Sonys PlayStation Network (PSN) har i morgen været ude af drift i en uge, og som tiden går, begynder spørgsmålene for alvor at presse sig på. Sony selv kom med en meget kortfattet udmelding i torsdags og har nu erkendt, at de ikke er klar over hvornår PS3-gamerne igen kan springe online. Det har bl.a. betydet at gamere ikke har kunne spille Portal 2, da det kræver at man er logget ind på PSN. Hackergruppen Anonymous har afvist at de står bag, men det tyder nu på at det et nyt firmware-hack (tak til VG247), som er den virkelige årsag til at Sony har lukket systemet helt. Det skulle kunne give fri og gratis adgang til hele Sonys netværk, hvilket Sony på ingen måde kan leve med.
The firmware essentially turns a retail PS3 into a dev kit, and makes PSN believe the machine is part of Sony’s developer network. As it’s a trusted party, the network then fails to check details such as credit card numbers, meaning those using the hack were able, apparently, to download as much content from PSN’s retail servers as they liked.
According to that post, developers have now been told that “only 3.60+ debug firmwares will be allowed on the dev network anymore. All earlier versions will be cut. If you want to retain your access you need to contact Sony and upgrade to 3.60 debug firmware.”
While we’re told it’s true that hackers gained access to PSN retail content through this hack, it is not at all confirmed that this was the reason Sony took PSN offline last Wednesday.


























Det er da dejligt hvis credit card oplysninger er blevet nappet…
Jeg tvivler på dine kortoplysninger ligger tilgængeligt for alle udviklere på PSN retail network.
http://www.ubergizmo.com/2011/04/sony-uncertain-if-credit-cards-were-compromised-in-psn-hack/
“Sony says it’s not sure if credit card and any other personal information have been compromised at this time”
Lyder skørt at en hacket ps3 med dev kit adgang også skulle have adgang til kreditkortoplysninger. Så er deres system temmelig flawed i hvert fald.
Læste et andet sted, at credit card oplysningerne sendes via ukrypterede txt filer… Så flawed indeed.
EDIT: http://www.geekosystem.com/psn-hacked-claim/
Ja, men at Sony ikke kan afvise det, giver altså bange anelser. Det er jo ingen hemmelighed, at Sony aldrig har været helt så gode til deres online-services, men at det skulle stå så galt til, vil bestemt ikke være godt.
Der skal jo ikke gå meget mere tid, før PS3’eren kan blive kaldt for singleplayer-konsollen..
Så fordi nogen få måske har lavet en hack på deres maskine, så lukker de for ALLE?
Lorte Sony.
Det er altid dejligt når der skydes med spredhagl.
Jeg har lige læst her at kortoplysninger ikke sendes i en ukrypteret txt fil.
Men ja, det ville det været betryggende hvis de kunne afvise at folk udefra har haft adgang til de kortoplysninger.
Betyder det så at alle deres medarbejdere med en dev konsol har adgang til de samme informationer?
#9 – Der står da lige det modsatte?
Fy for en skefuld!
A document written by the hackers has clarified what they did and what privacy and security risks they believe the PlayStation 3 poses. The PS3’s connection to PSN is protected by SSL. As is common to SSL implementations, the identity of the remote server is verified using a list of certificates stored on each PS3. The credit card and other information is sent over this SSL connection. So far so good; this is all safe, and your web browser depends on the same mechanisms for online purchases.
The concern raised by the hackers is that custom firmwares could subvert this system. A custom firmware can include custom certificates in its trusted list. It can also use custom DNS servers. This raises the prospect of a malicious entity operating his own proxies to snaffle sensitive data. He would distribute a custom firmware that had a certificate corresponding to his proxy, and that used a DNS server that directed PSN connections to the proxy. His proxy would decrypt the data sent to it, and then re-encrypt it and forward it to the real PSN servers.
Such a scheme would be transparent to PSN users (except for any potential performance reduction caused by the proxying), and would give the attacker access to all the information that the PS3 sends to Sony. This information is shown to be extensive, but apart from the credit card data, probably not too sensitive or unreasonable.
Der står da at de benytter https som alle andre firmaer som sender den slags oplysninger, og du er nødt til at installere custom firmware og forbinde til en hackers phishing proxy for at han kan hapse dine ting. I hvert fald fra dig.
Der står ikke hvordan de lagres hos sony.
#12:
Korrekt. De benytter SSL.
#11 det du citere der får mig til at smile, for det kan jo “kun” gå ud over de som så HAR hentet en custom firmware
MUHAHAHA
Her gik man netop og var jaloux på PS3-gamerne, fordi at de fik Crossplatform…
Det helt store spørgsmål er, om hvorvidt Geohotz’ hack har banet vejen for dette hack… Det er sq en speget affære for tiden.