at less if we get hacked we can complain, you can't, and if your PS3 breaks you have to buy a new one. so sorry BUT WHO GOT HACKED AGAIN, also, do you have cross gaming chat, can you invite you friends in Austria, Italy and USA to watch a movie together, because we can, from day one, so, remind me WHO GOT HACK. REMEMBER THIS (When you pay for a service you can always complain, when it FREE you are on your ASS) Now look what you made me done. @MoOkS i understand your point, but who is going to be the bigger losers in all this, It won't be Sony, it will be they Consumers and that is not fare. Let me end this by saying the XBL has so far been identified as the best console gaming online service for many years, this has been documented, According to some report PSN was begining to catch up XBL which is a good thing, i wish all the best to PS3 owners and i hope your network returns soon, just lookout for Sony to start charging you.

stuna11884d ago

@MoOkS
You should just get over it! Sinse everyone is not as intent as you to see a company fail, the crap you spew is just ridiculous to to the point that anytime I read one of your comments my eyes literally start to bleed! You really have it bad for sony!? Sort of like a jilted lover.

OT) Everyone wants to see sony face some infinite wrath, not taking into consideration of what negative and far reaching implications this could have on the industry as a whole in gaming or, otherwise.

This is just the fuel the government needs to put restrictions on how we utilise the internet.
No matter how you try to spin it, this has been an act of cyber terrorism and in all reality has changed the landscape of how some may view their own security while interacting with the internet. Be it other companies similar to sony, government entities or, people in general like you or me.
This has been an unfortunate "accident', and I say accident because sony did not intentionally set out to damage their own reputations by leaking personal information of it consumer market, "NO" it was taken by force! And as a matter of fact any company tied into the internet could be walking in the shoes that sony are force to walk in now.

Raiden1884d ago

Point taken, but why take so long to inform the there consumers, PLEASE ANSWER THIS QUESTION (if you can) and don't say they had to wait for a the security agency, all major company have a 24/7 network team monitoring there serves, where were Sony's internal network security team, were they on Holiday, how many serves got hack at once, was the hack so fast that it infected all serves, then what was the duration between the begining of the hack to when it was noticed/reported

Jazz41081884d ago

Sony messed up huge and now ill loose in court so let's bag on ms some more so you can feel better. The damage control is so funny to read on here.