77 Million Accounts Stolen From Playstation Network 645
Runaway1956 was one of many users to continue to update us about the intrusion we've been following this week.
"Sony is warning its millions of PlayStation Network users to watch out for identity-theft scams after hackers breached its security and plundered the user names, passwords, addresses, birth dates, and other information used to register accounts. Sony's stunning admission came six days after the PlayStation Network was taken down following what the company described as an 'external intrusion'. The stolen information may also include payment-card data, purchase history, billing addresses, and security answers used to change passwords, Sony said on Tuesday. The company plans to keep the hacked system offline for the time being, and to restore services gradually. The advisory also applies to users of Sony's related Qriocity network."
It only... (Score:2)
passwords? (Score:5, Insightful)
Seriously? They were storing passwords in a way that could be unencrypted?
Re: (Score:2)
Sad face :/ I guess I should cancel my credit card too.
Re:passwords? (Score:5, Informative)
Cancel? Just call up Visa and they give you a new card and number. No need to kill the account.
Re:passwords? (Score:5, Funny)
Re: (Score:2)
Is that because you don't understand what salt means in that context or because you realized that AC's can't mod posts?
Re:passwords? (Score:5, Funny)
Re: (Score:3)
Might not be bad... (Score:4, Interesting)
There are two schools of thought here...
If the passsword is stored as a hash on the server, then it is more resistant to attacks against the storage of the server. However, this does require the password be transmitted over the wire in one way or another on every connection. A man-in-the-middle attack with ip spoofing or dns cache poisioning has a non-trivial shot at compromising the password.
If the password is stored 'in the clear' on the server side and treat the password as a shared secret, then *if* you design the authentication right, you render man in the middle infeasible with the tradeoff of storage attack being a large exposure. A common scheme is to have client have a packet, concatenate with the password, calculate hash, then strip password before transmit. Server then repeats calculation and only accepts payload if secret matches. Usually, server responses are protected the same way, meaning only the server you *meant* to talk to can meaningfully respond because it needs your password to calculate correct hash responses.
All that said, it's also entirely likely that Sony has crypted hash passwords, but it's safer to say 'your password is compromised', because of how many users have passwords like 'yourmom65' rendering the hashing pointless.
Re: (Score:2, Informative)
actually, you can store the password as a hash _and_ not transmit it in clear for authentication...
1. server has hashed pw + salt1
2. server randomly generates salt2, sends salt1 and salt 2
3. client calculates x == hash(hash(pw, salt1), salt2)), sends it to server
4. server calculates hash(hashed pw, salt2) and compares to x
result: server has hashed pw and pw is never transmitted in clear...
Re:Might not be bad... (Score:4, Insightful)
If the password is stored 'in the clear' on the server side and treat the password as a shared secret, then *if* you design the authentication right, you render man in the middle infeasible with the tradeoff of storage attack being a large exposure.
And why couldn't a hash of the password be used as a shared secret? As long as the client can do the hashing, I see no reason the hash couldn't be used in place of the original password.
As a potential answer to my own question, maybe they wanted to make sure their log in form would work on a web browser without scripting.
Re: (Score:3)
Because then the 'hash' becomes the 'password' for all intents and purposes, bringing you right back to square one: your password is stored 'in the clear' on the server. Even if not keyboard friendly, an attacker gives not much of a rat's ass about that detail.
Re: (Score:3)
This is nonsense. You can double hash passwords. That's the correct way:
plaintext: 1234
salt: xyz
salt+plaintext hash: opqr
you store on DB: xyz-opqr
when the user requests the login page, the server creates a new salt, stores it in the session (server side) and sends the two salts to the client (session one and DB one):
server extracts salt from DB: xyz
server creates a session salt: abc
client receives session salt: abc
client receives DB salt: xyz
user enters password: 1234
client hashes using DB salt: opqr
1st has
Re:Might not be bad... (Score:4, Informative)
No, they not. That's the point of double hashing. If you know 'xyz' you still need to know 'opqr' to send a valid hash (remember that you need to hash 'xyz-opqr' with the session salt). Since the server never sends 'opqr' to the client, the only way to generate it is through HASH(xyz + plaintext_password).
Re: (Score:2)
I think it's horrendous that they force you to provide credit card info.
I wonder if, when this comes back online, if I could go in and hash my credit card info and I could still use online functions?
Re: (Score:3)
You don't need to provide credit card info to create a PSN account or play online. You don't even need it to buy stuff on the PSN, you can instead use pre-paid cards.
Re: (Score:3)
I never did provide a CC, when did they ask for that. Mind you I have a PSN account used only for netflix.
Re: (Score:3)
He was talking out of his ass. You only need to provide card info to buy stuff from the store or get a PSN Plus account. Standard accounts are free.
Re: (Score:2, Informative)
Get your fucking facts straight.
1. You do not need a CC to get a PSN account. You only need one to buy something, and even then you could buy PSN credits at the store, and buy things on PSN without ever providing a valid credit card number.
2. The game companies that allow you to tie your forum account to your PSN account are irrelevant. None of them require you to give them your PSN password.
This situation sucks, and Sony fucked up big time, but this bullshit FUD everyone is spewing is not helping.
Re:passwords? (Score:5, Informative)
Wrong. This is not true at all. You can play games without ever providing a credit card. On the other hand, they do require your name, birthdate, and mailing address.
Re:passwords? (Score:5, Insightful)
And people wonder why so many on-line accounts are set up with completely bogus information.
Why should I be providing all of this information to play *(&^%*&^ video games? This is precisely why I don't give most companies this information -- because I don't trust them with it. Not to keep it safe, not to use it as they say, and not to provide it to someone else.
Re: (Score:3)
As Miles Davis said ... It's not the notes you play, it's the notes you don't play.
If I thought swearing would have helped me make my point any better, I fucking well would have.
Profanity is like any other aspect of the English language -- it has its uses, but doesn't need to be overused.
Re:passwords? (Score:5, Insightful)
As a previously happy PS3 user, I'm infuriated at their shoddy handling of this whole thing. The delay in notifying customers was inexcusable, and I still don't understand how passwords could have been compromised... I refuse to believe that even Sony would have stored them in plaintext. The only thing that makes sense to me is that they were stored in hashes but Sony is concerned that the hashed passwords are subject to brute force attacks. I spent a good chunk of last night changing all my online passwords that were the same as the one used in my PS3 account, and that meant dozens of accounts. (Thank goodness none of them were bank-related.) I guess that I should have moved to a system of unique passwords for each site before, and this finally forced me to do it.
I am struggling to find a bright spot anywhere in this, but if I were to find one it would be that Sony must understand how badly they have pooched this situation. I would expect some serious mea culpas and free crap out of them (like free PlayStation Plus for a year or something) out of this. I don't know whether I actually want that, but it should be interesting to watch them grovel for my online trust and/or business back.
Re:passwords? (Score:5, Informative)
As a previously happy PS3 user, I'm infuriated at their shoddy handling of this whole thing. The delay in notifying customers was inexcusable, and I still don't understand how passwords could have been compromised... I refuse to believe that even Sony would have stored them in plaintext.
Even if you one-way cipher the passwords, getting access to the password database gives the attacker the ability to attack the database offline via brute-force attacks. (Attempting to brute-force without access to the database system would mean you'd have to do it via the login system - which wouldn't work so well if the login system is built to guard against brute force attacks, for instance by limiting the frequency of login attempts to a single account.) So if somebody gets the password database it's safest to assume they've got the passwords in it.
Re: (Score:3)
Without more information, it's safest to say that your plai
Re: (Score:3)
What do you mean "even Sony"? This is the same company that decided a rootkit on their audio CDs was a great way to stop piracy.
Putting rootkits on CDs is evil. Storing passwords in plaintext is stupid. Being evil doesn't make you stupid.
Exactly how much do you really think Sony cares about you or your information?
They care exactly to the extent that they can be subject to an expensive class-action lawsuit or government fines over the exposure. So, again, Sony's consumer-unfriendly attitude does not indicate that they would take reckless chances with protecting information that they face potential liability claims over. I don't get why their history with rootkits has anything to do with the fact that I seriou
FUD (Score:3)
"- If you wanted to play any of the games online, you had to have a PSN account. Which meant you had to provide a credit card whether you were ever going to buy anything or not."
Completely wrong. I have a PSN account and never, ever gave them credit card info.
Re:passwords? (Score:5, Insightful)
Not only did I use a unique email address and password for my PSN account (not used for anything else), I gave intentionally dishonest answers to the secondary security question (and wrote them down), an intentionally dishonest DOB and the only purchases I made were made with a debit card I got as a gift.
I feel like a genius.
Re: (Score:3)
You're now guilty of wire fraud, unauthorised system access and several thousand ToS and EULA violations. Don't ever get noticed by Sony, they own you for life and aren't shy in the courtroom
Wire fraud? No purchases were made, no cash exchanged hands. It's not illegal to give false answers to websites which ask for name or date of birth, nor is it illegal to violate the ToS.
Sony could certainly shut down his PSN account and there's the off-chance they could sue for breach of contract, but the courts would also come down hard on the prosecutor and whatever you might think of Sony's upper brass, Sony's legal is not nearly stupid enough to find this case a worthy use of their time.
Re: (Score:3)
No, if you keep hammering on Netflix it lets you in eventually. It just bitches at you.
Re: (Score:3, Funny)
Re: (Score:2)
Re: (Score:3, Informative)
This is not true. The Netflix app does ask you to log in to the PSN but after 3 failed attempts it lets you into the netflix app anyway and I thus far I haven't encountered any problems streaming even with the PSN itself down.
Re:passwords? (Score:5, Insightful)
This seems like an amateur mistake. Who are these companies hiring lately?
The lowest bidder?
Re:passwords? (Score:5, Interesting)
About as amateur as using a static constant instead of a random number when signing firmware and games, which is exactly what they did (and which pretty much cost them their entire system security).
DRM (Score:3, Funny)
Hows that online requirement DRM working out for you guys?
~UC
Sony isn't using the term "massive identity theft" (Score:5, Funny)
They're calling it an "unexpected mass friendship opportunity."
Re: (Score:3)
Re: (Score:2)
Re: (Score:3)
Massively Unexpected Online Identity Theft.
The only way to win...
SonyDownhill (Score:3, Interesting)
Gee, Sony just catch a break lately. I'm wondering if they are going to be asked to appear before the US Senate to explain their actions, just like Apple and Google? I think this is a little more serious than just tracking my phone location.
Re: (Score:3)
I'm wondering if they are going to be asked to appear before the US Senate to explain their actions,
http://www.opensecrets.org/pacs/lookup2.php?strID=C00282038 [opensecrets.org]
$211,925 tries to say "No"
Google sent four times that just to Barack Obama alone, and that didn't save them.
So I'm guessing the answer will be "Yes"
Re: (Score:3)
One senator [senate.gov] is already writing them nasty notes.
Unencrypted = Stupid (Score:5, Informative)
Re:Unencrypted = Stupid (Score:5, Interesting)
We need laws for this crap now. Someone doesn't even try to use adequate obfuscation, they are accessories. Specifically, for protection of SSNs (yes I know the fact that they are good for so much is stupid, but we live in reality) and credit card numbers, and anything else equivalent.
Re:Unencrypted = Stupid (Score:5, Informative)
Yes, I trust Congress to make laws that will cause secure implementations to be made.
Remember, these are the guys who can't make a tax code that requires companies to actually pay _any_ tax on billions of dollars' of income.
Re:Unencrypted = Stupid (Score:5, Insightful)
Why are you surprised that big companies would do stupid things? Particularly one who thought that installing rootkits on peoples' computers when they played a CD was a pretty darn cool idea?
Re: (Score:2)
Engineer - yes we can make it secure, we just need another 3 months to code and test it
PHB - no way, XBL is kicking our a$$. we release tomorrow. we'll just add a firewall and use the cloud to secure the data
Re: (Score:2)
Credit Card = Stupid (Score:3)
Re: (Score:2)
RTFA?
Likely does not mean certainty. Stop hyping speculation.
Re: (Score:2)
Passwords should be stored as hashes, yes. Answers to secret questions can only really be stored as hashes if you insist on people reproducing spelling, capitalization, and punctuation accurately and you don't intend to use the secret questions for over-the-phone authentication. Other sensitive information can be encrypted, but obviously an automated system that *uses* that information must have access to the encryption key necessary to decrypt the data. Sure, you can have your database and the system that
Re: (Score:3)
Answers to secret questions can only really be stored as hashes if you insist on people reproducing spelling, capitalization, and punctuation accurately and you don't intend to use the secret questions for over-the-phone authentication.
Spelling - yes; but capitalization and punctuation can just be ignored. Strip punctuation, convert to all-lowercase, then hash.
Re:Unencrypted = Stupid (Score:4, Informative)
To give Sony all the credit they deserve (however little it is), the sensitive records like passwords probably weren't stored in plaintext.
It's standard operating procedure at most companies to treat any data breaches as if the data was plaintext and will be immediately exploited. Once the hackers have taken the data, you have no way to tell if they have a way to decrypt/reverse it or not, so you simply assume they do.
At the same time.almost no one feels like explaining to users what password hashes are and why their data is probably safe, so the public announcements always reflect the assumption above and present the worst case scenario to users, and maybe encryption is mentioned somewhere. Whether the data was decrypted or not, if you say it was then you've covered your ass. It's not as if most laypeople believe that the encryption will hold anyhow.
In short, Sony's pretty damned stupid, but whether anything was encrypted or not they're going to treat it as if it wasn't, and their warnings are going to reflect that. Just because they aren't talking about it being encrypted doesn't mean it was stored in plaintext. The resolution is the same either way: assume the bad guys have it in plaintext form, and watch your credit reports.
Re: (Score:2)
Passwords and answers to secret questions should always be hashed
Does approximately zero good if 90% of your users have trivial passwords. In fact, 'secret answers' will almost *always* be simple, one-word english text, rendering hashes meaningless. Even if Sony did do hashing, they are going to keep it simply and say "you're screwed" to avoid setting expectations high for people with crappy passwords.
Credit card information and other sensitive information should be encrypted (preferably AES-256 or stronger).
If you compromise a running system, then many bets are off here. They could have done this and either:
-Every user logged in at the time had their password in memory so t
Re: (Score:3)
It amazes me that a company as large and established as Sony would make such a boneheaded move as storing sensitive information in plaintext.
If you remove the assumption that they were owned the same day they were shut down, the logical result is they got owned 77 million card entries ago... Sniff and store each new CC... Months / Years later they get noticed, oops.
That would also fit with why they didn't restore from backups onto bare metal on day one and be back online within 24 hours. If the backups, going back months or years, are all perfect backups of the infection...
Re: (Score:3)
we don't know how any of their data was stored, or accessed. That's sort of the problem; Sony isn't talking, which is leading to wild speculation, including yours.
Credit card numbers WERE taken too (Score:5, Informative)
I posted this in the last thread, but PSN users are already seeing their credit cards being fraudulently used! [vgn365.com]
So if you're affected, CANCEL YOUR CARD!
It's not a possibility anymore, it's a certainty.
Makes you wonder... (Score:5, Insightful)
In a world with plenty of well understood crypto schemes like public-private key systems where you can prove yourself without a shared secret... why the hell do we trust so much of our wealth with a trivial to see/copy account number being tossed around like crazy?
Re:Credit card numbers WERE taken too (Score:4, Informative)
That seems a little extreme.
You aren't liable for fraudulent charges. And until Sony sends you a certified letter stating that your credit card was compromised you don't know that your card was. I'll just wait until I see a fraudulent charge, then make a 10 minute phone call and have a new card/number mailed out to me. The biggest pain is updating the reoccurring bills/payments.
Even if they had access to your credit card number you don't know what they are going to do with it. Sell it? Maybe. Or maybe they are just using this to piss off Sony. And, according to Sony, they only have the credit card #s - not the CVV or CV2 code. So, it would be reasonably difficult to make a purchase.
I'll alert Capital One as soon as I see a fraudulent charge.
Re: (Score:3)
Yeah. More worrisome is the fact that if it is a debit card, the money is gone before you can even contest the charge.
For a credit card, I'd probably wait it out and hope for the best. A debit card, though, would best be cancelled immediately.
Re: (Score:3, Informative)
Re: (Score:3)
And, according to Sony, they only have the credit card #s - not the CVV or CV2 code. So, it would be reasonably difficult to make a purchase.
Absolutely. It's well beyond the ability of any petty criminal to buy a magnetic strip writer from eBay and put the stolen card numbers onto blanks / gift cards / any magnetic strip card. This was never done before internet purchases requiring CVV / CV2 codes became commonplace, and hardly anybody used cloned cards to withdraw cash at ATMs. Plus, store clerks always check the receipt card number against the one printed on the card itself, because they're vigilant pillars of the community.
Re:Credit card numbers WERE taken too (Score:4, Insightful)
The CVV or CV2 codes aren't required to make purchases in all places. Yes, for most cards you aren't liable for fraudulent purchases, but the money has to come from some where so the credit card companies end up taking a hit and they raise their rates. Besides if you know your card number might have been stolen and don't report it, you might end up having to pay for fraudulent charges since at that point it's basically your fault for not telling the credit card company.
More importantly, the hackers also have your name, address and birth date. That information is nearly enough info, combined with the credit card information, to have your card canceled and another one issued to them. They could initiate a USPS change of address (since they have your name and address) to wherever they want, call your credit card company to have a new card sent out and then simply activate that card when they get it.
It's much easier to preemptively have your credit card company reissue a card now, then try and go clean up a much more complicated mess in the future. That's what I did and my credit card company said that was a smart move on my part.
Re: (Score:3)
There are all sorts of exceptions to that rule. The first most common is that you have a certain period of time, generally only a few days, to find and report such fraudulent charges or you will not be refunded 100%. (do you check your transactions every day while on vacation?) Second, what if they used a Debit card and their checking account was emptied. Sure, they might eventually get their money back, but it could take a month or more.
So yea, this might actu
Re: (Score:3)
Bearing in mind of course... Say 70m PSN users, lets assume that 50% of them had credit cards on there and that the average frequency of credit card fraud generally is once per person every 20 years (no, I couldn't be bothered looking for a real statistic, or using real math).
In the week or so since the breach, the average person would have had an approx 1/(20*52)= 1 in 1040 chance of incurring fraud anyway.
Therefore chances are during that week we could anyway have expected around 1/1040 * (70m * 50%) = 33
Leaving PSN Down (Score:5, Interesting)
Re:Leaving PSN Down (Score:5, Informative)
I think the fact Sony has left the PSN in a completely disabled state for the past week could hint at some internal problems with not knowing what the hell they're doing in the first place. Their servers have been compromised and can no longer be trusted. In my world, that's a perfect time to re-build your systems from a pristine backup. So why doesn't Sony patch the vulnerability and deploy new servers? Perhaps it's because they don't have a clue what the vulnerability is...
FTFY.
Sony said it has temporarily shut down the PlayStation Network and Qriocity services and hired an outside security firm “to conduct a full and complete investigation into what happened,” but refused to offer details on the hack. [wired.com]
Re: (Score:2)
Re: (Score:2)
Fallout (Score:5, Insightful)
Re:Fallout (Score:5, Interesting)
TJX's stock is up 100% since 2006 when the breach occurred. http://www.google.com/finance?q=tjx [google.com] Point being is, if nothing seriously negative happens to Sony then it's no wonder that firms continue to have poor security practices. After all, why bother spending the effort and money to secure data when there is no return on the investment?
Many years ago, I was in a meeting with heads of a bank, discussing their need for penetration testing, auditing, etc.
So, after all that talk, one guy simply asks:
"Why would we spend dozens and hundreds of thousands of dollars on security services/products/staff, when it costs us 200 dollars to issue few press releases that claim how no valuable data was lost, and everything will be just fine?"
I had no answer to this.
That's why in 2011. we are witnessing things like this.
That's why in 2011, Sony will still be determined to be PCI/DSS compliant, although they probably don't satisfy 50%-70% of requirements.
It's because they don't give a fuck and don't care. There is nothing you/we can do to them, they are on the top of the food chain.
Because humans are greedy, like flashy toys and are too blind to see what's happening in front of their eyes.
Oh well, back to work :)
Re: (Score:3)
undivided attention of Anonymous (Score:5, Insightful)
Re:undivided attention of Anonymous (Score:4, Insightful)
Get a gaming PC (Score:2)
I'm waiting for US Feds to lose 100M+ accounts (Score:2)
Just Plain Text? Don't be ridiculous... (Score:2)
This is Sony we're talking about - they will of course have installed in a rootkit into the data... ;)
In all seriousness... (Score:2)
Whilst I have read a lot of people pointing fingers at Sony and jeering them for this breach, some of the more savvy commentators are now asked how safe ANY online data really is.
Suppose you really did have a situation where the user's personal details and CC data were encrypted. Would you actually just put a press release along the lines of:
"Yeah, we got hacked. The hacker downloaded 77 million account details, all of which was AES secured. Nothing to see here, move along."
Or, would you tell people to de
Stolen? (Score:2, Insightful)
Was the sensitive information deleted from Sony's system, denying them access to it? If not, how is that stealing? I thought the People of Slashdot were against calling it "stealing" when information is merely duplicated without taking access away from the original holder?
Re: (Score:2)
When we are talkin about metallica's "Sandman" it's ok to start getting nitpicky over the details. When some jerk just stole my credit card info on the the other hand...
Re: (Score:3)
Re: (Score:3)
If someone steals your identity, do you no longer have it? Who are you then?
Re: (Score:3, Insightful)
Also using another's identity most certainly can and does bring harm to the creator/originator of that identity.
Re: (Score:3)
Karma's a bitch. (Score:3)
Ok Sony, so basically, (Score:3)
'some' people basically handed your ass over to you in a different fashion ?
in the end, it seems you have annoyed far more dangerous circles in the internet hacker underground than the jailbreakers/mod hackers.
enjoy. and next time, remember that it is not good to treat people like cattle, and suppress/repress them.
I've been robbed... (Score:3)
That's it? "Sorry"? (Score:5, Insightful)
So, you peek into PS3 internals, you get slapped with lawsuits, police raids your home and they send army of lawyers after everyone.
Someone steals 77m accounts from Sony, all they have to say is basically...
Sorry?
Fuck you Sony.
Re: (Score:3)
They should get massively fined, in proportion to the monetary losses they are pushing onto customers, banks and vendors. $100 per account sounds like a good start. The money should go towards getting their users' credit histories back on track, as well as additional monitoring by the credit bureaus.
They should fall out of PCI compliance, and be forced to bring their system fully up to compliance before they can charge even one more credit card. Or, they should only process pre-paid PSN cards, and leave m
Re: (Score:2)
Re: (Score:2)
Custom firmware is just an excuse to bash geohot.
The bottom line is that trusting the client to handle security for you is a bonehead move. You just don't do that period.
Considering that PSN is accessed over the internet, and consequently exposed to machines other than PS3's, you'd think that Sony could be more careful.
Re: (Score:2)
No. Trusting the client is moronic. Perhaps if they had not been such morons they would not have had such issues.
Re:Firmware (Score:5, Insightful)
If their online systems' security depends on all clients playing by a specific set of rules, it is Broken.(even barring custom firmware, PS3s communicate over the internet via reasonably normal protocols, so it isn't as though the public-facing infrastructure was ever invisible to PCs running whatever people wanted them to run).
Especially for something as large and potentially valuable as 77 million accounts, many with cards on file, there would just be no way that you could make the client secure enough to serve as a trusted part of your security system: your pirate will give up if you can't flash a firmware in software or do a relatively simple mod-chip install. A more serious hacker might be willing do dump some ROMs, if possible, maybe snoop bus traces if they can get to them, install mod chips that require SMT skills, etc. For 77 million accounts, though, you have to consider the possibility that somebody would commission a serious forensic teardown of your system, decapping, microscopes, and the lot.
Re: (Score:2)
No not superior, sad really, sad for the loss, sad for the fact that someone feels that that type of behavior is acceptible, sad when I see a 6 year old friends son cutting people appart with a sword with no sense of what he is doing or how it may be affecting his moral compass. What is that big popular game "Grand Theft Auto"? now thats a title that inspires accepting that there is no moral impact to gamming.
Re: (Score:3)
Seriously, I mean why give me a game that allows me to steal cars and shoot people when it's doesn't even emulate the experience properly?!! I go out and try these techniques on the street and they don't work at all the way they do in the game. It's morally negligent I say! I could be killed because of the bad info I'm getting from my video games!
Re: (Score:3, Insightful)
You don't really sound like you've played the game, the way you talk about it makes it sound very serious. You don't actually have to kill innocent bystanders unless you want to, just the same as real life. Many missions call for you killing people, but what do you expect in a game about gangsters? Actually, you don't even have to do the killing missions if you don't want to.. you could just be a taxi driver, paramedic, or firefighter if you really wanted to just be super-good all the time.
Music on a computer 10 years ago? Errr, yeah. (Score:3)
The mp3 has been around since the mid 90s and plenty of other simpler formats were around before that. Macs were doing 8 bit PCM music back in the late 80s and if you want to be pedantic about it synthesized music on a personal computer has been around since the 8 bits days in the early 80s.
Re: (Score:2)
We're at the point where consoles have achieved parity with personal computers in all ways except freedom.
And resolution. 1080 vertical lines would have been quite an achievement on a PC ... in 1988 ... I haven't owned lower than 1600x1200 since the mid 90s.
And user interface. give me my trackball and keyboard for FPS.
Re: (Score:3)
I was playing MP2s on my computer almost ten years before that.
And MOD files five years before that.
And (okay, going to stop before I age myself here ...)