GTAGaming Forums

GTAGaming Forums (http://www.gtagaming.com/forums/index.php)
-   Video Games Chat (http://www.gtagaming.com/forums/forumdisplay.php?f=241)
-   -   PlayStation Network Hacked - Your Personal Details May Be At Risk (http://www.gtagaming.com/forums/showthread.php?t=127178)

Zidane 04-27-2011 05:48 PM

PlayStation Network Hacked - Your Personal Details May Be At Risk
 
The PlayStation Network has been down for a week, and it's reported a hacker has gained access to user's personal information, including addresses, e-mail addresses, security questions and possibly credit card information. Although Sony said that there is "no evidence" credit card info has been stolen, they are urging users to check their statements in case the hackers did affect it.

PS Blog 1

PS Blog 2

X-reS 04-27-2011 06:15 PM

Yeah so I heard this is just wonderful. So why did they hack PSN now?

Him 04-27-2011 08:01 PM

Can we sue sony?

Jay 04-27-2011 08:08 PM

http://i.imgur.com/5hXOJ.png

lillb 04-27-2011 09:02 PM

Should have guessed they'd put something like that in the terms. It really can save their ass in situations like this. And no one reads those things properly so they just accept it.

cyrix 04-27-2011 09:15 PM

Quote:

Originally Posted by lillb (Post 2182719)
Should have guessed they'd put something like that in the terms. It really can save their ass in situations like this. And no one reads those things properly so they just accept it.

You make it sound like they're some evil company who exclusively puts things like this in their EULA's. EVERYONE has shit like this in their EULA. And we all know it's there, but we accept it because no company out there is going to omit something like that, why? Because a bunch of assholes would sue the shit out of them should ANYTHING happen they didn't like.

Legham 04-27-2011 09:27 PM

Plus it's a free service, so why should Sony have any financial liability? It'd be like lending a stranger your car and specifically saying you'll pay for any repairs/replacements.

lillb 04-27-2011 09:28 PM

Quote:

Originally Posted by cyrix (Post 2182720)
You make it sound like they're some evil company who exclusively puts things like this in their EULA's. EVERYONE has shit like this in their EULA. And we all know it's there, but we accept it because no company out there is going to omit something like that, why? Because a bunch of assholes would sue the shit out of them should ANYTHING happen they didn't like.

Oh I didn't mean that at all. I meant that they'd be stupid not to have something like that. And people think that they could sue them cause they never read that shit.

Xan 04-28-2011 06:16 AM

Quote:

Originally Posted by Legham (Post 2182721)
Plus it's a free service, so why should Sony have any financial liability? It'd be like lending a stranger your car and specifically saying you'll pay for any repairs/replacements.

Free service does not equal free pass for the largest possible leak of any sort of information in 2011.

Sony, Google, Microsoft, Nintendo, [insertbiggasscompanyhere]. Doesn't matter who the company is, they would all get torn apart by something like this.

Sony will recover, but with a dent in their reputation and a landslide in their stock for the time being.

Ash_735 04-28-2011 06:24 AM

I like how I called this months ago when the PS3 was first hacked but was told again and again by GeoHot's fans and other hacker supporters that I was "Overreacting" and that "That would never happen!", as much as I hate to say this one, I was right and I bloody well called this.

Also bad form Sony for keeping quiet, it was knew from the go that the Personal Details were unencrypted within their servers, after they found out that any old hacked PS3 could easily get into those networks, they should have pulled it then or at least fast tracked some encryption.

Grimmy 04-28-2011 06:34 AM

Quote:

Originally Posted by Legham (Post 2182721)
Plus it's a free service, so why should Sony have any financial liability? It'd be like lending a stranger your car and specifically saying you'll pay for any repairs/replacements.

Don't forget Playstation. Plus. Its crazy but people actually use it.

Legham 04-28-2011 06:44 AM

Quote:

Originally Posted by Xan (Post 2182792)
Free service does not equal free pass for the largest possible leak of any sort of information in 2011.

Sony, Google, Microsoft, Nintendo, [insertbiggasscompanyhere]. Doesn't matter who the company is, they would all get torn apart by something like this.

Sony will recover, but with a dent in their reputation and a landslide in their stock for the time being.


Of course! Sorry, i stopped reading after the first bit that only mentioned completeness and availability etc.

Xan 04-28-2011 07:00 AM

Sony has thousands of server for their PSN network, but as far as I hear only a limited support staff.

Security wise nothing is unbreakable. Nothing. If It's secure, it can be broken.

The main question here is why didn't Sony deploy any additional countermeasures to secure the network? After digging a bit it was predicted a long long time ago that the network was wide open to anybody with malicious intent.

The information on the vulnerabilities (HTTPS being bypassed by self made certs, proxy inbuilt to CFW used to steal data) can be found by any child with internet access as well as details on how to secure said exploitable venues.

Sure, it's not Sony's fault for having to deal with custom firmware. But look at PGP encryption:

A single 2048 bit key is unbreakable by any standard. And when generated you have two portions of a key

1. Public key (Can be shared with anybody, used to encrypt data meant only for the holder of the key)

2. Private key (Can be used to generate/validate the public key, and it's main function is to decrypt any information sent by the public key holder).

Without the private key, you cannot in any possible way tell what the encrypted data is. The private key is your 50 foot Adamantium bank vault. As long as this portion is secure, you will never have to worry about anybody reading your transmitted data.

This was, all Sony would have to do is keep the Private Key secure, and you couldn't touch any data being transmitted to them via HTTP or HTTPS.

Yet Sony decided to sit back and take faith that no cybercriminal would take the easy meal.


--

This is my longass comment from the front page. I have no idea if a PGP implementation would have done any good for them, but it's sure better than relying on HTTPS which is pretty much broken due to proxies and etc being used to man in the middle.

I even found a ps3hax article on this. Some certain people with access to one of the proxies being used to gain access to the PS3Network decided to do a test, and they managed to easily get CC information being sent to Sony via HTTPS.

Ash was right. There was a ton of warning flags being placed in-front of Sony but nothing was done about it.

lillb 04-28-2011 07:07 AM

Quote:

Originally Posted by lillb (Post 2182722)
Oh I didn't mean that at all. I meant that they'd be stupid not to have something like that. And people think that they could sue them cause they never read that shit.

despite having that in their terms people are still suing them:
http://www.develop-online.net/news/3...+%28Develop%29
I posted it in the other thread as well

Xan 04-28-2011 07:11 AM

No amount of EULA text can ever protect your from a lawsuit like this.


All times are GMT -6. The time now is 05:47 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.