WEBVTT - The PSN Fiasco 0:00:00.320 --> 0:00:02.880 Brought to you by the reinvented two thousand twelve camera. 0:00:03.200 --> 0:00:09.000 It's ready. Are you get in touch with technology? With 0:00:09.080 --> 0:00:17.840 tech Stuff from how stuff works dot com. Hello again, everyone, 0:00:17.880 --> 0:00:20.040 welcome to tech Stuff. My name is Chris Poulette and 0:00:20.040 --> 0:00:22.560 I'm an editor how stuff works dot Com. Sitting across 0:00:22.560 --> 0:00:27.280 from me, as always, from Sunny South Beach senior writer 0:00:27.360 --> 0:00:32.120 Jonathan Strickland. She had actual squirrels in her pants. We 0:00:32.320 --> 0:00:37.800 got served two guys in the park. Yeah, clearly you 0:00:37.840 --> 0:00:40.600 know what episode I'm up to now, Yes, and you're right, 0:00:41.080 --> 0:00:44.000 it was awesome. And those of you there, there are 0:00:44.040 --> 0:00:46.279 several of you out there who know exactly what we're 0:00:46.320 --> 0:00:48.479 talking about and will be very excited that Jonathan has 0:00:48.560 --> 0:00:51.199 jumped on the bandwagon. And you guys are also awesome. 0:00:52.960 --> 0:00:57.200 So let's talk about something that's totally not awesome. Yeah, yeah, 0:00:57.280 --> 0:01:00.120 this is definitely not awesome. This is um. You know. 0:01:00.160 --> 0:01:03.120 From time to time in the podcast we tackle issues 0:01:03.280 --> 0:01:08.160 of privacy and internet security, partially because um, they're relevant, 0:01:08.240 --> 0:01:10.280 there are things that a lot of people want to 0:01:10.400 --> 0:01:13.600 learn more about, and partially because I think, if I 0:01:13.640 --> 0:01:15.560 may speak for you, Jonathan, I think there are issues 0:01:15.600 --> 0:01:18.520 that are are important to both of us personally that 0:01:18.680 --> 0:01:21.320 we're very interested and want to, uh to keep an 0:01:21.319 --> 0:01:24.280 eye on there's and there's still a very casual attitude 0:01:24.400 --> 0:01:28.560 among certain segments of the population that used the Internet 0:01:28.920 --> 0:01:32.840 toward privacy. And I think some of it is just 0:01:32.880 --> 0:01:34.800 a lack of information of the sort of things that 0:01:34.840 --> 0:01:37.319 can go wrong if you do not protect your privacy. 0:01:37.319 --> 0:01:39.840 So let's we'll stop dancing around this. We're specifically going 0:01:39.880 --> 0:01:43.760 to talk about the breach of security within the PlayStation 0:01:43.800 --> 0:01:48.240 Network and Curiosity, which is q R I O C 0:01:48.560 --> 0:01:53.800 I T Y since one of Sony's online services, and 0:01:53.840 --> 0:01:57.880 there was a breach that happened between April seventeenth and 0:01:57.920 --> 0:02:02.400 April nineteen eleven. Uh. And I want to stress this today, 0:02:02.560 --> 0:02:05.240 the day that we are recording this is April twenty nine. 0:02:06.600 --> 0:02:09.080 The reason why I say that is because hopefully by 0:02:09.120 --> 0:02:13.480 the time this podcast goes live, the PlayStation Network will 0:02:13.480 --> 0:02:16.640 be back up and running. It has been down since 0:02:16.800 --> 0:02:21.400 they um so uh, you know, ten days and counting 0:02:21.520 --> 0:02:25.440 of of no support from the PlayStation network, so all 0:02:25.440 --> 0:02:29.640 that online support has gone. Uh. People cannot play online games, 0:02:29.880 --> 0:02:32.880 and some some games they can't play at all, even 0:02:32.960 --> 0:02:35.680 a single player local games they aren't able to play 0:02:35.840 --> 0:02:39.680 for for certain titles because those titles rely upon the 0:02:39.680 --> 0:02:43.760 PSN network. I'm just that's redundant. But the PSN in 0:02:43.840 --> 0:02:48.040 order to uh to update information on things like trophies 0:02:48.440 --> 0:02:50.880 and things like that, and so games that that tie 0:02:50.919 --> 0:02:53.880 into that, that rely upon that network, they do not 0:02:54.120 --> 0:02:57.400 run when the networks down. So there are some single 0:02:57.400 --> 0:02:59.560 player games out there that just won't work on the 0:02:59.600 --> 0:03:04.640 ps So as a result, players are understandably upset, and 0:03:04.639 --> 0:03:07.760 they're upset for multiple reasons. One the network's down. That 0:03:07.840 --> 0:03:09.600 was the first thing that upset people because when the 0:03:09.600 --> 0:03:12.560 network went down, there was very little information from Sony 0:03:12.600 --> 0:03:15.480 about the reason for taking the network down. As a 0:03:15.560 --> 0:03:18.919 matter of fact, I remember a story just a few 0:03:19.000 --> 0:03:22.639 days ago before it came to light what was really happening, 0:03:23.320 --> 0:03:27.120 um that uh one of I only read the headline, 0:03:27.120 --> 0:03:30.960 I admit, Uh. They were saying basically that Sony's customers 0:03:31.000 --> 0:03:34.680 were actually not quite as irritated as they might have been. Now, granted, 0:03:34.680 --> 0:03:37.520 at that point, the network hasn't been down very as 0:03:37.600 --> 0:03:39.920 long as it has now it's you know, still out, 0:03:40.120 --> 0:03:42.400 it's going on more than a week now, so but 0:03:42.520 --> 0:03:46.600 you know, Sony's fans are known to be very, very 0:03:46.640 --> 0:03:49.640 loyal and outspoken, which I think is it can be 0:03:49.680 --> 0:03:52.880 a good thing. Um, And I think basically it's surprised 0:03:53.080 --> 0:03:57.280 some that people weren't more concerned at the time, but again, 0:03:57.640 --> 0:04:01.560 I think that's probably because it had had been released 0:04:01.680 --> 0:04:06.560 that hackers were involved, and they had apparently UH managed 0:04:06.600 --> 0:04:09.440 to gather up some personal information. Yeah. So let's let's 0:04:09.480 --> 0:04:13.400 talk about kind of what Sony said at the beginning. 0:04:13.880 --> 0:04:19.560 At the very beginning, when the PlayStation network went went offline, UH, 0:04:19.640 --> 0:04:23.040 Sony essentially UH issued a message that there was going 0:04:23.080 --> 0:04:26.919 to be some maintenance on the network and that it 0:04:27.080 --> 0:04:29.400 was going to be back up between twenty four and 0:04:29.440 --> 0:04:33.200 forty eight hours. Well, part of that wasn't a lie 0:04:33.400 --> 0:04:35.720 or or actually they probably didn't intend for it. Well, 0:04:35.760 --> 0:04:37.640 I'm sure they did not intend for it to be 0:04:38.360 --> 0:04:42.480 down longer than so they weren't weren't outright lying. They 0:04:42.640 --> 0:04:46.000 just didn't know, but it was due to maintenance. Yeah, 0:04:46.040 --> 0:04:48.520 but they the way it was worded, it sounded like 0:04:48.560 --> 0:04:51.720 it was a planned maintenance sort of issue. Well, of course, 0:04:51.880 --> 0:04:54.520 I mean, if you again, UM, I like to get 0:04:54.560 --> 0:04:56.680 people to think from the other side of this. If 0:04:56.680 --> 0:05:01.359 you're PR, corporate PR. You're one, and it's something that 0:05:01.400 --> 0:05:05.680 they can sort of obfuscate about, they can sort of 0:05:05.720 --> 0:05:08.000 muddy the water about. They're probably going to try to 0:05:08.040 --> 0:05:10.920 do it to make themselves look as good as possible. Yeah, 0:05:10.960 --> 0:05:13.599 you don't want to say, hey, guys, our security was 0:05:13.640 --> 0:05:16.160 breached and we don't know what the extent of the 0:05:16.160 --> 0:05:18.840 problem is yet, UH, and our network is down as 0:05:18.839 --> 0:05:21.800 a result of that. So just chill out because it 0:05:21.920 --> 0:05:24.760 may have turned out that yes, security was breached, but 0:05:24.880 --> 0:05:28.679 nothing went beyond that, right And if that were the case, 0:05:28.760 --> 0:05:32.240 if no one had had a chance to access any 0:05:32.360 --> 0:05:35.560 private information or or anything along those lines, are fiddle 0:05:35.640 --> 0:05:40.000 with the network then Sony, So it would it would 0:05:40.080 --> 0:05:42.799 benefit Sony to just leave that little bit out because 0:05:42.800 --> 0:05:44.960 if no one managed to do anything, then there was 0:05:45.000 --> 0:05:47.919 no real harm done to the end consumer apart from 0:05:47.960 --> 0:05:51.840 a couple of days of the network being offline. Right 0:05:51.960 --> 0:05:54.800 like the a few weeks ago, we were talking about 0:05:54.880 --> 0:05:58.040 the data breach that happened here in UH the United 0:05:58.080 --> 0:06:02.520 States with a number of UH loyalty marketing companies. There 0:06:02.560 --> 0:06:05.720 was one provider that they used UM that that got 0:06:05.760 --> 0:06:08.880 hacked into and Epsilon and all they got from Epsilon 0:06:08.960 --> 0:06:13.520 really was names and addresses, although there may have been 0:06:14.320 --> 0:06:17.520 there may have been some account not not like not 0:06:17.560 --> 0:06:20.720 like credit card information, but loyalty account so they know 0:06:20.880 --> 0:06:22.919 the kinds of things you buy right or or it 0:06:22.960 --> 0:06:26.640 may or a number that identifies you for that particular system, 0:06:26.880 --> 0:06:28.920 like not a not a credit card number, but say 0:06:29.000 --> 0:06:31.920 you know you are like when you join a club 0:06:31.960 --> 0:06:33.920 and it says you know you are member number four 0:06:34.080 --> 0:06:36.839 seven eight nine three, Well at four seven eight nine 0:06:36.839 --> 0:06:39.279 three is might be associated with you in that account, 0:06:39.279 --> 0:06:41.520 and they may the hackers also have access to that, 0:06:41.600 --> 0:06:45.560 but then has limited usability. Yeah, and that's not to 0:06:45.600 --> 0:06:48.080 say that it isn't serious, because it is serious, mostly 0:06:48.120 --> 0:06:52.279 because it can be used to target uh spear phishing attacks. 0:06:52.320 --> 0:06:55.240 These are very directed phishing attacks where they say, hey, 0:06:55.400 --> 0:06:59.640 Jonathan Strickland member number four seven one eight three, Uh, 0:06:59.720 --> 0:07:01.960 we need to get your information. We don't have your 0:07:01.960 --> 0:07:04.839 social security number on file? Can you please just type 0:07:04.839 --> 0:07:08.560 that in this little box? I mean, or visit this website. 0:07:08.560 --> 0:07:11.120 And as it turns out, the website is not the 0:07:11.240 --> 0:07:13.640 corporate website. It's a different web. It's just there too 0:07:13.840 --> 0:07:16.120 to steal as much of your information as possible. Well, 0:07:16.360 --> 0:07:20.119 at the time, Sony wasn't sure exactly what white extent 0:07:20.200 --> 0:07:22.640 the attack had, uh, you know, how far did the 0:07:22.680 --> 0:07:27.280 attack go? So rather than cause alarm, Sony said the 0:07:27.560 --> 0:07:29.520 network was down for maintenance and that it would be 0:07:29.600 --> 0:07:33.640 back up for hours while they conducted an internal investigation. 0:07:34.280 --> 0:07:37.600 So you could argue that Sony made the wrong call 0:07:37.920 --> 0:07:40.400 and that Sony should have said that there had been 0:07:40.400 --> 0:07:43.240 a breach and that there was the possibility that there 0:07:43.320 --> 0:07:46.840 was more than just a breach of security. Uh. But 0:07:47.040 --> 0:07:49.400 on the flip side of it, Sony was you wasn't 0:07:49.440 --> 0:07:52.440 sure how bad it was. Once Sony was sure how 0:07:52.480 --> 0:07:55.360 bad it was, they did come forward and say, all right, 0:07:55.960 --> 0:07:59.360 our network is down due to a security breach, and 0:07:59.440 --> 0:08:03.080 it appears is that the hackers have accessed uh at 0:08:03.160 --> 0:08:07.560 least the personal data tables. These are the tables within 0:08:07.880 --> 0:08:11.640 the network that UH that have all the the user 0:08:11.720 --> 0:08:18.160 information things like your name, your address, UH, your m uh, 0:08:19.720 --> 0:08:24.400 the country of origin. It might be your email as well, UM, 0:08:24.440 --> 0:08:30.040 your PlayStation network password and log in information, the handle 0:08:30.120 --> 0:08:32.920 that you use on the PlayStation network. UM. It might 0:08:33.000 --> 0:08:36.360 also include your purchase history and building address. If you've 0:08:36.480 --> 0:08:40.160 used the PlayStation network to buy games or or content 0:08:40.240 --> 0:08:45.520 within games. UM. But those tables did not include the 0:08:45.520 --> 0:08:48.280 credit card information. The credit card information were stored in 0:08:48.400 --> 0:08:51.840 separate tables which may or may not have also been accessed. 0:08:52.160 --> 0:08:54.600 And here's the big difference between those two tables. Besides 0:08:54.679 --> 0:09:00.319 the content. The credit card table was encrypted, the personal 0:09:00.360 --> 0:09:04.719 data table was not. Right. So there's actually it's kind 0:09:04.720 --> 0:09:08.320 of UM. It's actually a little painful to read. But 0:09:08.360 --> 0:09:13.440 there's a a frequently asked questions document on PlayStation where 0:09:13.480 --> 0:09:18.000 they it addresses the actual outage and and what happened. UM. 0:09:18.160 --> 0:09:20.480 And there's a specific bit here. Let's see if I 0:09:20.480 --> 0:09:25.160 can find the particular question about uh whether or not 0:09:25.200 --> 0:09:28.920 the personal data was encrypted? UM, because they kind of 0:09:29.040 --> 0:09:33.640 dance around it. Let's see here. You wanna do you 0:09:33.640 --> 0:09:36.720 wanna dance while I do this? Well, UM, I could 0:09:36.720 --> 0:09:39.400 tell you that I was about to talk to uh, 0:09:39.520 --> 0:09:43.000 to you about the fact that UM just yesterday again 0:09:43.080 --> 0:09:46.560 as of the day we recorded this on the Stephen 0:09:46.640 --> 0:09:51.840 Mussel of c Net wrote that, UM, there have been 0:09:51.960 --> 0:09:56.840 messages circulating that hackers have claimed that they do in 0:09:56.960 --> 0:10:00.000 fact have credit card information and it is for sale, 0:10:00.480 --> 0:10:02.880 that they offered it back to Sony, but Sony refused 0:10:02.920 --> 0:10:07.280 to buy it. Um, And the information includes, uh, not 0:10:07.360 --> 0:10:11.400 only the credit card numbers, but the expiration dates of 0:10:11.440 --> 0:10:14.320 the cards and the cvvs, which are the numbers on 0:10:14.360 --> 0:10:17.920 the back of most credit cards or the front. Actually 0:10:17.960 --> 0:10:20.520 it's not a CBV on an AMEX American Express card, 0:10:20.520 --> 0:10:23.520 but it's the same It fulfills the same purpose security. 0:10:23.640 --> 0:10:26.840 Do you have the security number? And so they claim 0:10:26.960 --> 0:10:29.480 to have that, but it has not been established whether 0:10:29.559 --> 0:10:32.520 or not that is legitimate. I would guess I'm guessing 0:10:32.520 --> 0:10:35.160 that that's not legitimate. And the reason why I say 0:10:35.200 --> 0:10:38.040 that's not legitimate is because Sony does not collect the 0:10:38.080 --> 0:10:43.120 security numbers that and Sony collects the expiration date and 0:10:43.160 --> 0:10:45.440 the actual credit card number, but not the security number. 0:10:45.480 --> 0:10:47.800 So if someone claims to have all that information, they 0:10:47.840 --> 0:10:50.600 didn't get it from Sony. So where did they magically 0:10:50.600 --> 0:10:54.880 get these security numbers? I call shenanigans on that claim exactly. Well, 0:10:54.960 --> 0:10:57.280 you see, um, you know, if you have a couple 0:10:57.280 --> 0:10:59.040 of million dollars and you want to buy this database, 0:10:59.080 --> 0:11:02.280 I'm sure they'll sell it to you. Show Uh So, yeah, 0:11:02.320 --> 0:11:04.079 I've also got a bridge that I would like to 0:11:04.160 --> 0:11:07.079 interest you in. But I did find the the specific 0:11:07.240 --> 0:11:10.920 section and the frequently asked questions document on at PlayStation's 0:11:11.080 --> 0:11:15.600 UM supports area, and it was was my personal data encrypted? 0:11:15.800 --> 0:11:19.920 Here's Sony's answer. All of the data was protected and 0:11:20.120 --> 0:11:23.840 access was restricted both physically and through the perimeter and 0:11:23.880 --> 0:11:27.960 security of the network. The entire credit card table was encrypted, 0:11:28.160 --> 0:11:30.880 and we have no evidence that credit card data was taken. 0:11:31.360 --> 0:11:34.240 The personal data table, which is a separate data set, 0:11:34.320 --> 0:11:37.680 was not encrypted, but was of course behind a very 0:11:37.720 --> 0:11:41.400 sophisticated security system that was breached in a malicious attack. 0:11:41.800 --> 0:11:47.280 So alright, Sony, come on, guys, it doesn't help your 0:11:47.400 --> 0:11:49.439 case at all to say that your security system was 0:11:49.480 --> 0:11:54.720 incredibly sophisticated if once the stuff has already been stolen, right, 0:11:55.040 --> 0:11:57.800 I mean, that's like a bank coming out and saying 0:11:58.160 --> 0:12:01.640 we had the best security measures imp place the burglars 0:12:01.640 --> 0:12:05.120 stole everything. I mean, doesn't No one cares how sophisticated 0:12:05.120 --> 0:12:07.600 your security was if in fact it was breached, because 0:12:07.600 --> 0:12:10.840 clearly it was not secure enough. I mean, it's obvious 0:12:10.880 --> 0:12:13.160 it wasn't secure enough, because if it were secure enough, 0:12:13.280 --> 0:12:16.520 no one would have breached it. So arguing that your 0:12:16.559 --> 0:12:20.520 security was really sophisticated doesn't impress anybody once the theft 0:12:20.559 --> 0:12:23.000 has already happened. And also, you know, like I said, 0:12:23.040 --> 0:12:25.520 it kind of danced around that question. Uh you know, 0:12:25.600 --> 0:12:27.439 they didn't just come out and say no, we did 0:12:27.440 --> 0:12:30.959 not encrypt your personal data until it got pretty far 0:12:31.000 --> 0:12:33.520 into the answer. But yeah, so that personal data is 0:12:33.559 --> 0:12:37.200 all out there and it's available. And then my opinion 0:12:37.920 --> 0:12:41.160 that personal data is far more valuable than your credit 0:12:41.160 --> 0:12:45.080 card number. And and here's why. So, yeah, getting your 0:12:45.080 --> 0:12:48.720 credit card stolen stinks. I've had I've had my credit 0:12:48.760 --> 0:12:52.640 card number stolen once before. And it's a pain because 0:12:52.679 --> 0:12:55.679 it means that you you have to you have to uh, 0:12:56.000 --> 0:12:58.600 you know, you dispute the the charges, you have to 0:12:58.679 --> 0:13:00.520 change your credit card, you have to get a new card. 0:13:00.960 --> 0:13:04.320 You know, they're there may be trouble disputing some charges 0:13:04.360 --> 0:13:07.640 depending upon your credit card company and all that mess. 0:13:07.720 --> 0:13:09.840 And this stuff can affect your credit rating and it's 0:13:09.840 --> 0:13:13.440 a real pain in the neck. But ultimately you're talking 0:13:13.480 --> 0:13:16.640 about probably a few hundred dollars if you're paying attention, 0:13:16.679 --> 0:13:19.360 it may not even be that much, but you know 0:13:19.720 --> 0:13:21.440 that's there's still a lot of money to a lot 0:13:21.480 --> 0:13:24.760 of people, but it's not as much money as thousands 0:13:24.880 --> 0:13:28.800 of dollars or tens of thousands of dollars, which is 0:13:28.880 --> 0:13:33.000 what can be stolen from you or stolen within your 0:13:33.080 --> 0:13:37.400 name should someone be able to steal your identity. And 0:13:37.840 --> 0:13:41.240 when you think about it, these if a personal information 0:13:41.280 --> 0:13:44.800 includes your name and your address and your birth date 0:13:45.440 --> 0:13:48.480 and all of this sort of things, people could start 0:13:48.559 --> 0:13:52.000 to use that to try and uh and apply for 0:13:52.080 --> 0:13:55.600 credit cards in your name. And then that's where you 0:13:55.679 --> 0:13:58.360 really start seeing some nasty, nasty hits. I mean, your 0:13:58.360 --> 0:14:01.679 credit rating could plumb it as people take advantage of 0:14:01.679 --> 0:14:04.120 that and steal your identity. Yes, and speaking of someone 0:14:04.160 --> 0:14:06.960 who's had to do it, it's very very difficult to 0:14:08.120 --> 0:14:11.720 uh go in and try to clean up your past 0:14:11.800 --> 0:14:15.560 credit history, even when it's not um, you know, they're 0:14:15.640 --> 0:14:20.120 very the credit agents are very protective of their information. Um. 0:14:20.160 --> 0:14:22.240 And of course there are people who would love to 0:14:22.280 --> 0:14:24.440 go up and go no, no, it was it was 0:14:24.800 --> 0:14:29.560 it was hackers. Um. You know, so they uh, you know, 0:14:29.600 --> 0:14:32.000 I would imagine that they are just particularly concerned that 0:14:32.040 --> 0:14:34.400 people are allying to them. But it is very difficult 0:14:34.440 --> 0:14:37.400 for even for those who can offer you know, more 0:14:37.400 --> 0:14:41.880 concrete proof to go in and make changes. So um, 0:14:41.920 --> 0:14:45.600 but even though I'm getting back to Sony specifically. UM, 0:14:45.680 --> 0:14:47.680 I think in a way, they did some things right 0:14:47.720 --> 0:14:49.920 and they did some things wrong. Obviously, the way they 0:14:50.000 --> 0:14:53.480 handled it with regard to the customers, especially in the 0:14:53.480 --> 0:14:55.440 eyes of the customers, leaves a lot to be desired. 0:14:55.440 --> 0:14:59.360 I've seen many, uh complaints about that, and there's there 0:14:59.400 --> 0:15:01.560 have even been law suits filed at this point. Yeah, 0:15:01.640 --> 0:15:03.560 and we'll we'll talk. We'll need to talk a little 0:15:03.560 --> 0:15:05.920 bit about those lawsuits because there's some there's a recent 0:15:05.960 --> 0:15:09.920 Supreme Court ruling that might actually bear upon that. And 0:15:10.000 --> 0:15:12.920 there's also one other element within the terms of use 0:15:12.960 --> 0:15:15.000 that I would like to address as far as the 0:15:15.160 --> 0:15:17.760 lawsuits are concerned. Yeah, we can, we can totally do 0:15:17.800 --> 0:15:19.400 that in just a second. I just wanted to mention though, 0:15:19.560 --> 0:15:22.920 that Sony did, in fact, UH call in an external 0:15:22.920 --> 0:15:26.560 security auditor to take a look at the practices, um 0:15:26.880 --> 0:15:29.760 and and did shut the networks down as soon as 0:15:29.800 --> 0:15:33.480 they realized that there was a serious problem. And Uh, 0:15:33.520 --> 0:15:36.880 the reason it's taking Song at least according to Sony, 0:15:37.120 --> 0:15:39.840 is to get everything back up online is they're changing 0:15:40.040 --> 0:15:42.560 the security structure of the site, which and I think 0:15:42.600 --> 0:15:45.520 that that's an excellent thing and they're require They're going 0:15:45.600 --> 0:15:48.040 to require everyone as soon as they reconnect to the 0:15:48.040 --> 0:15:52.240 network to change their password. UM and that's something else 0:15:52.280 --> 0:15:54.520 we should point out. If you are, if you're practicing 0:15:54.520 --> 0:15:59.840 good security, first of all, you're in the most people 0:16:00.000 --> 0:16:02.040 out I know there's some people out there who are 0:16:02.040 --> 0:16:04.480 our listeners who claim that they do, and that's great, 0:16:04.640 --> 0:16:09.040 I'm glad, fantastic. The rest of you are probably doing 0:16:09.040 --> 0:16:11.200 the same thing that almost everyone is doing, which is 0:16:11.240 --> 0:16:14.800 that you use maybe maybe a handful of passwords. Some 0:16:14.800 --> 0:16:17.280 people just use one and they use it across everything, 0:16:17.440 --> 0:16:20.440 and they might even use the same user name across everything, 0:16:20.880 --> 0:16:23.760 in which case, if someone has access to your name, 0:16:24.200 --> 0:16:27.840 your email address, your user name, and your password, and 0:16:27.840 --> 0:16:30.840 you're using that same password across multiple platforms, all of 0:16:30.840 --> 0:16:34.360 those platforms are now at risk. UH. That means the 0:16:34.400 --> 0:16:37.480 hackers who stole that information could, in theory, access your 0:16:37.520 --> 0:16:41.320 accounts across multiple platforms that might include emails, social networks, 0:16:41.800 --> 0:16:46.200 other services. So you want to make sure that you're 0:16:46.320 --> 0:16:50.400 using multiple passwords, make them difficult to guess. Don't just 0:16:50.440 --> 0:16:52.720 make it a variation off a password that you're using 0:16:52.760 --> 0:16:55.440 over and over again. Use a strong password generator. If 0:16:55.440 --> 0:16:59.360 you need to, um, yeah, those are those are excellent. 0:16:59.400 --> 0:17:01.840 There's there's a couple out there that you do things like, 0:17:01.920 --> 0:17:04.720 for instance, you want to create a password, you put 0:17:04.760 --> 0:17:08.199 in the u r L for the the website that 0:17:08.240 --> 0:17:10.320 you're going to use. You can actually download code that 0:17:10.359 --> 0:17:12.359 will allow you to do this, and you can even 0:17:12.400 --> 0:17:14.760 turn your computer offline so that you know, you don't 0:17:14.800 --> 0:17:17.800 have to worry about it broadcasting this anywhere. But you 0:17:17.840 --> 0:17:19.560 put in the u r L for the website you 0:17:19.600 --> 0:17:22.280 plan to visit. You put in a master password that 0:17:22.560 --> 0:17:24.119 this is the same password you're going to use for 0:17:24.160 --> 0:17:28.520 every single site. But using the master password and the 0:17:28.600 --> 0:17:31.040 u r L, it creates a hash of that and 0:17:31.119 --> 0:17:34.000 creates a strong password based on that. So then all 0:17:34.040 --> 0:17:36.000 you do is put in different u r l's with 0:17:36.080 --> 0:17:39.000 the same master password and it will generate its strong 0:17:39.040 --> 0:17:42.240 password for you. You create your accounts that way using 0:17:42.240 --> 0:17:44.199 that strong password, and if you ever forget it, all 0:17:44.240 --> 0:17:46.600 you have to do is go back into that program. 0:17:46.640 --> 0:17:48.879 You know, again disconnect yourself from all the networks if 0:17:48.880 --> 0:17:51.240 you want to, but go back into that program, type 0:17:51.240 --> 0:17:53.280 in the u r L and your master password again 0:17:53.359 --> 0:17:57.720 and it will the same strong password will pop up again. Yeah, yeah, 0:17:57.840 --> 0:17:59.840 and I have a I have a password wallet that 0:17:59.880 --> 0:18:03.239 I use that will generate passwords, and uh, I have 0:18:03.400 --> 0:18:08.000 the app on my phone and iPod and there's a 0:18:08.000 --> 0:18:10.760 plug in for my browser. So it's that that actually 0:18:10.800 --> 0:18:13.680 goes into the database and everything is encrypted. And if I, 0:18:13.680 --> 0:18:16.200 if I do happen to lose my phone, the uh 0:18:16.680 --> 0:18:18.960 uh and somebody else gets it and and breaks into it, 0:18:19.000 --> 0:18:22.879 they have to they won't find out specifically what is 0:18:22.920 --> 0:18:25.280 in there because they would have to actually get into 0:18:25.400 --> 0:18:27.680 the password app two, which requires a separate and more 0:18:27.720 --> 0:18:33.000 complex password. Um. So yeah, I mean it's uh, these 0:18:33.040 --> 0:18:36.120 are these are good ideas, but uh, it doesn't change 0:18:36.160 --> 0:18:39.080 the fact that that Sony customers are very upset not 0:18:39.200 --> 0:18:42.479 only that they got that they weren't told about this, 0:18:42.520 --> 0:18:45.040 but that they're on top of that, you know, that's 0:18:45.080 --> 0:18:48.960 really insult to injury having their information taken. And a 0:18:48.960 --> 0:18:51.240 lot of people are upset that they can't go back 0:18:51.280 --> 0:18:54.439 in and change their user name and password on the 0:18:54.480 --> 0:18:57.280 network because the network is down. Of course, if no 0:18:57.280 --> 0:18:59.520 one else can get in, I would argue that that's 0:19:00.040 --> 0:19:02.480 not quite as big as at this point, you should 0:19:02.520 --> 0:19:06.040 really be concentrating on changing your password everywhere else. Yes, 0:19:06.280 --> 0:19:09.320 like all the different emails and and social networks and 0:19:09.359 --> 0:19:11.639 all the other services you use. If you use that 0:19:11.680 --> 0:19:14.040 same password, you need to change it. Um, I want 0:19:14.080 --> 0:19:16.440 to put a fraud alert on your credit report? Yeah. Yeah, 0:19:16.520 --> 0:19:19.280 those can be a real pain too, just because if 0:19:19.280 --> 0:19:22.040 you start using your credit card and you're you know, 0:19:22.080 --> 0:19:25.320 you're out of town, then you may end up getting 0:19:25.320 --> 0:19:27.880 a call from your your bank or credit union every 0:19:27.920 --> 0:19:31.880 time you Yeah. Compared that compared to yeah, that it's 0:19:31.920 --> 0:19:33.800 it's inconvenient, and it's a pain in the butt, but 0:19:33.840 --> 0:19:35.760 it's less of a pain in the butt than dealing 0:19:35.800 --> 0:19:38.040 with the fact that someone has stolen your information and 0:19:38.200 --> 0:19:43.080 is using your card without your approval. Just as an aside, Yeah, 0:19:43.080 --> 0:19:45.919 I've I've heard recently, very recently that the people who 0:19:46.040 --> 0:19:50.199 steal credit card numbers now are not And you know, 0:19:50.240 --> 0:19:53.040 if I were stealing credit card numbers, I would think 0:19:53.080 --> 0:19:55.080 that I would want to do things as quickly as 0:19:55.160 --> 0:19:58.680 possible to avoid, uh, you know, the person I stole 0:19:58.680 --> 0:20:01.880 it from. Changing, Yeah, to call in and say, hey, 0:20:01.920 --> 0:20:04.640 my credit card, my credit card has been stolen. Um. 0:20:04.680 --> 0:20:07.880 But in a lot of cases, when when, apparently, when 0:20:07.880 --> 0:20:10.080 this kind of thing happens. They don't run out and 0:20:10.240 --> 0:20:13.280 buy lots of big screen TVs and designer genes and 0:20:13.320 --> 0:20:16.719 all sorts of other cool fun stuff computers, video games. 0:20:16.760 --> 0:20:20.359 They go and they buy stuff for twenty dollars or 0:20:20.560 --> 0:20:23.840 thirty dollars because it doesn't go noticed. People let that 0:20:23.920 --> 0:20:26.040 kind of thing slide on their card. They go, wait 0:20:26.080 --> 0:20:28.520 a minute, I don't remember going to Best Buy and 0:20:28.600 --> 0:20:32.480 spending twenty five times. I probably bought a movie or something. Oh, well, 0:20:32.560 --> 0:20:34.359 you know, I'm sure it's it's just twenty bucks. It's 0:20:34.400 --> 0:20:36.480 no big deal. That's the thing that they've started to do. 0:20:36.560 --> 0:20:39.960 And that's very insidious because they could continue to do 0:20:40.000 --> 0:20:42.480 that and continue to hold on your information and take 0:20:42.520 --> 0:20:44.960 money from you for years. Well, like we said, though, 0:20:45.000 --> 0:20:49.000 credit cards, that's cheap. In the long run, the long game, 0:20:49.200 --> 0:20:51.640 credit card is nothing. In fact, we had a security 0:20:51.640 --> 0:20:54.200 expert come and talk to the editorial department at House 0:20:54.200 --> 0:20:56.000 Stuff Works just as part of our we have this 0:20:56.080 --> 0:20:59.119 ongoing lecture series where we get to listen to various 0:20:59.119 --> 0:21:02.120 experts in different fields. And the security expert was talking 0:21:02.119 --> 0:21:05.000 about how credit card information is cheap. It's it's you know, 0:21:05.119 --> 0:21:07.359 it's like fifteen cents for a credit card number, and 0:21:07.359 --> 0:21:10.280 it's because it's because there is no guarantee that credit 0:21:10.320 --> 0:21:13.240 card number is going to be good for very much longer. Um. 0:21:13.359 --> 0:21:16.439 What's valuable is the personal information, because that's where you 0:21:16.440 --> 0:21:19.520 can start to you know, you you create your own 0:21:19.560 --> 0:21:22.880 credit card based upon this person's identity, on that person's 0:21:22.920 --> 0:21:25.119 credit rating, and you have all the billing go to 0:21:25.440 --> 0:21:27.119 information go to a different place. You don't have to 0:21:27.119 --> 0:21:29.439 worry about paying for it. You're just gonna run that 0:21:29.520 --> 0:21:31.320 up as much as you can, and that's where you 0:21:31.359 --> 0:21:35.239 make the big purchases, right So, and and ultimately the 0:21:35.280 --> 0:21:38.680 person whose name is attached to that number that's their 0:21:38.720 --> 0:21:41.359 credit rating, is going to suffer as a result, and 0:21:41.800 --> 0:21:44.640 that's where you really have to worry. So again, even 0:21:44.680 --> 0:21:47.600 if the credit card information wasn't touched, that personal data 0:21:47.640 --> 0:21:52.320 is very important now they the hackers would lack certain 0:21:52.320 --> 0:21:55.359 information that would really make it useful, like your Social 0:21:55.359 --> 0:21:59.440