Post: maybe new secure firmware update and sony movin severs
Options
04-28-2011, 10:47 PM
#1
jeffers07
Climbing up the ladder
You must login or register to view this content.
It just keeps getting worse and worse for Sony!
Today, in a weak effort to answer many outstanding questions in regard to the why they lost over 77 million PSN accounts last week to an "external intrusion"!
Sony decided to release more details on their blog, which allows us to make the following comments regarding the now over ONE week breakdown of the PSN network!
Point #1: -- They admit that PSN "personal data" was NOT encrypted!
Since the simple PLAINTEXT "personal data table", did contain your "email address", "birthdate", "real name", "password", and even tho Sony claims the "credit card" table was encrypted, most people sadly use the same password on multiple other accounts, so it would be very easy for a hacker to login into a matching email, or paypal, or bank account, and discover the missing bits of info needed like full credit or bank account numbers by going thru all your outside personal info, thanks to Sony giving him your "password" in plaintext!
Point #2 -- Now we know why it is taking so long to restore the PSN network!
So they are not just rebuilding the network, by updating the server software, they are moving to a whole new location, but this just opens up more questions! -- What was wrong with the old location? -- Was the "
external intrusion" just simply someone walking in and looking like a techie-person, and copying the data removing the need to break any security?
Rumor: We are in for big update, DLC wise, Game patch wise, firmware!
Reports are coming in from many mainstream blogs that a new firmware update will be released in May 2011 and that it will FORCE you to re-verify your complete PSN account, and you MUST create a new PASSWORD, and you WILL have to UPDATE to this new secure PS3 firmware if you wish to enjoy in the FUTURE newly released games!
There is also rumors that all licensed game developers are being shipped new SDK's, and that they are being forced to re-compile all the DLC addon's, and all their game patchs, before Sony will even think of turning on the new PSN network!
We Told You So! --- Seems Everyone Knew But Sony!
So there you have it all in a nutshell, the system was totally unsecure, and fully outdated, and Sony was just being infact lazy in doing anything about it!
[video]https://youtu.be/Cwn4R_GexLM[/video]
You must login or register to view this content.
It just keeps getting worse and worse for Sony!
Today, in a weak effort to answer many outstanding questions in regard to the why they lost over 77 million PSN accounts last week to an "external intrusion"!
Sony decided to release more details on their blog, which allows us to make the following comments regarding the now over ONE week breakdown of the PSN network!
Point #1: -- They admit that PSN "personal data" was NOT encrypted!
Originally posted by another user
All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
breached in a malicious attack.
breached in a malicious attack.
Since the simple PLAINTEXT "personal data table", did contain your "email address", "birthdate", "real name", "password", and even tho Sony claims the "credit card" table was encrypted, most people sadly use the same password on multiple other accounts, so it would be very easy for a hacker to login into a matching email, or paypal, or bank account, and discover the missing bits of info needed like full credit or bank account numbers by going thru all your outside personal info, thanks to Sony giving him your "password" in plaintext!
Point #2 -- Now we know why it is taking so long to restore the PSN network!
Originally posted by another user
We are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway.
So they are not just rebuilding the network, by updating the server software, they are moving to a whole new location, but this just opens up more questions! -- What was wrong with the old location? -- Was the "
external intrusion" just simply someone walking in and looking like a techie-person, and copying the data removing the need to break any security?
Rumor: We are in for big update, DLC wise, Game patch wise, firmware!
Reports are coming in from many mainstream blogs that a new firmware update will be released in May 2011 and that it will FORCE you to re-verify your complete PSN account, and you MUST create a new PASSWORD, and you WILL have to UPDATE to this new secure PS3 firmware if you wish to enjoy in the FUTURE newly released games!
There is also rumors that all licensed game developers are being shipped new SDK's, and that they are being forced to re-compile all the DLC addon's, and all their game patchs, before Sony will even think of turning on the new PSN network!
We Told You So! --- Seems Everyone Knew But Sony!
Originally posted by another user
[user12] I also know that the server that does the x-i-5 tickets is a bit more tight about the ciphers than any other system in sonyland
[user12] if sony is watching this channel they should know that running an older version of apache on a redhat server with known vulnerabilities is not wise, especially when that server freely reports its version and its the auth server
[user2] its not old version, they just didnt update the banner
[user12] I consider apache 2.2.15 old
[user2] which server
[user12] it also has known vulnerabilities
[user12] auth.np.ac.playstation.net
[user2] ya the displayed version u see via banner is not the real version
[user12] unless they updated it in the last couple weeks
[user12] I doubt that since its not trivial to change that
[user12] its a bit more invasive than just setting it to Prod like they do on their other servers
[user11] you know, watching this conversation makes me think about whether it was a good idea after all to buy a couple of games from psn using a visa card
[user2] its just backported security patches
[user11] i did remove all my info after downloading the games though
[user12] that is just psn not the store
[user12] they are running linux 2.6.9-2.6.24 on that box too
[user12] that too is old
[user2] lol @ buying on store
[user11] yes, but their general attitude towards security just seems…ugh
[user2] sony wont misuse the info i bet xD
[user2] but just prevent using cfw’s of unknown ppl
[user2] even better from ALL ppl
[user2] make ur own lol
[user12] so I doubt that they are spoofing the network stack on that box as well
[user12] my guess is that it really is undermaintained “it works why change anything”
[user2] could be
[user12] sony really should update that stuff to something more current
[user2] ya
[user2] but imagine
[user2] psn == 45 environments
[user2] and for example
[user2] every env has 50 subdomains
[user2] to external machines
[user2] its rly rly huge
[user2] who wants to do this xD
[user2] ppl r lazy
[user2] wont change
[user12] if sony is watching this channel they should know that running an older version of apache on a redhat server with known vulnerabilities is not wise, especially when that server freely reports its version and its the auth server
[user2] its not old version, they just didnt update the banner
[user12] I consider apache 2.2.15 old
[user2] which server
[user12] it also has known vulnerabilities
[user12] auth.np.ac.playstation.net
[user2] ya the displayed version u see via banner is not the real version
[user12] unless they updated it in the last couple weeks
[user12] I doubt that since its not trivial to change that
[user12] its a bit more invasive than just setting it to Prod like they do on their other servers
[user11] you know, watching this conversation makes me think about whether it was a good idea after all to buy a couple of games from psn using a visa card
[user2] its just backported security patches
[user11] i did remove all my info after downloading the games though
[user12] that is just psn not the store
[user12] they are running linux 2.6.9-2.6.24 on that box too
[user12] that too is old
[user2] lol @ buying on store
[user11] yes, but their general attitude towards security just seems…ugh
[user2] sony wont misuse the info i bet xD
[user2] but just prevent using cfw’s of unknown ppl
[user2] even better from ALL ppl
[user2] make ur own lol
[user12] so I doubt that they are spoofing the network stack on that box as well
[user12] my guess is that it really is undermaintained “it works why change anything”
[user2] could be
[user12] sony really should update that stuff to something more current
[user2] ya
[user2] but imagine
[user2] psn == 45 environments
[user2] and for example
[user2] every env has 50 subdomains
[user2] to external machines
[user2] its rly rly huge
[user2] who wants to do this xD
[user2] ppl r lazy
[user2] wont change
So there you have it all in a nutshell, the system was totally unsecure, and fully outdated, and Sony was just being infact lazy in doing anything about it!
[video]https://youtu.be/Cwn4R_GexLM[/video]
You must login or register to view this content.
04-28-2011, 11:34 PM
#2
LiveLongDieHard
Space Ninja
it stayed secure for 3 yrs but i think ur right they just didnt want to update the security system
04-28-2011, 11:36 PM
#3
jeffers07
Climbing up the ladder
Originally posted by sky232002
it stayed secure for 3 yrs but i think ur right they just didnt want to update the security system
They lazy they just left it coz the thought it was fine obviously not where your saving users details in plain text.
04-28-2011, 11:49 PM
#4
itzCodzilla
Brute
Well I'm glad Sony is stepping it up, I hope that after this they will come back stronger then ever and be better then 360 because frankly I hate using the shitbox :/
04-29-2011, 01:03 AM
#8
Xx-My_G-xX
Haxor!
Originally posted by sky232002
it stayed secure for 3 yrs but i think ur right they just didnt want to update the security system
it didnt stay secure for 3 years, it just didnt get hacked for 3 years lol
04-29-2011, 01:34 AM
#9
midnightClub543
Little One
you know, when the ps3 was released this might have been a good security system, as time passes it becomes unsecure, sony was obviously lazy but im pretty sure that the first psn probably took over 6 months to become fully operational, so you guys should stop whinning about the time sony is taking to set up the servers because in reality they are doing it faster than they are suposed to to hold as many ppl psn holds, and in the end the service is FREE so we really shouldnt be hating on sony.
The following user groaned midnightClub543 for this awful post:
04-29-2011, 01:58 AM
#10
getxscared
Space Ninja
Originally posted by sky232002
it stayed secure for 3 yrs but i think ur right they just didnt want to update the security system
I have a feeling that they could have been hacked very soon after the initial release. They just hadn't pissed anyone off enough to make them do so. Their war on hackers and $hitty treatment of consumers was most likely the main catalyst for the attack.
The following user thanked getxscared for this useful post:
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
