Friday, April 29, 2011

PSN Hacker Chat Log

@HDMoore tweeted an interesting link to a chat log from around February 16, 2011 of some supposed PlayStation Network hackers that reveals some not-so-surprising truths about huge vulnerabilities and major security oversights in Sony's online gaming service. After discussing at length some major problems with PSN, one hacker says,
"you know, watching this conversation makes me think about whether it was a good idea after all to buy a couple of games from psn using a visa card...their general attitude towards security just seems...ugh"
Another user says,
"sony really should update that stuff to something more current"
Among some of the concerns mentioned in the informal chat log are: allegations of Sony collecting information about personal files stored on any attachable storage devices (such as a USB drive), credit card billing (including the card security code), address information sent over the network unencrypted in-the-clear, the ability to easily modify the download URL to circumvent payment of downloadable games, Sony monitoring all messaging activity on PlayStation Network, insecurity of user email addresses obtainable for spamming, and out-of-date server software. Some in the chat session know enough about the PlayStation Network to know that it is composed of 45 environments that all operate independently.

UPDATE: Steve Gibson (@SGgrc) tweeted, "SONY PSN BREACH RUMORS: Early reports of massive/widespread username & password login attempts using Sony's lost user database." Folks, if you used the same username and password from your PSN account anywhere else, now is the time to change your passwords!

2 comments:

  1. This is interesting because back in February I was alerted to someone logging into my Facebook account from the Philippines. They disabled the login so they couldn't proceed and alerted me, and I changed my Facebook password.

    Then I heard about the PSN breach and I wondered if they were related, because the PSN and Facebook were using the same e-mail and password that I use for insecure info, different from e-mail and finance. But I didn't think they were connected because we didn't hear about the PSN breach until two months later. But it sounds like they are absolutely related.

    ReplyDelete
  2. Crazy. Yeah, it's looking pretty ugly. I'm just about finished resetting all of my passwords with unique, random strings using LastPass. Be safe!

    ReplyDelete