Security Expert: Sony Knew Its Software Was Obsolete Months Before PSN Breach

Written by Feldon on . Posted in Uncategorized

From Consumerist.com:

In congressional testimony this morning, Dr. Gene Spafford of Purdue University said that Sony was using outdated software on its servers — and knew about it months in advance of the recent security breaches that allowed hackers to get private information from over 100 million user accounts.

According to Spafford, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which “was unpatched and had no firewall installed.” The issue was “reported in an open forum monitored by Sony employees” two to three months prior to the recent security breaches, said Spafford.

   

Sony: Anonymous Didn’t Hack Us, But Made It Easy

Written by Feldon on . Posted in Uncategorized

After initially going on the record stating that Anonymous, the evangelist hacker group, had no involvement in the actual hack of the PlayStation Network (and by extension the SOE network), Sony have now pointed the finger for a different reason.

In a letter to congress, Sony has posited that the very disruptive flooding/attacks on Sony servers in retaliation for the George Hotz lawsuit was a sufficient distraction to leave a much larger window for hackers to enter Sony systems and leave undetected. Sony has suggested that had the coordinated denial-of-service attacks not happened, a compromise of their servers would have been more easily detected and possibly thwarted.

From BBCNews:

Sony has blamed the online vigilante group Anonymous for indirectly allowing the security breach that allowed a hacker to gain access to the personal data of more than 100m online gamers.

In a letter to the US Congress, Sony said the breach came at the same time as it was fighting a denial-of-service attack from Anonymous.

Denial-of-service attacks take servers down by overwhelming them with traffic.

The online vigilante group has denied being involved in the data theft.

Sony said that it had been the target of attacks from Anonymous because it had taken action against a hacker in a federal court in San Francisco.

Sony’s Response to the U.S. House of Representatives

Written by Feldon on . Posted in Uncategorized

Today, the Subcommittee on Commerce, Manufacturing and Trade of the U.S. House of Representatives Committee on Energy and Commerce held a hearing in Washington, DC on “The Threat of Data Theft to American Consumers.”

Kazuo Hirai, Chairman of the Board of Directors of Sony Computer Entertainment America, submitted written answers to questions posed by the subcommittee about the large-scale, criminal cyber-attack we have experienced. We wanted to share those answers with you.

  • Complete 8 page written response (click here) on Flickr

Note that much of this information is generic to the PSN (SCEA) and SOE data breaches. Look for SOE and Sony Online Entertainment in the text of these letters if you wish to locate passages relevant to your game network.

SOE Offers Some Updates on Situation, No Timeframe

Written by Feldon on . Posted in Uncategorized

SOE.com has been updated with a new Recent Updates section which answers a few questions, although there are few concrete answers at this point. Also, according to a Facebook update, the $10 discount on Fan Faire registration will be extended due to the service outage.

May 4, 2011

We want to thank you again for your patience as we work to get the SOE services back up and running. We received several questions and comments relating to the criminal attack to our network and would like to address some of the most common questions today. We are also going to continue to post updates to this website with new information as they become available.

We appreciate your continued patience and feedback.

Thank you,
Sony Online Entertainment

MSNBC: Sony Declines to Testify before Congress; $1 Billion Civilian Lawsuit Filed

Written by Feldon on . Posted in Uncategorized

From MSNBC.com:

A U.S. House of Representatives subcommittee is demanding answers from Sony after private information from some 102 million personal accounts was taken by hackers.

In a letter written by the Congressional Subcommittee on Commerce, Manufacturing and Trade and addressed to Sony chairman Kazuo Hirai, representatives asked the company to answer a list of 13 questions related to the hacking of Sony’s PlayStation Network.

The Congressional committee has demanded answers about the PlayStation Network breach only perhaps because news of the Sony Online Entertainment breach wasn’t released until Monday afternoon.

San Diego Union-Tribune: SOE Network Down Until Friday, Possibly Longer

Written by Feldon on . Posted in Uncategorized

From SignOnSanDiego.com, the website of the San Diego Union-Tribune newspaper.

Customers of San Diego-based Sony Online Entertainment must watch out for “spear phishing” scams after a hacker may have gained access to personal information on 24.6 million accounts, including email addresses and passwords.

Privacy experts say cyber criminals could have enough information to send highly customized emails or postal letters — or make phone calls — that will appear to come from Sony in hopes of tricking customers into revealing more sensitive information — such as credit card or Social Security numbers.

Sony Online Entertainment urged its customers to be “especially aware” of these scams. “Sony will not contact you in any way, including email, asking for your credit card number, Social Security number or other personal information,” the company said in a letter to customers posted on its Web site. “If you are asked for this information, you can be confident Sony is not the entity asking.”

Sony Online Entertainment, which makes video games such as the EverQuest series that users play online, abruptly shut down its network on Monday after the breach was discovered. The breach did not expose customer credit card numbers in the U.S. But it did possibly reveal names, addresses, email, birth dates, gender, phone numbers, login names and passwords.

The PlayStation network breach came from an attack on a data center in San Diego. Taina Rodriguez, a Sony Online Entertainment spokeswoman, declined to say if PlayStation and Sony Online Entertainment shared the same data center.

“Our servers are different from the PSN servers,” she said. “We are operated separately. But since we’re both under the Sony umbrella, there is a degree of architecture that overlaps.”

Rodriguez added that Sony Online Entertainment’s network would be shut down until Friday and possibly longer. The company has contacted the FBI to investigate the attack.

MSNBC: Sony hires cyber sleuths to catch hackers

Written by Feldon on . Posted in Uncategorized

From MSNBC.com:

Sony has hired outside investigators to help clean its networks and catch the people behind a massive breach that exposed the personal data of more than 100 million video game users.

The Japanese electronics giant has retained a team from privately held Data Forte that is led by a former special agent with the U.S. Naval Criminal Investigative Service to work alongside the FBI agents, who are also probing the matter.

Sony said on Tuesday that it has also brought on cyber-security detectives from Guidance Software and consultants from Robert Half International Inc.’s subsidiary Protiviti to help with the clean-up.

A Toronto law firm on Tuesday launched a C$1 billion ($1.05 billion) proposed class-action suit against Sony for breach of privacy, naming a 21-year-old PlayStation user from Mississauga, Ontario, as lead plaintiff. The damages would cover the cost of credit monitoring services and fraud insurance for two years, the firm, McPhadden Samac Tuovi LLP, said in a statement.

Podcasts to Address SOE Outage, Former EQ2 Duo to Talk Rift

Written by Feldon on . Posted in Uncategorized

Barring any unforeseen circumstances, the Jethal Silverwing Show and EQ2′s Day podcasts are expected to run on-schedule tonight and should no doubt bring to bear some interesting discussion about the latest turn of events at SOE causing what could be a protracted downtime for EQ2 and related games.

EQ2′s Day seems to be at 4pm-6pm Pacific (this could be clearer on the website), with Jethal’s show starting at 7pm. Last night’s Down Range already tackled the security compromises and you can listen to that podcast as well. These podcasts are hosted at OnlineGamingRadio.

Also, although it was drowned out by two other major news stories (one being the SOE compromise), the other surprising news tip was that OnlineGamingRadio will be launching a new Podcast with  Christine “Kiara” Renzetti and Alan “Brenlo” Crosby formerly EQ2 Community Manager and EQ2 Senior Producer, covering competing MMO “Rift” by Trion Studios.

Incidentally, EQ2Talk is an independent biweekly podcast by Dellmon and Aliscious. They’re not scheduled to do a program this week, but if this changes, we’ll be sure to announce that as well.

First Wave of Phishing E-mails In the Field — Ignore Them!

Written by Feldon on . Posted in Uncategorized

SOE Customers have started to report receiving e-mails from unscrupulous individuals attempting to lure frustrated players to websites which look and feel like official SOE customer portals to try to acquire additional login credentials and credit card information.

Please check the sender of these e-mails and further watch the addresses linked in any suspicious e-mail. When in doubt, go to http://www.SOE.com/ and disregard any links provided in outgoing e-mails.

There is currently no “action” that players can take other than to wait-and-see how SOE and Sony addresss the current crisis.

UPDATE: SOE’s website has been updated with the following message:

These emails will be sent by Innovyx, our third party email distributor, and will contain either ‘soe.innovyx.net’ or ‘soe.sony.com’ in the sender field.

Poll: How Long Do You Think SOE Will Be Offline?

Written by Feldon on . Posted in Uncategorized

With yesterday’s news of all SOE customer records (excluding all but a few credit card details) falling into the hands of hackers, there have been wild predictions of just how long it will take until things get sorted out and SOE games, websites, and forums come back online.

The PlayStation Network, which powers online play and updates for the PlayStation 3 and PlayStation Portable (especially the PSP Go which has no game slot), has been offline now for 13 days and yesterday’s press release suggests that some features will be online this week but the entire PSN service won’t be restored until the end of May.

So how long do you think it will be until at least enough SOE services are restored that we can play EverQuest 2 again? It is our understanding that SOE is working with outside security contractors which may add additional time to such a process.

How long do you think it will be until SOE games, specifically EverQuest 2, are back online?










Click to View Poll Results (Updated May 9th 7am PDT):

How Long Til SOE is Back in Action?

Written by Feldon on . Posted in Uncategorized

First, some comments from SOE President John Smedley:

It’s been a rough day. We hope to be up soon, but we aren’t ready to announce just yet.

It can’t get any worse than today! I’m sorry the service is down. I really am.

Regarding if the forums will be down for tonight:

Unfortunately yes. I wish they were because we can’t really communicate with our players right now in a good way except on Facebook. It’s frustrating. But the account system is linked to the forums.

and when EQ2 ZAM contacted him:

We shot off a quick e-mail to John “Smed” Smedley, president of Sony Online Entertainment, asking if the servers would be back up tonight.  He quickly replied with, “They won’t be up tonight unfortunately.”

If the PlayStation Network situation (13 days and still down) is any indication, it could be days before SOE games are back online.

Adopt a CSR Day

Written by Feldon on . Posted in Uncategorized

Ok not really, but folks, PLEASE be at least polite when calling SOE Customer Service.

They didn’t setup the servers. They didn’t write the software or security protocols of the servers. They are not wearing shoulderpads or other protective armor. Their only line of defense is the press release you ALREADY read in your e-mail about this situation. So if you decide to ring up SOE to ask what’s going on, please realize they have a limited script to read from, and won’t be able to magically get the servers back up and running.

If you want to express your displeasure with SOE’s handling of this situation, or failure to secure their systems, there are plenty of venues, including the SOE Facebook site.

   

Game Update 60 Locked and Ready to Test

Written by Feldon on . Posted in Uncategorized

According to Frizznik on the EQ2 Forums (when answering a question about why certain tradeskill materials wouldn’t go into the Harvest Depot), indicated that GU60 is now locked and thus should be hitting Test soon. With a live date of May 17th, I wouldn’t want to take the odds on 3 raid zones, 3 dungeons, and all the other content of Game Update 60 being bug-free.

It looks like the classifications on the Rough Pearl and Rough Nacre should work for recipes that require those ingredients so I flagged those so they can go into the depot. May have to wait a while for it to hit live though since we already passed GU60 lock.

EverQuest II Announces Game Update 60: The Children of War

Written by Feldon on . Posted in Uncategorized

Sony Online Entertainment LLC (SOE) today announced the landmark 60th game update for the iconic massively multiplayer online role-playing game (MMORPG),  EverQuest®II (EQII) The Children of War.

Scheduled to arrive to the world of Norrath on May 17, 2011, the update will continue the storyline introduced to players in the recently released EQII: Destiny of Velious expansion pack as part of the Age’s End Prophecy saga and deliver content for players of all types, including battlegrounds and PvP improvements.

From April 14 to April 21, 2011, former players are also invited to log back in and experience the unparalleled depth and adventure that can only be found in EQII with the Take Flight Winback promotion. Eligible inactive accounts can log back in for free for 7 days, claim their free flying mount and reunite with friends and enemies alike for 7 days!

The plans of Rallos Zek are beginning to come to fruition and the mighty Fortress of Drunder, which once sat within the Plane of War itself, has appeared on Norrath, and now rests high above the Kromzek city of Kael Drakkel. From Drunder, Rallos Zek plans to rally his war parties, scale the massive sheer cliffs leading to the Western Wastes, and execute his plan to steal the power of Roehn Theer. It will take bold and daring adventurers to enter the fortress itself, unlock the secrets to the salvation of Norrath, and thwart the destructive agenda of the God of War.

PvP & Battlegrounds improvements, including but not limited to:
o        Lobby system so players can hang together between matches with PvP merchants available locally
o        New Velious battleground map (“The Frozen Tundra”)
o        New Battleground game type! (“Vanquish!”)
o        PvP and Battlegrounds rule modifications for better balance and fun factor
o        Fame system improvements
o        New PvP armor

Itemization:
o        New Adornments interface to make this system easier to understand
o        Continued honing of the itemization system

Drunder!
o        Three new instanced dungeons
o        Three new raids with all new bosses
o        New daily missions
o        Crystal Caverns
o        Solo shard quest
o        Two new heritage quests
o        Additional signature quest line

NOTE: Drunder content is locked to DoV expansion owners only. All other GU content affects all players.

EQ2Wire Commentary

If the “free flying mount” offered to inactive players ends up being available below level 86, then I expect this will be a hotly debated issue.

UPDATE: The flying mount is a 12 hour one-use item. Players who qualify can get them off the Marketplace for 0,SC until the event ends.

Launcher Redux

Written by Feldon on . Posted in Uncategorized

Bunji has attempted to clear up some of the confusion about EQ2 Launcher/Updaters:

Seems like there is some confusion on the current patchers being offered. The two LP3 choices can be found here:

http://launch.soe.com/eq2/

The “Full” version uses PAKs and behaves just like the original LP1 patcher (just has a different skin).

The “Streaming” version doesn’t use PAKs (instead streams down needed content into an “assetcache” folder). Currently, if you run multiple clients on the streaming client it will create a second set of assets.

What distinguishes them as LP3 patchers is the skin they use.

LP1 = Original PAKs patcher with original skin

LP2 = Station Launcher

LP3 = Streaming / Full patchers using the new skin

Layoffs Hit EQ2 Team

Written by Feldon on . Posted in Uncategorized

From SmokeJumper:

I’m only going to speak about “EverQuest II” because that’s the project I’m authorized to speak about.

We were impacted also today. We lost two people from the team that we’ll miss. I’m not going to mention who they are because I think privacy is important.

However, we still have a large team on this project, in fact, one of the largest in the company. SOE fully supports not only EQII and EQ2X, but also EverQuest and EQ Next as well. The “EverQuest” franchise is the backbone of this company and we’ll do what it takes to ensure that the world of Norrath and the EverQuest games are as close to ForeverQuest(tm) as possible.

I’ll post a Producer’s Letter, probably next week, outlining where we’re going and what we’re doing in the coming year. I’m enthusiastic about it and I think you will be also. This year is going to be an extremely good year for EQII.

But today…well…today’s just sad. If you know anyone that was affected, please extend your sympathies. Losing a loved job is like losing a friend. There’s nothing good about it.

The names of the 2 designers who have been laid off from EQ2 have begun to circulate.

  • Besides the Golden Path, Zaphax worked on the Butcherblock Mountains, Stonebrunt Highlands, and the Bristlebane Deity quests.

SOE Closes Three Studios, Lays Off One-Third of Workforce

Written by Feldon on . Posted in Uncategorized

As first reported by Kotaku.com:

Sony Online Entertainment, makers of D.C. Universe Online and Free Realms, closed three studios and will lay off nearly a third of its workforce, Kotaku has learned.

Word began spreading when George Broussard, best known as the co-creator of Duke Nukem Forever, tweeted earlier this evening that SOE was seeing layoffs and “studio closure is possible.” Kotaku has confirmed through a source familiar with the matter that the closures affect SOE’s studios in Seattle, Tucson, Ariz. and Denver. Half of the workforce at SOE offices in Austin, Texas were pink slipped along with a sizeable portion of San Diego. In sum, it accounts for nearly one-third of SOE’s manpower before today.

Kotaku has reached out to Sony Online Entertainment for official comment.

Sony’s MMO Makers Close Three Studios, Lay Off One-Third of Workforce @ Kotaku

With the faltering FreeRealms now a huge drag on the SOE profit-and-loss report, and no sign of The Agency, a lot rests on EverQuest 2, DC Universe Online, and a growing gaggle of Facebook games. I wouldn’t be surprised if EQNext make a big splash at Fan Faire.

UPDATE: Kotaku has a second source confirming this news.

UPDATE: Sites around the web carrying this article:

Notably, SOE Seattle has been the lead development studio of The Agency, which had been slated to launch in the second half of the year (after a long delay). Neither SOE Denver nor Tucson has been working on anything as high profile as The Agency, though both have continued to operate a number of SOE titles, including Denver’s Legends Of Norrath and other digital card games, and Tucson’s PoxNora strategy game.

Support the Japan Earthquake and Tsunami Relief Effort

Written by Feldon on . Posted in Uncategorized

UPDATE: This event has been extended until April 1st.

Edited from EverQuest2.com:

From Friday, March 25th through Monday, March 28th Friday, April 1st, our players will be invited to purchase specially created Cherry Blossom items via the in-game marketplaces in their preferred games.

These Cherry Blossom items can be displayed in player in-game homes, as a sign of ongoing support and to raise further awareness amongst our deep player communities. For every Cherry Blossom item purchased between March 25th and March 28th, SOE will donate $10 to the American Red Cross* in support of ongoing relief efforts.

Nipik’s Cane House Item

Written by Feldon on . Posted in Uncategorized

The conclusion of the main Othmir quest line results in players receiving Nipik’s Cane. As this item is priest-only, several of us ended up transmuting it. As it turns out, it was supposed to be a house item. If you already transmuted or sold yours, good news from Kaitheel:

I’ve made this change and submitted it to internal testing. In a future update you should see the following change listed in the Update Notes:

  • Nipik’s Cane can now be bought from Shady Swashbuckler in Nektulos Forest, by players who have completed the quest “A New Calling”.
  • Nipik’s Cane is now no-transmute and no-sacrifice.

Thank you!

Flying Mount Expoiters Suspended

Written by Feldon on . Posted in Uncategorized

From SmokeJumper on the EQ2 Forums:

Hey, folks,

I just wanted to post and let you know that a bunch of accounts (less than 100) got a temporary suspension tonight.

Why?

Because some of them were invited to Beta and then found a way to shortcut the gryphon quest series, which takes a minimum of five days to complete, and were able to do it in minutes. They then told others how to do it and the rest followed along, duplicating the exploit.

Powered by Warp Theme Framework