I'm sure all you PSN users are fully aware, but it's coming up on a week that PSN has been down, with no resolution in sight. According to the WSJ, it's now down indefinitely, which sounds more dire than it probably is, but it doesn't invoke a feeling of confidence.

Obviously there's a number of rumors going on as to the reasons. Sony cited an "external intrusion" is the main cause, and they're now rebuilding PSN for better security. Some think it was Anonymous (although the official story is that Anonymous did not do this, but that doesn't mean a few acted on their own). Others think it was due to a recent PSN developer network hack that allowed rampant PSN piracy.

You can read up on the PSN piracy speculation here: http://www.reddit.com/r/gaming/comments/gx6o4/im_a_moderator_over_at_psxscenecom_the_real/

Finally, there's also speculation that private personal information, including credit card info, could have been leaked. There's been no confirmation of that, though, but also Sony has not denied the rumor, which does not invite confidence.

In any case, I'm glad I don't have a PS3, especially not with the Playstation Plus service. I'd be damn near furious by now. People used to be upset when XBox Live had connection issues for ~1 day. This is far worse.

So what's your thoughts/reactions? What do you think happened?

Ha. I read about this on thursday or friday but wow I cannot believe it's still down.

Oh well you get what you pay for. Can't ***** because it's free right?

I don't have a PS3 but I just wanted to point out that the internet never goes down (PC gaming 4eva!).

Keep in mind some people DO pay, with the Playstation Plus services.

But Penny Arcade made a great point about this. Sony advertised the fact that it was free, compared to XBL, and it's an expected service. The PS3, like the 360, is deeply integrated with the network, and when you don't have it, you really do lose such a significant amount of functionality. I mean really, there's no multiplayer now because of it.

Better yet, you can still be forced to update your games that you can't then play online! Huzzah!

Also, despite the "free" price tag, you'd imagine that the cost of the console and ongoing game purchases (When I bought my 360 the PS3 was about £100 more expensive) go towards the service. You have paid for it in that sense, and yes, you expect it not to be down for a week.

the biggest inconvenience i found with PSN going down is when it first started it made the vudu app NOT WORK AT ALL now that the error isn't some error code the vudu app does actually work but because of this i had a movie expire

now part of this is the fault of the vudu app being tied to PSN when it simply should not be so (it means when PSN is working you can't sign off to watch movies on vudu so you need to either flat out cancel those background downloads or wait until they finish since streaming movies while downloading can easily cause problems (signing out of PSN pauses downloads in case you didn't know))

From engadget:



http://www.engadget.com/2011/04/26/sony-provides-psn-update-confirms-a-compromise-of-personal-inf/

http://www.gamespot.com/news/6310386.html?tag=latestheadlines%3Btitle%3B1

There's your answer.

I hope they at least took password encryption more seriously than Gawker did...

I can't help but laugh at that turn of events. I'm glad I never got on PSN with my PSP, then.



They said your password may be a part of the info taken. Besides, it's much worse to lose a credit card number.

Right, but they didn't say if it was a plaintext password, encrypted password, or hashed password.

I wouldn't worry too much if all they got were AES encrypted passwords without keys for example.

Pretty sure my CC on PSN is expired too, recently got a new one and never updated PSN.

While that's true, based on Sony's failures in encryption, I wouldn't rely on it. I wouldn't be surprised if they were MD5 hashed with no salt as well, allowing easy brute force attacks. Or not hashed at all.

This ruined the end of our 4/20 COD Gungame session, but we ended up playing Nazi Zombies instead. We were going to get together again this last weekend here but it's still down.

I think the worst part was how obscure the error message was. We looked it up for a good 40 minutes before we gave up, assuming it was the server and not the PS3.

Yknow I never even noticed that the PSN was down until about 3 hours ago.

Good thing you noticed at all, especially if you have a credit card on the account.

I honestly can't remember if I have, I never use the online stuff expect for streaming things.

http://arstechnica.com/gaming/news/2011/04/ars-readers-report-credit-card-fraud-blame-sony.ars

It seems like it is getting worse. Ars here reports possible credit card fraud in relation to the PSN attack now. Obviously it's possible that it's a coincidence, but it's not looking good. If you ever had a credit card on the account, I'd check it right now and make sure there's nothing odd on it, as well as possibly get a new number.

Nothing odd so far but I just went any changed all my passwords to money things and I'm getting the card replaced in the morning.

Business as usual for Sony.

w.r.t. passwords: it's not possible to reverse a hash - all you can do is generate a collision that works for a certain hashing scheme, but there are potentially very many collisions for an arbitrary password. In general, leaking the hashed passwords wouldn't threaten the security of other services. I think it's reasonable to assume that Sony chose their words deliberately, and the plaintext passwords were in fact leaked. The "good news" is that this probably doesn't matter: I heard somewhere that PSN transmits username/password through unencrypted HTTP so your password's been public knowledge for a while now.

w.r.t. credit cards: the fact that people were able to use an exploit on the client side to access credit card information means that the credit card information was never stored securely. It means, for example, that any user who is able to query the PSN user database would have been able to get all of this information as well - the fact that it's outward facing is worse, but I doubt Sony's computer janitors should have been allowed access to financial information (e.g. PCI-DSS.) Sony customers should seriously reconsider ever paying for products on PSN again, because they obviously don't take information security seriously and this leak probably won't change that attitude.

Credit card expired on my account. And imagine the indie developers, just putting games on the PSN... that will be a major loss. I had some games I was looking forward to try out.

The leaking of personal information is what's irritating the most about this downtime. I don't mind PSN being taken down for maintenance (been having a lot of sign in errors prior to the downtime), but having your personal information leaked out like this is inexcusable. Supposedly the credit card data was encrypted so hopefully that's the truth.

Either way, this is becoming quite a serious issue with the FBI and now Homeland Security becoming involved.