Sony's US PlayStation blog tonight announced that "some PlayStation Network and Qriocity services" will become available this week as the company scrambles to build a new server home in the wake of asecurity breach earlier this month. Though no specific time or date is named, the post lays out a plan to "begin a phased restoration by region" of services "shortly," alongside a mandatory system update for all consoles forcing a change in password, before the full return of services "within this month."

With the return of services will also come a new position at Sony Corporation: chief information security officer, a position that will report to current chief information officer Shinji Hasejima. Additionally, the company says it is expediting an "already planned move" of its data center -- a data center the post claims to have been "under construction and development for several months," despite the attacks having only occurred within the past few weeks. Sony also detailed its "Welcome Back" appreciation program a bit more thoroughly, though it still remains unclear what content the company will be offering in various regions as an apology. The list of known services returning to PSN this week are listed after the break.

• Restoration of Online game-play across the PlayStation®3 (PS3) and PSP® (PlayStation®Portable) systems -This includes titles requiring online verification and downloaded games
• Access to Music Unlimited powered by Qriocity for PS3/PSP for existing subscribers
• Access to account management and password reset
• Access to download un-expired Movie Rentals on PS3, PSP and MediaGo
• PlayStation®Home
• Friends List
• Chat Functionality

http://www.joystiq.com/2011/05/01/so...es-within-thi/ ...

At a Tokyo press conference this morning Sony executives apologised for the PlayStation Network outage that has seen the theft of millions of gamers' personal data - possibly even credit cards.
Sony revealed its "Welcome Back" programme designed to reward customers affected by the outage.
Sony will offer "selected PlayStation entertainment content" for free download on a region by region basis. It will announce the content soon.
All existing PSN customers will get 30 days free membership in the PlayStation Plus service. Existing PS+ customers receive 30 days free. Qriocity subscribers receive 30 days free.
Sony promised more Welcome Back "entertainment and services" over the coming weeks as PSN is turned back on. Sony reconfirmed the news that some PSN and Qriocity services will be available this week. Sony will first turn back on gaming, music and video services.
Meanwhile, Sony went into a bit more detail on last week's cyber-attack that rocked the game industry and left personal data tied to 77 million PSN accounts stolen.
Sony has implemented a variety of new security measures to provide greater protection of personal information. Tests have been conducted with third-party security experts to verify the strength of PSN, and the job of Chief Information Security Officer has been created to "add a new position of expertise in and accountability for customer data protection".

The new security measures include:

• Added automated software monitoring and configuration management to help defend against new attacks.
• Enhanced levels of data protection and encryption.
• Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns.
• Implementation of additional firewalls.

Sony has come under fire for not encrypting personal data, such as passwords. In the UK the Information Commissioner's Office plans to discuss the security failure with Sony to see whether it was in breach of the Data Protection Act.But Sony has insisted it encrypted credit card information, and this morning stressed that it has found no evidence "at this time" that credit card data was stolen.
Hirai confirmed the number of exposed credit card numbers was about 10 million. Sony is unsure if those card numbers were actually stolen, and it doesn't know if hackers are trying to use them in fraudulent purchases.
Once PSN comes back online, it will force a system software update that requires all registered PSN users to change their account passwords. The password can only be changed on the same PS3 in which that account was activated, or through validated email confirmation.
"This criminal act against our network had a significant impact not only on our consumers, but our entire industry," Sony deputy president Kazuo Hirai said.
"These illegal attacks obviously highlight the widespread problem with cyber-security. We take the security of our consumers' information very seriously and are committed to helping our consumers protect their personal data. In addition, the organization has worked around the clock to bring these services back online, and are doing so only after we had verified increased levels of security across our networks.
"Our global audience of PlayStation Network and Qriocity consumers was disrupted. We have learned lessons along the way about the valued relationship with our consumers, and to that end, we will be launching a customer appreciation program for registered consumers as a way of expressing our gratitude for their loyalty during this network downtime, as we work even harder to restore and regain their trust in us and our services."
Sony is working with law enforcement to track down and prosecute the hackers, it said.

http://www.gamesindustry.biz/article...-revival-plans
...

Sony reneges on CSC claims; FBI and US Department of Homeland Security now involved

Sony's deputy president Kaz Hirai will host a media briefing tomorrow to address the issues surrounding the PSN saga – the first time a senior executive has spoken about the situation.
He will discuss Sony's ongoing investigation, its security systems and plans to restore the service.

The news comes as Sony has reneged on some of its claims about PSN security. Previously the firm said that it had "never requested" users' CVC codes – that's the three digit security number found on the back of every credit and debit card.
However, the company has now scratched that claim from its official FAQ on the PSN breach and replaced it with: "While we do ask for CSC codes, we do not store them in our database."
Uncertainly still surrounds the situation, though, as reports have claimed that hackers are trying to sell the PSN account details of some 2m users, including their CSC codes.






In a further development, Gamastura reports that the US Department of Homeland Security and the FBI are now assisting Sony with its investigations.
Last week Sony said that it hopes to have some elements of PSN back online by May 3rd
http://www.mcvuk.com/news/44132/Hira...-on-PSN-breach
...

News via http://psx-scene.com/forums/f6/psn-l...started-85655/

It appears the rumored class-action lawsuits against SCEA could be over before they even started. The Supreme Court gave corporations a major win Wednesday, ruling in a 5-4 decision that companies can block their disgruntled customers from joining together in a class-action lawsuit. The ruling arose from a California lawsuit involving cellphones, but it will have a nationwide impact. Somewhere a Giant Enemy Crab breathed a sigh of relief.

YouTube - You Get Nothing!


Quote:
In the past, consumers who bought a product or a service had been free to join a class-action lawsuit if they were dissatisfied or felt they had been cheated. By combining these small claims, they could bring a major lawsuit against a corporation.

But in Wednesday's decision, the high court said that under the Federal Arbitration Act companies can force these disgruntled customers to arbitrate their complaints individually, not as part of a group. Consumer-rights advocates said this rule would spell the end for small claims involving products or services.

In the case before the court, a Southern California couple complained about a $30 charge involving their purchase of cellphone service from AT&T Mobility. The California courts said they were entitled to join with others in bringing a class-action claim against the cellphone company.

But the Supreme Court reversed that decision Wednesday in AT&T Mobility vs. Concepcion. Justice Antonin Scalia said companies may require buyers to sign arbitration agreements, and those agreements may preclude class-action claims. Chief Justice John G. Roberts Jr. and Justices Anthony Kennedy, Clarence Thomas and Samuel A. Alito Jr. formed the majority.

Scalia said companies like arbitration because it is efficient and less costly. "Arbitration is poorly suited to the higher stakes of class litigation," he said.

But the dissenters said a practical ban on class action would be unfair to cheated consumers. Justice Stephen G. Breyer said the California courts had insisted on permitting class-action claims, despite arbitration clauses that forbade them. Otherwise, he said, it would allow a company to "insulate" itself "from liability for its own frauds by deliberately cheating large numbers of consumers out of individually small sums of money."

Breyer added that a ban on class actions would prevent lawyers from representing clients for small claims. "What rational lawyer would have signed on to represent the Concepcions in litigation for the possibility of fees stemming from a $30.22 claim?" he wrote. Justices Ruth Bader Ginsburg, Sonia Sotomayor and Elena Kagan joined his dissent.

The court itself divided along partisan lines. All five Republican appointes formed the majority, and four Democratic appointees dissented.

Still pending before the court is a major dispute over class-action suits involving job discrimination. Lawyers for Wal-Mart have asked the justices to throw out a sex-discrimination claim brought on behalf of 1.5 million current and past female employees.
News Source: LA Times ...

News via http://psx-scene.com/forums/f6/psn-d...up-sale-85702/

Rumors are following thru various underground "credit card" trading forums, and on the new #psnhack twitter list that a large section of the PSN database containing complete personal details along with over 2.2million working credit card numbers with the much-needed CVV2 code are being offer up for sale to the highest-bidder, after the "hackers" tried to sell the DB back to Sony for a price, but they of course didn't answer!




The following information is from Kevin Stevens, Security Researcher in hostile times from his @killercube on Twitter:




Quote:
Discussion about #psnhack and possible speculation about the hackers being from Europe Logs - efnet - #ps3dev - 2011-04-26

trixter, people I know had a shell on the psn servers

did you know that sony didn't disable the function that sets the psn server under maintenance ?

The hackers that hacked PSN are selling off the DB. They reportedly have 2.2 million credits cards with CVVs #psnhack

Sony was supposedly offered a chance to buy the DB back but didn't #psnhack

@mikkohypponen That is what is going around on some underground forums. The DB contains pretty much everything

@the_pc_doc That is what I thought but the guys selling it say that they have CVV2 numbers

@RiquezJP Well not properly securing your server breaks compliance as far as I know.

@RangerRick Yeah, this information about the CVV2 numbers could be bogus. The guys selling the DB could just be making it up.

Supposedly the hackers selling the DB says it has: fname, lnam, address, zip, country, phone, email, password, dob, ccnum, CVV2, exp date

No, I have not seen the DB so I can not verify that it is true
What follows is some 'screenshots' from various 'underground' forums, that suggests the database is complete, and also contains over 150,000 German accounts, so is this just a "Europe" slice of the pie, or did the still unnamed 'hackers' target that country because of what Sony did to the 'scene' in regard to how they were handling the graf_chokolo case! ...

There's been a lot for PSN users to be concerned about regarding the service's outage and recent, user-exposing security breach -- but one element that's gone unaddressed by Sony is, hey, what's in it for us? In a new, late night edition of PlayStation Blog's Q&A, Sony responds to our outcries for compensation, saying, "We are currently evaluating ways to show appreciation for your extraordinary patience as we work to get these services back online."

The FAQ post also confirms that any Trophies earned during the downtime will be synced without a hitch once the network comes back online, and that Friends lists and PlayStation Plus saves haven't been lost. Which is great, because that is definitely what we were worried about. Definitely not the fact that we're all in imminent danger of getting totally Talented Mr. Ripley'd.

http://www.joystiq.com/2011/04/29/so...utage-and-bre/ ...

The situation surrounding the PSN outage and data breach just got real. How real? The US government is now involved. The "Computer Emergency Readiness Team, "under the Department of Homeland Security, " is working with law enforcement, international partners and Sony to assess the situation," DHS spokesperson Chris Ortman told NextGov.

Did you know we had a Computer Emergency Readiness Team? That team's role is to work with affected companies to improve security and restore service, and share information with other security-related organizations to prevent future breaches.

Another federal agency is also looking into it, with a more punitive mindset. "The FBI is aware of the reports concerning the alleged intrusion into the Sony on line game server and we have been in contact with Sony concerning this matter," FBI Special Agent Darrell Foxworth told Kotaku. "We are presently reviewing the available information in an effort to determine the facts and circumstances concerning this alleged criminal activity."


http://www.joystiq.com/2011/04/29/ho...to-psn-breach/ ...

...