Showing posts sorted by relevance for query PlayStation. Sort by date Show all posts
Showing posts sorted by relevance for query PlayStation. Sort by date Show all posts

PlayStation Network Restored and Qriocity Services Begins

Posted by Avik Sarkar On 5/15/2011 02:19:00 pm


Sony Corporation and Sony Computer Entertainment (SCE) announced that Sony Network Entertainment International (SNEI, the company) will today begin a phased restoration by region of PlayStation®Network and Qriocity Services.  The phased restoration will be on a country by country basis beginning in the Americas, Europe, Australia, New Zealand, and Middle East.

The first phase of restored services for these countries and regions will include:
  • Sign-in for PlayStation®Network and Qriocity services, including the resetting of passwords
  • Restoration of online game-play across PS3 and PSP
  • Playback rental video content, if within rental period, of PlayStation Network Video Delivery Service on PS3, PSP and MediaGo
  • Music Unlimited powered by Qriocity, for current subscribers, on PS3 and PC
  • Access to 3rd party services such as Netflix, Hulu, Vudu and MLB.tv
  • 'Friends' category on PS3, including Friends List, Chat Functionality, Trophy Comparison, etc
  • PlayStation Home

Increased Security Measures
As the result of a criminal cyber attack on the company's data-center located in San Diego, California, U.S.A., SNEI shut down the PlayStation Network and Qriocity services on April 20, in order for the company to undergo an investigation and make enhancements to the overall security of the network infrastructure. Working closely with several respected outside security firms, the company has implemented new and additional security measures that strengthen safeguards against unauthorized activity, and provide consumers with greater protection of their personal information.
The company has made considerable enhancements to the data security, including updating and adding advanced security technologies, additional software monitoring and penetration and vulnerability testing, and increased levels of encryption and additional firewalls.  The company also added a variety of other measures to the network infrastructure including an early-warning system for unusual activity patterns that could signal an attempt to compromise the network.
"I'd like to send my sincere regret for the inconvenience this incident has caused you, and want to thank you all for the kind patience you've shown as we worked through the restoration process," said Kazuo Hirai, Executive Deputy President, Sony Corporation.  "I can't thank you enough for your patience and support during this time. We know even the most loyal customers have been frustrated by this process and are anxious to use their Sony products and services again. We are taking aggressive action at all levels to address the concerns that were raised by this incident, and are making consumer data protection a full-time, company wide commitment."
"During the past 18 months, we've seen a dramatic rise in the volume of cyber attacks, their sophistication and their impact on businesses. Thwarting cyber-crime requires an evolutionary approach to security that is well integrated, reduces risk exposure and improves efficiencies," said Francis deSouza, Senior Vice President, Enterprise Security Group, Symantec. "Today's cyber crime attacks are proving to be more covert, more targeted and better organized than those we've seen in years past. In working with Sony on the move of their data-center, it's clear they're implementing measures to reduce security risks moving forward."  
As an additional measure, Fumiaki Sakai, president of Sony Global Solutions Inc. (SGS), has been appointed acting Chief Information Security Officer of SNEI.  In addition to his current role at SGS, Mr. Sakai, in his role at SNEI, will work to further reinforce overall information security across the company's network infrastructure.  Mr. Sakai will lead the recruiting effort in finding a new and permanent CISO for SNEI.  As CISO, Mr. Sakai will report to Tim Schaaff, president, SNEI, as well as to Mr. Shinji Hasejima, CIO, Sony Corporation.  
"While we understand the importance of getting our services back online, we did not rush to do so at the expense of extensively and aggressively testing our enhanced security measures. Our consumers' safety remains our number one priority," Hirai continued. "We want to assure our customers that their personal information is being protected with some of the best security technologies available today, so that everyone can feel comfortable enjoying all that PlayStation Network and Qriocity services have to offer."  
The restoration of the services across the Americas, Europe, Australia, New Zealand, and Middle East are beginning, and consumers will be able to enjoy some of the online functionality provided by both the PlayStation Network and Qriocity services.  Phased restoration in Japan and other Asian countries and regions will be announced in due course.  The company expects to have the services fully restored by the end of May 2011.  
The company will be offering customers a "Welcome Back" package of services and premium content to all registered PlayStation Network and Qriocity account services.  The details of this program will be announced in each region shortly.  
For more information about the PlayStation Network and Qriocity services intrusion and restoration, please visit http://blog.us.playstation.com or http://blog.eu.playstation.com/


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony Hacked Again, 1 Million User Data Compromised

Posted by Avik Sarkar On 6/03/2011 07:35:00 pm


A group of hackers that recently gained notoriety for hacking PBS.org’s home page with an image of NyanCat, announced Thursday that it has stolen data from Sony. It’s yet another in a seemingly endless string of embarrassing security incidents for the company, but what’s shocking is just how exposed the data was to begin with.
In a press release posted to their Web site, LulzSec claims to have broken into SonyPictures.com and “compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.”
The theft included 75,000 “music codes” and 3.5 million “music coupons,” according to the group. LulzSec has posted segments of data they claim to have taken from Sony’s server to serve as proof of their accomplishment.
There are two astonishing twists to this story - one is that LulzSec was apparently able to access the information fairly easily, using what they describe as “a very simple SQL injection, one of the most primitive and common vulnerabilities.” Secondly, “every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.”
If true, it’s devastating news for Sony, which is just getting back on its feet after shutting down access to its PlayStation Network and Sony Online Entertainment servers after hackers made off with personal information on more than 100 million user accounts.
The PlayStation Network, which controls PlayStation 3 and PlayStation Portable users’ ability to connect to one another to play online games, was down for more than three weeks through the last half of April and first half of May as Sony struggled to secure the system.
And only in the past 24 hours has Sony brought back its PlayStation Store, which serves as a way for PS3 and PSP users to download games and content for their systems.
Sony hasn’t even yet initiated its “Welcome Back” package for consumers affected by the PSN blackout - a collection of about $100 worth of games and content, as well as access to the company’s premium “PlayStation Plus” service.
SonyPictures.com isn’t directly related to the PlayStation 3 or PlayStation Network - it’s Sony’s consumer-facing Internet site for information on their movies, television and home entertainment offerings on Blu-Ray Disc and other formats. But Sony’s many Web sites and servers have been on the receiving end of security probes and hack attacks for some time, exacerbated by the company’s legal proceedings against George “Geohot” Hotz, a programmer who sought to “jailbreak” or enable the PlayStation 3 console to support Linux operating system software - a feature Sony once supported itself, but later removed in a firmware update. Since the widely-publicized outage of the PlayStation Network, hackers have stepped up their attempts to break into Sony’s systems.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony blames hacktivist group Anonymous for Playstation Network intrusion

Posted by Avik Sarkar On 5/05/2011 10:47:00 am


File this one under “things not to do when dealing with massive network outages.” Sony has kicked the hornet’s nest today by blaming Anonymous, a massive network of hackers that regularly takes up activist causes, for indirectly causing a breach of security in its PlayStation Network (PSN) online gaming network that led to the attack that brought PSN down.
While the company isn’t blaming Anonymous for the attack itself, it said the hackers that stole gobs of sensitive data about PSN users were able to break into the network while it was defending itself from denial of service attacks orchestrated by Anonymous. Anonymous took on Sony after the company went after famed PS3 hacker George Hotz, who reverse engineered the PlayStation 3 to run unauthorized programs.
When the PlayStation Network crashed on April 21, Anonymous said it was not behind the attack. Instead, the hacktivist group said, “Sony is incompetent.” But an observer of the IRC forum used by members of Anonymous said the attackers behind this current Sony outage appear to have learned their methods from Anonymous’ activities of two weeks ago.
This really is not the time for Sony to start playing with fire. Anonymous doesn’t regularly respond to blame and threats, but because the network of hackers has taken on Sony before, there is no guarantee Sony’s latest accusation won’t spark some kind of retaliation. Anonymous has proven time and again that it is a force to be reckoned with. Sony has to focus on beefing up its network, not trying to shift blame around and incite more attacks against the already feeble network.
Hackers attacked the PSN on April 19, forcing the Japanese company to bring down the network, which has more than 77 million registered users. The nightmare then continued after hackers broke into the company’s Station.com site, which serves as a host for its PC games like Everquest. Hackers were able to steal information from as many as 24.6 million accounts on that site, according to Sony. In all, more than 100 million accounts might have been compromised.
The PSN breach was a massive security gaffe that has caused the U.S. government to get involved and demand answers — such as who attacked the network and what users were affected. Sony has sent warnings to PSN users about the possible credit card theft. The whole ordeal spawned an apology from Sony that lasted more than an hour and a half.
The network has been down for more than a week, denying 77 million registered gamers the ability to play online games, watch movies, listen to music or download other entertainment to their PlayStation 3 consoles and PlayStation Portable handhelds. The PlayStation Network is a critical service that competes with Microsoft’s Xbox Live online gaming service — as well as other online gaming services. There are also 948 games now available in the PlayStation Network store, as well as 4,000 pieces of add-on content for games.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony pegs loss of PlayStation Network and Qrirocity service to an ‘external intrusion’

Posted by Avik Sarkar On 4/25/2011 10:42:00 pm

sony-psn-playstation-network
Sony officially confirms that the loss of service on PlayStation Network and Qrirocity is the result of an "external intrusion," though hacker group Anonymous denies any involvement.
Sony has a bit of a problem on its hands. For a few days now, users have experienced a total blackout on the company’s PlayStation Network and Qrirocity online services. The loss of access is largely believed to the work of the hacker group Anonymous, which has pledged to keep the pressure on the Japan-based company in the wake of a very public legal dust-up with PlayStation 3 jailbreak hacker George “GeoHot” Hotz.
Sony’s online gaming and music streaming networks both went down in the middle of last week. The cause hasn’t been specified until today, with a new post on PlayStation Blog which pegs the loss of service to a Sony-initiated shutdown prompted by an “external intrusion.”
Sony senior director of communications and social media Patrick Seybold writes:
“An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th. Providing quality entertainment services to our customers and partners is our utmost priority. We are doing all we can to resolve this situation quickly, and we once again thank you for your patience. We will continue to update you promptly as we have additional information to share.”
Don’t hold your breath, account holders. This is a significant event, and a pretty widespread one. Sony will certainly fix it as quickly as possible, and no doubt has a full team in the office this weekend to work on just that, but here are two subscription-driven services that had to be taken completely offline. You can almost hear the disgruntled masses gathered and throwing around words like “class action lawsuit.”
Interestingly, Anonymous is taking no credit for the service outage, and actually stepped forward to distance itself from the situation before Sony admitted to an “external intrusion” being the cause. The hacker group’s web-based news & updates outlet AnonNews features a post entitled “For Once We Didn’t Do It,” which pretty much says it all, doesn’t it? Anonymous admits that individual members may be responsible for the action, but the loss of service is not a group-wide initiative.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PSN Network Password Recovery Exploited

Posted by Avik Sarkar On 5/19/2011 12:32:00 pm




Patrick Seybold, Sr. Direct of Corporate Communications and Social Media, has released a statement on the PlayStation.Blog regarding this situation. Seybold clarifies, it was not a “hack”, but a URL exploit that Sony has now fixed. See the full statement (and original article) after the jump.
Here’s the official statement:
We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.
Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up.
[Original Article] The Password Recovery program that has been implemented by Sony since the PSN’s return has been moving along nicely. With such a huge influx of people requesting their information through their secure email connection, as opposed to on a PS3, Sony stated that the process would take a little longer than originally estimated. It may be even longer now. While the hack that shut down the PSN was quite “sophisticated,” a small little exploit seems to have been discovered to change the passwords again.
But if you’re worried that your PS3 will go silent once again, fret not. This password exploit seems to only be affecting various web-based Sony services. An official community moderator on the EU PlayStation forums have indicated that several sites are offline, including PlayStation.com, the forums, the Blog, Qriocity.com, and others. The login functions for these services are currently unavailable. For the time being all PlayStation Network activity is still online for PS3 and PSP users. So you don’t have to worry about that. But what DID happen?
If you wanted to reset your PSN password from your computer, you were sent an email with a unique URL to match your account. The entire process is actually fairly primitive. Note that it won’t work right now, as login services are offline.
The prodecure is as follows:
1) Navigate to : https://store.playstation.com/accounts/reset/resetPassword.action?token (this is normally, via email, https://store.playstation.com/accounts/reset/resetPassword.action?token=YYYYYYYYYYYYYYYYYYYYYYYY with the y’s being a unique token) – do not enter the code at this point.
2) Open a new tab in firefox, and go to fr.playstation.com (other pages will work too most likely), and click Login (Connexion)
3) Click Recover password
4) Enter the email and date of birth of the target account
5) Click continue, then on the confirmation page, click “Reset using E-mail”
6) Switch back to the original tab, and enter the code, then click continue
7) You will now be asked to enter a new password for the target account
Fortunately, if your account WAS compromised, you should have received an email that said something along the lines of “Thank you for changing your password, if you were unaware of this change please contact Sony,” or something to that effect. While this method is as effective as it is simple, it would take a lot of time to physically access any large number of accounts. It sounds like Sony found out about this and shut off its only access point fairly quickly. Only one more question left:
When will it just end?

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hacking Group Denies Blame for Sony PlayStation Network Breach

Posted by Avik Sarkar On 4/26/2011 04:49:00 pm

The phrase, writ large on the hacking group Anonymous' AnonOps website, announced to the world that the security breach that has kept Sony's PlayStation network offline since last Wednesday was not Anonymous' fault.
Sony turned off its PlayStation network and Qriocity services -- used to facilitate audio for PlayStation 3 gaming -- after the networks were compromised on April 20 by "an external intrusion," Sony wrote on its PlayStation blog.
Pointing the finger at Anonymous might be a fair assumption -- earlier this month, the hacking collective launched "OpSony," which brought down several PlayStation 3 websites. The attack was in retaliation for Sony's legal pursuit of George Hotz, who published the details of his PS3 hack last year on his website, geohot.com.
Anonymous believes "Sony is taking advantage of Anonymous' previous ill will towards the company," to cover what Anonymous said is "actually an internal problem" with Sony's servers.
Sony said it is working to "resolve this situation quickly," and is rebuilding its network to guard against future security breaches. There is currently no timetable as to when PlayStation's more than 75 million customers will be able to get back to competitive online gaming.
It is not yet known if users' personal information or credit card numbers have been accessed as a result of the breach, PCWorld reported.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony says 25 million more accounts hacked

Posted by Avik Sarkar On 5/03/2011 08:26:00 pm




Sony Corp. said Monday that hackers may have taken personal information from an additional 24.6 million user accounts after a review of the recent PlayStation Network breach found an intrusion at a division that makes multiplayer online games.

The data breach comes on top of the 77 million PlayStation accounts it has already said were jeopardized by a malicious intrusion.

The latest incident occurred April 16 and 17 - earlier than the PlayStation break-in, which occurred from April 17 to 19, Sony said.

About 23,400 financial records from an outdated 2007 database involving people outside the U.S. may have been stolen in the newly discovered breach, including 10,700 direct debit records of customers in Austria, Germany, the Netherlands and Spain, it said.

The outdated information contained credit card numbers, debit card numbers and expiration dates, but not the 3-digit security code on the back of credit cards. The direct debit records included bank account numbers, customer names, account names and customer addresses.

Company spokeswoman Taina Rodriguez said Sony had no evidence the information taken from Sony Online Entertainment, or SOE, was used illicitly for financial gain.

"We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1 we concluded that SOE account information may have been stolen and we are notifying you as soon as possible," Sony said in a message to customers.

Sony said that it shut service Monday morning to Sony Online Entertainment games, which are available on personal computers, Facebook and the PlayStation 3 console. Its most popular games include "EverQuest," "Free Realms" and "DC Universe Online."

The company said it will grant players 30 days of additional time on their subscriptions, along with one day for each day the system is down. It is also creating a "make good" plan for its multiplayer online games.

On Sunday, Sony executives bowed in apology and said they would beef up security measures after an earlier breach caused it to shut down its PlayStation network on April 20. The company is working with the FBI and other authorities to investigate what it called "a criminal cyber attack" on Sony's data center in San Diego, Calif.

The company said it would offer "welcome back" freebies such as complimentary downloads and 30 days of free service to PlayStation customers around the world to show remorse and appreciation.

PlayStation spokesman Patrick Seybold, in a blog post Monday, denied a report that said a group tried to sell millions of credit card numbers back to Sony.

He also said that while user passwords had not been encrypted, they were transformed using a simpler function called a hash that did not leave them exposed as clear text.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Why does Sony getting hacked for multiple times (full report)

Posted by Avik Sarkar On 6/09/2011 07:01:00 pm


Since the April Play Station Network breach that exposed over 100 million user accounts, Sony has been hacked more than 10 times. Sony Pictures,Sony Europe, Sony BMG Greece, Sony Thailand,Sony Music Japan, Sony Ericcson Canada, and others, have all been the target of attacks. Sony has had to contend with intense scrutiny from media, disgruntled users and lawmakers, with everyone asking the company how it could let such a breach happen. Sony has apologized repeatedly and said that the original attack was a highly professional, criminal cyber attack aimed at stealing credit card numbers. Other experts have said that Sony simply didn't have its security act together and that the attack was likely far simpler. Now, critics are wondering what exactly the motivation might be behind the continued hacks. While the initial PlayStation Network breach was the largest of the hacks to date, Sony's cyber attack problem has continued due to both inconsistent security across Sony's systems and the rise of new groups of hackers interested less in punishing Sony than in showing off their ability to breach the company's defenses, experts say.

Some analysts say Sony's security woes started when the company pressed charges against 20 year-old hacker, George Hotz, who reverse-engineered Sony’s PlayStation 3 so that it could run unapproved third-party applications. Sony responded by suing Hotz, a move that reportedly infuriated many in the hacker community. Many experts say the attack on the PlayStation Network in April could have been an act of vilgilante justice resulting directly or indirectly from Sony's lawsuit against Hotz.

"Sony's perceived abuse of the legal system in targeting reverse-engineer George Hotz infuriated hacker groups," said Randy Abrams, director of technical education at ESET, an IT security firm. Abrams also noted that even before the Hotz incident, Sony had drummed up "significant antipathy" as the result of a 2005 scandal involving Sony CDs that automatically installed a rootkit that made users' computers vulnerable to attack.
The PlayStation Network attack appears to have set off an avalanche of follow-ups.

"Other hackers and hacking groups realized they could jump on the bandwagon and break into other Sony properties and get in the news," said Richard Wang, manager of Sophos Labs, a security vendor. "Really anything that has the Sony brand on it has become a target for someone trying to make a name for themselves or trying to prove they can break into the website."

Fred Cate, director of the Center for Applied Security Research at the University of Indiana, said the first PlayStation Network breach may have tempted hackers by revealing Sony as open to attack. "There's sort of a pile-on effect," Cate said. "Once you hear that there's a vulnerable network out there, other folks start trying. Sony's now a new target of interest."
Other hackers seem to have joined up for reasons other than political or monetary gain. Sites like has sonybeen hacked this week.com demonstrate a curious mixture of genuine curiosity and weary cultural saturation.

"Prior to the PSN hack, the loosely organized Anonymous group had waged war against Sony, reflecting the opinion of a significant share of netizens who got infuriated by Sony's corporate attitude," said Guillaume Lovet, a senior manager of the threat response team at Fortinet. "But now, from being a target for opinion reasons only, it also became a target 'just for the lulz,' for [hacker group] lulzsecurity and others."
"The outcome," Lovet said, "is more attackers, thus more successful hacks."

Some critics have questioned whether Sony's security efforts both before and after the initial breaches have been adequate. Sony has since promised to boost its security systems and review existing procedures. Still, according to experts, many of the attacks used to breach Sony's sites are fairly basic hacks that the company could easily have protected against.

"They seemingly have an almost anarchistic approach to global network security, with no visible coordination of security practices across Internet properties," said Abrams. "Some properties, such as Sony Pictures, seem to have been ignoring basic security best practices."

Part of the problem is Sony’s huge international web presence. Experts say its highly unlikely that the company's multiple divisions, from movies to gaming, are following any coordinated set of security protocols.

"Sony has disclosed many breaches, including different servers in Indonesia and Thailand. I highly doubt that the same developers who developed these websites are the same developers who worked on the Playstation Network, Sony Pictures, etc.,” said Derek Manky, a senior security strategist at Fortinet. "Quite simply, there is a tradeoff: Security dwindles as you add convenience and complexity."

While the novelty of hacking Sony may continue to diminish as other cybersecurity stories hit the news, it's clear Sony must get its act together or risk more attacks, a loss of customer faith and money and possible government intervention. 

"Sony needs time to get their security house in order," Jeremiah Grossman, the CTO of WhiteHat Security wrote in an email. "As an organization, Sony could see this as an opportunity. A year or more from now, they could be an example of how security SHOULD be done across the entire industry."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony is Going to Release "PlayStation Vita" (Portable Video Game Player)

Posted by Avik Sarkar On 10/21/2011 07:33:00 pm



Sony is planning to release the PlayStation Vita, a portable video game player, on February 22, 2012, in the United States, Canada and Europe, the company announced at a technology conference on Tuesday.
The Vita will succeed the PlayStation Portable, or PSP, and PlayStation Go, a smaller version of the hand-held device. The Vita has a touchscreen and a touch-sensitive pad on the back of the device, along with the buttons and control sticks gamers expect to see on controllers.
Sony Computer Entertainment CEO Jack Tretton and a Sony spokesman demonstrated a sequel to a popular PlayStation 3 game called "Uncharted: Golden Abyss." Players can use the standard controller or manipulate the character using touch controls, as the spokesman showed onstage at the Web 2.0 Summit. The game looks very attractive -- but when shown on the big screen, not as sharp as a console game.
Sony previously announced pricing for the Vita, with a version that connects to the Web via Wi-Fi costing $250 and another that has 3G wireless data connectivity for $300.
Nintendo made deep price cuts to its portable 3DS system just five months after a strong launch when sales began to slow.
Analysts expect Sony will struggle to sell consumers a dedicated hand-held game machine now that smartphones and tablets have become powerful enough to handle powerful games.
"The advent of smartphone gaming is quite additive to what we're trying to accomplish," Tretton said. People may look to the Vita when they want to graduate from more simplistic games sold on phones, he said.
The Vita will first hit stores on December 17 in Japan, where Sony's portable systems have fared better.


-News Source (Sony & CNN)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony Online Entertainment Shut Down After 25 Million More Acounts Hacked

Posted by Avik Sarkar On 5/03/2011 04:40:00 pm



Sony Online Entertainment has temporarily shut down its online games service and its Facebook games after discovering the April break-in that led to the theft of 77 million user accounts also affected its system.
A spokesman for the online games unit said the service was taken down at 1:30 am Pacific time on Monday. The spokesman declined to say how many customers were affected and none were alerted beyond a terse message on its website.
Facebook games developed by Sony Online Entertainment including "PoxNora," "Dungeon Overlord," "Wildlife Refuge," as well as games based on the Star Wars movies, were all shut down.
Sony posted a message on Facebook saying "we had to temporarily take down SOE services during the night." A Sony spokesman said the Facebook games make money from microtransactions and the sale of virtual goods like costumes and weapons.
Facebook could not immediately be reached for comment.
Sony Online Entertainment is a division of Sony Corp, the global electronics company that operates online games such as "EverQuest" and is separate from the PlayStation video game console division.
Story continues below
The spokesman, who could not confirm a Nikkei report that 12,700 credit card numbers were stolen from the intrusion of Sony Online Entertainment, said it was not "a second attack" and was related to the April 17-19 break-in of the Sony PlayStation Network.
"In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately," the company said on its website.
Sony on Monday denied on its official PlayStation blog that hackers had tried to sell it a list of millions of credit card numbers.
The news comes less than a week after Sony alerted customers that a hacker broke into Sony's PlayStation video game network and stole names, addresses, passwords and possibly credit card numbers of its 77 million customers.
Sony alerted customers a week after discovering the break-in.
Sony executives apologized on Sunday and said it would gradually restart the PlayStation Network with increased security and would offer some free content to users.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony: Credit data at risk in PlayStation hacking Network shut down; info on 77 million users said compromised halted

Posted by Avik Sarkar On 4/27/2011 10:40:00 pm


Sony Corp. said Tuesday that the credit card data of PlayStation users around the world may have been stolen in a hack that forced it to shut down its PlayStation Network for the past week, disconnecting 77 million user accounts.
Some players brushed off the breach as a common hazard of operating in a connected world, and Sony said some services would be restored in a week. But industry experts said the scale of the breach was staggering and could cost the company billions of dollars.
"Simply put, one of the worst breaches we've seen in several years," said Josh Shaul, chief technology officer for Application Security Inc., a New York-based company that is one of the country's largest database security software makers.
Sony said it has no direct evidence credit card information was taken, but said, "we cannot rule out the possibility."
It said the intrusion was "malicious" and the company had hired an outside security firm to investigate. It has taken steps to rebuild its system to provide greater protection for personal information and warned users to contact credit agencies and set up fraud alerts.
"Our teams are working around the clock on this, and services will be restored as soon as possible," it said in a blog post Tuesday.
The company shut down the network last Wednesday after it said account information, including names, birth dates, e-mail addresses and log-in information was compromised for certain players in the days prior.
Sony says people in 59 nations use the PlayStation network. Of the 77 million user accounts, about 36 million are in the U.S. and elsewhere in the Americas, 32 million in Europe and 9 million in Asia, mostly in Japan.
Purchase history and credit card billing address information may also have been stolen, but the intruder did not obtain the three-digit security code on the back of cards, Sony said. Spokesman Satoshi Fukuoka said the company has not received any reports yet of credit card fraud or abuse resulting from the breach.
Shaul said that not having direct proof of credit card information theft should not instill a sense of security, and could mean Sony just didn't know what files were touched.
"They indicated that they're worried about it, which is probably a very strong indication that everything was stolen," he said.
If the intruder successfully stole credit card data, the heist would rank among the biggest known thefts of financial data.
Recent major hacks included some 130 million card numbers stolen from payment processor Heartland Payment Systems. As many as 100 million accounts were lifted in a break-in at TJX Cos., the chain that owns discount retailers T.J. Maxx and Marshalls, and some 4.2 million card numbers were stolen from East Coast grocery chain Hannaford Bros. Those attacks allegedly involved a single person: Albert Gonzalez, a Miami hacker who was sentenced last year to 20 years in prison for the attacks.
The Ponemon Institute, a data-security research firm, estimated that the cost of a data breach involving a malicious or criminal act averaged $318 per compromised record in 2010, up 48 percent from the year earlier.
That could pin the potential cost of the PlayStation breach at more than $24 billion.
Alan Paller, director of research for the SANS Institute, a security training organization, said that even if credit numbers weren't stolen, knowing someone's name, e-mail address and which games he or she likes can lead to expertly crafted scam e-mails. Knowing billing histories can be even more harmful, since they can identify big spenders.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PlayStation network hacked, to be rebuilt

Posted by Avik Sarkar On 4/25/2011 01:21:00 pm


PlayStation online gaming network will have to be rebuilt following a reported malicious attack that shut down the network this week.
The network used by PlayStation 3 owners to purchase and play games online, as well as access other Internet-based services, has been disabled since Wednesday.
The company has not stated whether any personal data including credit card numbers has been compromised, USA Today reported Sunday.
"Though this task is time-consuming, we decided it was worth the time necessary to provide the system with additional security," Patrick Seybold, a Sony official, said in a recent statement. "We sincerely regret that PlayStation Network and Qriocity services have been suspended, and we are working around the clock to bring them both back online."
Seybold did not say when the network would be fully restored.


Read more: http://www.upi.com/Entertainment_News/2011/04/24/PlayStation-network-hacked-to-be-rebuilt/UPI-38761303671420/#ixzz1KWGHzbPW

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

19 Years Old Guy get Busted by London Police in Sony Hacking Case

Posted by Avik Sarkar On 6/21/2011 06:30:00 pm


A teenager has been arrested near London in connection with the hacking of Sony, London's Metropolitan Police said Tuesday. The 19-year-old is suspected of hacking into systems and mounting denial of service attacks against "a number of international businesses and intelligence agencies," police said. Naming suspects who have been arrested in Britain is illegal. Sony's PlayStation Network went down on April 20 after what Sony said was a massive data breach. It had more than 70 million subscribers at the time. It began coming back on line in mid-May. The PlayStation Store did not reopen until June 2.

The company estimated the cost of that attack will total $171 million. Hackers later broke into Sony Pictures website, compromising the accounts of over 1 million users, and the gaming company SEGA, stealing nearly 1.3 million users' details via a British subsidiary of the Japanese company. SEGA makes games for PlayStation and other gaming systems. The suspect's computer "will now be examined for ties to any potential group, including LulzSec," a police spokesman told CNN, declining to be named in line with custom. "This link has not been established yet as it is still early days," the spokesman said. The hacker group LulzSec claimed recently to have attacked the CIA website, and took credit for hacking into the website of the American public broadcaster PBS and posting a fake story saying the rapper Tupac Shakur was still alive. He was killed nearly 15 years ago. It's unclear whether LulzSec members played a role in the Sony PlayStation Network breach. But they have posted on their website what they claim is proprietary information from Sony Pictures and other Sony properties' websites. On Friday, on the occasion of their 1,000th tweet, the group posted a manifesto of sorts in which they said people, including their targets and advocates of Internet freedom, should be thankful. "The main anti-LulzSec argument suggests that ... our actions are causing clowns with pens to write new rules for you," the group wrote. "But what if we just hadn't released anything? What if we were silent? That would mean we would be secretly inside FBI affiliates right now, inside PBS, inside Sony... watching... abusing... ."
They seemed to suggest that by making their attacks public, they'll push websites to increase security. They said they're sitting on account information for 200,000 players of the online game Brink, but moments later said that releasing people's information is worth doing sometimes because it's fun. 
"Yes, yes, there's always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011," they wrote. "This is the lulz lizard era, where we do things just because we find it entertaining."
Analysts said the group appears to be some sort of spin-off of "Anonymous," the loose coalition of hackers that grew to prominence through their support of the whistle-blower site WikiLeaks.
But while Anonymous has its own set of moral codes and is largely politically motivated, LulzSec seems to be random.
For every hack like the one on PBS, which the group said came out of anger over a documentary about WikiLeaks, there's the cracking of porn site pron.com -- and a subsequent public list of members' e-mail addresses and passwords.
LulzSec has not yet posted a comment on the arrest of the teen in Essex, outside London, which police said was "intelligence-led."
The suspect was arrested Monday night and police are now examining a "significant amount of material," they said.


The Suspect Details:- 
Name: Mr Ryan Cleary
Alias: viraL
Age: 18-19
Address: 10 South Beech Avenue Wickford SS11 8AH
Phone Number: +447510557265
-NEWS SOURCE (CNN)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony disables PSN web login system after new exploit is discovered

Posted by Avik Sarkar On 5/19/2011 03:18:00 pm



Sony just can’t seem to stave off negative headlines these days.  Just 5 days after PSN services started to be restored throughout the world another nasty exploit has been uncovered allowing hackers to change your PSN account password.  The exploit was discovered by Nylevia last night and confirmed quickly by NeoGAF.
It was found that the web based password reset system on sites like Playstation.com and Qriocity.com will allow someone to change any account password if they know two simple pieces of information; the email address associated with the account, and the date of birth of the account holder, you know, the information that was stolen in late April when hackers first breached the PSN.  On the plus side you’ll get an email informing you that your password was reset.
Sony responded to these reports by taking down all PSN web based login systems.  Right now Sony has given no estimated time for this issue to be fixed.  The only thing Sony is saying is that PSN services won’t be impacted by this downtime.

“Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being,” said Sony. “This is due to essential maintenance and at present it is unclear how long this will take. In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information.”


While it is positive that these troubles won’t impact PSN services it is uncomfortable, to say the least, that Sony is continuing to have issues with their online security.  This has gotten so bad that Nylevia is recommending to maintain a separate email address specifically for use with PlayStation services.  The very idea of maintaining an email address for one account is absurd but it really seems necessary at this point.
This new issue has effectively killed much of the positive momentum Sony has been building since they started bringing PSN services back online last week.  With the Electronic Entertainment Expo (E3) only a few weeks away, Sony is putting themselves in the position where much of their press conference during the event will have to address these various security issues.  Sony is effectively going into one of the largest industry events of the year in damage control mode instead of creating consumer excitement for future products and games.
Hopefully Sony can address security concerns and strengthen all parts of their network against future attacks. Despite their efforts to improve overall network security they are one company who many will never again trust with their personal and credit card information.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Unpatchable Security Hole in PlayStation 3 Leading The "final hack" Also LV0 Cryptographic Keys Revealed

Posted by Avik Sarkar On 10/26/2012 05:59:00 am

Unpatchable Security Hole in PlayStation 3 Leading The "final hack" Also LV0 Cryptographic Keys Revealed

We all are very much aware that Sony along with its product's were always been a very hot favorite target of hackers. But here there are few twists, so the word 'Hack' will be be the appropriate one to describe of what happened to Sony. According to a report on Eurogamer Sony's PlayStation 3 is facing a new security threat - one it hasn't seen since the system was cracked via the PSJailbreak in 2011. The PS3 has been hacked before, but Sony was able to inhibit the hack with an update to its own firmware. This is much like the history of jailbreaking on Apple's iOS. But the latest PS3 break is being dubbed unpatchable and the final hack. That's because this hack isn't giving you an exploit to use against a programming hole. It's giving you Sony's so-called LV0 (level zero) cryptographic keys
A decryption key that is reported to be circulating on the net is said to remove the final protective barrier on some models of Sony's PlayStation 3 consoles. In the long run, the release of the key will probably allow unsigned software such as homebrew games, Linux distributions, or pirate copies of software to run on some PS3 consoles. Allegedly, the private key can be used to modify and sign the "LV0" (Level 0), for example to disable its security checks. When the PS3 system boots, from version 3.60 of the PS3's firmware, the LV0 is directly launched by the bootloader (bootldr) that is built into the system's hardware – which means that the chain of trust is broken at a very early stage. As Sony won't be able to update the bootloader with a software update, the hacker community considers this the "final hack" of the PS3 in its current forms. Eurogamer says that these keys may not have been released at all if not for a Chinese hacking outfit called "BlueDiskCFW," who gained access to the keys and planned to charge for new custom firmware updates it would create. The original group that created the LV0 had no plans on releasing them, but eventually they were leaked onto the Internet in some limited fashion. Seeing that someone was going to profit on them, the group known as "The Three Tuskateers" decided to release them into the wilds of the Internet. 
In a statement the hacker group says that "You can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now," 





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PlayStation 3 Italy Hacked & Database Exposed By THA

Posted by Avik Sarkar On 2/21/2012 04:59:00 pm

PlayStation 3 Italy Hacked & Database Exposed By SoveReign & Shad0wfiend (THA)
Two hackers named SoveReign & Shad0wfiend from The Hackers Army has breached the security PlayStation 3 Italy server. The y have the hacked the official website (later restored) and also exposed the database. In a open post on pasti the hacked database made available by the hacker where they have included several credentials like server details, db tables, columns, admin IP and other user credentials.
Earlier hackers of THA has hacked the official website of Bharatiya Janata Party (BJP) of Karnataka, President of Guyana, Several Indian Embassy Site and so on. Before that Tha Disastar has hacked and defaced the anonyops.com. It was one of the important site of Hacktivist Anonymous. Not only that he also performed a massive DDoS attack on Hacktivist site and as a result the site was remain offline for a long time.  


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PSN Hacked Again By Anonymous! 10 Million Users Affected [Sony Denis The Hack]

Posted by Avik Sarkar On 8/16/2012 05:46:00 am

PSN Hacked Again By Anonymous! 10 Million Users Affected [Sony Denis The Hack]

Oh! no again Sony Play Station Network faced cyber attack. Guess who was behind this??? Yes this time also hacker collective Anonymous have breached the PSN and stolen more than ten million account details (Email-id & encrypted passwords). Anonymous announced the hack on its Twitter account on Wednesday (though that tweet has since been removed). 

That tweet has claimed that yet again Anonymous have broken into PlayStation Network and has a 50 gigabyte database of email accounts and their passwords – this would put more than ten million accounts at risk. This would be a huge blow to Sony if Anonymous has in fact completed a successful PSN hack and PlayStation Network breach. If PSN has been breached millions of users personal information, including credit cards, would be in the hands of potentially malicious users.
However note that Sony completely denies the hack. The official twitter account of PSN says- "We can confirm that the recent claim that PSN was illegally hacked & that customer PWs and email addresses were accessed is completely false".

According to Kotaku reports that the list in the Pastebin doc is a copy of a seemingly unrelated list of email addresses from March 2012, called "Email accs! // universe security sucks." The PSN hack, in other words, appears to be a rumor that didn't turn out to be true.But still we have to wait for Sony's official response about the whole matter. 
Since last year the battle between hacktivist Anonymous, Lulzsec and Sony is running. Hackers have penetrated Sony's PSN network and stolen millions of user personal information. Later Sony was forced to shutdown its entire network & apologized for the whole massacre. Not only PSN, also Sony Online Entertainment, Sony Pictures, Several Sony's official website from different countries fallen victim to the hackers. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

3 Anonymous suspects get busted in Spain

Posted by Avik Sarkar On 6/11/2011 06:37:00 pm


Police in Spain have arrested three cyber criminals who are suspected to be members of the online ‘hactivist’ group, Anonymous. The group has been in the news recently with their attack on the Sony PlayStation Network, the Indian army website as well as the Indian government website - NIC.According to the Spanish police Twitter feed, the hackers were arrested in Spanish cities of Barcelona, Alicante and Almeria and a server hosted in Gijon was seized, as well. They also claim that they have dismantled the Anonymous hacker group in Spain who were responsible for attacking the PlayStation Store. The police said that these individuals have the capacity to make decisions and direct attacks. They also claim that the group has the ability to coordinate DDoS attacks to collapse Web sites around the world and are considered a threat by NATO.
According to a report, these arrests were made after investigation which began in October 2010. The Spanish police say that the arrests were made after going through millions of lines of chat logs to discover who was behind the group’s activity. The report goes on to say that some of the attacks made by the group’s members used a web based tool called Loic to fill the targeted sites with the required data.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Security Expert Believes PSN Should Remain Offline

Posted by Avik Sarkar On 5/18/2011 02:24:00 pm



The PSN has been up for a few days now, in most of the world. However, in Japan, the country where Sony calls home, the network has yet to be restored due to governmental blocks in place before it can be separately verified that the new infrastructure is secure. Now at least one security expert in Australia has taken a similar stance.

Bill Caelli, Senior Research Scientist at the Information Security Institute in the Queensland University of Technology, recently spoke with The Australian, a website for the region. He stated that in his opinion the government should have intervened with the restart of the PlayStation Network, to have its new security tested by an outside party. Mr. Caelli begs the question: “Why is it that in the IT industry enterprises certify themselves?” He claims that the average consumer has “no way of assessing the assurances given by the owners of the system themselves.” Australian Privacy Commissioner Timothy Pilgrim stated that an investigation into the incident is currently in progress, and he was also pondering if the commission should seek out more information from Sony.
Have Sony disclosed enough information, or should governments play a more active role in determining if any corporation’s actions are sufficient following a massive data and privacy leak like the one Sony has just gone through? The PSN service is currently up in Australia, but of course we will update you if and when the situation changes.
Roger Thompson, AVG’s Chief Research Officer also recommended holding off inputting your credit card details straight away in an exclusive interview (Part 1, Part 2) with PlayStation LifeStyle during the PSN downtime. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

What the PlayStation Network Hack Teaches Us about Cyber Security??

Posted by Avik Sarkar On 5/16/2011 02:37:00 pm



Cyber security is becoming increasingly important as more everyday transactions take place on the Internet.
Sony Computer Entertainment America (SCEA) announced in April that its PlayStation Network (PSN) had been “hacked” and that an unidentified intruder may now possess every bit of personal data ever uploaded by its clients onto its servers.
The list of information includes names, telephone numbers, birth dates, email addresses, personal and billing addresses, credit card numbers, account passwords, PSN passwords and even purchasing data collated and stored by SCEA.
Somewhere between 70 and 100 million PSN clients have been exposed to the security breach, which SCEA chairman Kazuo Hirai said may have been made by the hacker’s collective known as Anonymous, which the chairman said had been initiating denial of service (DDoS) attacks against SCEA since January.
Anonymous is an organization, but it is also a label used by many independent hackers who participate in “hacktivism” in support of Internet freedom and freedom of speech. The organization, however, has denied any involvement in the hack, challenging that its schemes are benign and intended only to raise awareness.
The seriousness of the attack has put the spotlight on the need for increased commercial cybersecurity, and the US government is insisting on more transparency from Sony about how the attack occurred, its practices and its failure to immediately alert its clients upon learning that their personal information may have been compromised. It has also asked several national and foreign government agencies to investigate, including the FBI.
While Sony’s PSN services are now back, clients are wondering what they should be doing. Cybersecurity and criminal justice experts warn that credit cards must be monitored and passwords must be changed.
The problem, they say, is that many people use the same passwords for most or all of their Internet transactions because it makes them easier to remember as the need for more passwords continues to grow. One previous hack revealed that the majority of passwords collected were either “12345” or “password” and that these were likely used interchangeably with other accounts.
Cybersecurity must evolve, but Internet users must also realize the dangers involved with Internet transactions and practice vigilance as well. Ensuring that websites and businesses are legitimate and have cybersecurity measures in place is the first step; protecting oneself by creating difficult and different passwords and changing them often is the second step, and just as important as the first, as the attack on Sony has proven.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search