PSN Hacker Chat Log

@HDMoore tweeted an interesting link to a chat log from around February 16, 2011 of some supposed PlayStation Network hackers that reveals some not-so-surprising truths about huge vulnerabilities and major security oversights in Sony's online gaming service. After discussing at length some major problems with PSN, one hacker says,

"you know, watching this conversation makes me think about whether it was a good idea after all to buy a couple of games from psn using a visa card...their general attitude towards security just seems...ugh"

Another user says,

"sony really should update that stuff to something more current"

Among some of the concerns mentioned in the informal chat log are: allegations of Sony collecting information about personal files stored on any attachable storage devices (such as a USB drive), credit card billing (including the card security code), address information sent over the network unencrypted in-the-clear, the ability to easily modify the download URL to circumvent payment of downloadable games, Sony monitoring all messaging activity on PlayStation Network, insecurity of user email addresses obtainable for spamming, and out-of-date server software. Some in the chat session know enough about the PlayStation Network to know that it is composed of 45 environments that all operate independently.

UPDATE: Steve Gibson (@SGgrc) tweeted, "SONY PSN BREACH RUMORS: Early reports of massive/widespread username & password login attempts using Sony's lost user database." Folks, if you used the same username and password from your PSN account anywhere else, now is the time to change your passwords!

PlayStation Network Security Breach

As many in the tech and gaming community are aware, Sony's PlayStation Network, the service that allows users to connect online for multiplayer games, download music, movies, games and other content has been down for about one week, and will apparently be down for at least another week. Sony has confirmed that their network was attacked and that personal information of its users was likely leaked.

Here is part of an update published by Sony's Patrick Seybold, Sr. Director, Corporate Communications and Social Media:

"Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

If you are a PlayStation Network user, then within the next few weeks and months, it might be wise to check your credit card statements and your credit report to make sure that your leaked personal information has not been abused. In fact, with data breaches becoming more common, it is recommended that you check your credit report at least once every year by requesting a free copy at AnnualCreditReport (https://www.annualcreditreport.com/), which is the centralized service for consumers to request free annual credit reports from consumer credit reporting companies Equifax, Experian and TransUnion. (Source: PlayStation Blog)

Sweet Pixel Art - Castle

SquareTrade, a No-Brainer

I've always seen ads for SquareTrade plastered all over the internet, but have never actually considered buying a warranty. Yesterday, I just bought a replacement PS3 after my first one died (infamous "red screen" error). When I purchased the new PS3, the Best Buy representative offered me their warranty for $60, which I refused. This morning, I bought a 3-year warranty through SquareTrade for $27.29 (using 30% off coupon code "EASTER" valid only today 4/19, more coupon codes). If my PS3 dies within the next three years, it's nice to know that I can get it replaced without any hassle--well worth the $27.29. I recommend SquareTrade over higher-priced warranty replacement plans that you commonly find in retail stores.

Is OpenDNS Using Scare Tactics to Get Users to Upgrade?

I've been a long-time user of OpenDNS. The free service allows you to add customizable content filtering for all internet activity on your network and provides extremely fast DNS look-up results, making browsing faster. OpenDNS even tracks statistics on network activity and puts it in a handy dashboard. When I logged in to my OpenDNS Dashboard recently, I noticed an alert informing me that there was "Malware/Botnet Activity Detected" on my network. The Dashboard prompted me to check my stats so that I could supposedly track down whatever malware may or may not be active on my network.

If you attempt to view the stats with a free account, you are taken to a page that prompts you to pay for an upgrade, "You’re going further back in time than your plan allows. Have you considered upgrading? Let’s do this"

This tactic seems a little like some of those anti-malware programs that claim to have found an evil program on your computer and if you pay for the upgrade it will clean up the infection. I'm obsessive about making sure all devices on my network have the latest OS patches and anti-malware definitions. Perhaps the malware/botnet activity was from a visiting device, a false positive, or maybe some devices on my network really are infected. Curiously though, the last activity was seen Jan 16--quite a while ago.

Has anyone else seen malware/botnet activity detected in their OpenDNS network stats? For those of you who may have upgraded to a paid OpenDNS account, what is the benefit of upgrading? Does it provide sufficient information to track down any potential threats on your network, or is this just a scare tactic?

Gmail Motion

 

LOL!