Post: Call of Privacy: Modern Spyware by PlayStation Network
02-17-2011, 06:43 PM #1
Pillar2365
I use to give free rep :/
(adsbygoogle = window.adsbygoogle || []).push({}); Your sensitive data is being sent around the internet unencrypted. Meaning someone can easily retrieve your credit card number, account log in, etc,. Read below. .


Originally posted by another user
Due our objective research of the SONY PlayStation Network, we decrypted nearly 100% of the traffic transferred over
proxies, http and https to and from the PSN. Just out of curiosity, not to harm anyone or anything and not like SONY may
want people to see it.

As SONY calls the scene hackers "evil", we surely do not address pirates and skiddies, we wondered how SONY is treating
the users' privacy and rights (remember the Music CD/DVD and USB stick rootkits). After we noticed a few badass functions
they have built into the PSN/PS3 functionality, we just call it the "Call of Privacy: Modern Spyware" case.

Below we list and explain a few of the shady PSN functions and data mining stuff. And remember: EVERYONE has a right to
know about YOUR OWN PRIVATE data being transferred over the networks!


Originally posted by another user
Even if a connection is SSL encrypted, companies are aware of the big risk behind custom CA files and it's possibilities.
SONY seems not to care about those known vulnerabilities. It is a big company and a HUGE network. With huge we mean a
magnitude of hundreds and even thousands: the PSN utilizes thousands of servers, handled by a very small group of
administrators and quality assurance people. The IP ranges and domains of these servers are retrievable by anyone, cause
this is how the Internet works ! It is all public data and information !

An example is the credit card information and the login authentification itself. Take a look at the traffic:


  • creditCard.paymentMethodId=CC_COMPANY&
  • creditCard.holderName=EXAMPLENAME&
  • creditCard.cardNumber=1234567890123456&
  • creditCard.expireYear=2012&creditCard.expireMonth=2&
  • creditCard.securityCode=123&
  • creditCard.address.address1=EXAMPLESTREET%2024%20&creditCard.address.city=EXAMPLECITY%20&
  • creditCard.address.province=EXAMPLEREGION%20&
  • creditCard.address.postalCode=12345%20




The credit card information should ALWAYS be encrypted. In ANY case. At least the security code. SONY is only relying on
it's https connection. With all those CFWs spreading around, this is not secure anymore.

Same goes for the user details:


  • serviceid=IV0001-NPXS01001_00&
  • [email protected]&
  • password=examplepassword&
  • first=true&
  • consoleid=EXAMPLEID123



Such sensitive data can now be captured by anyone who builds his own custom firmware with custom certificates. There
are enough n00b-friendly tools by now. Means, little scriptkiddies can spread their little CFWs and phish user data.
As many of these people are using a third party DNS, they are a potential victim of phishing.
At the beginning of the PS3 launch, this user data was even transferred over http !


You think thats all that Sony receives? Nope keep reading.

Originally posted by another user
The PlayStation Network agreement states that SONY is allowed to collect nearly any data that is connected with your
privacy.It is clear, that SONY won't tell you WHAT they are collecting in the TOS etc., as many people would never accept
that TOS.

The Anonymous Data Protection Officers

A few month ago we noticed the TOS silently beeing updated without a new user agreement request. It was about that you
have the right to contact a "Data Protection Offier" at SCEE, who can can give you details about what data is collected. So
we phoned SCEE. Beeing forwarded to many people, it turned out that there is no so called "Data Protection Officer".
Funny right? Shortly after this call, the clause was removed from the TOS.
SONY itself told us, that they do not know, what we are talking about regarding this Officer. They told us, that there was
never such a position inside SONY, neither a phone number. Even the address was non existing!

Still it is an impudence what huge amounts of data they are collecting. One example is an information list which is transfered
everytime you login the PSN as well as at some random time. A few short quotes:

<info category="76">TFT-TV</info><info category="77">

This is a string sent to SONY which includes your TV model. The list is long and contains a lot more like information about
attached USB devices, your home network, your playtime behaviour, installed games, apps, homebrews or their so called
"circumvention devices" and so on. Details about your Home network, statistics etc.


So to sum it up for you all who won't take the time to read this. Anyone can get the following information easily, Credit card information(ALL OF IT), Login details, your play schedule, Data thats on your USB(so the pictures of your girlfriend that you wanted to see on your flat screen, someone can get them), Home network information, installed games, homebrew, apps, details on your home network.

You must login or register to view this content.
(adsbygoogle = window.adsbygoogle || []).push({});

The following 3 users say thank you to Pillar2365 for this useful post:

b0snian, Justin, TrytoYOLO
02-17-2011, 09:36 PM #11
elite2011
Ultimate Trophy Collector
ohh too bad
02-17-2011, 09:43 PM #12
The Epic
I wont stop
Originally posted by Pillar2365 View Post
Your sensitive data is being sent around the internet unencrypted. Meaning someone can easily retrieve your credit card number, account log in, etc,. Read below. .






You think thats all that Sony receives? Nope keep reading.



So to sum it up for you all who won't take the time to read this. Anyone can get the following information easily, Credit card information(ALL OF IT), Login details, your play schedule, Data thats on your USB(so the pictures of your girlfriend that you wanted to see on your flat screen, someone can get them), Home network information, installed games, homebrew, apps, details on your home network.

You must login or register to view this content.


Notice: Unauthorized circumvention devices for the PlayStation 3 system have been recently released by hackers. These devices permit the use of unauthorized or pirated software. Use of such devices or software violates the terms of the “System Software License Agreement for the PlayStation 3 System” and the “Terms of Services and User Agreement” for the PlayStation Network/Qriocity and its Community Code of Conduct provisions. Violation of the System Software Licence Agreement for the PlayStation 3 System invalidates the consumer guarantee for that system. In addition, copying or playing pirated software is a violation of International Copyright Laws. Consumers using circumvention devices or running unauthorized or pirated software will have access to the PlayStation Network and access to Qriocity services through PlayStation 3 system terminated permanently.
To avoid this, consumers must immediately cease use and remove all circumvention devices and delete all unauthorized or pirated software from their PlayStation 3 systems. this is what should up on my ps3 today..
02-17-2011, 09:45 PM #13
Pillar2365
I use to give free rep :/
Originally posted by PedoBear
Notice: Unauthorized circumvention devices for the PlayStation 3 system have been recently released by hackers. These devices permit the use of unauthorized or pirated software. Use of such devices or software violates the terms of the “System Software License Agreement for the PlayStation 3 System” and the “Terms of Services and User Agreement” for the PlayStation Network/Qriocity and its Community Code of Conduct provisions. Violation of the System Software Licence Agreement for the PlayStation 3 System invalidates the consumer guarantee for that system. In addition, copying or playing pirated software is a violation of International Copyright Laws. Consumers using circumvention devices or running unauthorized or pirated software will have access to the PlayStation Network and access to Qriocity services through PlayStation 3 system terminated permanently.
To avoid this, consumers must immediately cease use and remove all circumvention devices and delete all unauthorized or pirated software from their PlayStation 3 systems. this is what should up on my ps3 today..


I don't get why you said this lol
02-17-2011, 09:46 PM #14
The Epic
I wont stop
Originally posted by Pillar2365 View Post
I don't get why you said this lol


Lol cuz when i logged off then logged on to my b.o account it pulled up a weird ass menu an this showed..
02-17-2011, 09:47 PM #15
Pillar2365
I use to give free rep :/
Originally posted by PedoBear
Lol cuz when i logged off then logged on to my b.o account it pulled up a weird ass menu an this showed..


That was on B.O?!
02-17-2011, 09:50 PM #16
Justin
Juzzy Dee Music
lol. I bet someone will use someones credit card and the credit card owner will sue sony.
02-17-2011, 09:52 PM #17
The Epic
I wont stop
Originally posted by Pillar2365 View Post
That was on B.O?!


Nope.... When i tried to login it had a agree button an a dis agree button...
02-17-2011, 09:55 PM #18
MysticalX
GamerzRevolution
we could sue Sony for this i dont know if anyone already thought about that ?

iam going to send them a sensitive email (A)
02-17-2011, 09:57 PM #19
Pillar2365
I use to give free rep :/
Originally posted by MysticalX View Post
we could sue Sony for this i dont know if anyone already thought about that ?

iam going to send them a sensitive email (A)


go for it!

---------- Post added at 04:57 PM ---------- Previous post was at 04:56 PM ----------

Originally posted by PedoBear
Nope.... When i tried to login it had a agree button an a dis agree button...


Oh wow...I wonder what would have happened if you pressed disagree.

Copyright © 2026, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo