Linked by Thom Holwerda on Tue 26th Apr 2011 22:06 UTC
Games After days and days of the Playstation Network being offline, Sony has announced it has taken the service down indefinitely. The cause is a lot more severe than previously thought: PSN has been systematically attacked, and personal information of all users has been stolen, possibly including credit card data. Sony is asking PSN users to keep close tabs on their credit card account statements. This has turned from a rather amusing slap on the wrist for Sony into a massive and truly epic security fail that could have tremendous consequences for millions and millions of people the world over.
Thread beginning with comment 471131
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Comment by atsureki
by timalot on Wed 27th Apr 2011 04:50 UTC in reply to "Comment by atsureki"
timalot
Member since:
2006-07-17


They were storing passwords in cleartext?


If they are storing passwords in cleartext, not unheard of in proprietary systems, imagine the word list the hackers will have for future hacking, especially if tied to email addresses.

Simple way to take the power back, do your own hashing: use a real password, append some salt (ie domain name string) and pass it through a hashing method eg MD5 or SHA1. And use the output as your password for "Mega Corporation X's" service. By changing the salt for every service you generate unique passwords for each so hackers wont pwn you. And you need to only remember one password.

The passwordmaker extension for firefox does this, also available as a app for your phone.

See:
http://passwordmaker.org/

Reply Parent Score: 1

RE[2]: Comment by atsureki
by vodoomoth on Wed 27th Apr 2011 08:45 in reply to "RE: Comment by atsureki"
vodoomoth Member since:
2010-03-30

Excellent suggestion!

However, a problem (which is similar to the one I have solved by using secondary addresses provided by yahoo) remains: keeping track of those hashed-by-the-user passwords... Not to mention that entering such passwords might sometimes be a real PITA.

Reply Parent Score: 2