PSN Hackers' Chat-logs?

By Lo-Ping - Tue Apr 26, 11:13 pm

Want to know the inner-workings and mindset behind PSN’s latest downtime fiasco?  Well look no farther!  Read up on the Chat Logs for the initial hack with CFW and PSN that eventually lead to our current demise.  Chat posted in it’s entirety after the jump.

Of interest: Try to note the number of users,
and the methodology and mindset of their attack.
Upon reviewing the thing in it's entirety,
you'll  see that they're not the "Freedom
Fighters" they claim to be, but nothing
more than either common criminals or SUPREMELY bored teenagers.  You can
practically smell the angst in some of the postings.


<user1>  xxx: I don't think there are many people involved in circumventing
PSN access in /this/ channel [ "application/x-i-5-ticket" reason=40 >
PSN error 80710101 ]

<user2>  talk about network stuff?

<user2>  nice

<user2>  i just finished decrypting 100% of all psn functions

<user3>  :)

<user2>  you can forget all the history wiper and log remove apps

<user2>  theres a independant check

<user2>  which transfers all games and their playtime

<user2>  every time you login

<user2>  you can modify it like the firmware version tho

<user2>  it looks like:

<user2>  <info titleid="BLUS30034_00" disc="18cf5fc49cb4ac7ae9519d5062712350"
boot="2011-02-03T20:35:09.00Z" playtime="8875" />

<user2>  aswell they can detect backups this way

<user1>  hash is eboot.bin to check for version?

<user2>  if you use a backup it will look like this:

<user2>  <info titleid="BLUS30034_00" disc="00000000000000000000000000000000"
boot="2011-02-03T20:35:09.00Z" playtime="8875" /

<user4>  user2, is that in data sent to a0.[CC]

<user2>  sec lemme check

<user4>  im still collecting all the data


<user2>  thats the server

<user3>  user2: what about Blu-ray Master Disc/BD Emulator ?

<user3>  since, i use those features legitimately

<user2>  on debug or retail?

<user2>  i didnt check all on debug unit yet

<user2>  so no clue if it sends discid for bdemu

<user2>  but sony is the biggest spy ever lol

<user2>  they collect so much data

<user1>  true

<user2>  all connected devices return values sent to sony server

<user2>  example:

<user3>  user2: Debug models of course :)

<user2>  ><info category="76">32&apos;&apos; TFT-TV</info><info category="77">OEM</info><info category="88">release</info><info category="89">cex</info>

<user4>  i cannot find my PS3 connect to host with 'updptl' in the name

<user2>  returns tv, fw version, fw type, console model

<user2>  also i found data it collects when i had usb device attached etc etc

<user2>  so if they ever sue someone for psn stuff, they will be sued
themselves as most of the data they collect is just not legal

<user4>  user2, at what time does it connect to that host?

<user4>  during the PSN logon?

<user2>  sec i check

<user5>  user2 how can you modify that data?

<user6>  user2: do you now know enough to wipe all traces so that people
who never had their consoles on the internet can avoid sending this
information now? :)

<user4>  no DNS request for a host with 'updptl' in the name in my packet
captures :-\

<user2>  @user5: it sents directly after user profile load and sometimes; -
it seams random, just when u play a game or anything

<user4>  ohh

<user2>  @xxxx: we could modify the data via proxy between the tunnels,
like delete all data between the xml tags <info> or somehow

<user5>  oh so its not on the ps3 hdd itself?

<user6>  user2: aha, so this information is actually encrypted?

<user2>  ya

<user2>  the list is stored online

<user2>  and updated when u login psn and random

<user5>  damn

<user6>  but where is it stored before that? I have never been online
with my ps3...

<user6>  so it must be somewhere

<user5>  was hoping it would be on the ps3 hdd

<user5>  then lock it or so

<user1>  the only avoidance is block all *

<user2>  MAYBE - i rly dont know - it doesnt save it at all on hdd

<user2>  so only transfers the games and stuff in one ps3 session when
you go online

<user2>  so if u have ps3 offline and play a game, then shutdown and
turn on again

<user2>  it MAY not transfer update

<user2>  cuz i didnt find any info for that list on hdd

<user2>  it could be that its used for online playtime or psn logged in

<user2>  aswell you should never ever install a CFW from someone unknown

<user2>  cuz its way too easy todo scamming at this point

<user2>  for example:

<user2>  creditCard.paymentMethodId=VISA&creditCard.holderName=Max&
example street%2024%20&

<user2>  sent as plaintext

<user3>  uh

<user3>  did you censor that card?

<user2>  ya its fake

<user3>  good

<user1>  wow, plaintext :S

<user5>  plaintext wow

<user3>  im never putting in my details like that

<user2>  ya is all fake lol

<user2>  i never used cc on ps3

<user2>  normally you ATLEAST enccrypt the securtity code, even if its ssl

<user5>  id hope sony would do such in a safe manner

<user5>  psn cards probably plain text to then

<user2>  fake certs are known since years as vuln so companies encrypt
such data twice normally

<user2>  but hey its sony --> its a feature

<user5>  lol

<user7>  lol

<user5>  yeah if you go public with your info they either remove the
store or psn all together

<user5>  as an update

<user6>  I doubt it :P

<user7>  from all the actions they've taken the past years, we can only
deduce that Sony don't care about their customers

<user2>  impossible

<user7>  :)

<user2>  they wont update their whole psn lol

<user6>  but this should really get out there, but I guess it's on in a matter of minutes already ;)

<user5>  3.60 removal of psn

<user2>  i know a few guys who worked @ sony's psn backend. just when
the ps3 was released we talked bout the first psn, at this time ALL was
http and unencrypted. so you could see userpass etc plain. i asked em
why is it that way. lame answer was "we thought it was adressed." - lol

<user2>  sony qa --> trainees

<user8>  that fits nicely into the "#define rand() 4" mentality. ;)

<user2>  yep

<user3>  or more of

<user3>  ECDSA_PRIVATE_KEY privateKey;

<user2>  lol

<user3>  and PrivateKey is in a header file

<user3>  and it's static

<user2>  xD

<user3>  and ECDSA_RANDOM in a header file

<user3>  and so on

<user2>  another funny function i found is regarding psn downloads

<user2>  its when a pkg game is requested from the store

<user2>  in the url itself you can define if you get the game free or not.
requires some modification in hashes and so on tho

<user3>  ..

<user2>  is like

<user8>  :D

<user3>  my god

<user2>  drm:off

<user5>  lol

<user2>  lol

<user1>  :facepalm:

<user8>  well, that's one way to offload the server.

<user2>  still wondering when the big ban wave arrives :D

<user1>  if they ban everyone, even using backups legally in their country
(but in their opinion a TOS violation), it will be a huge tsunami, not a

<user10>  ask ur friends :P

<user2>  prolly they take it like it is now, unstoppable anyways

<user2>  new firmware to ban all further actions and done

<user4>  an open psn would be nice

<user4>  even if it was just a player matching service

<user2>  ya

<user9>  a PSN host by the community :)

<user3>  that actually could be perhaps possible

<user3>  if you can get auth working

<user3>  and all

<user3>  a new np environment

<user2>  the friend list management is easiest

<user2>  simple jabber server

<user11> don't some games use their own servers?

<user1>  some use p2p

<user11> which check from the official psn servers whether you're logged
in and who you are

<user2>  imagine the traffic load :D

<user2>  whod pay this xD

<user11> yes, but even p2p games do use publisher or sony provided servers
for matchmaking

<user3>  NpCommerce2

<user12>  I am getting behind everything on doing my security analysis

<user12>  started a couple months ago monitoring SSL stuff, and theen got
distracted with blackops and havent pursed it, seems a lot of people are
starting to take interest in it now

<user2>  and regarding matchmaking and lobby systems

<user2>  the functions built in firmware and/or game

<user2>  how would you answer them

<user2>  the server side code we dont know of

<user12>  some stuff appears to be in lv2 and not in sprx for network stuff

<user2>  so we can not create proper answers

<user12>  you can try to analyze the protocol and say "if X then Y" type
responses the problems come up when you get something you haveent seen

<user12>  that was done with counterstrike for example so that people could

<user12>  so its not entirely impossible although it is time consuming

<user12>  sometimes its happy accidents, reason code 21 means bad cipher,
51 bad firmware version - for x-i-5 tickets for example

<user11> wasn't cs/hl server software available for anyone to download even
back then?

<user6>  anyone found a way to change DVD region on ps3 yet, btw?

<user11> for psn you can't even get binaries for the server side

<user5>  user2 i remember some months ago you made a psntool with a psn
messenger in it but not yet functional is that still being worked on?

<user12>  but for stuff like that the ticket has to exist on the psn side
of things because if I send my ticket to a vendor server they will validate
it against psn and if its not there it will fail

<user1>  xxx: wasn't syscall 0×363 0×19004 3rd byte usefull for that?

<user2>  @xxxx: at this time i could finish the tool yes but im not sure
if it is useful at all

<user12>  xxxx: no but you can monitor traffic, even send some "bad" things
and watch the responses... I discovered x-i-5 reason code 21 by accident,
I did not force my proxy to mirror the cipher that the ps3 presented

<user2>  i mean why would someone want to chat with a someone on ps3

<user2>  while any1 anyway have msn/icq/aol

<user12>  know this, sony in realtime, monitors all messages over psn

<user12>  I verified that, its part of my privacy threats thing I am doing

<user5>  ok too bad id like the psn messenger on pc

<user12>  the realtime monitoring is a bit bothersome to me

<user6>  user1: such information is quite useless to me, as I'm not that
into the technical stuff :) was more hoping someone had an easy way to
do it.. like a DVD region changer or something.

<user2>  @user12: the realtime jabber monitoring as most likely for
realtime censor of messages

<user12>  they appear to have at the very least keywords they look for,
not sure just how invasive the whole thing is, but ...

<user12>  well they have osme odd things in there

<user11> yeah they have that dumb automatic word filter

<user4>  the censor word-list is ridiculous

<user13>  psn messenger would be helpful, just yesterday was killed 2
times when typing response on the message + its so slow loading

<user12>  a psn code that is not really valid if you sent that via email
it becomes valid but you cant add funds to your wallet. The fact that
emailing that code to someone makes it valid for you is odd ... why
monitor that code?

<user11> which makes it much more difficult to have a sensible
conversation in languages other than english

<user12>  why change its state on sending it?

<user12>  the censor words in home is on your system, it downloads a
dict list of words

<user12>  an empty file resolves that

<user2>  tryin to find my jabber logs... >.<

<user12>  so it only censors on receipt not on transmission

<user12>  dunno how the other stuff does it

<user12>  mostly because I have yet to look

<user12>  now you have me curious I am gonna go redo my network a
little bit to start monitoring again :)

<user2>  btw aswell a reason AGAINST pc to ps3 messenger is spam

<user2>  cuz there actually is an easy way to get userlists

<user2>  would fuck psn pretty hard if some skiddy releases a spam app

<user2>  the highscore and matchmaking lobbies you can request per game
id and get user mails for psn

<user13>  ugh, yeah

<user2>  huge list + spam app == sux

<user3>  argghhhh

<user3>  why do my trophies never sync to np

<user2>  anyway sony just would have to open a port on the jabber server,
so you could login with icq

<user5>  lol

<user2>  and we all know what happens if cool homebrew arrives, remember
open remote play

<user2>  sony just releases an official tool lol

<user12>  thing is the more people do things and discuss what they do and
explain how to do it the more likely sony will lock down psn in the future

<user2>  psn is a core feature of ps3

<user12>  making it harder and harder to do anything, like using older
firmwares to log in, that will probably be the first to go away

<user2>  they would be sued like with otheros

<user5>  yeah but they also blocked open remote play

<user11> user12: that already went away, didn't it

<user12>  if you are not running current firmware you do not have a right
to psn

<user11> user12: even for debug users

<user12>  not really, not yet anyway

<user12>  3.56 did not break it but the next release might

<user12>  especially because it stops people running backups and other
stuff on psn

<user11> well i mean 3.41

<user2>  ya would be all possible for them

<user12>  not sure what, if anything, changed with 3.41

<user11> you used to be able to sign in on debug 3.41 until someone
released that psn enabler hack

<user2>  one way more difficult than the other so i think they first
will go on with backup ban on psn

<user11> even though 3.42 and 3.50 had already been released

<user2>  via playlists and stuff i meantioned before

<user2>  a secure way to fix it would require firmware and server
update tho

<user2>  wondering what prevents em of this way

<user12>  I just got a new ps3 yesterday, has 3.40, gonna put 3.55 on it
and do my work

<user12>  I *might* try with 3.40 and see if I can do enough of my work,
that would make it somewhat harder though

<user1>  banwave possibly, new FW + plus they still need to fix that
3.56-1st/2nd harddrive exchange bug in the next version

<user12>  because my work is specialized and very limited in scopee

<user2>  the psn has 45 environments all working independant

<user2>  prolly that is the reason

<user2>  we could just change to another environment

<user2>  and they also need to have an eye to the official developers
which use environments too

<user2>  and the qa

<user2>  which needs to work with older firmware sometimes

<user2>  so they cant update all environments and block all

<user4>  probably so much ITIL process management so they can't fart
without a work request

<user2>  hehe

<user12>  the way that people are getting on now is to change the user
agent in the login request, well x-platform-version specifically. but
if the x-platform-passphrase changes in how its constructed then its
easy to detect people trying to use an older firmware

<user2>  they can even without the xi

<user2>  as the firmware version is in a lot more requests than the auth

<user4>  version is sent to the getprof servers also

<user2>  ppl change only the xi one atm

<user4>  and ena.

<user2>  but its in netstart, xi, game starts

<user12>  I understand that part of it, I was just talking about x-i-5
auth stuff

<user2>  many many functions send the real fw version

<user2>  but only xi5 is checked

<user12>  I realize that many functions send the fw version, anything
that uses libhttp.sprx does

<user2>  ya

<user12>  remember I have been donig this for a couple months

<user12>  even wrote software that lets me do the ssl parts on the fly
instead of to a fixed server, mirroring the CN of the real server

<user4>  what is the data in xi5 at 0xC0 ->EOF ? some crypto/salt ?

<user4>  luckily they use CN=*.* which saves
a bit of hassle, just calling openssl from your app user12 ?

<user12>  openssl libs

<user12>  not the app itself

<user12>  and I do it for *ALL* ssl connections in realtime

<user12>  so even if you use the webbrowser it will generate certs for
that too

<user4>  nice tool you made :)

<user12>  it is similar in function to "sslsniff" but mine works with
the ps3 and logs correctly

<user2>  for the first i think ppl should use a replace of all 3.5.5
and 355 strings but regarding to the user agent, else psn wont load

<user2>  user12 which certs u use?

<user2>  only 05 i guess ?

<user2>  CA i mean sorry

<user12>  user2: I use them all

<user12>  there is a place that the firmware version is in lv2 that is
not a "string"

<user12>  its 'decimal' "035500" not sure if its 32 or 64 bit in size

<user2>  btw u know the login url for auth is like:

<user12>  but that is not the ascii 3 its the decimal value

<user2>  &serviceid=IV0001-NPXS01001_00&loginid=MYMAIL&password=

<user12>  I have complete logs for the auth stuff

<user2>  did u already change the "first" param?

<user2>  i wonder what it does

<user12>  first=true is only there if you had not previously loggged
into psn

<user2>  ah ok

<user12>  its missing if you were previously logged in but you need a
new ticet

<user12>  ticket

<user14>  hi

<user14>  please not connect

<user14>  to external dns ip

<user14>  with your ps3

<user14>  your passwords and email and other data is revealed on the
external side

<user12>  which you need for each service id that you need one for,
meaning if you sync trophies you get 1 ticket, when you play a game you
get a 2nd ticket, when you watch netflix you get a 3rd

<user14>  spam people can use this info

<user12>  most likely if they are mapping that host

<user12>  if its just the firmware check then no, because there is nothing
private sent in that http (cleartext) request

<user12>  so it depends on what hosts they are looking at

<user14>  to start a spamming attack

<user2>  hm didnt check that ticket stuff yet

<user2>  as when i used a ticket

<user2>  for a test POST

<user2>  i worked with 1 only

<user2>  and always worked

<user2>  prolly many to identify the service

<user12>  the ticket is sent to say a game, netflix, etc. anythibng that
uses psn. That way you do not send credentials to anyone but sony

<user2>  if its like u say then this is another vuln lol

<user2>  cuz as i tested if always first ticket works

<user2>  you could hijack a session

<user2>  the ticket and session i used didnt timeout

<user2>  and if it always creates a new ticket as u say

<user2>  there would be many sessions

<user12>  I also haave yet to monitor how long the tickets are valid for,
I know that the ps3 does not reuse them between apps but that could just
be the way its coded (they might be valid even though a normal ps3 will
never reuse)

<user2>  for one user open

<user12>  it may invalidate old ones on issuance of a new, I never looked

<user12>  I just know that I saw it getting one at app launch

<user2>  hm wierd with the tickets

<user2>  i know the ticket is build outta few params

<user2>  the serial

<user2>  the userid

<user2>  issueddare

<user2>  service id

<user2>  online id

<user2>  many many :P

<user12>  I also know that the server that does the x-i-5 tickets is a
bit more tight about the ciphers than any other system in sonyland

<user12>  if sony is watching this channel they should know that running
an older version of apache on a redhat server with known vulnerabilities
is not wise, especially when that server freely reports its version and its
the auth server

<user2>  its not old version, they just didnt update the banner

<user12>  I consider apache 2.2.15 old

<user2>  which server

<user12>  it also has known vulnerabilities


<user2>  ya the displayed version u see via banner is not the real version

<user12>  unless they updated it in the last couple weeks

<user12>  I doubt that since its not trivial to change that

<user12>  its a bit more invasive than just setting it to Prod like they
do on their other servers

<user11> you know, watching this conversation makes me think about whether
it was a good idea after all to buy a couple of games from psn using a visa

<user2>  its just backported security patches

<user11> i did remove all my info after downloading the games though

<user12>  that is just psn not the store

<user12>  they are running linux 2.6.9-2.6.24 on that box too

<user12>  that too is old

<user2>  lol @ buying on store

<user11> yes, but their general attitude towards security just seems...ugh

<user2>  sony wont misuse the info i bet xD

<user2>  but just prevent using cfw's of unknown ppl

<user2>  even better from ALL ppl

<user2>  make ur own lol

<user12>  so I doubt that they are spoofing the network stack on that
box as well

<user12>  my guess is that it really is undermaintained "it works why
change anything"

<user2>  could be

<user12>  sony really should update that stuff to something more current

<user2>  ya

<user2>  but imagine

<user2>  psn == 45 environments

<user2>  and for example

<user2>  every env has 50 subdomains

<user2>  to external machines

<user2>  its rly rly huge

<user2>  who wants to do this xD

<user2>  ppl r lazy

<user2>  wont change

Interesting stuff to say the least, why not discuss it on our forum?


Comments -49 - 0 of 23First« PrevNext »Last
  1. 0

    hells yeah and hope they get wats comin to them

  2. 0

    what are u talkin about yeah sony had to pay up to the people who lost money but usin that in this kinda light makes u look like an asshole why do u think sony payin money is a triumph wow thats real bad

  3. 0

    I have played Playstation since i was nine, I have always respected Sony and the products they make but for the last week i feel angry yes i know hackers are responsible and sure that could be anyone im not sure whether its the people in this Chat log or whether say anonymous is responsible or if its a completely new hacker group, I am also slightly annoyed at my fellow psn users quick to shout at anyone or believe everthing is fact all we are to know is that it was an intrusion by an unknown person. I am annoyed at sony for not giving more information into who is responsible? who has my Personnel information? Can we change our online i.d and keep our download list? questions i hope will not go without being answered. i am glad they are issuing a welcome back process when psn is restored but i will disagree with anyone who says it will make up for it yes maybe it will make up for the time lost which is fair but for the worry some people are going through i don't think so.

  4. 0

    What's with all the "get a life comments" for the hackers? Or that they were "bored"? Some people play video games for fun… for others, this is what is fun for them. Reading the logs they sure didn't SEEM bored or malicious. Just systematic in their approach of reverse engineering as they played their own game.

    I mean did anyone read the chats about Sony transmitting data in plaintext?? That's not expensive to fix, that just takes a brain.

  5. 0

    hahah all of you guys are pathetic right now. no reason to get so hostile…. and who ever said something about pc gaming omg… haha wow lol come on hacked like what every othe effin day. Everything gets hacked but the hackers went a lil to extreme with their proving a point theory and honestly… there should be consiquences… so everyone needs to shut the f up

  6. 0

    Wow, this seems pretty legit. Thanks for posting. I haven't been on PSN since all this started, and noticed they were offline a week ago. After I tried to log in today….I knew something was up. After sifting through articles I came across this….seriously I think my high school had better server security. And I graduated in 2004…

  7. 0

    I think it´s good that they have high lighted the security issue and that Sony is sniffing connected hardware/firmware in secret.

    Ive contacted my bank and they are sending me a new card. 😉

    Good work! You make may day shine 🙂

  8. 0

    Dude, it's all about power. I don't know a thing about hacking, but I know this, bringing down an entire system has to bring some gratifying feeling along with the effort. Companies sue hackers because they want to exercise their power and send a message. I have a ps3 and I use the PSN as much as anyone and I still have a small appreciation for what what these hackers were capable of doing. But as much as SONY has to has to answer for this, I don't think there's any question that these people deserve jail time. Exploiting PSN's defenses isn't a good reason to hack into PSN's defenses, at least it won't be good enough in court.

    I'm a writer, I know it has little in common with hacking (debatable) but there are times when I zone out and stop caring about shit. What's to say that a hacker doesn't get into a zone where all consideration for FUCKING MANKIND goes out of the fucking window, and they decide to do something like this? What seems to be missing from these guys, in this particular moment at least, is a conscious. If you're gonna be good at something like hacking, you need something to humble you, like video games, or a girlfriend, or athletic abilities, something that can be at stake so that they think twice or three times about something like this. These people have a serious void in their lives.

  9. 0

    Kudos to Lo-Ping for this, btw.

  10. 0

    I've asked everyone I know from day one when I bought the PS3 3 years ago…. wtf is this credit card requirement bull?

    As soon as they relieved that requirement, I raced to my PS3 to remove any info I had.
    If something is free, there should be no reason I have to give you access to my money for it.

    I've been paranoid about Sony since then, buying only PSN cards, and chat with people over the mic.

    Everything else is dangerous ground. Some of yous need to open your eyes to the real world.
    Think about personal shit being on your phone yet?

    It's not paranoia, it's awareness. The technological grapevine is massive. Give out your cell # to a website, and they CAN charge you for a service you had no idea existed….and AT&T will comply with it and put it on your bill with no questions asked.

    My credit card only sees the ATM, pay in cash and there won't be a paper trail.

    I'm glad these hackers have done what they did. It's screwed me out of my Socom addiction, but the PSN will be better because of it, that's if Sony doesn't collapse after all of this.

  11. 0

    I hate to admit it but Sony had it coming, You dont see Apple or Microsoft suing people left and right for a reason. You just dont fuck with hackers, sure you have to protect your property but when you go out of the way to implement and idea that messing with the PS3 will get you sued and prosecuted, than you have a collective group of hackers that will do what it takes to expose YOUR own little charades.
    Weak security, no encryption of personal user info, negligence of customers personal info. Sony was aware of all this and never did anything, its like they didnt care about users personal info, us the very same customers that keeps them in biz.
    Than you got the harsh fact that Sony has been spying on us from day one, watching every move we do, and reading out messages, WTF? just because its a free service does not give them the right to spy on us.
    Another thing that really irks me is that Sony changes their terms and conditions at their own will, and no one can do anything about it, they get you to love their brand only to then control your every move with the console. If you complain over the phone with some rep, all you get is a basic "take it or leave it"

    1. 0

      "You don't see Apple or Microsoft suing people left and right for a reason."

      Apple is suing people like crazy they just started a lawsuit against Samsung for copying their interface design. Needless to say Samsung responded by countersueing for apple violating quite a few patents Samsung owned. To make things even worse Samsung is a major supplier of parts to Apple.

      Anyway, back on topic. It is purely sonys fault the quality in near all of their products is subpar and haven't bought anything from them in quite a long time.

      To the idiot who compared PSN to Windows and OSX, what were you even thinking? That's comparing apples and oranges.

      By the way before I am accused of being an XBOX fanboy I own neither an xbox or ps3 (nor wii) Also not a big of a fan of windows or OSX. Though gaming would be a bit trickier without windows so dualboot that and arch linux.

  12. 0

    No, PSN sucks, PS3 Is effing awesome.

  13. 0

    David, first, thank you for not being a huge tool when responding. I wish all posters could be like you.

    Second, these hackers posted what they found to the internet. Had the gone to Sony, they probably would have had their asses sued off. I mean, Sony doesn't exactly have an amazing track record with hackers, if you recall the recent court cases with GeoHot. And that was just for cracking their modding securities. Imagine their fervor when pursuing people who openly revealed huge weaknesses in their financial security.

    I'm not saying what these people did was right. I'm saying it was fully justified, though. This shit with Sony has gone on long enough, and I think they need to answer to their stockholders about their stingyness when it comes to the customer's security.

    1. 0

      Snips, you completely ignored the entire point of the GeoHot suit. The fact that Hotz created the jailbreak is not the reason he was sued… it was the fact that he posted the information on the internet so that many other people could use it that got the suit filed against him.

      If a person wants to jailbreak their PS3, more power to them. Keep it offline and JB to your hearts content. But when you post the how-to video on YouTube for millions to see, that crosses a line.

      I don't for a minute believe that, if someone had contacted Sony regarding methods of hacking into the PSN, that they would have been sued. Sony would have gladly kept that information under wraps and taken advantage of the ability to fix it, rather than deal with the type of PR hit they're suffering now.

      These people didn't post this online to anonymously "reveal" to Sony the holes. They did it so other people could recreate the same process they discovered. More power to the intellectuals who truly do these types of things for the personal learning experience, with no intent to damage… but posting it online allows the anarchistic element of society to take it and abuse it. And there's a whole lot wrong with that end of it.

      And honestly, I don't get the "money-grubbing" stance by you or anyone else. The PS3 is a powerful machine, which is why government entities are using it for it's processing power… that isn't free. However, the PSN is totally free. And the suit against GeoHot was dropped without monetary payment. How, exactly, is this company "money-grubbing"?

    2. 0

      these guys are idiots, to do this to so many people is a joke. all people want to do is play and have fun. if your not some scum bucket who cares if the goverment checks crap, just use the darn machine for what it was made for! PLAYING GAMES. not hacking into companys data base. people make me sick.

    3. 0

      That Guy, when you cut back on security features, it's not because you don't know how to do it. That excuse becomes illegitimate the instant you bring network engineers and technicians into the mix.

      The only other reason, then, is to save money. Encryption takes time and resources, and while on the individual level the cost of that is negligible, on a wide-scale network like PSN, that's expensive. By cutting back on their customer's security, they saved time and money on their end, a liberty that they should not be able to take.

      And somehow I doubt that Sony would take this quietly. Assuming the hackers made no threats, Sony would probably just rework the current system with a different encryption, because implementing a completely new security layer over an implemented network that large is extremely tedious and extremely costly.

    4. 0

      i agree with you and david completely if sony didnt have such a bad security system behind its servers then it wouldnt of got hacked in the first place and the fact that they withheld some infomation from it users was bull

  14. 0

    the hackers arent the ones to blame. sony is. if they wouldnt use shitty security, this never would have happened.

    -proud owner of a modded ps3-

  15. 0

    im only 14 its the holiday i broke ma leg 2 weeks ago and all ive got is psn immmmmm boreddddddddddd

  16. 0

    I agree with the other guys who are making sense here. The hackers are not there to steal your personal information. They're there to ruin a terribly designed network that puts millions of people at risk for account loss and even identity theft.

    Even worse, Sony KNEW about this information, and said nothing. That in itself is negligence on a massive scale, and those bastards didn't do a single thing about it.

    In regards to the schmucks who started bashing the hackers, talk about biting the hand that feeds you.

    1. 0

      Very easy to say for someone whose information isn't at risk. SONY definitely has a lot of explaining to do, and they owe a lot to us psn users. This is unacceptable.

      But to sit there and defend these guys is beyond me. If you know that SONY defenses were bullshit and you wanted to do something about it, then do your best to maybe get in contact with them find a way to make it stronger. Not sit their and laugh at them and plot. I don't know who these fuckers are, and I don't want them having a conversation with my info on their fucking desktops.

      It's like defending bank robbers because the bank's defenses weren't as strong as they should have been. They tool action that put people at risk, that's the point.

    2. 0

      David. If you want to compare these hackers to bank robbers, you would first need bank robbers who didn't steal any money, but just cracked the vault to test its security. If they went to sony with their concerns, sony would have most likely disregarded them in favor of saving the money and resources it would cost to upgrade security. Sony isn't dumb, they just like their money and figured low security was their best bet for max profit.

    3. 0

      Having read the conversation, it doesn't seem that their intentions were malicious. If I was in their position, and given the litigious nature of Sony, I probably would've discarded the idea to just "ask them nicely and hope that they won't sue my ass off"

    4. 0

      Device so small dont show up on exray.goes In ear an tallk with your lips closed .might be Involved john madin an thInk art biship as around

  17. 0

    PC Master Race.

  18. 0

    Sony: next time don't hire the lowest bidder to maintain your network security. You get what you pay for… obviously Sony wasn't paying enough for their infrastructure.

    Here's a life lesson:

    maximum profit = maximum risk

    Count on it.

  19. 0

    "Just shows how pathetic these hackers really are to go after the playstation network and sony itself."

    "These guys need to be taken out and shot at dawn!"

    Shows how ignorant you two really are. Seriously, did you even read the logs? It was thought that the info Sony gathered was protected properly. But Sony assumed that one layer of protection (SSL) was enough, when seriously, two layers of protection should be integrated to ensure MITM is further mitigated.

    All of this information was gathered through the PS3 itself and LEGITIMATE reverse engineering.

    As far as hacks go, the PS3 maintains synergistic security through controlled hardware and software which is locked-down in nature, while the two general purpose OSes mentioned in your example are not.

    Comparing Windows (OS) to PSN (Networked Set of OSes/Apps) is comparing apples and oranges. Try comparing Microsoft Update and PSN….

  20. 0

    These guys need to be taken out and shot at dawn!

    And as for u snips – u SHOULD own sony products, they are great! Everyone gets hacked – I assume u wrote yr silly ass comment on a PC? Windows gets hacked EVERY DAY 100x worse than psn u retard! And if u were on a Mac, that shit gets hacked as well stupid git!

    Americans are such retards

    1. 0

      Oh, sorry, I didn't realize this was a site dedicated to whiny Sony fanboys. I'll take my non-homicidal views of those who try to break down a company that has dedicated itself to making overpriced bullshit that is less secure than a hooker on a bad weekend after a notably bad coke binge elsewhere.

      And you assume I'm an American?
      And a retard?
      I'm confused, because as of yet, I'm the only commenter who hasn't suggested murder. That usually defines someone as the most sane of a group.

      Get @ me bro

    2. 0

      And what are you? The local British village idiot? Go watch your royal wedding, pesant.

  21. 0

    Bored teenagers? Angst? Sounds like someone's butthurt that Sony created a unsecure network that you've been submitting private and vital information to.

    Reading this has confirmed to me how terrible Sony's business practices are. Thank God I don't own any of their products.

  22. 0

    Interesting that Sony is so lackluster with basic security protocols it's sad, seriously Sony? Outdated versions of vulnerable servers. It's also ironic that no one would of tried hacking the system fully if they hadn't of removed otherOS.

  23. 0

    Just shows how pathetic these hackers really are to go after the playstation network and sony itself. These hackers need to be prosecuted and arrested for breaking several laws. Something needs to be done to protect the millions of people who use the playstation network and online services. I don't blame anonymous for this, i think it's more teenagers getting a kick out of stealing consumers credit/debit card and bank information.

    1. 0

      I am not a hacker but i see the opposite that, Sony evidently made very little effort to protect the system this was always going to happen.

      I applaud the hackers for showing how lazy sony were and how uncaring they were of people's personal information.

      Also i never put my credit card details into PSN knowing that it was a free service and sony were never going to dip into their own pockets to pay for system security, Xbox on the other hand have available revenue for continued system security.

    2. 0

      HA, I have had my card info stolen off of XBL on more than one occasion. Dont give me this crap that because you pay for it therefor its better. LOL! Microsoft just realizes that people like you are so stupid as to pay for online play. BTW i am a PC gamer, and i realize that paying $50 a year is 100% useless!!

    3. 0

      Little teenagers? You must be joking. These hackers are profesionals. They're good at what they do, and belive me, hacking the WHOLE of psn takes way more skill then anything you do.

Comments -49 - 0 of 23First« PrevNext »Last

Leave a Reply