| Mail |
You might also like: WoW Insider, Joystiq, and more

Reader Comments (30)

Posted: May 3rd 2011 7:09PM Joystiq Login Bugs SUCK said

  • 2 hearts
  • Report
Sophisticated attack? Please don't make me laugh.

http://toolbar.netcraft.com/site_report?url=http://station.sony.com

Just why SOE are you using unpatched web facing servers (Apache 2.2.3) from around 2007 with multiple vulnerabilities.

Only the most inept security team would allow their web facing servers to not be patched and kept up to date, it's basic common sense and best practices to boot.

It's bad enough that you kept old and no-longer used credit/bank account files unencrypted on a system that could be accessed from the web, but you have made it so much easier for any hacker by not keeping your software patched!

Words fail me.

Posted: May 3rd 2011 8:04PM (Unverified) said

  • 3 hearts
  • Report
Just because it's Apache 2.2.3 does not mean it's unpatched. For instance, Red Hat Enterprise Linux 5, which is still supported, patched, and updated, uses Apache 2.2.3. Red Hat does release security patches for Apache.
Reply

Posted: May 3rd 2011 10:27PM Unshra said

  • 2 hearts
  • Report
@(Unverified) While RHE might be patched it would still mean that Apache is still not patched and there for vulnerable.

However you can get Linux to report back anything you wanted so there is always the chance that the version is not 2.2.3. Still it is bad practice to have it report back a version especially if it is outdated version unless you are setting up a honey pot.

Blizzard and others do a better job by not reporting back the version, which is generally common security practice.
Reply

Posted: May 3rd 2011 10:45PM SgtBaker1234556 said

  • 2 hearts
  • Report
@Unshra

So who would just install kernel patches and ignore other errata?

But for now it's just speculation - I'm expecting a full disclosure from Sony once they're done with their investigation.
Reply

Posted: May 4th 2011 5:25AM Unverfied B said

  • 2 hearts
  • Report
@SgtBaker1234556
Don't look at the version number, pretty much every serious distro works the same way: whatever version comes with a certain OS release stays until the next release while security-related fixes from later versions are back ported to the stable version without changing it's (visible) version number.
Reply

Posted: May 3rd 2011 7:45PM Zantom said

  • 2.5 hearts
  • Report
"The intrusions were similar in nature. This is NOT a second attack; new information has been discovered as part of our ongoing investigation of the external intrusion in April."

This was the most revealing piece of information to me. So the damage was done weeks ago. They just realized yesterday (or so) that the PSN breach also effected SOE's infrastructural? Wow.

Posted: May 3rd 2011 7:52PM JTShadow said

  • 2 hearts
  • Report
30 days of free subscription plus a day for every day its down doesn't really help me and others who have a LIFETIME account for DCUO, what's Sony going to do for us?

Posted: May 3rd 2011 8:00PM Luk said

  • 3 hearts
  • Report
@JTShadow
You were SOL the moment you got a lifetime sub for a console game.
Reply

Posted: May 3rd 2011 8:02PM Yellowdancer said

  • 2 hearts
  • Report
@JTShadow

Probably station cash.
Reply

Posted: May 3rd 2011 8:08PM JTShadow said

  • 2 hearts
  • Report
@Luk To each their own, but I love DCUO, I think the updates have been fantastic and I can't wait to see what else they bring.
Reply

Posted: May 3rd 2011 8:09PM (Unverified) said

  • 2 hearts
  • Report
@JTShadow
Take a moment to think of you and then carry on until they find a way to extend your life by 30 days and one day for every day their services remain offline.
Reply

Posted: May 3rd 2011 9:51PM starbuck1771 said

  • 1 heart
  • Report
@Luk Actualy DCUO is a PC MMO that was ported to the PS3. I was one of the testers.
Reply

Posted: May 3rd 2011 11:00PM Luk said

  • 2.5 hearts
  • Report
@starbuck1771
If DCUO was a PC port, it was a port with the worst UI ever invented for PC.
Please do not kid yourself.
Reply

Posted: May 4th 2011 12:06AM stealthrider said

  • 2 hearts
  • Report
@starbuck1771

It was designed simultaneously for both. Obviously you weren't testing much if you didn't read the multiple dev posts that put the "port rumors" to bed.
Reply

Posted: May 4th 2011 7:51AM Ekphrasis said

  • 2 hearts
  • Report
@JTShadow

This isn't aimed at you directly but who really cares about meagre compensation from SOE in the form of (for example) 30 free days subscription?

The much bigger issue is all of your personal information is out there somewhere. Identity theft is a huge concern.

Even if Credit Card details were lifted from SOE you can cancel a credit card and submit a fraud/compensation claim to your financial institution.

How often do you change your Date of Birth? Or your name? How many (silly) people use the same password for everything?

Say you do use the same password; someone who now has the SOE data could login to your eMail account and browse your eMail history. They notice you have a legitimate eMail from your bank in a folder, therefore they know you're a customer of XYZ Bank. They proceed to call your bank's call centre and can provide some of your details (some organisations still *only* use personal details like Full name, Date of Birth, Address to authenticate you). As a result, someone could now have access to more than just your credit card - access to other bank accounts, take out a loan in your name etc.
Reply

Posted: May 3rd 2011 7:58PM smg77 said

  • 2 hearts
  • Report
Companies that care about their customers aren't this lazy about protecting their customers' private information. Hopefully this mess signals the end of SOE.

Posted: May 3rd 2011 8:03PM Yellowdancer said

  • 2 hearts
  • Report
@smg77

Dude, stop wishing evil on PEOPLE. Are you a monster? Do you want us all to wish you would lose your job and end up on the street?
Reply

Posted: May 3rd 2011 8:04PM Luk said

  • 2 hearts
  • Report
@Yellowdancer
LOL that was funny.
Reply

Posted: May 3rd 2011 9:38PM Furdinand said

  • 2.5 hearts
  • Report
@smg77 Hopefully this mess signals for people that hacker/piracy groups like Anonymous are not outlaws sticking it to "The Man". They are self-centered, self-righteous punks that are ruining the internet for the rest of us.
Reply

Posted: May 3rd 2011 9:56PM Suplyndmnd said

  • 2.5 hearts
  • Report
@Furdinand

Right! It was anonymous. I have no evidence to support this but, heck it sounds good enough right? I mean, it's "truthy" enough. At least to me, so, now it's fact. So lets just keep reporting what sounds good instead of what actually may have happened.
Reply

Featured Stories

WoW Archivist: A Glyphmas story

Posted on Dec 21st 2014 12:00PM

One Shots: Top 10 best player screenshots of 2014

Posted on Dec 21st 2014 10:00AM

Engadget

Engadget

Joystiq

Joystiq

WoW Insider

WoW

TUAW

TUAW