OSNews > Thread > "Comment by atsureki" by atsureki

PSN Fail Turns Epic: User Data of All PSN Users Compromised

Linked by Thom Holwerda on Tue 26th Apr 2011 22:06 UTC

After days and days of the Playstation Network being offline, Sony has announced it has taken the service down indefinitely. The cause is a lot more severe than previously thought: PSN has been systematically attacked, and personal information of all users has been stolen, possibly including credit card data. Sony is asking PSN users to keep close tabs on their credit card account statements. This has turned from a rather amusing slap on the wrist for Sony into a massive and truly epic security fail that could have tremendous consequences for millions and millions of people the world over.

7 · Read More · 123 Comment(s)

http://osne.ws/j17

Thread beginning with comment 471123
To read all comments associated with this story, please click here.

Comment by atsureki

by atsureki on Wed 27th Apr 2011 02:51 UTC

Member since:
2006-03-12

we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID.

They were storing passwords in cleartext?
Their security is beyond help.

I don't actually know which password of my rotation I gave them (and thus should be changing if I use it anywhere else right now), and of course there's no way to find out with the server simply rejecting all login attempts. Same with the credit card - I'm pretty sure all they have is an outdated debit card from a closed account, but it's possible I put in a different card once and don't remember. The uncertainty sucks, and Sony's not helping. They're acting precisely like they have something to be ashamed of (a given) and not at all like they're in control of the situation.

Hopefully, it will also be another nail in the coffin of the credit card, an inherently insecure and ridiculous concept that needs to die. People should learn to spend the money they have, not the money they may have.

Don't be ridiculous. Security and responsibility are two completely different issues, and credit cards absolutely win on the former. There's no reimbursement protection if someone steals your cash, and it's a lot harder to track counterfeit paper than electronic transactions. And I suppose I'll just get a USB cash scanner or mail a check if I ever want to buy DLC or get stuff from Amazon, which will of course be shipped to me by Pony Express.

Reply Permalink Score: 3

RE: Comment by atsureki

by timalot on Wed 27th Apr 2011 04:50 in reply to "Comment by atsureki"

Member since:
2006-07-17

They were storing passwords in cleartext?

If they are storing passwords in cleartext, not unheard of in proprietary systems, imagine the word list the hackers will have for future hacking, especially if tied to email addresses.

Simple way to take the power back, do your own hashing: use a real password, append some salt (ie domain name string) and pass it through a hashing method eg MD5 or SHA1. And use the output as your password for "Mega Corporation X's" service. By changing the salt for every service you generate unique passwords for each so hackers wont pwn you. And you need to only remember one password.

The passwordmaker extension for firefox does this, also available as a app for your phone.

See:
http://passwordmaker.org/

Reply Parent Score: 1

RE[2]: Comment by atsureki

by vodoomoth on Wed 27th Apr 2011 08:45 in reply to "RE: Comment by atsureki"

Member since:
2010-03-30

Excellent suggestion!

However, a problem (which is similar to the one I have solved by using secondary addresses provided by yahoo) remains: keeping track of those hashed-by-the-user passwords... Not to mention that entering such passwords might sometimes be a real PITA.

Reply Parent Score: 2

RE: Comment by atsureki

by somebody on Thu 28th Apr 2011 17:58 in reply to "Comment by atsureki"

Member since:
2005-07-07

no, as far as i understand only cfw (or console in debug mode, which cfw basically is) was posting creditinfo and rest in cleartext. as far as i remember that was one of cfw bugs.

Reply Parent Score: 2

News

Introducing Project Loon: balloon-powered Internet access

Linked by Thom Holwerda on 06/17/13 17:58 UTC

"The Internet is one of the most transformative technologies of our lifetimes. But for 2 out of every 3 people on earth, a fast, affordable Internet connection is still out of reach. And this is far from being a solved problem. There are many terrestrial challenges to Internet connectivity - jungles, archipelagos, mountains. There are also major cost challenges. Right now, for example, in most of the countries in the southern hemisphere, the cost of an Internet connection is more than a month's income. Solving these problems isn't simply a question of time: it requires looking at the problem of access from new angles. So today we're unveiling our latest moonshot from Google[x]: balloon-powered Internet access." Insane.

1 10 Comment(s)

Bootable Minecraft clone written party in x86 assembly

Linked by Thom Holwerda on 06/17/13 17:52 UTC

"MineAssemble is a tiny bootable Minecraft clone written partly in x86 assembly. I made it first and foremost because a university assignment required me to implement a game in assembly for a computer systems course. Because I had never implemented anything more complex than a 'Hello World' bootloader before, I decided I wanted to learn about writing my own kernel code at the same time. Note that the goal of this project was not to write highly efficient hand-optimized assembly code, but rather to have fun and write code that balances readability and speed. This is primarily accomplished by proper commenting and consistent code structuring." Just cool.

1 8 Comment(s)

Rubinstein on HP's purchase of Palm: "Talk about a waste"

Linked by Thom Holwerda on 06/14/13 21:03 UTC

Jon Rubinstein, former CEO of Palm: "Well, I'm not sure I would have sold the company to HP. That's for sure. Talk about a waste. Not that I had any choice because when you sell a company you don't get to decide that. Obviously, the board and shareholders decide that. If we had known they were just going to shut it down and never really give it a chance to flourish, what would have been the point of selling the company? I think the deal we had with Verizon really hurt us, but who knew that at the time? These things are all hindsight."

3 8 Comment(s)

Review: Haswell-infused Alienware X51 R2 SFF game PC

Linked by Thom Holwerda on 06/14/13 20:46 UTC

"And so it is with Dell's Alienware X51 R2, a small form factor gaming PC in console digs. It's shaped similar to Microsoft's Xbox 360 Slim, and though it's slightly larger than either a 360 or PlayStation 3, the X51 R2 would be right at home in a living room setting nestled next to a large screen TV. Indeed, it's adept at running Steam's Big Picture mode, and if your primary objective is to play games in the living room, go ahead and consider the X51 R2 a hybrid game console." This is obviously not the only machine like this - still, these are very valid console alternatives even for those that don't like being hunched over with a cramped WASD-claw. Also, PC gamers among us: could you get away with the $699 model for gaming?

0 5 Comment(s)

'Microsoft gives zero-day exploits to US government'

Linked by Thom Holwerda on 06/14/13 17:32 UTC

From Bloomberg: "Microsoft, the world's largest software company, provides intelligence agencies with information about bugs in its popular software before it publicly releases a fix, according to two people familiar with the process. That information can be used to protect government computers and to access the computers of terrorists or military foes." The lid has officially been blown off.

6 66 Comment(s)

"Start updating your applications for iOS 7. Now."

Linked by Thom Holwerda on 06/14/13 11:39 UTC

"The key takeaway we've reached (after two less than 24 hours playing with the iOS 7 Beta release) is this - every App must consider even basic updates to its UI to survive in a post-iOS 6 world." Great. Telling developers to update their entire application - user interface and behaviour alike - to target a look and behaviour that isn't final yet. Seems like potential for a lot of wasted work here.

1 19 Comment(s)

Microsoft launches Office 365 for iPhone

Linked by Thom Holwerda on 06/14/13 11:32 UTC

"Overall the app is really basic, and designed for on the go editing. Microsoft says it's not planning to create an iPad version, noting that tablet users can utilize the Office Web Apps instead. We'd like to see some additional options for editing, including more clear options for text formatting and the ability to insert and change images, but it's a solid attempt for something you're only really going to use for editing in emergencies." A resounding meh can be heard from all over the world.

0 4 Comment(s)

Retiring Chrome Frame

Linked by Thom Holwerda on 06/13/13 19:39 UTC

"Today, most people are using modern browsers that support the majority of the latest web technologies. Better yet, the usage of legacy browsers is declining significantly and newer browsers stay up to date automatically, which means the leading edge has become mainstream. Given these factors we've decided to retire Chrome Frame, and will cease support and updates for the product in January 2014." Eh.

0 7 Comment(s)

Why does the design of iOS 7 look so different?

Linked by Thom Holwerda on 06/13/13 14:45 UTC

The Next Web: "First of all, many of the new icons were primarily designed by members of Apple's marketing and communications department, not the app design teams. From what we've heard, SVP of Design Jony Ive (also now Apple's head of Human Interaction) brought the print and web marketing design team in to set the look and color palette of the stock app icons. They then handed those off to the app design teams who did their own work on the 'interiors', with those palettes as a guide. We've also been hearing that there wasn't a whole lot of communication between the various teams behind say, Mail and Safari. And that there were multiple teams inside each group that were competing with various designs, leading to what some see as inconsistencies in icon design. Those may well be hammered out in days ahead." What. Reminds me of how Microsoft does (used to do?) things.

0 8 Comment(s)

German parliament moves to ban software patents

Linked by Thom Holwerda on 06/13/13 11:43 UTC

"The German Parliament, the Bundestag, has introduced a joint motion against software patents. The resolution urges the German government to take steps to limit the granting of patents on computer programs. In the resolution, the Parliament says that patents on software restrict developers from exercising their copyright privileges, including the right to distribute their programs as Free Software. They promote the creation of monopolies in the software market, and hurt innovation and job creation." After New Zealand, we now have one of the most powerful economies in the world moving to ban software patents for all the reasons smart people have been outlining for years. also: "The government should also push to ensure that software is covered by copyright alone, and that patent offices (including the European Patent Office) stop granting patents on software." Germany is not a country the EU can ignore. Very good news, this.

15 14 Comment(s)

OSNews

More News »