Reply
Ghost of Sparta
Registered: 05/27/2009
Online
12466 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 14, 2014

The-Sarge wrote:

Thanks for letting us know so quickly.  :smileymad:

 

I mean, after all, the exploit was made public a week ago.  Some have only been trying to get information from Sony customer support since the 8th.  Other major companies have only let people know the security status since that same date.

 

What the hell is wrong with Sony?  Do you not think that your customers deserve to know the security status of their private information that they have entrusted to you.

 

The exploit may not have been your fault, but the way you handle informing customers of the situation is.

 

I tell you, some laws need to start being passed regarding these type of things.  Companies should be, by law, issuing a security status statement to it's customers within 24 hours of such a vulnerability being made public.  With the current status of the security, and ETA of patch completion.

 

One week of saying nothing, especially when you have been asked repeatedly is ridiculous.

 


I agreed. Sony and it's Customer Service should been redesign, very heavy to ensure any problems

 photo AL2009manBanner2013_zpsd80ecc86.png
Message 11 of 34 (763 Views)
Reply
0 Likes
Welcoming Committee
Registered: 07/27/2012
Online
12455 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 15, 2014

Thanks for letting us know and fix the problems!

Message 12 of 34 (617 Views)
Reply
0 Likes
Keyblade Wielder
Registered: 04/05/2003
Online
10487 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 15, 2014

The-Sarge wrote:

Thanks for letting us know so quickly.  :smileymad:

 

I mean, after all, the exploit was made public a week ago.  Some have only been trying to get information from Sony customer support since the 8th.  Other major companies have only let people know their security status since that same date.

 

What the hell is wrong with Sony?  Do you not think that your customers deserve to know the security status of their private information that they have entrusted to you.

 

The exploit may not have been your fault, but the way you handle informing customers of the situation is.

 

I tell you, some laws need to start being passed regarding these type of things.  Companies should be, by law, issuing a security status statement to it's customers within 24 hours of such a vulnerability being made public.  With the current status of the security, and ETA of patch completion.

 

One week of saying nothing, especially when you have been asked repeatedly is ridiculous.

 


Ya know it takes time to test and to fix stuff like this. Theyh first have to see if th issue even exists. If it does what damamge was doen if any and then close the open door. There just not going openly say there is or isnt any issues off the bat. There going to check first. By not checking and making statments like this can get them taken to court.


Message 13 of 34 (603 Views)
Fender Bender
Registered: 12/06/2005
Offline
3867 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 15, 2014

Adding my IT knowledge into this:

 

The whole situation was handled correctly. If the IT techs would have announced the bug too early, a mass amount of people would have changed their passwords before the fix was completely implemented. That involved getting new private keys for SSL certs; which takes a little bit of time considering the mass amounts of admins who had to scramble for them. It would have made the chance of somebody out there still trying to hack being even more successful. Announcing the complete fix and a notice to change passwords at the same time was the way to go. If you changed your password before the fix, a hacker could have still gotten your new password while you think changing the password saved you.

 

I had to scramble and repair stuff at my job as we have a lot of sensitive info on the servers. We could not afford to make anybody accidentally expose themselves. This was a dangerous bug that couldn't be played around with. You simply could not alert the to world to your servers being vulnerable until you had that bug fixed. It's like waving a giant "Come hack me" flag to the general public of the internet.

Message 14 of 34 (595 Views)
Welcoming Committee
Registered: 05/22/2013
Online
9830 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 15, 2014

Had some issues with logging into the forums on the 12th, and I let a couple of the Mods know via PM about it. It happened again on the 13th. Just heard back from one of them yesterday and they said they're looking into it.

 

Glad you guys are taking care of the Heartbleed issue!

Message 15 of 34 (576 Views)
Reply
0 Likes
PlayStation MVP
Registered: 12/24/2007
Online
15924 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 15, 2014

Winscar_Shinobi wrote:
Sad this is the exploit has been available for sometime but now suddenly everyone is freaking out about it.

Like if someone stole your **bleep** it would have happened a LONG time before now.

But no one KNEW an exploit existed, thats the thing.

NSA knew about it years ago... but they didnt do anything because it gave them EASY access to any domain.

Furiously Chaosing

I get you so horked up


Message 16 of 34 (554 Views)
Reply
0 Likes
PlayStation MVP
Registered: 05/09/2006
Online
5849 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 15, 2014
Psh hackers have known about this for sometime.

I mean there are already 3ds and vita emulators for pc yet no one talks about it and a google search just pulls up viruses and fake downloads. Yet I can play 3ds and vita games on my pc (I mean I dont but I have the ability to)

No one will care about it until some idiots announces it to the world. Which is what happened with heartbleed. Hackers have used it for a long time. Its not until the press discovered it that it became a big thing.
 photo newforumsig_zps5ec69817.png
Message 17 of 34 (550 Views)
Reply
0 Likes
Splicer
Registered: 03/02/2010
Offline
53 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

[ Edited ]
Apr 15, 2014

So when will we get the go ahead to change our info?

 

 

EDIT: oh they fixed it already...

Message 18 of 34 (544 Views)
Reply
0 Likes
Treasure Hunter
Registered: 03/14/2007
Online
8656 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 15, 2014

The-Sarge wrote:

Thanks for letting us know so quickly.  :smileymad:

 

I mean, after all, the exploit was made public a week ago.  Some have only been trying to get information from Sony customer support since the 8th.  Other major companies have only let people know their security status since that same date.

 

What the hell is wrong with Sony?  Do you not think that your customers deserve to know the security status of their private information that they have entrusted to you.

 

The exploit may not have been your fault, but the way you handle informing customers of the situation is.

 

I tell you, some laws need to start being passed regarding these type of things.  Companies should be, by law, issuing a security status statement to it's customers within 24 hours of such a vulnerability being made public.  With the current status of the security, and ETA of patch completion.

 

One week of saying nothing, especially when you have been asked repeatedly is ridiculous.

 


I agree to a point. 24 hours isn't enough time to find all the systems that would be vulnerable to that patch, and to find out a way to patch them. Could they have posted we are aware. Sure, they could have. Is the time from the 8th to the 15th acceptable, no, but they in the past would have never communicated with us about this, so small victories.

 

Also, and more important, when you have enemies, I think based on the PSN outage they have them, you never, never, never, tell your enemy if you are vulnerable, and when you plan on patching it.

 

BTW security patches are released daily/monthly, why not just put a post on the web that states " we are aware of the security risk, and are working on patching it. Thank you."

Message 19 of 34 (540 Views)
Welcoming Committee
Registered: 06/14/2009
Online
13695 posts
 

Re: Regarding "Heartbleed" and PSN - SEN - PS.com

Apr 15, 2014

The-Sarge wrote:

Thanks for letting us know so quickly.  :smileymad:

 

I mean, after all, the exploit was made public a week ago.  Some have only been trying to get information from Sony customer support since the 8th.  Other major companies have only let people know their security status since that same date.

 

What the hell is wrong with Sony?  Do you not think that your customers deserve to know the security status of their private information that they have entrusted to you.

 

The exploit may not have been your fault, but the way you handle informing customers of the situation is.

 

I tell you, some laws need to start being passed regarding these type of things.  Companies should be, by law, issuing a security status statement to it's customers within 24 hours of such a vulnerability being made public.  With the current status of the security, and ETA of patch completion.

 

One week of saying nothing, especially when you have been asked repeatedly is ridiculous.

 


You probably know me, i don't usually defend Sony even in the slightest. But to be fair if they had warned you what would you have done?

 

Changed your passwords? Only to find out they hadn't secured everything yet? It wouldn't have accomplished anything to tell anyone until the job was done.

 

Plus by telling people before doing it in this case they would just get bombarded with mail when they could just be working on it.

 

They handled this one correctly. The last issue with PSN.. Not so well handled, Now that deserved a riot.



Message 20 of 34 (530 Views)