News PSN password reset vulnerability uncovered

http://www.bit-tech.net/news/gaming/2011/05/18/psn-password-reset-vulnerability-uncovered/1

 

Hmm lots of people i've talked to are having this problem but i had no troubles at all. All i had to do was change password automatically, no hassle and done in less than a minute. Looked at my account details and looking at the random data i entered i'm safe from hackers, anyway im back off to my home town of Nutwood, i hope no hackers come to my house.....

 

Hope this one hasn't been known for a week...

 

Sony said they took security seriously. No miscommunication.

 

Just so long as they're taking security seriously this ti...D'oh!

 

The data should have been stored encrypted and only takes an extra line of code to handle.

Since the hackers supposedly got the source code as well as the user data they will have the necessary keys for any encryption. All Sony had to do was change their keys add a line of code to encrypt user data, iterate through it all and then force a password reset on ALL user accounts thus preventing any hackers from making use of pre-existing keys or passwords and all their users would then just have to confirm via a link in an email to then change their password to something they would remember.

All elementary stuff tbh.

 

Considering their continued problems, the hack still smells like an inside job to me.

 

How much forethought does it actually take to realise that your entire database has been compromised, and that those whom took it may wish to use it? What does it say of your security and technical teams when before even being put live the simplest of things is egregiously overlooked? I've pondered over a parallel to draw from this situation for nearly twenty minutes now, but I've yet to come up with something so absolutely daft as this one. The first time I heard about the extent to which the network had been compromised the least I expected was for everything to be locked down when PSN came back on-line, and password changes only allowed from the last console used to log-in to the network, at which point in time you force users to change their password along with any form of secret question or such, and completely review their account details in their entirety, allowing for deletion of any detail not specifically wanted (all the better to placate the agitated masses). Anything less would be an insult to a disenfranchised user base one hundred million strong.

But what do I know? I certainly don't make the kind of money those in Sony's digital security department make, so surely they know what's best, right? Right?

 

I'm actually loving this

 

What about if Steam got hacked? Would you love that? Or iTunes? Hell, why stop with online stores? Hospitals, schools and all other kinds of public & private systems!

Yes, there's heaps to love about security breaches and millions of people having their private details exposed and their accounts compromised.

 

This is comedy

 

This could become an excuse for the PSN store being down longer....

 

I'm not a PS hater, but shouldn't this have been obvious ? The website password change should have been locked out until the change had been made via a PS3.

@SNIPERMikeUK : PSN store was always going to be delayed (31st of may deadline)

 

Agreed but this should serve as a warning to other corporations not to mess with hackers too much & sony clearly underestimated what they could do thinking they could handle a determined force, which from my viewpoint looks like they can't especially after them holding their hands up & saying they can't guarantee users security, this says to me they were using the best security available & they still knocked it down.

But it is a scary thought of what could be done if master hackers got together for criminal stuff or deeply bad things .

Or yes it could simply be an inside job, guess we'll never know.

 

So, is the reported value of Facebook 50 billion dollars, or is that the data within Facebook that's worth that much?

There are hackers and then there's organized crime. The worst part about online databases, is that once your data is out there, you have zero control. For example, who here has ever tried to close their PayPal account? I have,upon finding out that my PayPal account details were leaked. And to close my account, they wanted me to give them my bank account details! And I was like... To close my unused PayPal account after finding a breach in their security, where spammers started spamming me with details that had only ever been given to PayPal, I had to give Pay Pal my bank account details.

And I still wonder how the hell this breach in Pay Pal's security never made headlines. I guess there's the heavy rollers, and then there's Sony.

 

Only a fool would say they have 100% full proof security. Not only would it be untrue it would make you the number 1 target for any hacker/s wanting to make a name for themselves.

 

I know this but apparently sony didn't or were just too arrogant.