then Sony says:
"While the two systems are distinct and operated separately, given that they are both under the SONY umbrella, there is some degree of architecture that overlaps."
This my friends is back-peddling 101. Also known as "Sony can't give a straight answer on whether their PSN and SOE networks are connected or not"
Are you sure it's not just "Sony can't give a straight answer"?
Take your pick from:
* SOE Scandal
* PSN Scandal
* OtherOS removal
* GeoHot Scandal
* The BMG Rootkit Scandal
* The Master Key Scandal
And many, many more. I don't think they've been straight with their customers or the general public even once unless they've been caught out.
How often does this type of thing happen and no one has ANY idea?
Sounds like someone heard about HMAC (http://en.wikipedia.org/wiki/HMAC) but didn't bother to read the details...
I mean, what good is evidence that you keep to prove you aren't lying if the evidence is never meant to be shown? And if it is meant to be shown you'd be committing a crime by doing it, which would be especially silly just to prove to someone you wouldn't make up such a mundane story.
Either way you should just delete that file. It serves no useful purpose (eg. you can't show it to me to prove you're not a liar) and despite all the good intentions you have shown in the past in getting the issue fixed you are likely committing a crime simply by keeping a copy of it around.
Why do you care if anyone thinks that you're making up stories? And if someone did accuse you of making up stories, what are you going to do? Decrypt and show them the file with hundreds of credit card numbers?
This is why well-meaning hackers end up with jail time whenever they're pulled over for a broken taillight.
Not ideal, of course, but not the worst thing ever.
a system that basically needs an attacker to just see'n'remember both sides of your card (that you need to keep with you and not is safe) in order be able pay with your money until the card gets disabled or expires.
i noticed in the US people use it to pay by phone, and shops tend to keep that data for convenient repeat purchases.
i need a card for payments online and visits outside europe (especially visits to the US). i'm glad that i have one for those occasions, but i cannot say i think it is a safe system -- it is also constantly under attack.
in the netherlands there's a payment system that most-if-not-all webshops are subscribing to. it redirect you from the shop to the internet banking app of your own bank, there you pay (with some 2-factor kind of authentication), after which you're redirected back. i cannot help feeling a lot safer. :)
By law, consumers are liable for at most $50 if their credit card info is used fraudulently by someone else.
Credit card companies validate transactions against statistical models in an attempt to head off anything suspicious. EDIT: Thanks for reminding me of this, nialo.
But often, it's the merchants who bear the cost of a fraudulent transaction. They have the least power to encourage more secure alternatives, because everyone already expects to be able to buy online with a credit card.
Card companies in the US do have something similar to the system you mention called 3-D Secure, but it hasn't gained wide traction. The interface is implemented so badly and inconsistently that it looks like a phishing scam. But more fundamentally, consumers have no incentive to use it, since it shifts more liability onto them.
The point is that the system has effectively figured out that they can't make a system that is both sufficiently secure and sufficiently convenient in just a card, so it instead accepts that numbers will be stolen and tries to minimize the damage.
Fortunately that means ~100% of those numbers are expired by now. Can expired numbers be used for anything evil?
> I don't personally know whether this is valid or not but there are comments on http://news.ycombinator.com/item?id=2502477 [URL repeated, may have triggered spam filter?] that suggest that in at least some cases it's possible to charge a credit card without the CVV.
Edit: cushman beat me to it
Since some companies issue cards that are good for 4 years, I'd say many of those people have good reasons to worry.
- Memory stick
- The 2005 audio CDs with bonus rootkit
- PSN breach
- SOE breach
They've messed up a few things, but they still make good consumer products. I purchased a SONY TV and Blu Ray a year or two ago and I'm very happy with it.
They're clearly not perfect, but to say everything they've done since the walkman has been a disaster isn't really fair.
Their laptops have tremendous numbers of mechanical failures. Their eReaders are slow, have glare, and have serious usability issues -- e.g. the page turn buttons are located in a spot where you can't comfortably press them. They bought Minolta, and ran it into the ground -- they've been promising a successor to the a700 for close to 5 years now without being able to ship. The lower-end cameras are innovative, but have serious, serious usability issues. The Minolta 5D was a wonderful camera. The early Sony successors copied and improved on it (a700 was the most usable camera ever made -- and the only one with a useful auto mode). The current ones made a new, broken interface. The support is gone -- warranty issues don't get fixed, and if you buy from Sony direct, heaven help you if you want a return.
Your TV and Blu Ray aren't bad, but a bit overpriced and slightly lower quality relative to the competition.
But that's not the point. 20 years ago, Sony was like Apple or Trader Joes. You couldn't go wrong buying from them. The quality was spectacular. Sony products didn't break. Today, you go wrong buying from them 95% of the time. 5% of their products are market-leading. They ship known defective products. It's a very different company.
In terms of bringing gaming to the masses, you're thinking of the Nintendo, first with the NES, and many years later with the Wii.
The playstation 2 is still the most successful console with 150million units sold ( http://en.wikipedia.org/wiki/List_of_best-selling_game_conso... ). I'd say to get figures like that you need to have had mainstream success.
I can't speak for all of their products, I only have a couple, but I've never had a reason to complain.
I'm not apologising for them, they really have screwed up with this security thing, but I think it's disingenuous to claim they've only made crap for the past 20 years when there are some very obvious exceptions.
1960-1985: Sony is the gold standard for quality
1995-2010: Sony makes crap, with a few exceptions
Out of context, this may seem like a small difference, but the difference is huge. In the late 50s and early 60s, Sony did not ship a color TV for over a decade because they weren't convinced they could get the quality good enough. When they finally shipped in 1966, Trinitron had brighter pictures than the competition, and the TV sets never broke. The things were expensive, but they were built like a tank. Until the mid-90s or so, every Sony CRT had a full metal cage. You paid a premium, but you got quality.
Today, the majority of Sony products shipped are overpriced lemons. The Sony of yesteryear would never have shipped them.
The Playstation 3 is probably the most reliable console (hardware wise) out of the current generation consoles, I have not had any issues with mine and neither has anyone that I know personally, I can't say the same for the Xbox 360.
I bought a Sony Vaio Z 13" a few years ago and it has stood up to a lot without any issues, sure it may be very light and feel a bit "plasticy" but it is surprisingly tough.
Both of my brothers bought Sony LCD's a few years ago and they have not had any issues.
A friend of mine works in the geek squad as a home theater installer and by far the least reliable name brand TV's are made by Samsung, Sony is one of the more reliable brands.
If they 'lose' that it isn't my problem.
I think that's going to be the only way I'll by something from there.