I feel that there is something in the ps3 scene that might have triggered this, that nobody is actually mentioning.
Recently a custom firmware (rebug) was released that allowed PS3's with hacked firmware to connect to the developer only version of the PSN used for testing and development.
Even more so, they have figured out how to trick the dev PSN to allow them to 'buy' PSN games. They also figured out how to break out of the sandbox with certain games like the call of duty series, to allow patched games to play with regular players.
I personally suspect that this is the intrusion that they are referring to, and they are busy retooling the network to stop this from being possible.
Two days.. wow. We may have reached the tipping point where the threat of black hat retaliation can influence even the most powerful corporations.
It's a shame it's come to that, but it's the predictable result of a legal system that has utterly failed a large segment of the public. Corporations write laws and use the civil courts as a weapon. Nobody can even afford to defend themselves. For those who can't live with the injustice, there aren't many options.
Why would it be a shame? It's not pretty, agreed, but this might induce corporations to start behaving less "evil", otherwise there is always the threat that the hordes with their (digital) pitchforks will storm the castle. It tilts the balance of power in the right way.
You've misinterpreted the target of shame. It's a shame that we, the public, have no accessible, legitimate recourse against a corporation the size of Sony. It is not a shame that Sony is receiving a kidney punch.
Indeed. Hopefully this kind of struggles will eventually result in accessible, legitimate recourses. However, those hardly ever come into existence out of thin air.
Given that one party overpowers another, the former will attempt to grab more and more power. With an international entity such as corporations this is even more true, as even governments are having increasing trouble controlling them.
Diplomacy-based recourses are usually a result of a balance between the power of groups. For example, in the industrial revolution the workers unionized to have more marketing power against their employers. It has some interesting parallels (but also wild differences) with this.
It's a shame because it puts power in the wrong hands. The "good intentioned" hackers of today are easily replaced by the malevolent forces of tomorrow. Look at spam, botnets, trojans, censorship, spying, etc. You can't keep dangerous powers out of the hands of the "bad guys". And then it's only a matter of time before the entrenched interests start using the same techniques. Why bother arresting somebody when you can just hack their personal and business life?
When the courts and civil society break down people revert to violence and lawlessness. That's not a path you want to go down, because it typically leads to the most brutish and violent folks asuming power.
Corporations write laws and use the civil courts as a weapon. Nobody can even afford to defend themselves. For those who can't live with the injustice, there aren't many options.
And you can bet that Sony's counterattack will involve buying a few more of those laws.
Of course it's right. A wronged person has a right to have those wrongs redressed. That's fundamental. The legal system is an artificial construct designed to facilitate the process in a civil manner. But if the legal system isn't working, that doesn't mean that you no longer have that right. And it doesn't mean that whoever wronged you should get off scot-free. The redress will have to be through extralegal channels.
Sony sold me a PS3 and then disabled a piece of it. The legal system did absolutely nothing. If Sony and I ever settle up, it can't be through the legal system because the legal system declined to get involved.
File a small claims court case, I find it hard to believe that the legal system declined to get involved. If you feel you've been wronged, then you do something about it... legally. Otherwise, sell your PS3 and move on. The best thing you can do is to exercise your rights as a consumer and not spend your hard earned money on products made by that particular company ever again.
"Extralegal channels"...um right. DDoS'ing someones site is illegal. Hacking into someones site is illegal. Regardless of whether you think the legal system worked for you, they are still wrong. It isn't right period. You would have to have a screwed up ethical compass to think otherwise. Try moving that view to other portions of the law. Oh wait...it fails there too.
The fact that something is illegal doesn't make it wrong, just like the fact that something is legal doesn't make it right. Laws are supposed to reflect ethics, not the other way around. Unfortunately, many of our laws have no relation to what is ethically right, and are used by corporations as billy clubs to batter anyone who causes them the least bit of embarrassment.
Are you saying that everything that is illegal is wrong? I'm not sure I'm reading that right, but if that's what you are saying, I have to disagree. In many cases what's right and what's legal are, at the very least, orthogonal. in some cases, they are opposite.
Its been argued by some that a DDOS is equivalent to standing in a shop doorway and may be an appropriate form of protest. Protest being something that is perfectly legal.
Lots of dumb things are argued by a lot of dumb people.
If you stand in a shop doorway where I live, you are escorted off the premises by the police. You can protest outside, but you can't screw with people trying to go about their daily lives. As it should be.
Sorry, but this crap long ago passed "redressing a wrong" and went right into piracy and network attacks. There are ways for people with cracked PS3s to access the dev channel and directly pirate titles. Sony's fault for having an insecure system? Sure (and I'd bet that's why their network is currently down), but at this point there is precious little argument that they're "redressing a wrong." You can already run OtherOS and still access PSN; cracking the development servers has no legitimate use.
At this point it's full-on in asshat territory, and people like me (who own PS3s and don't really give a damn about people who can't install Linux on the 3,000th device they own) are getting it in the shorts because of it.
Who said anything about cracked PS3's or piracy? Do you really think this is about a few illegitimate dev channel members? You're right, those people probably aren't still mad at Sony. But most people can't run OtherOS and connect to PSN. It's much more likely that one of the many, many PS3 owners who can't are the ones behind this "intrusion".
I would bet money that it's related, yes. The asshattery perpetuated by geohot et al. lead directly to these sorts of things--that's the most likely way I can see for an attack that necessitates downing the service to fix it to be launched. They've compromised what were assumed to be trusted clients, which seems likely to be the vector for an attack this serious. (And to forestall the usual: from a technical perspective, obviously Sony shouldn't have trusted clients at all, but just because a window's open doesn't mean going through it isn't trespassing and taking things while you're there isn't theft.)
You poke the fate bear, the fate bear eats you. Unfortunately in this case, it's also chewing on my leg, too.
Trying to lump all hackers together is wrong on its face. Geohot had nothing to do with this, so bringing him up serves no purpose but to create false impressions and (unintentionally or not) shill for Sony.
I think GP meant publishing the signing keys for PS3 system code. That allowed the bad guys to sign any binary they wanted and authenticate the hacked PS3 to Sony's dev channels. Not really Geohot's intent, but certainly something he facilitated.
Color me not surprised. My email address had been registered on PSN and I got emailed regularly about the activity of this account. My email is very unique so they no doubt registered in an automated method with a database of farmed email addresses. I cut a ticket to Sony and had the account closed. A buddy of mine recently bought a PS3 and was unable to register with any of his email addresses as they all already had been registered to other accounts! What the hell is going on at Sony?
It's hard to believe that anyone running such a substantial service really sees shutting it down for forensic purposes to be a reasonable coarse of action. It is generally quite unlikely that such investigations will yield arrests if you're playing the averages. I'm familiar with a number of substantial intrusions into services larger or more significant than the PSN that never resulted in any shutdowns. The only example that comes to mind that supports this precedent is the Euro carbon market shutdown, but that occurred because the exchange had clear indications that other customer accounts were compromised and they would have been potentially open to more theft.
I wonder if this isn't something more like: hacker discovered --> recovery team switches to hot redundant systems --> everything falls down due to systems/recovery failure or lack of testing.
serious question (I don't own a PS3 (or an XBOX)) - is it not still playable offline, or is it like these new drm infested games I keep hearing about that require you to be online even for single player games?
I mostly use my ps3 as a Netflix machine now-a-days (new baby) and have been very frustrated with the PSN downtime since Netflix won't let you login to their service unless you are logged into PSN (for some reason). To me that means my TV has seen very little use and I get to watch shows on my 13" mac. :(
Overall I am very disappointed in having the PSN be so key to the ps3 experience while the PSN, to me, is pretty worthless and poor even when it is working.
Yeah, just keep retrying the login. Once you see the 'cover' images of the netflix titles you can cancel the login screen and use netflix with no problems.
The PS3 version of Portal 2 has a code to activate your copy of Portal 2 on Steam, and play it on PC or Mac. But you have to log in to PSN and Steam at the same time to sync up the accounts, and so as long as PSN is down, I can't install Portal 2 on my PC.
Also, the only reason I play PixelJunk Shooter is for the online leaderboards, which aren't available without PSN.
I use Netflix and Hulu Plus for all of my television watching (I don't have cable tv). Both of these seem to be tied somehow to the playstation network login, even though they use non playstation network credentials to actually authenticate me as a paying user. As mentioned below, Netflix still works, but with an annoying sequence of failed login attempts before letting you in and Hulu sometimes works with the same process sometimes doesn't work at all.
So while it's obviously not the end of the world, it is extremely frustrating to sit down to relax and watch a show and to be told that you just can't because of the playstation network, not because either of the content services arnen't working.
I think the biggest problem is that Sony has been totally opaque throughout the whole process. This has been going on for more than a WEEK now, not just two days, and until the blog post had not acknowledge in any way that there was a problem. Even though message boards were littered with people reporting problems.
The vast majority of games are playable offline, there are some new ones that require you to be connected to the PSN though in order to combat the custom firmware 'threat'.
AFAIK all disc-based titles that have a single-player mode must be playable offline in order to be licenced for manufacture. If it tells you that you need to download anything to continue, try detatching the network cable and restarting the device so that it's purely offline.
Sounds a bit silly but could Sony be hosting some of the elements of the PSN on EC2 and this is just a PR story to pass the buck... the dates seem a little too similar to me..
A PR story? Those are usually meant to give good PR, not make your platform look insecure and unstable. I don't see how it would be in Sony's interests to pretend the widely publicized Amazon outage had nothing to to with its problems and instead make up a story about how its security had been breached.
We may see it differently, from my point of view its much easier for Sony to blame this on anon as a) there is a known conflict already and its very simple to point the finger b) it hides the fact that a critical part of there system is on a 3rd party service with no contingency plan / backups..
I haven't read anywhere about security breached all I've seen is DDOS and thats exactly what anon are known for.
Recently a custom firmware (rebug) was released that allowed PS3's with hacked firmware to connect to the developer only version of the PSN used for testing and development.
Even more so, they have figured out how to trick the dev PSN to allow them to 'buy' PSN games. They also figured out how to break out of the sandbox with certain games like the call of duty series, to allow patched games to play with regular players.
I personally suspect that this is the intrusion that they are referring to, and they are busy retooling the network to stop this from being possible.