Combichristoffersen
Combovers don't work when there is no hair
ULTROS! said:
Hitler started WWII.
Yuck Fons.
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
PSN Hack Update: FAQs in OP, Read before posting
- Thread starter Killthee
- Start date
- Status
Hitler started WWII.
Yuck Fons.
It really depends on how Sony designed their credit card processing system.UberTag said:
If they did it the sane way, the credit card processing (and storing) is done on a separate network and the PSN server themselves only store the id of the card as it was stored on that separate server. That way only (highly restricted) people who have access to the payment network can get the actual CC numbers. This is the type of network that should allow for NO outside AT ALL (except for the actual webservice of course), if there is an issue on such network, you go there and connect to the servers locally.
jim-jam bongs
Member
Blimblim said:
I do so love visits to the server room. They're like IT picnics.
Professor Beef
Banned
My jukebox is broken.Combichristoffersen said:
uck Fonsy.
DoctorButt
Member
Professor Beef said:
my roommate just walked out of the bathroom with an arm full of bacon
jgb g5 6ng.
Hugh Buelow
Member
UberTag said:
We can't know when it is encrypted as we have no information regarding Sony's system. But logically, it's when the CC is about to be inserted to the database (or the storage they use). Before that, it would make no sense. The CC info goes from your console or browser to Sony's front servers, then it needs to verify the informations with the bank, do other stuff and then send it to the storage. The transport between the servers (and sites) should be encrypted, but it is not the same kind of encryption as the one for the database. (Sending CC informations in clear over the internal network is disallowed by the PCI-DSS)
If the system is well designed, the non-encrypted CC informations should only be available in memory on the servers that process the CC submission and the transactions.
Sidewinder
Member
Professor Beef said:
Fonsy will just punch your Jukebox and it'll be working like a charm! I believe that he's the father of Chuck Norris.
Professor Beef
Banned
I wish I knew your roommate.DoctorButt said:
Lord Error
Insane For Sony
Being from there of course doesn't make it automatically legit, but even if it was, the CC encryption portion of that chat has nothing to with the situation at hand. It was saying that the CC info you submit from your console is not being encrypted before it was sent over HTTPS (which still doesn't make it unsafe, as it just means it was single instead of double encrypted), so he was saying that if you install a CFW made by someone malicious, they could easily put some code in there that would transmit your CC info to them as plaintext, over regular HTTP. basically, a problem only if you install some shady CFW, and nothing to do with this.x3sphere said:
Rocky_Balboa
Member
This morning I got a phishing email to my email, that I used with PSN. I have never before gotten anything like this on there and only a handful of spam mails, so I'm thinking that this is because of the leak. Unless it's legit. It is supposedly from Yahoo and delicious bookmarks. I have never used either of them. Also the sending address is yahoo@yahoo-email.com.
Maybe I'm paranoid.
Maybe I'm paranoid.
Depending on the level of access to hacker did get on the PSN servers, he could very well have put a logger inside the webservices the PS3 uses to send the CC numbers. That's a common way to intercept CC numbers when they can't be extracted directly from a database when a host a compromised.Lord Error said:
Rocky_Balboa said:
FWIW I also received a similar email (from the same yahoo-email.com address) this morning and it looks fine to me. The links in the mail lead to the real delicious site so I don't think it's a phishing scam.
I have used delicious in the past though. It's a bit strange that you have received it if you have never used delicious or Yahoo.
If that log is legit... um, wow.
Wasting all that time and money on attacking Geohot proved futile. They should've doubled down knowing their plastic network was at that point in serious risk and put the safety of their users first. Sony is really blowing my mind in how arrogant, unprofessional and utterly incompetent they have been lately.
Wasting all that time and money on attacking Geohot proved futile. They should've doubled down knowing their plastic network was at that point in serious risk and put the safety of their users first. Sony is really blowing my mind in how arrogant, unprofessional and utterly incompetent they have been lately.
Rocky_Balboa
Member
Yeah it looks very legit. The fact that I haven't used delicious of Yahoo and the timing made me suspicious. Paranoid indeed.Withnail said:
MalboroRed
Banned
Diablos said:
Litigation and network security are completely separate things, they can sue geohotz AND work on their network without having to choose one over the other.
I burnt my mouth on a cheese & onion & bacon-pizza last night.
Fuck Sony.
I hope Sony fixes the PSN-security within the next few days. If the entire network is comprimized, you have no alternative but to start from scratch (maybe a good thing, rebuilding your network, allowing for massive improvements).
Fuck Sony.
srsly though, I got the email today on all my accounts, still no fraud on my CC.
I hope Sony fixes the PSN-security within the next few days. If the entire network is comprimized, you have no alternative but to start from scratch (maybe a good thing, rebuilding your network, allowing for massive improvements).
Ok...so they collect data about the games you play and the devices you connect to the PS3. Big deal. Collecting Data about the games you play = trophies anyways...how else would they be able to display the data to you?koji said:
Funny how they call Sony "spies". It's like they live in this other world were everybody is out to get them.
That way could take months to get any large fraction of the userbase data - it certainly wouldn't be any relevant portion in 2 days.Blimblim said:
Which is my main questions about this whole mess - 75milion accounts worth of data is NOT a small data transaction (unless it's a holywood movie in which case this would be done in 30seconds, just enough time to hide under the desk after security enters).
1) How does that go unnoticed by Sony for that long?
2) If 2 days gap is because they tried to download it 'low-profile' to go unnoticed by Sony, it's highly unlikely they got the whole thing.
Or is it perhaps because the intent was never to download but just to corrupt the hell out of database (if the claims about this being aimed against the corporation rather then users are true).
Combichristoffersen
Combovers don't work when there is no hair
Still no mail for me 
At least there haven't been any fraudulent charges from my (now cancelled) Visa debit card.
Mount Vesuvius erupted and destroyed Pompeii.
Fuck Sony.
At least there haven't been any fraudulent charges from my (now cancelled) Visa debit card.Mount Vesuvius erupted and destroyed Pompeii.
Fuck Sony.
Combichristoffersen
Combovers don't work when there is no hair
ITT we fuck Sony
Professor Beef
Banned
It's past 2 in the morning, and I'm tired as hell.
Fuck Sony.
Fuck Sony.
cjtiger300 said:
The credit card information - from tat chat log - is sent in plain text over the SSL channel (which itself is encrypted). The poster comments that this not usually sufficient and that the CC info is usually encrypted on the client and then sent over SSL. This has nothing to do with how the CC info may have been stored on the PSN servers.
You can't encrypt on the client when it's a SSL transaction done with a web browser (well technically you could do it with JS, but there is no point in doing that), which is about 99% of the CC transactions you'll ever see over the internet. So no, it's not a problem under normal circumstances.Vagabundo said:
DoctorButt
Member
i think ill use my socom 4 disk as a frisbee until psn is back up
zomgbbqftw
Banned
Vagabundo said:
So almost all CC transactions on the internet which us HTTPS are bogus then?
Seriously, give it a rest. Your earlier post was full of assumption and hyperbole as well...
Fallout-NL
Member
Damnit.
Still can't play my PC version of Portal 2. That's the biggest tragedy of all.
Still can't play my PC version of Portal 2. That's the biggest tragedy of all.
http://twitter.com/Mathieulh
http://twitter.com/hdmoore
Some nice rumours from hackers. Emails being attacked as of right now thanks to no pass encryption. Sony notified of the issues months ago.
http://twitter.com/hdmoore
Some nice rumours from hackers. Emails being attacked as of right now thanks to no pass encryption. Sony notified of the issues months ago.
Joel Was Right
Member
EDIT: Already metioned
- Status