I don't know what is involved, I just know it costs quite a bit if you fail compliance. According to the Evolve Online site, it's €5 per compromised account and €100,000 fine per incident.

So that's at least €100,015 fine of the people in this thread I know have PSN accounts.

Self-certification (wrong term, but I can't think of the right one at the moment) can only be done by smaller companies who handle a smaller number of transactions every year. Large companies have to be audited by a certified QSA.

 

The only problem is that the actual requirements in PCI DSS are a bit vague in places, and what you need to do to achieve compliance depends on the interpretation of the QSA. Sony's lawyers will just end up saying that they were compliant so long as you squint at it from the right angle.

Could someone explain how (in actual use) this keepass thing works? I don't really care much about security, but if it's a thing that can remember and fill in my password/s for me, then I'm interested.

That's what LastPass does. Haven't used Keypass for a long time and I can't remember how it works.

Ok, which is BETTER?

Lastpass want you to pay to use their Android app :(

I love lastpass because it is available on all my browsers, work, home, where ever. Of course it's BETTER because I'm using it! I wouldn't use the inferior product man!

Well that's fine since I don't have an Android.

Yeah, I didn't like that. But it's not that expensive is it?

More expensive than a packet of post-it notes :C

That's an odd thing to compare it too!

I think the implication is that a packet of post-it notes is his alternative password remembering system

Surely sensitive data like passwords and password hints should be stored in MD5 hash format? So stealing that data becomes useless (unless one has a shitlol amount of pooter power to break the hash).

You think you have it bad Mr Wix? Some poor bastards have had their money eaten! :O

77 million PSN users worldwide. Dunno, a 1/4 of them in Europe? Someone do the maths. That's a substantial fine.

I can't tell if you're trolling or not. :/

Just using MD5 is only a step above plain text. It's not recommended. Use a more powerful algorithm, along with secret and per-user salts.

Definitely big news, it was the front page headline on the Metro!

Keepass. It keeps everything in an encrypted file on your computer, so at least they're not on someone else's server.

No, I wasn't trolling, and the principle still stands: there are readily amenable methods to secure sensitive data held within a database, MD5 (+salt) is only one example. It souldn't be beyond the wit of Sony to have done so.

You didn't read the whole thread then. :P