bit-tech.net

Go Back   bit-tech.net Forums > bit-tech.net > Article Discussion

Reply
 
Thread Tools
Old 18th May 2011, 18:10   #1
CardJoe
Freelance Journalist
bit-tech Staff
 
CardJoe's Avatar
 
Join Date: Apr 2007
Posts: 11,339
CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.CardJoe is the Cheesecake. Relix smiles down upon them.
PSN password reset vulnerability uncovered

http://www.bit-tech.net/news/gaming/...ty-uncovered/1
CardJoe is offline   Reply With Quote
Old 18th May 2011, 18:23   #2
Nutyy
Widden Palettes
 
Nutyy's Avatar
 
Join Date: Aug 2010
Location: Edinburgh, Scotland
Posts: 153
Nutyy - it's over 9000!!!!!!!!1!1!1!!!Nutyy - it's over 9000!!!!!!!!1!1!1!!!Nutyy - it's over 9000!!!!!!!!1!1!1!!!Nutyy - it's over 9000!!!!!!!!1!1!1!!!Nutyy - it's over 9000!!!!!!!!1!1!1!!!Nutyy - it's over 9000!!!!!!!!1!1!1!!!Nutyy - it's over 9000!!!!!!!!1!1!1!!!Nutyy - it's over 9000!!!!!!!!1!1!1!!!Nutyy - it's over 9000!!!!!!!!1!1!1!!!Nutyy - it's over 9000!!!!!!!!1!1!1!!!Nutyy - it's over 9000!!!!!!!!1!1!1!!!
Hmm lots of people i've talked to are having this problem but i had no troubles at all. All i had to do was change password automatically, no hassle and done in less than a minute. Looked at my account details and looking at the random data i entered i'm safe from hackers, anyway im back off to my home town of Nutwood, i hope no hackers come to my house.....
Nutyy is offline   Reply With Quote
Old 18th May 2011, 18:25   #3
mi1ez
Game Boy Modder
 
Join Date: Jun 2009
Location: Sydney, Australia
Posts: 1,110
mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!mi1ez - it's over 9000!!!!!!!!1!1!1!!!
Hope this one hasn't been known for a week...
__________________
The Angel Delights?
mi1ez is offline   Reply With Quote
Old 18th May 2011, 18:26   #4
AcidJiles
Supermodder
 
Join Date: Jun 2006
Posts: 375
AcidJiles has yet to learn the way of the Dremel
Sony said they took security seriously. No miscommunication.
AcidJiles is offline   Reply With Quote
Old 18th May 2011, 19:00   #5
Whirly
Supermodder
 
Whirly's Avatar
 
Join Date: Dec 2002
Location: On top of a hill
Posts: 459
Whirly has yet to learn the way of the DremelWhirly has yet to learn the way of the DremelWhirly has yet to learn the way of the DremelWhirly has yet to learn the way of the DremelWhirly has yet to learn the way of the DremelWhirly has yet to learn the way of the Dremel
Just so long as they're taking security seriously this ti...D'oh!
Whirly is offline   Reply With Quote
Old 18th May 2011, 21:09   #6
tad2008
Supermodder
 
Join Date: Nov 2008
Location: East Sussex, UK
Posts: 310
tad2008 has yet to learn the way of the Dremel
The data should have been stored encrypted and only takes an extra line of code to handle.

Since the hackers supposedly got the source code as well as the user data they will have the necessary keys for any encryption. All Sony had to do was change their keys add a line of code to encrypt user data, iterate through it all and then force a password reset on ALL user accounts thus preventing any hackers from making use of pre-existing keys or passwords and all their users would then just have to confirm via a link in an email to then change their password to something they would remember.

All elementary stuff tbh.
tad2008 is offline   Reply With Quote
Old 19th May 2011, 04:39   #7
LordPyrinc
Legomaniac
 
LordPyrinc's Avatar
 
Join Date: Mar 2008
Location: USA
Posts: 561
LordPyrinc should be considered for presidentLordPyrinc should be considered for presidentLordPyrinc should be considered for presidentLordPyrinc should be considered for presidentLordPyrinc should be considered for presidentLordPyrinc should be considered for presidentLordPyrinc should be considered for presidentLordPyrinc should be considered for presidentLordPyrinc should be considered for presidentLordPyrinc should be considered for presidentLordPyrinc should be considered for president
Considering their continued problems, the hack still smells like an inside job to me.
__________________

Intel i7-920 @ 2.66GHz - Corsair Vengeance 16GB DDR3 @ 1600MHz - Windows7 64bit
2 x 150GB WD VelociRaptor HDs (RAID 0) - 1TB WD 7200 rpm HD - 60GB OCZ SSD - 1TB WD External USB HD
2 x EVGA GeForce GTX 660Ti 2GB Superclocked (Dual SLI) - Razer BlackWidow Ultimate KB
Cooler Master HAF 922 - Antec 850W TruePower Quattro - 27" Samsung S27B550 LED Display
LordPyrinc is offline   Reply With Quote
Old 19th May 2011, 07:10   #8
Malvolio
.
 
Join Date: Dec 2003
Location: Calgary, Alberta, Canada
Posts: 4,631
Malvolio is the Cheesecake. Relix smiles down upon them.Malvolio is the Cheesecake. Relix smiles down upon them.Malvolio is the Cheesecake. Relix smiles down upon them.Malvolio is the Cheesecake. Relix smiles down upon them.Malvolio is the Cheesecake. Relix smiles down upon them.Malvolio is the Cheesecake. Relix smiles down upon them.Malvolio is the Cheesecake. Relix smiles down upon them.Malvolio is the Cheesecake. Relix smiles down upon them.Malvolio is the Cheesecake. Relix smiles down upon them.Malvolio is the Cheesecake. Relix smiles down upon them.Malvolio is the Cheesecake. Relix smiles down upon them.
How much forethought does it actually take to realise that your entire database has been compromised, and that those whom took it may wish to use it? What does it say of your security and technical teams when before even being put live the simplest of things is egregiously overlooked? I've pondered over a parallel to draw from this situation for nearly twenty minutes now, but I've yet to come up with something so absolutely daft as this one. The first time I heard about the extent to which the network had been compromised the least I expected was for everything to be locked down when PSN came back on-line, and password changes only allowed from the last console used to log-in to the network, at which point in time you force users to change their password along with any form of secret question or such, and completely review their account details in their entirety, allowing for deletion of any detail not specifically wanted (all the better to placate the agitated masses). Anything less would be an insult to a disenfranchised user base one hundred million strong.

But what do I know? I certainly don't make the kind of money those in Sony's digital security department make, so surely they know what's best, right? Right?
Malvolio is offline   Reply With Quote
Old 19th May 2011, 09:48   #9
Jake123456
All hail Olivia Wilde!!
 
Jake123456's Avatar
 
Join Date: Jan 2011
Location: Birmingham
Posts: 1,489
Jake123456 is the Cheesecake. Relix smiles down upon them.Jake123456 is the Cheesecake. Relix smiles down upon them.Jake123456 is the Cheesecake. Relix smiles down upon them.Jake123456 is the Cheesecake. Relix smiles down upon them.Jake123456 is the Cheesecake. Relix smiles down upon them.Jake123456 is the Cheesecake. Relix smiles down upon them.Jake123456 is the Cheesecake. Relix smiles down upon them.Jake123456 is the Cheesecake. Relix smiles down upon them.Jake123456 is the Cheesecake. Relix smiles down upon them.Jake123456 is the Cheesecake. Relix smiles down upon them.Jake123456 is the Cheesecake. Relix smiles down upon them.
I'm actually loving this
__________________
Steam Name - Chapman284
BF3 Name - Boiled_Marine
Games currently playing - BF3, Farcry 3 and Assassins Creed 3.
Quote:
Originally Posted by Ending Credits View Post
If I ejaculated a 1.5TB HDD I'd probably do it again from the excitement.
Jake123456 is offline   Reply With Quote
Old 19th May 2011, 11:21   #10
BurningFeetMan
Multimodder
 
Join Date: Feb 2006
Location: Sydney, Australia
Posts: 114
BurningFeetMan has yet to learn the way of the Dremel
What about if Steam got hacked? Would you love that? Or iTunes? Hell, why stop with online stores? Hospitals, schools and all other kinds of public & private systems!

Yes, there's heaps to love about security breaches and millions of people having their private details exposed and their accounts compromised.
BurningFeetMan is offline   Reply With Quote
Old 19th May 2011, 11:23   #11
KiNETiK
Multimodder
 
Join Date: Apr 2011
Posts: 74
KiNETiK has yet to learn the way of the DremelKiNETiK has yet to learn the way of the DremelKiNETiK has yet to learn the way of the Dremel
This is comedy
KiNETiK is offline   Reply With Quote
Old 19th May 2011, 11:23   #12
SNIPERMikeUK
Multimodder
 
Join Date: Feb 2006
Location: Notts, UK
Posts: 203
SNIPERMikeUK has yet to learn the way of the Dremel
This could become an excuse for the PSN store being down longer....
__________________
SNIPERMikeUK
SNIPERMikeUK is offline   Reply With Quote
Old 19th May 2011, 11:43   #13
Memnoch-fr
Minimodder
 
Join Date: Sep 2010
Location: Southern France
Posts: 22
Memnoch-fr has yet to learn the way of the Dremel
I'm not a PS hater, but shouldn't this have been obvious ? The website password change should have been locked out until the change had been made via a PS3.

@SNIPERMikeUK : PSN store was always going to be delayed (31st of may deadline)
Memnoch-fr is offline   Reply With Quote
Old 19th May 2011, 17:32   #14
bobwya
Custom PC Migrant
 
Join Date: May 2009
Location: Cambridge, UK
Posts: 193
bobwya has yet to learn the way of the Dremel
[QUOTE=BurningFeetMan]What about if Steam got hacked? Would you love that? Or iTunes? Hell, why stop with online stores? Hospitals, schools and all other kinds of public & private systems!
/QUOTE]

I think hackers prefer the low hanging fruit. Developers of Securom, etc. - it was always possibility they might become a target one day...

iTunes is secure btw.
bobwya is offline   Reply With Quote
Old 20th May 2011, 02:04   #15
Waynio
Mmmm Donuts
 
Waynio's Avatar
 
Join Date: Aug 2009
Location: UK
Posts: 4,928
Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.
Quote:
Originally Posted by BurningFeetMan View Post
What about if Steam got hacked? Would you love that? Or iTunes? Hell, why stop with online stores? Hospitals, schools and all other kinds of public & private systems!

Yes, there's heaps to love about security breaches and millions of people having their private details exposed and their accounts compromised.
Agreed but this should serve as a warning to other corporations not to mess with hackers too much & sony clearly underestimated what they could do thinking they could handle a determined force, which from my viewpoint looks like they can't especially after them holding their hands up & saying they can't guarantee users security, this says to me they were using the best security available & they still knocked it down.

But it is a scary thought of what could be done if master hackers got together for criminal stuff or deeply bad things .

Or yes it could simply be an inside job, guess we'll never know.
Waynio is offline   Reply With Quote
Old 20th May 2011, 09:47   #16
BurningFeetMan
Multimodder
 
Join Date: Feb 2006
Location: Sydney, Australia
Posts: 114
BurningFeetMan has yet to learn the way of the Dremel
So, is the reported value of Facebook 50 billion dollars, or is that the data within Facebook that's worth that much?

There are hackers and then there's organized crime. The worst part about online databases, is that once your data is out there, you have zero control. For example, who here has ever tried to close their PayPal account? I have,upon finding out that my PayPal account details were leaked. And to close my account, they wanted me to give them my bank account details! And I was like... To close my unused PayPal account after finding a breach in their security, where spammers started spamming me with details that had only ever been given to PayPal, I had to give Pay Pal my bank account details.

And I still wonder how the hell this breach in Pay Pal's security never made headlines. I guess there's the heavy rollers, and then there's Sony.
BurningFeetMan is offline   Reply With Quote
Old 20th May 2011, 10:00   #17
Da_Rude_Baboon
What the?
 
Da_Rude_Baboon's Avatar
 
Join Date: Mar 2002
Location: Aberdeen
Posts: 4,082
Da_Rude_Baboon is almost as Godly as yodasarmpitDa_Rude_Baboon is almost as Godly as yodasarmpitDa_Rude_Baboon is almost as Godly as yodasarmpitDa_Rude_Baboon is almost as Godly as yodasarmpitDa_Rude_Baboon is almost as Godly as yodasarmpitDa_Rude_Baboon is almost as Godly as yodasarmpitDa_Rude_Baboon is almost as Godly as yodasarmpitDa_Rude_Baboon is almost as Godly as yodasarmpitDa_Rude_Baboon is almost as Godly as yodasarmpitDa_Rude_Baboon is almost as Godly as yodasarmpitDa_Rude_Baboon is almost as Godly as yodasarmpit
Quote:
Originally Posted by Waynio View Post
which from my viewpoint looks like they can't especially after them holding their hands up & saying they can't guarantee users security.
Only a fool would say they have 100% full proof security. Not only would it be untrue it would make you the number 1 target for any hacker/s wanting to make a name for themselves.
Da_Rude_Baboon is offline   Reply With Quote
Old 20th May 2011, 12:16   #18
Waynio
Mmmm Donuts
 
Waynio's Avatar
 
Join Date: Aug 2009
Location: UK
Posts: 4,928
Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.Waynio is definitely a rep cheat.
Quote:
Originally Posted by Da_Rude_Baboon View Post
Only a fool would say they have 100% full proof security. Not only would it be untrue it would make you the number 1 target for any hacker/s wanting to make a name for themselves.
I know this but apparently sony didn't or were just too arrogant.
Waynio is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 22:50.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.