Official PSN discussion thread

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Twigg4075
    Kindergarten Cop
    • Feb 2009
    • 20056

    Originally posted by strahanfan92
    So I have none of them, which should I choose for most consistent fun that's not crazy deep.
    Infamous is pretty long so I would say Wipeout, Super Stardust or Dead Nation.

    Comment

    • JayDizzle
      Let's Go All The Way...
      • Nov 2008
      • 14215



       
      I want to make this clear to ALL PSN users. Despite the methods currently employed to force a password change when you first reconnect to the PlayStation network, your accounts still remain unsafe.
      A new hack is currently doing the rounds in dark corners of the internet that allows the attacker the ability to change your password using only your account’s email and date of birth.

      It has been proven to me through direct demonstration on a test account, so I am without any shadow of a doubt that this is real.

      I would suggest that you secure your accounts now by creating a completely new email that you will not use ANYWHERE ELSE, and switching your PSN account to use this new email. You risk having your account stolen, when this hack becomes more public, if you do not make sure that your PSN account’s email is one that cannot be affiliated with or otherwise traced to you.

      While we originally assumed this was a poor hoax designed only to stir the community into another frenzy, the individual who we are in contact with requested just two pieces of information from us: this being an account email and the date of birth used for that account. We promptly created a new account via us.playstation.com and provided the individual with the email address and date of birth used.

      Roughly a minute later they requested that we try to login with the password we used for the account (which they did not know at any point), and sure enough, we were presented with an invalid username and/or password prompt.

      In addition to this, within a few minutes we received an email from Sony stating the following:

      This email confirms that your PlayStation(R)Network password account has been changed successfully.

      If you did not change your password…
      This email has been sent to you because the password for the relevant PlayStation(R)Network account has been changed.
      If you did not change your password, please contact Customer Support at the following address:

      networksupport@uk.playstation.com

      The PlayStation(R)Network Team

      While we will not reveal specific details regarding how the exploit is performed for obvious reasons, we can say that the exploit involves a vulnerability in the password reset form currently implemented, not properly verifying tokens.

      UPDATE: In the interest of sidestepping the naysayers and getting the warning out there, if someone working for a larger, more well known site (Kotaku, Destructoid, IGN, etc) wants to contact me for a live demonstration that this exploit is the real deal, you can do so at nevada@nyleveia.com.

      UPDATE 2: Web based PSN login / Password recovery is now down for maintenance, hopefully as a result of our contact with SCEE. And more importantly, hopefully to fix the security issue.

      UPDATE 3: To clarify the situation, we had confirmed ourselves the method used last night, and contacted SCEE, SCEE have acted upon this information, we felt the information previously provided in our tweets and this article may have been a little too revealing to the vulnerability, thus we “dumbed down” the explanation of the security hole. We have provided SCEE with a detailed description of the security hole.
      While it’s unclear at this time if they will actually patch the flaw while they have the system taken down, I can also confirm that the system went down approximately 15 minutes after I received a response from SCEE on the matter.

      We for rather obvious reasons do not want to elaborate further on the exact details of the exploit, on the off chance that when the web based interface for PSN is restored the exploit has not been patched.

      UPDATE 4: Last update on the topic most likely, i notice a lot of people are saying that we should not have posted this information and simply contacted Sony, and you’re right in thinking this, however we contacted SCEE as soon as we had confirmed that the exploit was in fact real, the problem was that at the time there was a good 8-9 hour stretch where SCEE would not see our messages and given the rate at which the exploit method was spreading in the dark corners of the internet, we felt as though we needed to publicise the exploit advising users to change the emails used for their PSN accounts to secure them until Sony could patch the security hole.

      Originally we posted rough details on how the exploit operated, to give further evidence to users that it was a valid reason for them to change their passwords, as with most news like this on the internet, people tend not to believe something until hoards of users have been affected, we posted an article on N4G advising PSN users to switch their email addresses which was promptly reported as spam/lame/fake by several users who refused to believe the news due to our site just being a small news outlet.

      All along our main priority and focus has been to assist Sony and PSN users in keeping their accounts safe. If the current downtime for the web based forms results in the exploit being patched then our job is done and the potential thieft of countless user accounts has been nipped in the bud as early as humanly possible.

      Thank you to everyone that has taken our warnings seriously and acted upon it, and to SCEE for their swift response to the matter.
      If it means anything to anyone, the more specific method they had previously posted that hinted at the hack said this:
      quote:
      While we are hesitant to reveal too many details regarding how the exploit is performed, for obvious reason, we can say that the exploit specifically involves the web address https://store.playstation.com/accoun...d.action?token When used in combination with another web address (normally used for password recovery) certain key details can then be extracted and used to trick the server in to allowing the password of an account to be changed without a valid Sony-issued security token.
      Sony's latest tweets on the subject, that appear to be trying to hide the real purpose of modifying the page:

      "Clarification: this maintenance doesn't affect PSN on consoles, only the website you click through to from the password change email."

      "Fortunately we have got ISPs to release outstanding emails; unfortunately, a small amount of maintenance is required to improve this process"


      TL;DR ? - If you go through Sony's Password Change Website and haven't changed your PW/e-mail previously, Hackers will be able to steal your shit again.

      They can do this by just using your e-mail (which you should have changed already) and your date-of-birth (which you should have faked on PSN by now) to get into your account and changing your password so you can't get access anymore.

      Comment

      • leaffan
        Colton Orr Fan
        • Feb 2009
        • 11082




        Leafs offseason training!

        Comment

        • killgod
          OHHHH WHEN THE REDSSSSS
          • Oct 2008
          • 4714

          better make that 3/5 games Sony.

          Comment

          • Scikotic
            Straight out the Asylum
            • Apr 2011
            • 369

            what happened now?

            Comment

            • Leftwich
              Bring on the Season

              • Oct 2008
              • 13700

              Originally posted by KNUBB
              AND Wipeout HD + Fury expansion
              Whatever...

              Originally posted by Tailback U
              It won't say shit, because dying is for pussies.

              Comment

              • KNUBB
                WHITE RONDO
                • Jun 2009
                • 7973

                Originally posted by Leftwich
                Whatever...
                DON'T BRING YOUR ATTITUDE IN HERE!!!!!!!!!!!!!


                Comment

                • ralaw
                  Posts too much
                  • Feb 2009
                  • 6663

                  Originally posted by Colonel Angus
                  So are we getting voucher codes or what? If so whoever wants mine can have them. I honestly will never play any of those games...
                  Same with me, but I'l just give them away. However, my PS3 actually died on me, so I'm not sure how I'd be able to gift them to someone.

                  Comment

                  • Herm
                    Boomshakalaka
                    • Oct 2008
                    • 9314

                    *i'll take your vouchers and put them to use*


                    If such things even exist.

                    Comment

                    • kmanharris
                      Seven
                      • Oct 2008
                      • 6427

                      Originally posted by JayDizzle


                       


                      quote:





                      TL;DR ? - If you go through Sony's Password Change Website and haven't changed your PW/e-mail previously, Hackers will be able to steal your shit again.

                      They can do this by just using your e-mail (which you should have changed already) and your date-of-birth (which you should have faked on PSN by now) to get into your account and changing your password so you can't get access anymore.
                      Is that Sony's fault? The first hack was on Sony but if you didn't change your PW or the PW to your email then it's on you. Maybe I'm just not understanding how it is Sony's fault here.

                      Comment

                      • Maynard
                        stupid ass titles
                        • Feb 2009
                        • 17876

                        who cares anymore....i just want the store up so i can DL my free DLC for LA Noire

                        Comment

                        • Justo
                          GFX Crew
                          • Dec 2008
                          • 3734

                          yeah when is the store coming back up?

                          Comment

                          • padman59
                            Slayer of Demons
                            • Mar 2009
                            • 5709

                            The PS Store will reportedly be back up Tuesday.

                            Comment

                            • tigstah
                              Mr. Casual Gamer
                              • Mar 2009
                              • 2406

                              Originally posted by padman59
                              The PS Store will reportedly be back up Tuesday.

                              http://www.gamasutra.com/view/news/3...urn_May_24.php

                              its about time.....shit.

                              Comment

                              • EmpireWF
                                Giants in the Super Bowl
                                • Mar 2009
                                • 24082

                                If it is up by Tuesday, hopefully the free game stuff is settled so I can spend who knows how long downloading Infamous....before the weekend. I hope.


                                Comment

                                Working...