Post: maybe new secure firmware update and sony movin severs
Options
04-28-2011, 10:47 PM
#1
jeffers07
Climbing up the ladder
You must login or register to view this content.
It just keeps getting worse and worse for Sony!
Today, in a weak effort to answer many outstanding questions in regard to the why they lost over 77 million PSN accounts last week to an "external intrusion"!
Sony decided to release more details on their blog, which allows us to make the following comments regarding the now over ONE week breakdown of the PSN network!
Point #1: -- They admit that PSN "personal data" was NOT encrypted!
Since the simple PLAINTEXT "personal data table", did contain your "email address", "birthdate", "real name", "password", and even tho Sony claims the "credit card" table was encrypted, most people sadly use the same password on multiple other accounts, so it would be very easy for a hacker to login into a matching email, or paypal, or bank account, and discover the missing bits of info needed like full credit or bank account numbers by going thru all your outside personal info, thanks to Sony giving him your "password" in plaintext!
Point #2 -- Now we know why it is taking so long to restore the PSN network!
So they are not just rebuilding the network, by updating the server software, they are moving to a whole new location, but this just opens up more questions! -- What was wrong with the old location? -- Was the "
external intrusion" just simply someone walking in and looking like a techie-person, and copying the data removing the need to break any security?
Rumor: We are in for big update, DLC wise, Game patch wise, firmware!
Reports are coming in from many mainstream blogs that a new firmware update will be released in May 2011 and that it will FORCE you to re-verify your complete PSN account, and you MUST create a new PASSWORD, and you WILL have to UPDATE to this new secure PS3 firmware if you wish to enjoy in the FUTURE newly released games!
There is also rumors that all licensed game developers are being shipped new SDK's, and that they are being forced to re-compile all the DLC addon's, and all their game patchs, before Sony will even think of turning on the new PSN network!
We Told You So! --- Seems Everyone Knew But Sony!
So there you have it all in a nutshell, the system was totally unsecure, and fully outdated, and Sony was just being infact lazy in doing anything about it!
[video]https://youtu.be/Cwn4R_GexLM[/video]
You must login or register to view this content.
It just keeps getting worse and worse for Sony!
Today, in a weak effort to answer many outstanding questions in regard to the why they lost over 77 million PSN accounts last week to an "external intrusion"!
Sony decided to release more details on their blog, which allows us to make the following comments regarding the now over ONE week breakdown of the PSN network!
Point #1: -- They admit that PSN "personal data" was NOT encrypted!
Originally posted by another user
All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
breached in a malicious attack.
breached in a malicious attack.
Since the simple PLAINTEXT "personal data table", did contain your "email address", "birthdate", "real name", "password", and even tho Sony claims the "credit card" table was encrypted, most people sadly use the same password on multiple other accounts, so it would be very easy for a hacker to login into a matching email, or paypal, or bank account, and discover the missing bits of info needed like full credit or bank account numbers by going thru all your outside personal info, thanks to Sony giving him your "password" in plaintext!
Point #2 -- Now we know why it is taking so long to restore the PSN network!
Originally posted by another user
We are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway.
So they are not just rebuilding the network, by updating the server software, they are moving to a whole new location, but this just opens up more questions! -- What was wrong with the old location? -- Was the "
external intrusion" just simply someone walking in and looking like a techie-person, and copying the data removing the need to break any security?
Rumor: We are in for big update, DLC wise, Game patch wise, firmware!
Reports are coming in from many mainstream blogs that a new firmware update will be released in May 2011 and that it will FORCE you to re-verify your complete PSN account, and you MUST create a new PASSWORD, and you WILL have to UPDATE to this new secure PS3 firmware if you wish to enjoy in the FUTURE newly released games!
There is also rumors that all licensed game developers are being shipped new SDK's, and that they are being forced to re-compile all the DLC addon's, and all their game patchs, before Sony will even think of turning on the new PSN network!
We Told You So! --- Seems Everyone Knew But Sony!
Originally posted by another user
[user12] I also know that the server that does the x-i-5 tickets is a bit more tight about the ciphers than any other system in sonyland
[user12] if sony is watching this channel they should know that running an older version of apache on a redhat server with known vulnerabilities is not wise, especially when that server freely reports its version and its the auth server
[user2] its not old version, they just didnt update the banner
[user12] I consider apache 2.2.15 old
[user2] which server
[user12] it also has known vulnerabilities
[user12] auth.np.ac.playstation.net
[user2] ya the displayed version u see via banner is not the real version
[user12] unless they updated it in the last couple weeks
[user12] I doubt that since its not trivial to change that
[user12] its a bit more invasive than just setting it to Prod like they do on their other servers
[user11] you know, watching this conversation makes me think about whether it was a good idea after all to buy a couple of games from psn using a visa card
[user2] its just backported security patches
[user11] i did remove all my info after downloading the games though
[user12] that is just psn not the store
[user12] they are running linux 2.6.9-2.6.24 on that box too
[user12] that too is old
[user2] lol @ buying on store
[user11] yes, but their general attitude towards security just seems…ugh
[user2] sony wont misuse the info i bet xD
[user2] but just prevent using cfw’s of unknown ppl
[user2] even better from ALL ppl
[user2] make ur own lol
[user12] so I doubt that they are spoofing the network stack on that box as well
[user12] my guess is that it really is undermaintained “it works why change anything”
[user2] could be
[user12] sony really should update that stuff to something more current
[user2] ya
[user2] but imagine
[user2] psn == 45 environments
[user2] and for example
[user2] every env has 50 subdomains
[user2] to external machines
[user2] its rly rly huge
[user2] who wants to do this xD
[user2] ppl r lazy
[user2] wont change
[user12] if sony is watching this channel they should know that running an older version of apache on a redhat server with known vulnerabilities is not wise, especially when that server freely reports its version and its the auth server
[user2] its not old version, they just didnt update the banner
[user12] I consider apache 2.2.15 old
[user2] which server
[user12] it also has known vulnerabilities
[user12] auth.np.ac.playstation.net
[user2] ya the displayed version u see via banner is not the real version
[user12] unless they updated it in the last couple weeks
[user12] I doubt that since its not trivial to change that
[user12] its a bit more invasive than just setting it to Prod like they do on their other servers
[user11] you know, watching this conversation makes me think about whether it was a good idea after all to buy a couple of games from psn using a visa card
[user2] its just backported security patches
[user11] i did remove all my info after downloading the games though
[user12] that is just psn not the store
[user12] they are running linux 2.6.9-2.6.24 on that box too
[user12] that too is old
[user2] lol @ buying on store
[user11] yes, but their general attitude towards security just seems…ugh
[user2] sony wont misuse the info i bet xD
[user2] but just prevent using cfw’s of unknown ppl
[user2] even better from ALL ppl
[user2] make ur own lol
[user12] so I doubt that they are spoofing the network stack on that box as well
[user12] my guess is that it really is undermaintained “it works why change anything”
[user2] could be
[user12] sony really should update that stuff to something more current
[user2] ya
[user2] but imagine
[user2] psn == 45 environments
[user2] and for example
[user2] every env has 50 subdomains
[user2] to external machines
[user2] its rly rly huge
[user2] who wants to do this xD
[user2] ppl r lazy
[user2] wont change
So there you have it all in a nutshell, the system was totally unsecure, and fully outdated, and Sony was just being infact lazy in doing anything about it!
[video]https://youtu.be/Cwn4R_GexLM[/video]
You must login or register to view this content.
04-29-2011, 02:05 AM
#11
Antagonizer88
Bounty hunter
Originally posted by getxscared
I have a feeling that they could have been hacked very soon after the initial release. They just hadn't pissed anyone off enough to make them do so. Their war on hackers and $hitty treatment of consumers was most likely the main catalyst for the attack.
What shitty treatment are you talking about? Trying to keep the system secure and free from hackers isn't shitty treatment. These "hackers" need to just pull their head out of their ass and realize the world doesn't revolve around them. Instead of going through all the trouble of hacking and pissing other people off, why don't they just create their OWN system? Better yet, why not just use their PC and hook it into their TV?
04-29-2011, 02:12 AM
#13
Tree
Clearly Outplayed
They probably didn't want to encounter any more changes in a newer version. It worked for a long time, they were probably trying to extend and replace maybe once ever 5 -10 years. That is still a long time though. Sony needs so step up on security and encrypt things more often.
04-29-2011, 02:13 AM
#14
getxscared
Space Ninja
Originally posted by Antagonizer88
What shitty treatment are you talking about? Trying to keep the system secure and free from hackers isn't shitty treatment. These "hackers" need to just pull their head out of their ass and realize the world doesn't revolve around them. Instead of going through all the trouble of hacking and pissing other people off, why don't they just create their OWN system? Better yet, why not just use their PC and hook it into their TV?
I'm not talking about this ordeal as bad treatment. It's more towards how they had gotten rid of OtherOS, the ability to play ps2 games on the slims, and some other features. And "hackers" is too general of a term to group them together. There are a lot of them who only wanted to use homebrew on their ps3 or get the only somewhat good part of this is that Sony finally realized that they were not secure. Hopefully they do a better job this time.
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
