• Steam recently changed the default privacy settings for all users. This may impact tracking. Ensure your profile has the correct settings by following the guide on our forums.

PS3 PS3 Firmware Update Incoming, Will Force PSN Users To Change Password

x3sphere

x3sphere

Administrator
Staff member
Enforcer Team
Game Info Editor
psnetwork.jpg

As revealed today in an update posted on the official PS Blog, Sony plans on releasing a new PS3 firmware update soon. In addition to allowing users to connect to the rebuilt PSN infrastructure, it'll force a password change on connect. This comes in response to the recent PSN security breach, which has left a staggering 70 million+ accounts compromised.

Here's the item in question, direct from the FAQ:
We are working on a new system software update that will require all users to change their password once PlayStation Network is restored[...]

Continue reading: PS3 Firmware Update Incoming, Will Force PSN Users To Change Password...
 
Seth

Seth

MD Party Room
gyqHh.jpg


Via reddit
 
karnbmx

karnbmx

ceebs. :)
Sony failed. Miserably.
*FACEPALM* >
 
El Diablo

El Diablo

Member
I switch the S with a $ to show how greedy and money hungry of a corporation $ony is, maaaaaaaaaaaaan.
 
karnbmx

karnbmx

ceebs. :)
Ummm...
I checked their blog, and they say that all our personal data was "protected, and access was restricted both physically and through the perimeter and security of the network".
So our personal data WAS actually encrypted, and hence, they didn't fail that badly.
 
x3sphere

x3sphere

Administrator
Staff member
Enforcer Team
Game Info Editor
No it wasn't. Just the credit card data. Read the rest.

"The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack."

So whoever hacked PSN has a massive wordlist of 70+ million passwords, thanks to Sony's inability to prepare for a worst case scenario.
 
Robby

Robby

Los Doyers!
karnbmx said:
Ummm...
I checked their blog, and they say that all our personal data was "protected, and access was restricted both physically and through the perimeter and security of the network".
So our personal data WAS actually encrypted, and hence, they didn't fail that badly.
Click to expand...
Seeing as they lied to us once, I wouldn't trust them. They probably don't want to cause a bigger uproar.
 
TeamOverload

TeamOverload

Active Member
karnbmx said:
Ummm...
I checked their blog, and they say that all our personal data was "protected, and access was restricted both physically and through the perimeter and security of the network".
So our personal data WAS actually encrypted, and hence, they didn't fail that badly.
Click to expand...

Since they continuously can't comment on the fact of if our credit card information was taken or not, they obviously have a very poor series of protections put in place to begin with. How do you not know what was retrieved from your own servers?
 
x3sphere

x3sphere

Administrator
Staff member
Enforcer Team
Game Info Editor
Also, even though CCs are encrypted, it doesn't mean the hacker wasn't able to obtain the real values.

As encryption is not a one way street, there is a decrypt function located on the server since it remembers your CC for subsequent purchases. So a skilled intruder could have decrypted every CC using their server. No brute force needed.
 
NeilR

NeilR

eXo Admin
Enforcer Team
x3sphere said:
As encryption is not a one way street, there is a decrypt function located on the server since it remembers your CC for subsequent purchases. So a skilled intruder could have decrypted every CC using their server. No brute force needed.
Click to expand...

I very much doubt that x3. For that to be true they would have to serve as their own clearing house which is unlikely. The encrypted CC info is what is sent to clearing houses; CC numbers are supposed to be encrypted immediately upon submission and it is this encrypted value that gets sent for processing. A clearing house (payment gateway) is responsible for the public and private keys issued to each of their clients; meaning Sony would not have access to the keys. They wouldn't be in business if they didn't follow the global standards; they're subject to audits just like everyone else.
 
JohnVani18

JohnVani18

New Member
Yeah!! Kick them in the nut$.. in the nut$.... in the nut$...... xD
 
Hellcat

Hellcat

Contributor
NeilR said:
I very much doubt that x3. For that to be true they would have to serve as their own clearing house which is unlikely. The encrypted CC info is what is sent to clearing houses; CC numbers are supposed to be encrypted immediately upon submission and it is this encrypted value that gets sent for processing. A clearing house (payment gateway) is responsible for the public and private keys issued to each of their clients; meaning Sony would not have access to the keys. They wouldn't be in business if they didn't follow the global standards; they're subject to audits just like everyone else.
Click to expand...
That sounds like there is hope CC information is not compromised.... doesn't it?
 
NeilR

NeilR

eXo Admin
Enforcer Team
Sure there's a chance but it isn't simple. It would be far easier for someone to try and manipulate the system by sending requests using the encrypted info directly to a payment gateway but that would also require knowledge of all kinds of other things.

Personally, I'm more concerned about the obvious potential for identify theft rather than the legitimate card I've used with PSN.
 
I

iamjoeyb

New Member
Smoke and mirrors! They are blowing this up so when we all get back on our systems and there is a charge to use the network we convince ourselves its for safety so its ok to pay. Sony is not dumb, they pay for the best of the best in all fields, marketing included. So i am guessing the price will be something like $29.99 to $49.99 and they will make back all there money they lost and some. 70million users times 20 bucks hahahah yeah. around of applause for the genius marketeer behind this one. Let us know how big your bonus is. Thumbs down!!!!
 
Abe Froeman

Abe Froeman

Gamer Dad
Enforcer Team
iamjoeyb said:
Smoke and mirrors! They are blowing this up so when we all get back on our systems and there is a charge to use the network we convince ourselves its for safety so its ok to pay. Sony is not dumb, they pay for the best of the best in all fields, marketing included. So i am guessing the price will be something like $29.99 to $49.99 and they will make back all there money they lost and some. 70million users times 20 bucks hahahah yeah. around of applause for the genius marketeer behind this one. Let us know how big your bonus is. Thumbs down!!!!
Click to expand...
I'm so confident that won't happen, I'd eat my own shit if it does.
 
You must log in or register to reply here.
Top