Given just how much data has potentially been stolen from every single PSN user, 30 days free membership seems incredibly weak and insufficient. Hell, even 60 days wouldn't feel like enough, but they need to do better than this if they're going to regain any sort of good PR.
Lots of people seem to be complaining about this outlined package, but I'm not sure what more Sony could do other than offer direct cash rewards to ever member; and even then they'd have huge issues collating duplicate accounts and the like.
Well they could offer something with a significant marginal cost.
Even if Sony thinks it's sold gold, everybody knows it's BS to offer "free" some bits off of a server you probably wouldn't have paid money for anyway. (77M PSN subscribers, 10M CCs)
I'd be offering the 30days PSplus to non subscribers, but to existing ones, I'd be offering them 6 months free - or something that gave the impression that I really was trying. These muppets have caused a lot of stress to millions of people in the form of wondering if their personal credit card details are safe, and they're offering them the equivalent of less than $5USD of value? does not compute...
It's even worse. If you get any free games during those 30 days of free membership, and then you don't subscribe, you lose the games. (Games you buy at a discount are still yours, though.)
So at best this is a slight discount on a few games, for most of the people. I'm guessing most of them won't even use their benefits at all.
The insult to existing PSN members is even bigger. They're given us 30 days free, right? Guess how many days we'll have missed during this incident? During that whole time, we get no benefit from the service, yet we've paid for it. The free 30 days probably won't even cover the missing time.
I am currently a PSN+ subscriber for both the US PSN and Japanese PSN... But I won't be continuing my subscription for either.
I disagree. There are not that many gaming network comparing to Sony. They will fully take advantage of their monopoly on the market. They will make a big announcement that they spent XX millions of dollars to secure and redo their security and network and will welcome users back with 30 days free ride. After all, your data is already stolen. Change credit cards. But that "anger" won't most likely stop you from coming back and playing again!
This will be a spot on Sony's brand... and money will be lost, but their network will survive.
Ooo...a job opening. And CiSO will have a bit of sway for a few more weeks at least. It's surprising how fast someone can de-prioritize security when they see how much it costs.
I like how nobody seems to be able to discuss their systems' compromise for a full paragraph anymore without using terms like, "illegal attack", "criminal act", "illegal cyberattack", etc.
I've been noticing a lot more language like that in recent years, whether the subject is Sony or Wikileaks or a government. I wonder if there's been a recent shift in the language used for this stuff, or if I've just become more sensitive to it recently?
edit: Hmm. Some preliminary digging through Google implies an increase in this kind of language recently. The number of search results for "illegal cyberattack" (unquoted search string) in news.google.com is 150 for 2011, 242 for 2010, 185 for 2008-2009 combined, 72 for 2007, and 55 for 2002-2004, and a number of the older results appear at first glance to be unrelated to actual hacks.
That's odd.
edit 2: Massaging the search terms a bit seems to yield proportional results. For example, compare the language in this article from 2007 (http://abcnews.go.com/TheLaw/story?id=3966047) against the language of similar articles today.
I know it's off-topic, but now I'm quite curious why around 2009 or 2010 everyone suddenly decided that they needed to emphasize the illegality or criminality of compromising systems?
Without igniting a huge argument hinging on the (incorrect) notion that I think providers like PSN aren't responsible for the safety of their users data: we don't tend to focus stories about bank theft on the ineptitude of the banks. We tend to focus them on the criminals who commit the bank thefts.
On the flip side, banks tend to be at least somewhat competent. We don't know much about this particular hack, but some things are just embarrassing - plaintext passwords ;-), but also stuff like putting AT&T putting iPhone subscribers' data on publicly-accessible incrementing URLs (e.g. http://security.goatse.fr/hypocrites-and-pharisees - keep your salt shaker handy.)
This is similar to how organizations tend to use phrases such as "we regret..." as opposed to one's such as "we're sorry...". This way they have their PR move without actually admitting to any wrongdoing on their part. Sort of a semantically plausible deniability, I think.
They, and their users, are in fact the victims of a serious crime. Why analyze it further? Is there someone on HN who thinks Sony has no culpability for their own security failures?
A lot of people on HN operate online services. Or are interested in data security and computer law. Or just like to analyze words and read between the lines.
Is there someone on HN who thinks Sony has no culpability for their own security failures?
I'm more interested in the degree to which Sony is owning up to their security failures.
I never saw anything to suggest that it was, so I believe it simply makes them feel good. Also, undisclosed location is very suspect. How long will it take to traceroute it and find the nearest Level3/other major company node's location, therefore the probable location of Sony's servers.
Of course, to your average user "we've moved the datacenter to prevent attacks" looks pretty good.
I fail to see importance of most steps that are outlined in the article. Things like "Implementation of additional firewalls" are just technobabble for their fans: "Look, we are doing something!"
While I don't really think this is enough compensation for the losses incurred on the users, I think that most people were expecting nothing and will be very happy with a free 30 days and a free game (or discount, or whatever). I think most of us here on Hacker News are unhappy because we are more involved in watching what Best Business Practices are, but realistically most PSN users don't care about that at all.
I disagree. If anyone learns there's a high chance their identity or credit cards will be stolen they would be thoroughly concerned; simply offering people extra PSN time strikes me as immature and even a little silly.
For the past few years, this quote has played in my head whenever I have encountered the Sony brand:
Mr. THOMAS HESSE (President, Sony BMG Global Digital Business): Most people, I think, don't even know what a Rootkit is, so why should they care about it?
Intellectually, I know that this exec really didn't understand the implications of his statement, but still it's hard for me to buy Sony products because I feel like I'm supporting the company's self-proclaimed right to abuse its customers like this.
Please be aware that Sony BMG Music and the Playstation group are totally different beasts. Sony is the company that bans its own advertisement from Youtube because it contains music from Sony Entertainment, so I would even say: there is no connection between the two.
29 comments
[ 3.7 ms ] story [ 53.3 ms ] threadLots of people seem to be complaining about this outlined package, but I'm not sure what more Sony could do other than offer direct cash rewards to ever member; and even then they'd have huge issues collating duplicate accounts and the like.
Even if Sony thinks it's sold gold, everybody knows it's BS to offer "free" some bits off of a server you probably wouldn't have paid money for anyway. (77M PSN subscribers, 10M CCs)
So at best this is a slight discount on a few games, for most of the people. I'm guessing most of them won't even use their benefits at all.
The insult to existing PSN members is even bigger. They're given us 30 days free, right? Guess how many days we'll have missed during this incident? During that whole time, we get no benefit from the service, yet we've paid for it. The free 30 days probably won't even cover the missing time.
I am currently a PSN+ subscriber for both the US PSN and Japanese PSN... But I won't be continuing my subscription for either.
This will be a spot on Sony's brand... and money will be lost, but their network will survive.
I found it mildly surprising they didn't already have one. Any ideas on how many large corporations don't?
I've been noticing a lot more language like that in recent years, whether the subject is Sony or Wikileaks or a government. I wonder if there's been a recent shift in the language used for this stuff, or if I've just become more sensitive to it recently?
edit: Hmm. Some preliminary digging through Google implies an increase in this kind of language recently. The number of search results for "illegal cyberattack" (unquoted search string) in news.google.com is 150 for 2011, 242 for 2010, 185 for 2008-2009 combined, 72 for 2007, and 55 for 2002-2004, and a number of the older results appear at first glance to be unrelated to actual hacks.
That's odd.
edit 2: Massaging the search terms a bit seems to yield proportional results. For example, compare the language in this article from 2007 (http://abcnews.go.com/TheLaw/story?id=3966047) against the language of similar articles today.
I know it's off-topic, but now I'm quite curious why around 2009 or 2010 everyone suddenly decided that they needed to emphasize the illegality or criminality of compromising systems?
Of course just because something is illegal does not mean you shouldn't be trying to prevent it. See: money, banks, theft.
A lot of people on HN operate online services. Or are interested in data security and computer law. Or just like to analyze words and read between the lines.
Is there someone on HN who thinks Sony has no culpability for their own security failures?
I'm more interested in the degree to which Sony is owning up to their security failures.
I fail to see the importance of physically moving the servers. What value is this ? Was the attack an inside job with physical access ?
Of course, to your average user "we've moved the datacenter to prevent attacks" looks pretty good.
I would like to think that, but have you ever tried to read the comments on Sony's blog. They love Sony and I'm sure Sony likes to encourage _that_.
http://www.npr.org/templates/story/story.php?storyId=4989260
For the past few years, this quote has played in my head whenever I have encountered the Sony brand:
Mr. THOMAS HESSE (President, Sony BMG Global Digital Business): Most people, I think, don't even know what a Rootkit is, so why should they care about it?
Intellectually, I know that this exec really didn't understand the implications of his statement, but still it's hard for me to buy Sony products because I feel like I'm supporting the company's self-proclaimed right to abuse its customers like this.