Maybe Sony hasn't confirmed all the reasons why the PlayStation Network is down.

We've known for some time that, officially, it was due to an "external intrusion," but something else has come to light: according to PSX-Scene moderator chesh420, Sony shut down the PSN due to a custom firmware called Rebug . Basically, this allowed users to simulate a PS3 debug unit (something we and other sources have to play betas and certain games early); with a few proxy-server changes, Rebug lets a retail PS3 mimic a debug PS3. So, when the hacker inputs false credit card numbers, Sony doesn't check them because they assume developers or journalists are logged in. So yeah, they can then get the PSN stuff for free and that's a definite problem. Of course, all of this is speculation – as admitted by chesh420 – and Sony hasn't said anything about Rebug being the cause of the PSN downtime.

Whatever the reason, it'll be interesting to hear Sony's detailed explanation on the entire issue…provided they ever provide one.

Subscribe
Notify of
115 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Ignitus
Ignitus
9 years ago

I wonder how SONY feels about online distribution now.

The Doom
The Doom
9 years ago

Aksys games LOVES doing digital downloads; maybe this will convince them that it isn't always the way to go. A hardcopy of Arcana Heart 3 would be sweet

Beamboom
Beamboom
9 years ago

I believe the real question should be "I wonder how Sony feel about their security now". This rebug feature sounds like a really sloppy solution to me.

Beamboom
Beamboom
9 years ago

Oh c'mon thumbers, Sony can make errors too.
Just read the link above, on how this rebug works and some of the comments regarding this.
Basically Sony created a network that were built around trusting the users. To quote one of the posts: "You do not trust users!" And that is like rule numero uno: You *never* build a service around such a principle. Anyone who has ever been anywhere near administrating or maintaining a network know this! And here we got a world wide company with millions of users basing their security more or less on trusting their users??? Insanity.
The more I get to know about this case the more obvious it gets to me: If what we now read turns out to be the truth then Sony can *so* thank themselves for being in this situation.


Last edited by Beamboom on 4/26/2011 2:43:24 AM

Alienange
Alienange
9 years ago

Anyone have an ode to PSN? I miss it dearly.

ElJefeDiablo
ElJefeDiablo
9 years ago

Oh PSN it feels like sin
Not to have you yet again
By light of day you are gone
By dark of night you have fled
I am forsaken, left, alone
A thousand pints I have bled
A thousand lives lived in my head
A million tears shed in vain
Not to have you yet again


Last edited by ElJefeDiablo on 4/25/2011 7:25:43 PM

Excelsior1
Excelsior1
9 years ago

oh psn we are approaching day six
could you please tell us the nature of the fix
days have went by in vain
some might even start to complain
no matter the cost
we would like to know what's been lost
and what will be done to keep this from happening again

@eljefe

your ode is a lot better than mine. great job.


Last edited by Excelsior1 on 4/26/2011 5:40:45 AM

ElJefeDiablo
ElJefeDiablo
9 years ago

Thanks man. Sometimes the words just flow.

This situation really isn’t a huge deal to me. Of course I am curious to see how it all turns out and exactly why it happened in the first place.

I have a good buddy, with a very addictive personality, who is going through withdrawal because he can’t play multiplayer CrapOps. I have to bust on him because he doesn’t commit to playing any cool SP games. I have lent him titles such as Infamous, Dead Space and GOW III, yet he lacks the skill, patience and determination to even finish these titles on easy. I believe a lot of casual gamers have these issues. Thus the massive trend towards multiplayer cotton candy titles. I tend to deny people who send friend requests, after realizing that they only play the multiplayer portion of a game. Why order a 4 course meal when you only eat the dessert? ROOkies!

SmokeyPSD
SmokeyPSD
9 years ago

Sounds plausible though in the end sony would've lost a lot of money taking it down on this specific period. I have a hard time believing a manufactured attack for that reason.

LittleBigMidget
LittleBigMidget
9 years ago

Sh** just got real.


Last edited by Ben Dutka PSXE on 4/25/2011 8:44:50 PM

Jawknee
Jawknee
9 years ago

If true can't this be traced back to Geohot's release of key information and instructions on how to build custom firmware?

TheHighlander
TheHighlander
9 years ago

It can be traced back to GeoHot, the PS Jailbreak guys, Fail0verflow, GeoHot again, Graf Chokolo and a host of others involved in breaking the encryption and chain of trust in the PS3s security system and then creating modified firmware that bypasses the security. Every one of the is responsible in part for this, although I doubt any of them had this intent with their work (except for Chokolo maybe, he's off his rocker). But, they facilitated this hack with their work. Anonymous has some of the fault here too because their actions have made it fashionable among certain groups to attack Sony again. All in all, a very small number of people have caused huge damage to Sony and their customers. Sadly very few, if any, of them will ever be brought to justice for it.

Jawknee
Jawknee
9 years ago

Sony should have made more of an example of Geohot by asking for nothing less than some jail time.

TheHighlander
TheHighlander
9 years ago

Jawknee,

I'm not so sure of that. Under the current laws, Sony was correct to open a civil case against GeoHot because his actions definitely fell under the DMCA and other copyright/computer mis-use laws. But I don't believe he did anything that falls within the criminal law. As much as Sony has been vilified, all they have done is protect their platform, and right now, it looks like they were right to try to protect their platform.

If the laws change then future actions by GeoHot or his like may land them jail time, but for now the civil law is the appropriate venue. One thing I wish the folks behind all of this would recognize is that very rule of law. It provides remedies for both sides, you just have to find the right way to approach matters.

Danny007
Danny007
9 years ago

Can we really trust chesh420?

Did you notice the last numbers?

thj_1980
thj_1980
9 years ago

HAHHAHAAHAHAHAHHAAHAHAHAHAHAHAHAHAHAHAHAHA

Sorry but I had to get that out.

Cpt_Geez
Cpt_Geez
9 years ago

Lmao

WolfCrimson
WolfCrimson
9 years ago

I don't get it.

dkmrules
dkmrules
9 years ago

As long as the anonymous cowpatties dont steal my credit card info I'll be fine.

Bloodysilence19
Bloodysilence19
9 years ago

g4 aot pointed this out today isn't weird the psn went down on 420. anyoo what chelsea420 said that could be the problem who knows. so many rumors flying around the net that nobody knows whats really going on. you got rumors such as ms did it, or anon did, to steam cause the outage, to coffee being spilled on the servers. im sure by tonight though sony will gives us a update on whats going on or tomorrow.


Last edited by Bloodysilence19 on 4/25/2011 7:52:18 PM

jimmyhandsome
jimmyhandsome
9 years ago

This is starting to get a little ridiculous with Sony's PR department. I'm with you Ben, that they need to be more upfront with its customers and say SOMETHING. Their "updates" on the PS Blog aren't updates at all….in fact they flat out tell you nothing about what is going on or when it'll be resolved.

And this isn't me whining about not being able to play online. I've been a-ok with the PSN being down (and would be if it were down for a longer amount of time), but this is more about the principal of the matter. Will it take a week to fix? 2 weeks? a month? Fine, just say that. Tell us if our information has been compromised. You aren't 100% sure? Say that. At this point I think I'll be flat out pissed if Sony doesn't provide an explanation once this is all over. I don't like to be taken for a ride, especially by a company that already has hundreds (close to thousands) of my money already. Sony needs to stop treating its customers like 5 year olds who still believe in Santa.

/rant

TheHighlander
TheHighlander
9 years ago

Oh?

What more do you think that they can say other than – We were attacked. We stopped the attack by turning off PSN. We're rebuilding PSN to ensure the network is clean and secure again. We are investigating the intrusion to determine whether customer data was accessed.

That's pretty much what they've said, and that's pretty much all you could expect at this point. What do you want, a timeline for each server? If they are still investigating to determine whether customer information was accessed, they have to complete that work before saying anything.

Jawknee
Jawknee
9 years ago

Yea Jimmy, I know this sucks but I think you're being completely unfair to Sony. Highlander is 100% correct.

jimmyhandsome
jimmyhandsome
9 years ago

No, I don't want a detailed timeline of when each individual server is up and running. What I want is a clear and concise explanation once this is all over, because thus far their "updates" are laughable. If you go on the PS blog, they first report on the 20th and 21st that they're aware that the PSN is down and are investigating the causes of it and it could take a day or two to fix. Ok sounds good. Then on the 22nd they say it was the result of an external intrusion and that THEY turned off the servers on the evening of the 20th. So which is it? Did these hackers distrupt the servers on the 20th, or did something happen before then and you just decided to turn them off yourselves? I feel like they thought they could fix it quicker than they could so they just shut down their servers and played dumb by saying they're "investigating" whats going on. Then when they realize they couldn't fix the problem without completely rebuilding their system they decide to tell us that. Also, not one single solitary apology in any of their "updates".

This may not offend some people, but like I said it really chaps my ass when I'm basically lied to by a company that I've been very good to. I don't feel like I'm being "unfair" to Sony, as a paying customer that has supported them through the years I have the right to feel offended. And I understand that this whole incident isn't Sony's fault, and I'm not blaming them for the PSN being down. But their PR/Marketing department thus far hasn't handled the situation well at all. This is just my opinion of course, I know others could care less what they update on the PS Blog. I'm not about to start a "I hate Sony" campaign, either. I'd like to think that they work this all out in the end. This incident isn't going to make me up and sell my PS3 or even not buy games, I still have inFamous 2, Twisted Metal and Uncharted 3 all preordered at Amazon.

slugga_status
slugga_status
9 years ago

Gotta agree with Jimmy here. Sony should have explained the issue clearly so that the customers know and understand what is happening. Yes they gave us updates in the blogs but they really didn't say much of anything that wasn't apparently obvious.

Sony could have handled the situation differently and it will get under peoples skin. Personally I feel they're just beating around the bush about the true problem but it is what it is.

Pointless to get mad/angry/upset over something we can't control..but I can understand the feeling of dishonesty


Last edited by slugga_status on 4/26/2011 9:16:37 AM

thj_1980
thj_1980
9 years ago

Usually when stuff like this happens, you know shit is going down. It's another big business corperate over up. It could be a employee gone rouge, or just hackers found a flaw in their security system that enables people's information to be seen by others. You never know, even though we would consider it to be a rebuild of the network I'm sure it would be done by now. 5 days and nothing just useless posts by playstation blog and other stuff. Estimates of times by other sources isn't the best way to go about this now. I'de say sony should spill the beans and tell us what is really going on.

Just saying.

Clamedeus
Clamedeus
9 years ago

Why they won't is beyond me, I'm sure it would add a bit of relief to people who are concerned about it.

Excelsior1
Excelsior1
9 years ago

sony needs to give an update that has some real info to stop all this rampant speculation. an eta as to when services are restored would go a long way as well. they need to just get on top of this and control the message.

we are 6 days into this outage, and still know nothing. i've noticed even the diehard sony loyalists are getting fed up with this situation. that's just poor crisis management on sony's part.

thj_1980
thj_1980
9 years ago

not six days yet, we are only at 5 technically 4. Most people knew about this around the 21st and it started around the 20th.

tornado03
tornado03
9 years ago

Yeah this is getting pretty weird. There must be a great big fish that there trying to clean and if it's foul play from hackers, Ms, who ever. There not gonna fry that bad boy until the grease is hot. They have something and there being very careful with it somebody's going down!

Superman915
Superman915
9 years ago

couldn't that have been traced though? was complete shutdown of the 'SN necessary


Last edited by Superman915 on 4/25/2011 8:19:44 PM

Clamedeus
Clamedeus
9 years ago

It might be a possibility to trace it, but i have no idea on how that stuff works.

BikerSaint
BikerSaint
9 years ago

I've been reading numerous articles today & IMO, the most plausible one is that Sony's tracing back into everything to see how far in the hacker(s) got,& how widespread the damages are within plus whether they got any or all of the sensitive credit card, addresses & any other pertinent customer info. BTW, I read one commenter stated that he was alerted that someone had used his card info to make a $250 purchase 4 states away, and he said he only used his card 1 time in the last 6 month & it was only on the PSN 2 weeks ago.

But I'm not sure I believe that poster seeing how he's the only single solitary person I've come across so far to report a Sony/CC fraud issue, so he could very well be lying as a paid M$ astro-turfer trying to take advantage of Sony's bad situation

I also read that Sony is backtracking every single step to see if any virus, worms, or backdoor programs, etc, etc, were installed, so that when they re-build the PSN & other related sites, they aren't being piggybacked onto the improved site.

So that means every server worldwide, plus they'll have to get all their 2nd & 3rd party business partner's sites worldwide checked too somehow.

So this is a major big-time deal, so I wouldn't expect Sony's sites up too soon with all this work they've now got to do.

I sent Ben some stuff, so I'm sure he'll incorporate some of that into any update thread

Mog
Mog
9 years ago

I never use a credit card anyway. Never could completely trust anyone with that number. And besides, why use a credit card when you can just buy a playstation network card?

thj_1980
thj_1980
9 years ago

Well I've had not problems with credit cards except for the one time, I purchased something on accident because I clicked buy now, damn sony for nto asking you to confirm when you click that. Now when I make purchases I always have password at check out.

shadowscorpio
shadowscorpio
9 years ago

Yeah, that would actually make perfect sense if its true. I would just hope that Sony could understand that we can take this type of information.

Anyone that has a PSN account most likely has credit card/check card info with Sony so this issue is just as much inportant to us as it is to Sony.

TheHighlander
TheHighlander
9 years ago

The Dev PSN may not connect directly to the live PSN that customers use. However it seems that at least one admin account on the dev PSN was compromised. At least that's what I've been able to gather today.

Sony is rebuilding PSN from the ground up. It's a scorched earth policy where the software is rebuilt and reconfigured completely from scratch to avoid any problems with software left behind. Then they put the data back from backups, and roll the transaction logs forward to bring PSN back to a 'live' state. But before they put that data back, you can be sure that every administrative account will be reviewed, passwords changed. I would not be surprised if they change the encryption keys on their internal data encryption as well as improving whatever security checks and protocols exist. I'd also bet a large sum of money that they beef up the audit logging of all the servers to log every in and out of the network.

@ShadowScorpio,
Just about anything Sony says about Credit Card information before it actually knows for sure is likely to be counter-productive and lead to more speculation. They need to be sure before they say anything.


Last edited by TheHighlander on 4/25/2011 9:55:32 PM

BikerSaint
BikerSaint
9 years ago

Thanks Highlander, I was hoping you'd chime in with all the tech-stuff side of it.

Always informative!!!

Now for the other commenter's, I don't have any credit cards, but what I'll do when I need to buy something at a on-line store, is to purchase a $500 pre-paid Mastercard/Visa cardm use it up within 2 weeks, & toss it once I've zeroed it out.

Clamedeus
Clamedeus
9 years ago

Do any of you know where you can get a card that's like a prepaid card, but it's rechargeable that doesn't have fee's like a credit card but it acts like both a real one and a prepaid one and you can add funds to it?

I also don't use a credit card on PSN, I strictly use prepaid cards.

TheHighlander
TheHighlander
9 years ago

What I do is I have a separate account for online purchases. It's the only one linked to PSN or other online payment services and it has no over-draft facility, so no transaction beyond what's in the account will be processed. Every month some pocket money get's transferred into the account, so the worst that can happen is that the money left in that account goes missing. My actual current (checking) account remains untouched. It was easier to do this than use a pre-paid card of some kind, although that's a good option too.

Clamedeus
Clamedeus
9 years ago

@Highlander

Ah. I heard of this a while back, it acts as a credit card and a prepaid card but you can add more funds into it without any fee and such, I'll have to look around to see on what else is involved with it.

BikerSaint
BikerSaint
9 years ago

Clamedeus,

Not sure where you're located but in the states, most banks & credit unions, most check cashing stores, & all the Wawa convenience stores carry those pre=paid cards. Matter of fact, Wawa also carries most store brand gift cards too, including PSN cards too

WARNING:

The biggest thing you have to make sure to watch out is all the fine print of what they're to be charging you for them, because the fees can be anywhere from $2.50 to $10 for the card.

Plus some places deduct fees from your card if you don't use it up by whatever the amount of time was stated on your contract(usually 12 months).

Another thing, some places only allow you to make up your to a certain max(from $100 & up to $500)& they increase your fee the higher you make your card out for.

I get all my cards at my local credit union, where they charge me the cheapest fee, only $2.50 for a $500 card. Wawa is $6.95 but I'm not sure what their card max is, or their fine print.
My local check-cashing place charges the most, at $10 & is rechargeable but I believe they also have numerous extra, and completely, unwarranted restrictions with a separate fee on each one.


Last edited by BikerSaint on 4/26/2011 6:05:04 PM

mexgeo86
mexgeo86
9 years ago

I'd rather they take their time tightening security since I wouldn't want my personal and credit card information to be stolen. People shouldn't be complaining too much as it is a free service (except PSN+ subscribers).

DjEezzy
DjEezzy
9 years ago

Why everytime 420 or some kind of reference towards Mary Jane, people automatically discount what they say. I know a lot of really smart and successful people who smoke weed. Just saying…

slugga_status
slugga_status
9 years ago

Co-sign

Underdog15
Underdog15
9 years ago

It's because of the image weed has. When people get into it too much, they're typically pretty lethargic people.

I mean, to illustrate, I know alot of very successful people who drink alcohol. Obviously, in moderation, it poses no threat to a person's health, success, or image. Yet, if a successful person had a tag of "Smirnoff" or any other alcohol reference, they would likely be assumed as less than they are.

Especially when you consider the fact that anyone who thinks to make week or alcohol a part of their online identity, likely makes that substance a priority in their life as well. So it's a safe assumption.

Let's just say you wouldn't want to put [email protected] as your email address on a resume.

Underdog15
Underdog15
9 years ago

Thought I edited that…. huh…
Yeah….. "week" = weed. Bad typo.

Also, lol @ the downvoters.

skyplaya
skyplaya
9 years ago

I remember having the message "Error: Cannot add funds to your wallet". That was on wednesday night before i got kicked out of psn.

zork
zork
9 years ago

All this speculation is making me dizzy, i feel like it's an endless round of Call of Duty.

Dreno
Dreno
9 years ago

Welll, whatever the reason for psn being down, I'm just glad to hear that sony is on it like a fresh tattoo on skin. Although I really do wish they were more upfront and are more so in the. Future if anything like this happens again.

On a side note though… psn still being down STILL doesn't bother me.

I just picked up heavy rain today! So I'm very sure that will keep me occupodo for awhile. So I'm stoked about the game.

Still sorry for the psn needing gamers though. Hope you guys get the psn back soon. But stop whining about it. Sony is re-building it for everyones personal protection.

I don't mean to sound rude, but c'mon. Sony has your best interest at heart.

Fo sho.