bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 28th Apr 2011, 10:47   #1
CardJoe
Freelance Journalist
bit-tech Staff
 
CardJoe's Avatar
 
Join Date: Apr 2007
Posts: 11,339
CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.
Sony admits personal data was not encrypted

http://www.bit-tech.net/news/gaming/...ot-encrypted/1
__________________
----------------

I was Bit-tech's Games Editor. Now I'm freelance. Find me at:

www.joemartinwords.com

@joethreepwood on Twitter
CardJoe is offline   Reply With Quote
Old 28th Apr 2011, 11:04   #2
Turbotab
I don't touch type, I tard type
 
Turbotab's Avatar
 
Join Date: Feb 2009
Location: UK
Posts: 1,222
Turbotab has yet to learn the way of the DremelTurbotab has yet to learn the way of the DremelTurbotab has yet to learn the way of the DremelTurbotab has yet to learn the way of the DremelTurbotab has yet to learn the way of the DremelTurbotab has yet to learn the way of the Dremel
How the hell can a company the size and stature of Sony act like such doughnuts!

I can't believe they aren't PCI-DSS compliant. Maybe Sony got confused about the meaning of PSN, thinking it meant Please Steal Numbers.
Turbotab is offline   Reply With Quote
Old 28th Apr 2011, 11:04   #3
Kiytan
Shiny
 
Kiytan's Avatar
 
Join Date: Jul 2009
Location: Worcester, UK.
Posts: 971
Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!Kiytan - it's over 9000!!!!!!!!1!1!1!!!
Why the hell would they not encrypt everything? I literally cannot think of a single reason not to.
Kiytan is offline   Reply With Quote
Old 28th Apr 2011, 11:05   #4
Jamie
ex-Bit-Tech code junkie
 
Jamie's Avatar
 
Join Date: Mar 2001
Location: Oxford, UK
Posts: 8,179
Jamie has yet to learn the way of the DremelJamie has yet to learn the way of the DremelJamie has yet to learn the way of the DremelJamie has yet to learn the way of the DremelJamie has yet to learn the way of the DremelJamie has yet to learn the way of the DremelJamie has yet to learn the way of the Dremel
Don't worry Sony, I'll just cancel my date of birth and get a new one.
__________________
Jamie is offline   Reply With Quote
Old 28th Apr 2011, 11:11   #5
Von Lazuli
I get by fine with a jig-saw.
 
Von Lazuli's Avatar
 
Join Date: Oct 2008
Location: Victoria, Australia
Posts: 283
Von Lazuli has yet to learn the way of the Dremel
IRC logs of a discussion between people using the debug firmware to probe PSN security:
http://pastie.org/private/erihhjd2ccvj0lkmzbtuw

The table might have been encrypted, but it seems like all the calls were sent in plain-text.
__________________
Shattered Horizon (November MOTM Nominee)
Project: Zebra (Project log upcoming)
Von Lazuli is offline   Reply With Quote
Old 28th Apr 2011, 11:20   #6
nmunky
What's a Dremel?
 
Join Date: Apr 2010
Posts: 11
nmunky has yet to learn the way of the Dremel
Why on earth won't Sony say definitively what data was encrypted and what wasn't? Specifically: were the passwords encrypted? This policy of being as vague as possible is only making the situation much worse.

I'm incredibly unimpressed with the secretive, deceptive nature of their response to this situation.

My hope is that the highly litigious nature of the USA works in everyone's favour for once and as many people as possible sue the living hell out of Sony so that they will finally take this stuff seriously.
nmunky is offline   Reply With Quote
Old 28th Apr 2011, 11:21   #7
lp1988
Ultramodder
 
lp1988's Avatar
 
Join Date: Jun 2008
Location: Varde; Denmark
Posts: 1,278
lp1988 is a hoopy frood who really knows where their towel is.lp1988 is a hoopy frood who really knows where their towel is.lp1988 is a hoopy frood who really knows where their towel is.lp1988 is a hoopy frood who really knows where their towel is.lp1988 is a hoopy frood who really knows where their towel is.lp1988 is a hoopy frood who really knows where their towel is.lp1988 is a hoopy frood who really knows where their towel is.lp1988 is a hoopy frood who really knows where their towel is.lp1988 is a hoopy frood who really knows where their towel is.lp1988 is a hoopy frood who really knows where their towel is.lp1988 is a hoopy frood who really knows where their towel is.
The most interesting thing here is that this shows just how much the consoles looks like PC today. on top of that if you can hack one machine you can hack them all as they are all the same.
__________________
Intel Core i5 3570K; AMD Radeon 7870 2 GB; Cooler Master CM 690; 8 GB DDR3; Corsair HX1000W;

NE AUDERIS DELERE ORBEM RIGIDUM MEUM.
lp1988 is offline   Reply With Quote
Old 28th Apr 2011, 11:30   #8
kempez
modding again!
 
kempez's Avatar
 
Join Date: Aug 2005
Location: England
Posts: 1,212
kempez has yet to learn the way of the Dremel
Quote:
Originally Posted by nmunky
Why on earth won't Sony say definitively what data was encrypted and what wasn't? Specifically: were the passwords encrypted? This policy of being as vague as possible is only making the situation much worse.

I'm incredibly unimpressed with the secretive, deceptive nature of their response to this situation.

My hope is that the highly litigious nature of the USA works in everyone's favour for once and as many people as possible sue the living hell out of Sony so that they will finally take this stuff seriously.
Several things. Firstly, Sony have stated what is and what isn't encrypted in their statement, read it. It's pretty clear.

I'm unimpressed with it too, I think everyone is!

However, suing Sony won't do anyone any good imo. The negative publicity will do good. Sony are obviously taking a lot of steps (including physically relocating their data centre, if you read it), so they are taking it seriously. The fact that they have lost money and will continue to lose revenue and good-will from customers will mean that they take it deadly seriously. I can't imagine what a rollicking their shareholders will give them!

They don't mention PCI DSS compliance, but I thought that if you store personal data and credit card information that can be connected, you have to be? Either way, they obviously weren't doing it right.
__________________
I don't like streets of rage - make fun of me!
27" iMac, iPhone, AppleTV, XP Laptop, xbox 360, PS3, VirginTV/BB and a whole load of decent home audio.
Old projects: Project [/B]<<| Black3d |>> Project[Aqua Vitae
kempez is offline   Reply With Quote
Old 28th Apr 2011, 11:44   #9
Uxon
Supermodder
 
Join Date: Dec 2010
Posts: 445
Uxon can run CrysisUxon can run CrysisUxon can run CrysisUxon can run CrysisUxon can run CrysisUxon can run CrysisUxon can run CrysisUxon can run CrysisUxon can run CrysisUxon can run CrysisUxon can run Crysis
Ads by Google

ID Theft
Detect and protect against identity theft. Receive alerts, react fast!
www.equifax.co.uk

Uxon is offline   Reply With Quote
Old 28th Apr 2011, 12:06   #10
DXR_13KE
Madeira's banana is the best!!!
 
DXR_13KE's Avatar
 
Join Date: Sep 2005
Location: Madeira ; Portugal
Posts: 8,872
DXR_13KE is definitely a rep cheat.DXR_13KE is definitely a rep cheat.DXR_13KE is definitely a rep cheat.DXR_13KE is definitely a rep cheat.DXR_13KE is definitely a rep cheat.DXR_13KE is definitely a rep cheat.DXR_13KE is definitely a rep cheat.DXR_13KE is definitely a rep cheat.DXR_13KE is definitely a rep cheat.DXR_13KE is definitely a rep cheat.DXR_13KE is definitely a rep cheat.
Seriously?
__________________
Renegade X - Release Date Unveiled
Check it out!!
DXR_13KE is offline   Reply With Quote
Old 28th Apr 2011, 12:19   #11
DwarfKiller
Multimodder
 
DwarfKiller's Avatar
 
Join Date: Nov 2010
Location: Liverpool, UK
Posts: 115
DwarfKiller has yet to learn the way of the Dremel
I was hearing rumours about this and refused to believe it.
If the delayed announcement wasn't enough, this just takes the cake.
__________________
i7 930 @3.8 + Titan Fenrir | Asus P6T SE | HD5870 PCS+ | Corsair XMS3 Classic DDR3 @1600 | CM690-II Adv. | 750W Seasonic-X |
DwarfKiller is offline   Reply With Quote
Old 28th Apr 2011, 12:31   #12
John_T
Supermodder
 
Join Date: Aug 2009
Posts: 438
John_T has yet to learn the way of the DremelJohn_T has yet to learn the way of the DremelJohn_T has yet to learn the way of the DremelJohn_T has yet to learn the way of the DremelJohn_T has yet to learn the way of the DremelJohn_T has yet to learn the way of the DremelJohn_T has yet to learn the way of the Dremel
Quote:
Originally Posted by Jamie View Post
Don't worry Sony, I'll just cancel my date of birth and get a new one.
That made me laugh!
John_T is offline   Reply With Quote
Old 28th Apr 2011, 12:35   #13
DMU_Matt
mmmm cheesy
 
DMU_Matt's Avatar
 
Join Date: Oct 2009
Location: Hertfordshire, UK
Posts: 680
DMU_Matt has yet to learn the way of the DremelDMU_Matt has yet to learn the way of the DremelDMU_Matt has yet to learn the way of the Dremel
Quote:
Originally Posted by Jamie View Post
Don't worry Sony, I'll just cancel my date of birth and get a new one.
That quote is signature worthy, bravo Jamie. Bravo
__________________
BFBC2: Jesus is AFK
GW2: Server: Seafarer's Rest Name: Harun
Feel free to add me!
DMU_Matt is offline   Reply With Quote
Old 28th Apr 2011, 13:29   #14
Paradigm Shifter
de nihilo nihil fit
 
Paradigm Shifter's Avatar
 
Join Date: May 2006
Posts: 1,638
Paradigm Shifter has yet to learn the way of the DremelParadigm Shifter has yet to learn the way of the Dremel
I don't understand why Sony needed all of that personal information in the first place: I've not linked a credit card to XBox Live (nor did I to PSN) but the only info that XBox Live wanted was a Username, Password and E-mail address. Why does Sony need Name, Address and DOB by default? I very nearly didn't sign up at all with all the info they wanted... I should have stuck with my gut instinct.

And with the effort I take to stop the potential of Identity Fraud happening to me, I'd just like to thank Sony for failing to encrypt my personal data and therefore essentially handing it to bad people on a silver platter. Along with the personal information of 70+ million others.

As I was typing this, I just received an e-mail from Sony telling me about the situation. Nice to see they're so on the ball with telling people, as I don't keep tabs on the PSN Blog. Although it would have been impossible to miss this if you were online at all over the last week.

...

As for litigation not doing any good... the bad publicity will hurt Sony, but they'll recover as people have short memories and Sony have a lot of money to spend on advertising. To get Sony to learn not to do it again the penalty for this is going to have to hit them where it hurts: the pocketbook. I think Identity Theft Protection/Insurance for every single PSN user would be a good start. They obviously have our names and addresses and DOBs (hell, so does the whole of the 'dark side' of the internet by now, most likely) and that's all they should need to open these Identity Theft Protection schemes if they're footing the bill.

...

Disclaimer: Paragraphs 2 and 3 of this post contain high levels of sarcasm.
__________________
Core i7 920 D0 @ 3.8GHz | 24GB Corsair 1600MHz | Gigabyte G1.Killer Guerilla | GTX680 Surround | 3TB | 5760x1200+1920x1080
Paradigm Shifter is offline   Reply With Quote
Old 28th Apr 2011, 13:29   #15
Eggy
Multimodder
 
Join Date: Oct 2009
Location: The Netherlands
Posts: 176
Eggy has yet to learn the way of the Dremel
Encrypting personal info e.g. profile information is not very common though.
Eggy is offline   Reply With Quote
Old 28th Apr 2011, 13:33   #16
Coldon
Multimodder
 
Coldon's Avatar
 
Join Date: Oct 2006
Location: Pretoria, South Africa
Posts: 208
Coldon has yet to learn the way of the DremelColdon has yet to learn the way of the Dremel
you do realize that most sites/service dont encrypt personal data. The reason being that the constant need for unencryption each time the data is needed imposes a massive processing cost on the server. The bit-tech forums store all personal data in plain text too, so does every other IBB / vBulletin / SMF forum.

Usually only the account password is hashed, which is why most forums dont email you a new pasowrd but rather a password reset code. Yes, you can reverse engineer the hash to get a text string that creates the same hash but the chances of it being the user's actual password are slim (assuming a good hashing alg is used. Futhermore that "reverse engineered" string is useless for any sites/networks usign a different hash.

This "news" post is ridiculously alarmist and just pulled a FOX news stunt, overreacting to something thats perfectly normal.

My real name, birthday and email address are already available online in a million places, so why would some hacker gaining that info be of any concern to me. Now if the credit card table wasnt encyrpted then you can be really really worried.
__________________
A day in the life of a wannabe game developer: My Technical Blog

i5 750 @ 4.2GHz, ASUS P7P55D Deluxe, 8GB DDR3 @ 1600, GTX 480 @ 900/2000
OCZ Vertex 2 10GB SSD, 3x Seagate 7200.12 1TB, ESI Maya44e...
Swiftech GTZ, Koolance VID-NX480, Swiftech MCR320, XSPC RS240, Swiftech MCP355, XSPC BayRes One
Coldon is offline   Reply With Quote
Old 28th Apr 2011, 13:38   #17
Woodspoon
Supermodder
 
Join Date: May 2008
Posts: 460
Woodspoon is definitely a rep cheat.Woodspoon is definitely a rep cheat.Woodspoon is definitely a rep cheat.Woodspoon is definitely a rep cheat.Woodspoon is definitely a rep cheat.Woodspoon is definitely a rep cheat.Woodspoon is definitely a rep cheat.Woodspoon is definitely a rep cheat.Woodspoon is definitely a rep cheat.Woodspoon is definitely a rep cheat.Woodspoon is definitely a rep cheat.
Lol it just keeps getting worse.
I'm just waiting for the next announcement that says "No credit card details were taken off the system, they were all left unencrypted on a USB key on a train, it's ok though because it might have been found by a cleaner"
Woodspoon is offline   Reply With Quote
Old 28th Apr 2011, 17:50   #18
themax
Ultramodder
 
themax's Avatar
 
Join Date: Dec 2005
Location: Tampa, FL
Posts: 1,060
themax has yet to learn the way of the Dremel
Quote:
Originally Posted by Coldon View Post
you do realize that most sites/service dont encrypt personal data. The reason being that the constant need for unencryption each time the data is needed imposes a massive processing cost on the server. The bit-tech forums store all personal data in plain text too, so does every other IBB / vBulletin / SMF forum.

Usually only the account password is hashed, which is why most forums dont email you a new pasowrd but rather a password reset code. Yes, you can reverse engineer the hash to get a text string that creates the same hash but the chances of it being the user's actual password are slim (assuming a good hashing alg is used. Futhermore that "reverse engineered" string is useless for any sites/networks usign a different hash.

This "news" post is ridiculously alarmist and just pulled a FOX news stunt, overreacting to something thats perfectly normal.

My real name, birthday and email address are already available online in a million places, so why would some hacker gaining that info be of any concern to me. Now if the credit card table wasnt encyrpted then you can be really really worried.
This.
__________________
PSN: Nyne07
Xbox Live: Nine07 (RIP XBOX 360 5/8/2010)
Wii Codes: Too damn many to remember
CoD4 Class "Ghost" - MP5 Silenced/ UAV Jammer/ Silent Step
Shhh be very very qwuiet....I'm hunting snipers....
themax is offline   Reply With Quote
Old 28th Apr 2011, 17:53   #19
kornedbeefy
Multimodder
 
Join Date: Sep 2009
Posts: 168
kornedbeefy has yet to learn the way of the Dremel
Quote:
Originally Posted by Coldon
you do realize that most sites/service dont encrypt personal data. The reason being that the constant need for unencryption each time the data is needed imposes a massive processing cost on the server. The bit-tech forums store all personal data in plain text too, so does every other IBB / vBulletin / SMF forum.

This "news" post is ridiculously alarmist and just pulled a FOX news stunt, overreacting to something thats perfectly normal.

My real name, birthday and email address are already available online in a million places, so why would some hacker gaining that info be of any concern to me. Now if the credit card table wasnt encyrpted then you can be really really worried.
I recieved a lenghthy email directly from Sony stating all my information may have been compromised including my credit card. They then go on to state I need to keep an eye on my accounts and keep vigil over my credit report. Also providing links to the credit score agencies.

So ya I guess you can call me a little bit alarmed but more so very irritated.
kornedbeefy is offline   Reply With Quote
Old 28th Apr 2011, 18:58   #20
Waynio
Mmmm Donuts
 
Waynio's Avatar
 
Join Date: Aug 2009
Location: UK
Posts: 4,929
Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.
Anonymous said they were gonna give sony the biggest attack ever, so I'm gonna risk assuming this is it & if like they are saying they don't mean any harm towards consumers & only towards sony then maybe they did this to cause a big chunk of mistrust with people who buy sony stuff & any personal data they took they deleted, this is what I like to think anyway, either that or another bad hacker group has capatilised on the situation & gone for it for real for mass id fraud, sure as heck not good either way.

It's been a while since I fired up the ps3 so I'm unsure about ways to pay for adding money to the wallet, is it possible to put money in the account through paypal, I can't remember as it was ages ago, if so I'd have done it through paypal, if not then my old debit card would have been on there which runs out of date this month.
Waynio is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 20:24.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.