We saw them bitching about the so called circumvention access to their console but not on their complete hacked to our daily PSN activity? Yes, apparently Sony is playing their balls too with over 69 million registered PlayStation Network members.
Yesterday, a well-known hacker claiming that he had a success in decrypting 100% PSN functions and able too get an idea what’s really going on in terms of Sony’s PSN server daily basis operation. I am extracting the information i get from the chat logs they have been discussing so you can understand how Sony treat your privacy – in a list.
- They leech all the info they can get from your console, even what devices that are connected to your PS3, the information in your USB drives, TV, just about anything you can imagine!
- So, you thought all this time the highly security information like credit card is sent encrypted? No. It is in a fucking plain text. Yes, in a plain text where people can spoof the network and steal it. Just like that.
- Example for a credit card in a plain text, creditCard.paymentMethodId=VISA&creditCard.holderName=Max&creditCard.cardNumber=4558254723658741&creditCard.expireYear=2012&creditCard.expireMonth=2&creditCard.securityCode=214&creditCard.address.address1=example street%2024%20&creditCard.address.city=city1%20&creditCard.address.province=abc%20&creditCard.address.postalCode=12345%20, cool huh?
- If you are still are not convinced, they are being stored online and updated each time you hit the login button.
So, still wondering whether to buy those expensive PSN cards?
We still not done yet though. The hacker that i mentioned earlier also revealed a function where he can enable to get all the games, DLC, you name it at the PSN Store for free. Something like he can turn off the drm. Well, they’ve demonstrated it on their PS3 now the security fail continues in their PlayStation Network. Fair enough for me.
You can read all the chat logs below where you can notice the hacker and other persons are named as user1, user2, user3 etc. We don’t want a “Geohot treatment” for the people in the log who revealed a really big secret here. I called it, “PSN Epic Fail” IRC chat.
“PSN Epic Fail” Chat logs
I really think he’s just pulling this one out of his rectum.
Then again, I can be the most wrong person here now.
But only time will tell where the vicissitudes of one’s fate can lead to.
i think using JB/CFW on PSN with real information and credit card was totally suicidal, cause they know everything, so u cant say “someone else did it on my PS3, not me”
THIS is the reason Sony is trying to sue Geohot and the rest. It was to scare people away from the machine so that the couldn’t see how illegal Sony was being. Now Sony’s officially fucked.
Damn I want this hacker to be my PSN friend
He should make a fake PSN store application.
FAIL FAIL FAIL FAIL FAIL!!!!! still dont need psn
Fuck PSN! it aint worth shit! the only thing worth bying on PSN is DLC’s and old PS1 games. and most DLC’s can be bought in disk packs in most gamer stores.
Half the PS3 community rely on it for multiplayer.
Shooters, fighters, racing, even RPGs like Demon’s Souls.
By the way…you BUY old PS1 games?
You can download an ISO or ROM of a game you legally owned before, you know?
Yeah, but you cannot really use ISO or ROM on PS3 yet. Hope, there’s coming sometime an emulator update for PSX-related games.
…and further: Who gives a f*ck about multiplayer on gaming consoles? I see it on my nephews, who are playing online on the PS3. The pool of online playing people on gaming consoles is mostly under 18, especially for shooter games. It really doesn’t make fun at all and i have really to ask myself everyday, how it can be fun to play a shooter with a joystick?
Well, however, it’s just my opinion.
I personally don’t give a shart about PSN and defiantly don’t pay for xbox live. Xlink works great for online multiplayer and a group of us do more weekly lan parties lan playing online. Gaming, beer, food and fun two days a week…. never get tired of it. Anyway, I was forced to ditch OtherOS for PSN awhile back and now I have my Linux back on and running so sony can shove PSN.
This is an epic FA1L 0VERFLOW
I wonder if it is SKFU? Someone mentioned a psntool of some sorts…
Last time, in December 2008, when they were caught collecting data on 30,000 children under 13-years old without obtaining parental consent Sorry had to cough up $1 million dollars to the US FTC.
http://news.cnet.com/8301-1023_3-10122375-93.html
I’m just wondering how many data collection/privacy laws in how many countries they are breaking this time. They could probably avoid most issues if the data is never stored for longer than a few minutes. But the data would still need to be securely transferred from customers PS3′s to Sony. Considering that they are currently transferring credit card details in plaintext, this is already multiple legal actions waiting to happen.
Ma piantiamola di dire cazzate per cortesia…
I hope that some people took my advice I gave last year… If not, there could be a tsuami waiting for them to clean up the shit that had hit the fan of ps3 fail.
To sum it up again:
- info is sent to Sony without login
- they can see you playing backups, homebrew, CFW, faking through proxy etc.
- a lot of info is plaintext or easily decryptable
- changing a version TEXT isn’t enough to go online spoofing on PSN
- the security issues work both ways: people can steal from Sony, other people can steal from you, information can be gathered by others for abuse
- fuck PSN and expect Sony fuck you back waving a TOS and banned consoleID
Facts:
Sony is apparently spending more money on wiping their ass than on security. If it works, it never gets fixed (random=fixed, fw holes, server upgrades etc).
When security failed, they’ve spend more money on lawsuits and bans than on security (while giving users FW with new bugs they didn’t fix: 3.56-2nd).
The more shit that hits the fan, the more counteractions you can expect from Sony.
Privacy and other basic civil rights means nothing for big corporations like Sony.
Game developers/publishers, stockholders etc. will demand action from Sony, everytime a new breach is in the media (e.g. Killzone 3 leaked/played on CFW+BM before releasedate) to secure the platform/investment.
Expect this (notice & mail)
Show »
urls quoted from above log:
- a0.[CC].np.communication.playstation.net
- updptl.de.np.community.playstation.net (203.105.78.148) PS-NET Tokyo – Japan [203.105.76.0 - 203.105.79.255]
- CN=*.*.np.community.playstation.net
- auth.np.ac.playstation.net (199.108.4.73) SOE San Diego – USA [199.108.0.0 - 199.108.15.255]
——————————————————————
URLs from my old warning message:
fus01.ps3.update.playstation.net > Update Server (sys updates) (62.41.85.17) akamai-ipt [62.41.85.0 - 62.41.85.127]
mercury.dl.playstation.net > What’s new ads (92.122.217.176) akamai-pa [92.122.212.0 - 92.122.219.255]
nsx.np.dl.playstation.net > playstation store preview (92.123.65.88) akamai-pa [92.123.64.0 - 92.123.67.255]
nsx-e.np.dl.playstation.net > ads (198.107.158.163) San Jose CA USA [198.107.156.0 - 198.107.159.255]
(main file exchange connections)
us.np.stun.playstation.net > on boot initiates connection (198.107.130.129) San Jose CA USA [198.107.128.0 - 198.107.131.255]
ena.net.playstation.net > SSLv3 connection after above connection (198.107.158.166) San Jose CA USA [198.107.156.0 - 198.107.159.255]
dus01.ps3.update.playstation.net > secondary update attempt (could force updates) (87.248.201.141) Tempe AZ USA [87.248.194.0 - 87.248.223.255]
auth.np.ac.playstation.net > SSLv3 authentication server (199.108.4.73) SOE San Diego – USA [199.108.0.0 - 199.108.15.255]
(destination servers)
service.playstation.net (has multiple IPs if only the ip address is blocked)
(Error Reporting)
creepo.ww.hl.playstation.net (uploads crash reports etc.)
———————————————–
@mrpauldurden and others : The problem is not only the invasion of privacy, but also the lack of secureness they seem to handle sensitive customer information even when it is bound by international ruling and internal guidelines by financial corporations like creditcard company’s. Ever since Sony removed OtherOS, forced honest consumers to either Linux and loose gaming, PSN or the use of (legal) circumvention tools to disable updates and downversion games by SFO and EBOOT.BIN editing it was the trend of Sony to portray these paying/buying costomers as pirates.
For years Sony have been spying and prying into our homes, even at persons who do not even have a PSN account nor seen the TOS they are waving with in the courtrooms.
We OWN the computers that we buy, we did not lease it, nor did we choose to live on a leash of a big ‘brother’ corporation.
I think we should sue them… they have my details and I have been scammed for $900…
Apparently I have bought a bravia TV from them for that much!!!
Things like this make me glad i have no use for the psn. FUCK PSN! Thanks to all the hackers exposing sony’s epic fail after epic fail!
Usual PS3 scene overhype
1. Of course they transmit your credit card details, how the fuck else do you purchase games.
2. Just because this data is transmitted to Sony does not necessarily mean that they store it.
3. They are not sent as plaintext, they are sent over SSL.
4. Read the PSN TOC again, You gave them the right to do this.
Whos got like me the mail of sony because of cfws ?? So, the hacker had full access to the psn, he should be able to sent all the mails to psn user with the original email adress
This is the worst written article, ever.
I admit, so i rewrote back the article, i hope it is not worst now
Can PS3′s be connected via other means besides PSN? With all the hacking going on, why doesn’t someone find a way to play on private servers and eliminate the need for PSN all together. Please forgive me if this is already being done, as I have never heard of it.
its called xkia link or something like that i believe i have been seeing some other posts that mention this
haha ! now all the ppl are in risk , 3.55- or 3.55+ , that’s it guys .. PSN is dangerous even for legal players !! if SONY want to recover from this .. the only soloution I find is , New decryption system , New servers , New CONSOLE !
BUT , sony is expanding their PSN as “PSS” for android , bravia , and soon on every electrical circuit ! so that’s it .. SONY started as a small shop after WWII … I can see it closing the playstation division after WWIII
Someone should post a FULL log of sniffed data on console launch / connect to psn, only masking sensitive info. The truth must be shown. Alone we are vulnerable, easy targets for multi-billion $ corp, but together, we are legion.