Reply
Ghost of Sparta
Registered: 05/27/2009
Offline
13187 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 14, 2014

The-Sarge wrote:

Thanks for letting us know so quickly.  Smiley Mad

 

I mean, after all, the exploit was made public a week ago.  Some have only been trying to get information from Sony customer support since the 8th.  Other major companies have only let people know the security status since that same date.

 

What the hell is wrong with Sony?  Do you not think that your customers deserve to know the security status of their private information that they have entrusted to you.

 

The exploit may not have been your fault, but the way you handle informing customers of the situation is.

 

I tell you, some laws need to start being passed regarding these type of things.  Companies should be, by law, issuing a security status statement to it's customers within 24 hours of such a vulnerability being made public.  With the current status of the security, and ETA of patch completion.

 

One week of saying nothing, especially when you have been asked repeatedly is ridiculous.

 


I agreed. Sony and it's Customer Service should been redesign, very heavy to ensure any problems

 photo AL2009manBanner2013_zpsd80ecc86.png
Message 11 of 34 (770 Views)
Reply
0 Likes
Ghost of Sparta
Registered: 07/27/2012
Offline
13569 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 15, 2014

Thanks for letting us know and fix the problems!

Message 12 of 34 (624 Views)
Reply
0 Likes
Ghost of Sparta
Registered: 04/05/2003
Offline
13294 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 15, 2014

The-Sarge wrote:

Thanks for letting us know so quickly.  Smiley Mad

 

I mean, after all, the exploit was made public a week ago.  Some have only been trying to get information from Sony customer support since the 8th.  Other major companies have only let people know their security status since that same date.

 

What the hell is wrong with Sony?  Do you not think that your customers deserve to know the security status of their private information that they have entrusted to you.

 

The exploit may not have been your fault, but the way you handle informing customers of the situation is.

 

I tell you, some laws need to start being passed regarding these type of things.  Companies should be, by law, issuing a security status statement to it's customers within 24 hours of such a vulnerability being made public.  With the current status of the security, and ETA of patch completion.

 

One week of saying nothing, especially when you have been asked repeatedly is ridiculous.

 


Ya know it takes time to test and to fix stuff like this. Theyh first have to see if th issue even exists. If it does what damamge was doen if any and then close the open door. There just not going openly say there is or isnt any issues off the bat. There going to check first. By not checking and making statments like this can get them taken to court.

Message 13 of 34 (610 Views)
Fender Bender
Registered: 12/06/2005
Offline
3901 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 15, 2014

Adding my IT knowledge into this:

 

The whole situation was handled correctly. If the IT techs would have announced the bug too early, a mass amount of people would have changed their passwords before the fix was completely implemented. That involved getting new private keys for SSL certs; which takes a little bit of time considering the mass amounts of admins who had to scramble for them. It would have made the chance of somebody out there still trying to hack being even more successful. Announcing the complete fix and a notice to change passwords at the same time was the way to go. If you changed your password before the fix, a hacker could have still gotten your new password while you think changing the password saved you.

 

I had to scramble and repair stuff at my job as we have a lot of sensitive info on the servers. We could not afford to make anybody accidentally expose themselves. This was a dangerous bug that couldn't be played around with. You simply could not alert the to world to your servers being vulnerable until you had that bug fixed. It's like waving a giant "Come hack me" flag to the general public of the internet.

Message 14 of 34 (602 Views)
MVP Support
Registered: 05/22/2013
Offline
13843 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 15, 2014

Had some issues with logging into the forums on the 12th, and I let a couple of the Mods know via PM about it. It happened again on the 13th. Just heard back from one of them yesterday and they said they're looking into it.

 

Glad you guys are taking care of the Heartbleed issue!

smdedspace2.png


Smiley HappyRobot Happy/FAQ and Rules & Conduct//FAQ about reports/Forum Team info/Robot Very Happy/WC Forum Resources/ PSN friends thread/Life and Gaming -- My blog

Playstation customer support numbers: 1-877-971-7669 (for billing and Playstation Network); 1-800-345-7669 (for technical support)
Message 15 of 34 (583 Views)
Reply
0 Likes
Big Daddy
Registered: 12/24/2007
Offline
16918 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 15, 2014

Winscar_Shinobi wrote:
Sad this is the exploit has been available for sometime but now suddenly everyone is freaking out about it.

Like if someone stole your **bleep** it would have happened a LONG time before now.

But no one KNEW an exploit existed, thats the thing.

NSA knew about it years ago... but they didnt do anything because it gave them EASY access to any domain.

Furiously Chaosing
Message 16 of 34 (561 Views)
Reply
0 Likes
Treasure Hunter
Registered: 05/09/2006
Offline
6102 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 15, 2014
Psh hackers have known about this for sometime.

I mean there are already 3ds and vita emulators for pc yet no one talks about it and a google search just pulls up viruses and fake downloads. Yet I can play 3ds and vita games on my pc (I mean I dont but I have the ability to)

No one will care about it until some idiots announces it to the world. Which is what happened with heartbleed. Hackers have used it for a long time. Its not until the press discovered it that it became a big thing.
 photo newforumsig_zps5ec69817.png
Message 17 of 34 (557 Views)
Reply
0 Likes
Splicer
Registered: 03/02/2010
Offline
53 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

[ Edited ]
Apr 15, 2014

So when will we get the go ahead to change our info?

 

 

EDIT: oh they fixed it already...

Message 18 of 34 (551 Views)
Reply
0 Likes
Ghost of Sparta
Registered: 03/14/2007
Online
15684 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 15, 2014

The-Sarge wrote:

Thanks for letting us know so quickly.  Smiley Mad

 

I mean, after all, the exploit was made public a week ago.  Some have only been trying to get information from Sony customer support since the 8th.  Other major companies have only let people know their security status since that same date.

 

What the hell is wrong with Sony?  Do you not think that your customers deserve to know the security status of their private information that they have entrusted to you.

 

The exploit may not have been your fault, but the way you handle informing customers of the situation is.

 

I tell you, some laws need to start being passed regarding these type of things.  Companies should be, by law, issuing a security status statement to it's customers within 24 hours of such a vulnerability being made public.  With the current status of the security, and ETA of patch completion.

 

One week of saying nothing, especially when you have been asked repeatedly is ridiculous.

 


I agree to a point. 24 hours isn't enough time to find all the systems that would be vulnerable to that patch, and to find out a way to patch them. Could they have posted we are aware. Sure, they could have. Is the time from the 8th to the 15th acceptable, no, but they in the past would have never communicated with us about this, so small victories.

 

Also, and more important, when you have enemies, I think based on the PSN outage they have them, you never, never, never, tell your enemy if you are vulnerable, and when you plan on patching it.

 

BTW security patches are released daily/monthly, why not just put a post on the web that states " we are aware of the security risk, and are working on patching it. Thank you."

Contact PlayStation Support
Chat with a PlayStation Specialist 
Mon - Sat, 6:00AM - 10pm , Sunday 8am-8pm Pacific

Consumer Services and Technical Support____ 1-800-345-7669
Mon - Fri, 8:00AM - 8:00PM Pacific
Playstation Network Accounts and Billing Support____1-877-971-7669

Playstation Forums Support MVP. I do not work for Sony. Just a helpful gamer.
Message 19 of 34 (547 Views)
Welcoming Committee
Registered: 06/14/2009
Online
14267 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 15, 2014

The-Sarge wrote:

Thanks for letting us know so quickly.  Smiley Mad

 

I mean, after all, the exploit was made public a week ago.  Some have only been trying to get information from Sony customer support since the 8th.  Other major companies have only let people know their security status since that same date.

 

What the hell is wrong with Sony?  Do you not think that your customers deserve to know the security status of their private information that they have entrusted to you.

 

The exploit may not have been your fault, but the way you handle informing customers of the situation is.

 

I tell you, some laws need to start being passed regarding these type of things.  Companies should be, by law, issuing a security status statement to it's customers within 24 hours of such a vulnerability being made public.  With the current status of the security, and ETA of patch completion.

 

One week of saying nothing, especially when you have been asked repeatedly is ridiculous.

 


You probably know me, i don't usually defend Sony even in the slightest. But to be fair if they had warned you what would you have done?

 

Changed your passwords? Only to find out they hadn't secured everything yet? It wouldn't have accomplished anything to tell anyone until the job was done.

 

Plus by telling people before doing it in this case they would just get bombarded with mail when they could just be working on it.

 

They handled this one correctly. The last issue with PSN.. Not so well handled, Now that deserved a riot.



Message 20 of 34 (537 Views)