Sony says hackers have stolen information for users including passwords, birthdays and Credit card d

reply to post by thatonedude


I don't have a playstation I haven't since the first xbox came out so I'am not sure how I can be a fanboy, what I can be sure about though is hacked firmware is used at the owners risk, sony dosen't control what it does and if you can't show a case of the same details being obtained from a clean playstation then the protection is pretty good, no?

In the ops case we don't know enough to decide anything until more information is provided by either side.

Originally posted by aivlas
reply to post by thatonedude

 

I don't have a playstation I haven't since the first xbox came out so I'am not sure how I can be a fanboy, what I can be sure about though is hacked firmware is used at the owners risk, sony dosen't control what it does and if you can't show a case of the same details being obtained from a clean playstation then the protection is pretty good, no?

In the ops case we don't know enough to decide anything until more information is provided by either side.

I apologize for assumptions that may not apply to you.I do not see why a hacked system is the issue I bought it ill mod it at will period.If said system is capable of a security breach how is it my systems fault? Sony made the network and the system blame them and stop looking for details.They pushed ps3 out the door to compete now they pay.

reply to post by thatonedude


The latest attack might not have anything to do with the hacked firmware unless the hacked firmware allowed a hacked update to be pushed to all consoles. You can put hacked firmware on your playstation if you want, but trying to blame sony for what the hacked firmware does is absurd, they didn't make it someone out to rip you off did (which is the case in the ars article) and as I said I would like to see the same info obtained from a clean playstation before writing off the security they use.

Originally posted by aivlas
reply to post by thatonedude

 

The latest attack might not have anything to do with the hacked firmware unless the hacked firmware allowed a hacked update to be pushed to all consoles. You can put hacked firmware on your playstation if you want, but trying to blame sony for what the hacked firmware does is absurd, they didn't make it someone out to rip you off did and as I said I would like to see the same info obtained from a clean playstation before writing off the security they use.

They never should have given anyone the means they are a console manufacturer for christ sakes they didn't plan well enough for the l33tz, god knows they should have expected them.And sony bragging about their cloud being "the most secure" and how all info is safe and blah blah.They forgot to tell you a few things and we are now learning them the hard way.Once again for the record if sony did their freakin jobs this would not be happening.

reply to post by thatonedude


Firstly the ops article which is sounding like an actual attack on sony which at the moment we have no info on so can't draw any conclusions. If it turns out security was lacking then they will pay in a manner of ways but we will have to wait and see what happens. Also nothing is secure and everything gets attacked all the time we just don't normally get to hear about it and are lied to about how much it goes on..

Secondly the hacked firmware article from ars which is a few months old and is focusing on user error (installing a hacked firmware that routes your traffic through another connection before it gets to sony) and the assumption the firmware isn't bypassing any security measures in the process (Would still like to see if you can provide any links to the same info being lifted without hacked firmware) and if it dosen't then why haven't we heard of this before hacked firmware got involved. Complaining about hacked firmware is the same as installing a rooted copy of windows then complaining to microsoft.

Originally posted by aivlas
reply to post by thatonedude

 

Firstly the ops article which is sounding like an actual attack on sony which at the moment we have no info on so can't draw any conclusions. If it turns out security was lacking then they will pay in a manner of ways but we will have to wait and see what happens.

You are right in that only bits of info have been released by sony and internet chat is mostly speculation.I don't have a link never claimed to.I understand your firmware argument and yes security is the only issue at hand here so unless you take the speculation of the web I can't say anything else to convince you.Know this....two people I know are getting bank letter's and money has come up missing from both accounts.They both have psn and the timing adds up so cross your fingers it's not true

ETA-People on this very sight are claiming they lost money due to this.

Originally posted by studio500
Found out a few days ago that my debit card was compromised and the only place I used it online was via my playstation network.

Took me for a few thousand with an authorisation to a company called The five kings family or something similar in the US. Never heard of them myself.

Thanks Sony

Just sayin man.

Seems the DOD does not like Sony.
boards.ign.com...

Read [link=http://translate.google.nl/translate?js=n&prev=_t&hl=nl&ie=UTF-8&layout=2&eotf=1&sl=nl&tl=en&u=http%3A%2F%2Fwww.psx-sense.nl%2F46008%2Fplaystati on-network-log-van-de-hacker-leaked%2F]here[/link]

I hope this doesn't get locked, because if Sony's security is really this terrible, it deserves it's own thread.

The website takes awhile to load so I'll just post it here:

[image=http://www.psx-sense.nl/plaatjes_2011/img_4db7364c22be0.jpg]

Above is a screenshot of their PSN servers access logs. This log is created on the main server of the PlayStation Network. Likely many of you have no idea what exactly a log would be. Sony itself has this log file are also publicly retrievable through the URL. Mistake number two, perhaps? Here also some interesting logs:

214.1.211.251 - - [15/Apr/2011: 9:40:11 -0700] "GET / OfficeScan / cgi / cgiChkMasterPwd.exe HTTP/1.1" 404 336 "-" "-"

178.202.110.92 - - [22/Apr/2011: 7:05:00 p.m. -0700] "GET / admin / cdr / counter.txt HTTP/1.1" 404 343 "-" "Mozilla/5.0 (compatible; Windows NT 6.1, de; rv: 1.9.2.16) Gecko/20110319 Firefox/3.6.16 "

214.1.211.251 - - [15/Apr/2011: 9:40:09 -0700] "GET / _vti_bin / fpcount.exe? Page = default.htm | Image = 3 | Digits = 15 HTTP/1.0" 404 325 "- "" - "

214.1.211.251 - - [15/Apr/2011: 9:39:51 -0700] "GET / scripts / foxweb.exe / HTTP/1.0" 404 324 "-" "-"

214.1.211.251 - - [15/Apr/2011: 9:39:48 -0700] "GET / phpwebfilemgr / index.php? F =../../../ etc / services HTTP/1.0" 404 328 " - "" - "

What we see here again include the use of an FVC, local file inclusion, in the last row. With this is that the ip 214.1.211.251, this is possibly the IP of the attacker. Nor has a number of Javascript injections occurred:

214.1.211.251 - - [15/Apr/2011: 9:39:49 -0700] "GET / board.php? FID = alert (document.cookie) HTTP/1.0" 404 314 "- "" - "

214.1.211.251 - - [15/Apr/2011: 9:39:38 -0700] "GET / servlet / webacc? User.id ="> alert ('eeye2004') HTTP/1.0 " 404 319 "-" "-"

214.1.211.251 - - [15/Apr/2011: 9:39:30 -0700] "GET / modules.php? Name = Reviews & rop = post & title =% 253cscript comment> alert 2528document.cookie%)% 253c/script> HTTP / 1.0 "404 316" - "" - "

It is frightening to know that Sony is so easy to hack, because come on Sony, FVC and Javascript injections? Really? This looks like the work of a 14 year old boy. Thanks to SKFU Blog for the announcement of the log.

214.1.211.251 is DOD network.

bgp.he.net...

Could this be a case where the DOD handed out a proxy for ANON ddos attacks over seas to over throw one of the many countries having problems with rebels. And the proxy got used to rob Sony of information. Could this be a black eye on the DOD for there hacking of other countries?

reply to post by JBA2848


Well the timing couldn't have been better if so.They came in a smoke screen of a media storm and even have a scapegoat lined up.Sony might not be as incompetent as they seem........well maybe not... lawl

Thank goodness I recently change my bank account to "decline all" for insufficient funds. Unless they are chargin eleven dollars nothings coming out. Otherwise the damned bank would pay it anyways and charge $35 each item.

I suggest everyone call their bank anyways and set this, they are making a killing in overdraft fees. The only othher credit card I ever remember using on the psn was cancelled after the map packs came out for black ops.

The question is, is there any kind of eta for the psn coming back online, or we still in the dark?

Valued PlayStation Network/Qriocity Customer:

We have discovered that between April 17 and April 19, 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network. In response to this intrusion, we have:

1) Temporarily turned off PlayStation Network and Qriocity services;

2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and

3) Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.

We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.

Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

For your security, we encourage you to be especially aware of email, telephone, and postal mail scams that ask for personal or sensitive information. Sony will not contact you in any way, including by email, asking for your credit card number, social security, tax identification or similar number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking. When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password. Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.

We thank you for your patience as we complete our investigation of this incident, and we regret any inconvenience. Our teams are working around the clock on this, and services will be restored as soon as possible. Sony takes information protection very seriously and will continue to work to ensure that additional measures are taken to protect personally identifiable information. Providing quality and secure entertainment services to our customers is our utmost priority. Please contact us at www.eu.playstation.com/psnoutage should you have any additional questions.

Sincerely,
Sony Network Entertainment and Sony Computer Entertainment Teams

Sony Network Entertainment Europe Limited (formerly known as PlayStation Network Europe Limited) is a subsidiary of Sony Computer Entertainment Europe Limited the data controller for PlayStation Network/Qriocity personal data


got this the other day. fun.

I got that same email. Think they shoulda done that by day one two or three ya know?

reply to post by thatonedude


I never said they didn't get breached I said we don't know the security was lacking and in till we know what happened it's just guess work.

Click the link in Vega_Obscura comment on the board JBA linked

yeah, a bit more immediacy about it would have been nice! It just seems to have been PR'ed very badly, they're doing their best with the whole blog updates thing, but this, on top of recent bad publicity (primarily based around the xperia range of phones), isn't something they'd really have been looking forward to. And I've just bought a new PSP, fkk.

Agree wholeheartedly.

No ones personal info was exposed, it is a smoke screen Sony is covering their butt holes with. It comes down to their lack of infrastructure to handle all the gamers and Anon was a convenient "excuse" for them.

Originally posted by lifeissacred
reply to post by Conciliatore

 

I don't know, I'm skeptical about the whole thing right about now to be honest. Until they tell us exactly how they were hacked theres a whole bunch of possible reasons for the PSN being down. To me it seems unlikely they would lie about being hacked, given the bad publicity it will result in and the likely law suits they will have to deal with. What would you consider their motivation be for lying about their users' data and credit cards being stolen?

blog.us.playstation.com...

Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.

Latest blog post

And as everybody is mad at hackers because of Sony. And the DOD's IP was used to hack Sony. The US gives ICANN to hacker to run.

www.wlns.com...

ICANN names computer hacker as security chief

SAN FRANCISCO (AP) - Jeff Moss, a prominent computer hacker who founded the annual Black Hat and DefCon security conferences in Las Vegas, has been hired as the chief security officer for the organization that coordinates names of the world's Web sites.

The organization, the Internet Corporation for Assigned Names and Numbers, or ICANN, plays a vital role in making sure that when you type a site name into a Web browser, your computer knows where to go to find the site you're trying to reach. ICANN manages the domain name system that underlies that chain of communication.

"I can think of no one with a greater understanding of the security threats facing Internet users and how best to defend against them than Jeff Moss," Rod Beckstrom, ICANN's CEO and formerly the director of the U.S. National Cybersecurity Center, said in a statement. "He has the in-depth insider's knowledge that can only come from fighting in the trenches of the ongoing war against cyber threats."

Moss, who also serves on the U.S. Department of Homeland Security's advisory council, takes on the new post Friday at ICANN's offices in Washington, D.C.

So now a hacker has control of the net.

reply to post by JBA2848


huh??? it's always been like this

p.s. what you posted has no connection to the thread