Rumor: Sony distributing new security-enhancing SDK to PS3 devs

@My Prerogative

MW2 needs this.

@My Prerogative

just giving new challenges to crackers..... we will see how much time it takes now.......

@Kirkpad

LINK: http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/

@Kirkpad This attack was frustrating, but its good to hear that they didn't get to the encrypted credit card data. I don't have my data stored since I purchase cards from Amazon, but this should give some relief to those affected individuals.

I just hope in the end they catch these c**ksuckers and make a huge example out of them.

@Mr Hett

HOLY F*CK UNENCRYPTED PASSWORDS?

I saw people posting this earlier today and assumed they were full of crap because they didn't understand how a hash file worked.

I've been doing consumer-facing web applications since the late '90s and it was inconceivable 10 years ago that any remotely competent company would store passwords unencrypted. Even if you know how to secure your system from external attack (which Sony doesn't) this leaves you extremely vulnerable to internal wrongdoing by a rogue employee.

I don't want to hear anything more from Sony about how they take our personal data security seriously. They are treating us like 75 millions sacks of shit.

@copa

Credit card data: encrypted
Name, address, etc: unencrypted
Password: ???

I'd guess that the passwords were in fact encrypted. Like you said, that's a no-brainer for any programmer/admin worth his salt. Though, I do find it strange that they didn't outright say that the passwords were encrypted also.

I guess the easiest way to figure out if passwords were encrypted (using one way encryption, anyway) is to determine whether passwords could be "retrieved" in the event that you lose yours. A site that uses one-way encryption wouldn't be able to decrypt the password, so if you lose it, the only option is to select a new one. While, passwords that are unencrypted (or possibly use less secure 2 way encryption) can be decrypted using a key, and emailed to you if they're lost. Anyone remember how PSN worked if you lost your password?

@copa

Well at least their money is safe?

@copa

And yes that was a question.

@Namminamm I think Sony's got a hell of a lot more important things to worry about right now.

@Namminamm

I find myself wondering if giving OtherOS and/or homebrew back to users (and apologizing to geohotz et al) would be a bad move at this point. It's unlikely that the custom firmwares had anything at all to do with the current round of attacks, and giving back some tools to tinker with would keep most of the hacker (as opposed to crackers) community happy. Sony's PR could definitely benefit from a little good will at this point. If Sony designs the new firmware appropriately, giving these features back should, from a security standpoint, move them closer to the original state; i.e. OtherOS, and another 4 hack-proof years.

Will this actually happen? I sincerely doubt it.

@MrGamer79 Considering Sony isn't a government agency, no.

@MrGamer79 How would any hacker benefit from early knowledge of this? The hackers have no idea what kind of security measures Sony is going to incorporate into the new SDK.

@JGray73 credit cards werent encrypted????? You obviously are incapable of reading.

@TrtL06 There was logged chat room of the hackers saying so. Maybe I am wrong and it was fake, but still there's no need to be such a dick if I am. Everyone I talked to said the chat room was legit.

@JGray73 - I don't know anything about a chat room, but I do know that a writer for the shack (according to Garnett Lee) had over a grand of charges on his card from Germany earlier today, or something like that.

It could be coincidental, or it could be related. If I were anyone reading this, I'd change my CC number now, and not later.

@Banksyliveraa If someones knows how to open you door would you use the same lock? Man, Ripley said it best in Aliens "Did IQs just drop sharply while I was away?".

@Banksyliveraa

If someone robs your house, do you leave it as-is, or do you refurnish?
Or do you just not care because it's your mom's house anyway?

@Banksyliveraa

"If it wasn't their fault why are they rebuilding PSN to make it more secure, and upgrading the security on their SDKs?"

lol...is that the new-fangled logic they're teaching in schools today?

@Banksyliveraa - I don't think it would be consider a home owners fault for not keeping autonomous assault gun mounted cameras throughout their home in the event of an intrusion - sometimes shit happens.

Most computers now adays have a great deal security by default but even though if someone really wanted to (for whatever reason to YOU personally) invade your computer, they could do that at the drop of a hat - it'd be wrong to say its your fault for not securing your computer further because who really expects someone to want to do that.

Okay many be my comparisons don't hold much ground, but you get what I'm trying to say. It's hard to expect the unexpected.

@XenoSilvano - I think people are taking this far to seriously, it's far too easy to criticize when things go wrong. There are various levels of counter measure in place to thwart malicious attempts by stupid punks, they're just a nuisance at best.