Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
PlayStation Network Attack
View unanswered posts
View posts from last 24 hours

Goto page 1, 2, 3, 4, 5  Next  
Reply to topic    Gentoo Forums Forum Index Off the Wall
View previous topic :: View next topic  
Author Message
wswartzendruber
Veteran
Veteran


Joined: 23 Mar 2004
Posts: 1221
Location: Jefferson, USA

PostPosted: Mon Apr 25, 2011 10:49 pm    Post subject: PlayStation Network Attack Reply with quote

Evidently, PSN has been decked for the past three days. Anonymous claims no responsibility.
Back to top
View user's profile Send private message
Muso
l33t
l33t


Joined: 22 Oct 2002
Posts: 656
Location: The Holy city of Honolulu

PostPosted: Mon Apr 25, 2011 10:51 pm    Post subject: Re: PlayStation Network Attack Reply with quote

wswartzendruber wrote:
Evidently, PSN has been decked for the past three days. Anonymous claims no responsibility.


Longer than 3 days. It will be coming up on a week shortly. Sony pulled down PSN when it noticed the attack and is securing more before restarting it. Word from Japan is by tomorrow for NA.
_________________
Joe Biden wrote:
1987, when the skirts were short, the brews were cold, and you couldn’t walk 2 feet without stepping into some grade-A tang.
Back to top
View user's profile Send private message
aidanjt
Veteran
Veteran


Joined: 20 Feb 2005
Posts: 1101
Location: Rep. of Ireland

PostPosted: Mon Apr 25, 2011 10:51 pm    Post subject: Reply with quote

Tis probably China running military exercises.
_________________
juniper wrote:
you experience political reality dilation when travelling at american political speeds. it's in einstein's formulas. it's not their fault.
Back to top
View user's profile Send private message
drizek
n00b
n00b


Joined: 26 Jan 2006
Posts: 32
Location: Believe in America

PostPosted: Mon Apr 25, 2011 11:34 pm    Post subject: Reply with quote

Portal 2 killer?
_________________
Stand With Mittens
Back to top
View user's profile Send private message
sts
Tux's lil' helper
Tux's lil' helper


Joined: 02 Jul 2007
Posts: 97

PostPosted: Tue Apr 26, 2011 3:37 am    Post subject: Reply with quote

http://www.reddit.com/r/gaming/comments/gx6o4/im_a_moderator_over_at_psxscenecom_the_real/
Quote:
there was a new CFW (custom firmware) released known as Rebug (http://rebug.me). It essentially turns a retail console into a dev console (not fully, but gives you a lot of the same options that usually dev's only have access to). Anyway, this new CFW was quickly figured out by 3rd parties (not Rebug) to give CFW users access to the PSN network again via the dev networks. With a little manipulation of the URL's through a proxy server you could get your hacked console back online. Not that big of a deal, right? Well, it also turns out that some people over at NGU found out that you could provide fake CC# info and the authenticity of the information was never checked as you were on Sony's private developer PSN network (essentially a network that Sony trusted). What happened next was extreme piracy of PSN content. Sony realizing the issue here shut down the network. Now, before you go freaking out about the latest information posted about Kotaku, no ones personal information was accessible via this hack. Not to say they couldn't get it, but no one is admitting to it being available. Anyway, that's the real reason for the PSN downtime. Sony is now rebuilding all of it's PSN servers to be more secure and (hopefully) make sure the CFW users cannot get online anymore.
Back to top
View user's profile Send private message
Muso
l33t
l33t


Joined: 22 Oct 2002
Posts: 656
Location: The Holy city of Honolulu

PostPosted: Tue Apr 26, 2011 3:40 am    Post subject: Reply with quote

sts, isn't that essentially stating what I already posted with about 10x the number of words?

Still, the link is nice.
_________________
Joe Biden wrote:
1987, when the skirts were short, the brews were cold, and you couldn’t walk 2 feet without stepping into some grade-A tang.
Back to top
View user's profile Send private message
slycordinator
Advocate
Advocate


Joined: 31 Jan 2004
Posts: 3057
Location: Redmond, WA

PostPosted: Tue Apr 26, 2011 3:55 am    Post subject: Reply with quote

The Earth wrote:
sts, isn't that essentially stating what I already posted with about 10x the number of words?
And 10x the number of details. ;)

Note: I didn't know the details until now and hadn't been keeping track.
_________________
My political stance/bias
slycordinator != slycoordinator
Back to top
View user's profile Send private message
sts
Tux's lil' helper
Tux's lil' helper


Joined: 02 Jul 2007
Posts: 97

PostPosted: Tue Apr 26, 2011 3:55 am    Post subject: Reply with quote

This appears to be not so much a network attack as people figured out how to get shit for free with custom firmware.
Back to top
View user's profile Send private message
jho
Apprentice
Apprentice


Joined: 24 May 2007
Posts: 153
Location: Jyväskylä, Finland

PostPosted: Tue Apr 26, 2011 8:45 pm    Post subject: Reply with quote

http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
Quote:
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.


Seems a bit more serious than previously thought. I don't get why Sony wouldn't tell the users right away that their personal information might be in danger. Very unprofessional.
_________________
"I'm sorry, I only accept criticism in the form of sed expressions."
Back to top
View user's profile Send private message
jonnevers
Veteran
Veteran


Joined: 02 Jan 2003
Posts: 1593
Location: Gentoo64 land

PostPosted: Tue Apr 26, 2011 9:21 pm    Post subject: Reply with quote

jho wrote:
http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
Quote:
Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.


Seems a bit more serious than previously thought. I don't get why Sony wouldn't tell the users right away that their personal information might be in danger. Very unprofessional.

unprofessional? my guess is you've never dealt with such a security situation before.

it takes awhile to figure out what data for who may have actually been compromised. you really don't want to tell all users that all their information was compromised, if it in fact wasn't. this can be an excruciatingly manual process.

to be honest, it seems like they have been acting in a very professional manner, in perhaps not a very transparent manner. but those terms are decidely different.
Back to top
View user's profile Send private message
Clete2
Guru
Guru


Joined: 09 Aug 2003
Posts: 529
Location: Bloomington, Illinois

PostPosted: Tue Apr 26, 2011 9:43 pm    Post subject: Reply with quote

Ugh!

Just cancelled my credit card and put a fraud alert on myself for 90 days. In the process of changing passwords.

Thanks a lot, Sony. :(
_________________
My Blog
Back to top
View user's profile Send private message
jonnevers
Veteran
Veteran


Joined: 02 Jan 2003
Posts: 1593
Location: Gentoo64 land

PostPosted: Tue Apr 26, 2011 9:59 pm    Post subject: Reply with quote

http://www.joystiq.com/2011/04/26/sonys-failure-to-report-data-breach-incurs-ct-senator-blumentha/
Back to top
View user's profile Send private message
wswartzendruber
Veteran
Veteran


Joined: 23 Mar 2004
Posts: 1221
Location: Jefferson, USA

PostPosted: Tue Apr 26, 2011 10:30 pm    Post subject: Reply with quote

jonnevers wrote:
http://www.joystiq.com/2011/04/26/sonys-failure-to-report-data-breach-incurs-ct-senator-blumentha/

Dear Senator,

Get your fucking nose out of the private sector's business!

With love,
wswartzendruber

QUESTION: What the hell did this letter actually accomplish?
Back to top
View user's profile Send private message
sts
Tux's lil' helper
Tux's lil' helper


Joined: 02 Jul 2007
Posts: 97

PostPosted: Tue Apr 26, 2011 10:37 pm    Post subject: Reply with quote

What's wrong with the letter? He's acting on behalf of his constituents. I can call up Sony and say "Hey, do I need to be worried about my personal info?" but they'll just ignore me. Having your Senator do it carries more weight.
Back to top
View user's profile Send private message
pitcrawler
Apprentice
Apprentice


Joined: 09 Jan 2005
Posts: 154
Location: Oklahoma, USA

PostPosted: Tue Apr 26, 2011 10:52 pm    Post subject: Reply with quote

Sony have made fuck-up after fuck-up in recent history. Just when people think they can't get any worse, they go and top it all with this. The reality is that they will have lost a LOT of the trust of their customers, and going to be very difficult for them to get it back. Especially after the rootkit fiasco, the removal of the OtherOS feature from the PS3 and the recent GeoHotz lawsuit.
Back to top
View user's profile Send private message
Muso
l33t
l33t


Joined: 22 Oct 2002
Posts: 656
Location: The Holy city of Honolulu

PostPosted: Wed Apr 27, 2011 12:38 am    Post subject: Reply with quote

pitcrawler wrote:
Sony have made fuck-up after fuck-up in recent history. Just when people think they can't get any worse, they go and top it all with this.


I don't see how Sony was the culprit here.

With that being said, this will hurt their online sales via PSN for sure. I've never been one to trust having a credit card number logged in with them, so if I see a dlc I want, I'll buy a $20 card from a gamestop. This just reinforces my paranoia. But for many others who did have their cc numbers logged into the PSN, I can see them now refusing to continue the practice.
_________________
Joe Biden wrote:
1987, when the skirts were short, the brews were cold, and you couldn’t walk 2 feet without stepping into some grade-A tang.
Back to top
View user's profile Send private message
jonnevers
Veteran
Veteran


Joined: 02 Jan 2003
Posts: 1593
Location: Gentoo64 land

PostPosted: Wed Apr 27, 2011 4:28 am    Post subject: Reply with quote

sts wrote:
What's wrong with the letter? He's acting on behalf of his constituents. I can call up Sony and say "Hey, do I need to be worried about my personal info?" but they'll just ignore me. Having your Senator do it carries more weight.

i'm not defending sony here but have you actually called them and asked that question. my guess is you haven't and are just making up shit.

as for the actual question. i bet that letter leads to additional people being fired, people are definitely going to be fired over this.

i'm not overly concerned with my PII being stolen but thats because my finances arent a black hole that i dont monitor.

i just want the PSN to be back online so i can play DCUO :cry:
Back to top
View user's profile Send private message
pigeon768
l33t
l33t


Joined: 02 Jan 2006
Posts: 669

PostPosted: Wed Apr 27, 2011 5:08 am    Post subject: Reply with quote

The Earth wrote:
pitcrawler wrote:
Sony have made fuck-up after fuck-up in recent history. Just when people think they can't get any worse, they go and top it all with this.
I don't see how Sony was the culprit here.
Wait, what? Seriously?

First of all, there's no need for them to keep records of credit card information and address and name information. Use it, discard it. At best, a hack could have discovered a list of usernames.

Second, the nature of the attack is disturbing. It is a firmware mod of a PS3. This firmware allows you to tell PSN that you're a developer; once you tell PSN you're a developer, it gives you the keys to the kingdom. You want a list of all our users, all their personal information, including name, address, phone number, email, credit card number, credit card expiration date, and CVV number? Sure, here you go. They did not hack Sony's network; they hacked a PS3, a device they were in physical possession of.

The really disturbing thing though; the thing that makes my skin crawl and my hairs stand up on end, is that every company on the planet who develops or is considering developing a PS3 game has the same access that the hackers had. Every single one of them. If they wanted my username, password, address, phone number, email address, credit card number, cc expiration date, and cvv number they just had to go to the page and download it.
_________________
My political bias.
Back to top
View user's profile Send private message
Muso
l33t
l33t


Joined: 22 Oct 2002
Posts: 656
Location: The Holy city of Honolulu

PostPosted: Wed Apr 27, 2011 5:42 am    Post subject: Reply with quote

pigeon768 wrote:
The Earth wrote:
pitcrawler wrote:
Sony have made fuck-up after fuck-up in recent history. Just when people think they can't get any worse, they go and top it all with this.
I don't see how Sony was the culprit here.
Wait, what? Seriously?

First of all, there's no need for them to keep records of credit card information and address and name information. Use it, discard it. At best, a hack could have discovered a list of usernames.

Second, the nature of the attack is disturbing. It is a firmware mod of a PS3. This firmware allows you to tell PSN that you're a developer; once you tell PSN you're a developer, it gives you the keys to the kingdom. You want a list of all our users, all their personal information, including name, address, phone number, email, credit card number, credit card expiration date, and CVV number? Sure, here you go. They did not hack Sony's network; they hacked a PS3, a device they were in physical possession of.

The really disturbing thing though; the thing that makes my skin crawl and my hairs stand up on end, is that every company on the planet who develops or is considering developing a PS3 game has the same access that the hackers had. Every single one of them. If they wanted my username, password, address, phone number, email address, credit card number, cc expiration date, and cvv number they just had to go to the page and download it.


ok, you've convinced me.

I stand corrected, Sony is a culprit and pitcrawler was right in calling them such.
_________________
Joe Biden wrote:
1987, when the skirts were short, the brews were cold, and you couldn’t walk 2 feet without stepping into some grade-A tang.
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1564
Location: U.S.A.

PostPosted: Wed Apr 27, 2011 6:21 am    Post subject: Reply with quote

AidanJT wrote:
Tis probably China running military exercises.

++

China is harnessing the awesome power of all those cell processors to crack Obama's S/MIME key, send a nasty-gram to Putin, and provoke war between the U.S. and Russia. :P
_________________
juniper wrote:
I use ubuntu, which is why I am posting here.
Back to top
View user's profile Send private message
jho
Apprentice
Apprentice


Joined: 24 May 2007
Posts: 153
Location: Jyväskylä, Finland

PostPosted: Wed Apr 27, 2011 12:17 pm    Post subject: Reply with quote

A Finnish tech magazine called Dome has a nice article offering possible explanations on what happened and how serious it is, gathered from different snippets of information floating around. It's in Finnish, but here are some of the main points:


  • PSN was a huge clusterfuck from the beginning. Sony Corporation ordered small bits and pieces of the network at a time without any greater vision from Sony Online Entertainment which usually does online games, and not networking solutions that require a high level of security.
  • Different parts of the network were built at different times by completely different teams without much interaction. For example the friends list, messaging, and the PSN store were all developed independently and somehow glued together.
  • As a result the PSN store was for a long time only a web page that the PS3 web browser opened.
  • By inspecting the network traffic between the PSN store and PS3, some enthusiasts figured out that upon purchases your credit card information was sent using HTTP GET requests. Oh come on, this is just awful.
  • This made it seem likely that customers' credit card information could be found on Sony's web server logs!
  • Other hackers had for a long time been laughing at Sony's authentication servers, which apparently used old versions of software with known security holes. The servers were also configured so that they sent full software version strings, making it trivial for people with enough time to breach the servers. This is the potential point of entry into the PSN, not consoles with custom firmware.
  • The fact that Sony even hinted that it's possible for your CC information to be stolen means they did something and everything horribly wrong from the beginning. Usually the only stored information is the last four digits of your CC number, and a special identification hash that is used on subsequent purchases proving that the credit card information has been entered some time before and making it unnecessary to store the whole number. These identification hashes can only be used on purchases from the store it was originally computed on. This is an official system developed and used by Visa.
  • Sony has apparently predicted for the servers to be down for at least two weeks. This could also hint at serious security related problems.


Seems more plausible (and more scary, storing CC information in web server logs, holy fuck) than being able to access all the information from dev consoles, but as long as there is no official word from Sony we might never know. Actually, if the situation was this bad I doubt Sony would admit it publicly either.
_________________
"I'm sorry, I only accept criticism in the form of sed expressions."
Back to top
View user's profile Send private message
jonnevers
Veteran
Veteran


Joined: 02 Jan 2003
Posts: 1593
Location: Gentoo64 land

PostPosted: Wed Apr 27, 2011 12:38 pm    Post subject: Reply with quote

The Earth wrote:
pigeon768 wrote:
The Earth wrote:
pitcrawler wrote:
Sony have made fuck-up after fuck-up in recent history. Just when people think they can't get any worse, they go and top it all with this.
I don't see how Sony was the culprit here.
Wait, what? Seriously?

First of all, there's no need for them to keep records of credit card information and address and name information. Use it, discard it. At best, a hack could have discovered a list of usernames.

Second, the nature of the attack is disturbing. It is a firmware mod of a PS3. This firmware allows you to tell PSN that you're a developer; once you tell PSN you're a developer, it gives you the keys to the kingdom. You want a list of all our users, all their personal information, including name, address, phone number, email, credit card number, credit card expiration date, and CVV number? Sure, here you go. They did not hack Sony's network; they hacked a PS3, a device they were in physical possession of.

The really disturbing thing though; the thing that makes my skin crawl and my hairs stand up on end, is that every company on the planet who develops or is considering developing a PS3 game has the same access that the hackers had. Every single one of them. If they wanted my username, password, address, phone number, email address, credit card number, cc expiration date, and cvv number they just had to go to the page and download it.


ok, you've convinced me.

I stand corrected, Sony is a culprit and pitcrawler was right in calling them such.

i'm not convinced at all that his scenario is the truth. i've heard its story but at that point it was definitely just a rumor. in fact the rumor was turning the console into the dev console and being able to use dummy CC numbers to add cash to the account. so that rumor turned from a push exploit into a pull exploit of a much worse calibre. plus even on face value it seems just plain stupid. all developers for the ps3 have PSN account usernames and passwords? i highly doubt that and i totally question his statements as pure fantasy with no basis of evidence.

jho wrote:

Seems more plausible (and more scary, storing CC information in web server logs, holy fuck) than being able to access all the information from dev consoles, but as long as there is no official word from Sony we might never know. Actually, if the situation was this bad I doubt Sony would admit it publicly either.


yeah this seems much more in the realm of plausibility.

i still just want the PSN back online :lol:
Back to top
View user's profile Send private message
Clete2
Guru
Guru


Joined: 09 Aug 2003
Posts: 529
Location: Bloomington, Illinois

PostPosted: Wed Apr 27, 2011 1:01 pm    Post subject: Reply with quote

pigeon768 wrote:
The Earth wrote:
pitcrawler wrote:
Sony have made fuck-up after fuck-up in recent history. Just when people think they can't get any worse, they go and top it all with this.
I don't see how Sony was the culprit here.
Wait, what? Seriously?

First of all, there's no need for them to keep records of credit card information and address and name information. Use it, discard it. At best, a hack could have discovered a list of usernames.

Second, the nature of the attack is disturbing. It is a firmware mod of a PS3. This firmware allows you to tell PSN that you're a developer; once you tell PSN you're a developer, it gives you the keys to the kingdom. You want a list of all our users, all their personal information, including name, address, phone number, email, credit card number, credit card expiration date, and CVV number? Sure, here you go. They did not hack Sony's network; they hacked a PS3, a device they were in physical possession of.

The really disturbing thing though; the thing that makes my skin crawl and my hairs stand up on end, is that every company on the planet who develops or is considering developing a PS3 game has the same access that the hackers had. Every single one of them. If they wanted my username, password, address, phone number, email address, credit card number, cc expiration date, and cvv number they just had to go to the page and download it.


Sources? Where did you hear this?

If true, this is disastrous.
_________________
My Blog
Back to top
View user's profile Send private message
Frustie
Tux's lil' helper
Tux's lil' helper


Joined: 31 Aug 2007
Posts: 94
Location: My own little planet.

PostPosted: Wed Apr 27, 2011 1:09 pm    Post subject: Reply with quote

Clete2 wrote:

If true, this is disastrous.


Been changing passwords, questions/answers and what not all day ...

My bank told me i needed to keep a close eye to my credit card spending and use the online bank statement tool. I've asked her whether they were busy with this PSN issue and she stated that she alone had already spoken to 50+ people with the same type of questions, this was this morning.

The impact of this PSN hack is immense and does not only cost Sony a lot of income/money but also a lot of other companies/persons ...
_________________
If we ignore it maybe it will go away.
Back to top
View user's profile Send private message
wswartzendruber
Veteran
Veteran


Joined: 23 Mar 2004
Posts: 1221
Location: Jefferson, USA

PostPosted: Wed Apr 27, 2011 1:31 pm    Post subject: Reply with quote

Microsoft has to be rejoicing right now. I can't believe a company as experienced as Sony did this.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Off the Wall All times are GMT
Goto page 1, 2, 3, 4, 5  Next
Page 1 of 5

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum