Showing posts sorted by relevance for query Sony PlayStation. Sort by date Show all posts
Showing posts sorted by relevance for query Sony PlayStation. Sort by date Show all posts

Why does Sony getting hacked for multiple times (full report)

Posted by Avik Sarkar On 6/09/2011 07:01:00 pm


Since the April Play Station Network breach that exposed over 100 million user accounts, Sony has been hacked more than 10 times. Sony Pictures,Sony Europe, Sony BMG Greece, Sony Thailand,Sony Music Japan, Sony Ericcson Canada, and others, have all been the target of attacks. Sony has had to contend with intense scrutiny from media, disgruntled users and lawmakers, with everyone asking the company how it could let such a breach happen. Sony has apologized repeatedly and said that the original attack was a highly professional, criminal cyber attack aimed at stealing credit card numbers. Other experts have said that Sony simply didn't have its security act together and that the attack was likely far simpler. Now, critics are wondering what exactly the motivation might be behind the continued hacks. While the initial PlayStation Network breach was the largest of the hacks to date, Sony's cyber attack problem has continued due to both inconsistent security across Sony's systems and the rise of new groups of hackers interested less in punishing Sony than in showing off their ability to breach the company's defenses, experts say.

Some analysts say Sony's security woes started when the company pressed charges against 20 year-old hacker, George Hotz, who reverse-engineered Sony’s PlayStation 3 so that it could run unapproved third-party applications. Sony responded by suing Hotz, a move that reportedly infuriated many in the hacker community. Many experts say the attack on the PlayStation Network in April could have been an act of vilgilante justice resulting directly or indirectly from Sony's lawsuit against Hotz.

"Sony's perceived abuse of the legal system in targeting reverse-engineer George Hotz infuriated hacker groups," said Randy Abrams, director of technical education at ESET, an IT security firm. Abrams also noted that even before the Hotz incident, Sony had drummed up "significant antipathy" as the result of a 2005 scandal involving Sony CDs that automatically installed a rootkit that made users' computers vulnerable to attack.
The PlayStation Network attack appears to have set off an avalanche of follow-ups.

"Other hackers and hacking groups realized they could jump on the bandwagon and break into other Sony properties and get in the news," said Richard Wang, manager of Sophos Labs, a security vendor. "Really anything that has the Sony brand on it has become a target for someone trying to make a name for themselves or trying to prove they can break into the website."

Fred Cate, director of the Center for Applied Security Research at the University of Indiana, said the first PlayStation Network breach may have tempted hackers by revealing Sony as open to attack. "There's sort of a pile-on effect," Cate said. "Once you hear that there's a vulnerable network out there, other folks start trying. Sony's now a new target of interest."
Other hackers seem to have joined up for reasons other than political or monetary gain. Sites like has sonybeen hacked this week.com demonstrate a curious mixture of genuine curiosity and weary cultural saturation.

"Prior to the PSN hack, the loosely organized Anonymous group had waged war against Sony, reflecting the opinion of a significant share of netizens who got infuriated by Sony's corporate attitude," said Guillaume Lovet, a senior manager of the threat response team at Fortinet. "But now, from being a target for opinion reasons only, it also became a target 'just for the lulz,' for [hacker group] lulzsecurity and others."
"The outcome," Lovet said, "is more attackers, thus more successful hacks."

Some critics have questioned whether Sony's security efforts both before and after the initial breaches have been adequate. Sony has since promised to boost its security systems and review existing procedures. Still, according to experts, many of the attacks used to breach Sony's sites are fairly basic hacks that the company could easily have protected against.

"They seemingly have an almost anarchistic approach to global network security, with no visible coordination of security practices across Internet properties," said Abrams. "Some properties, such as Sony Pictures, seem to have been ignoring basic security best practices."

Part of the problem is Sony’s huge international web presence. Experts say its highly unlikely that the company's multiple divisions, from movies to gaming, are following any coordinated set of security protocols.

"Sony has disclosed many breaches, including different servers in Indonesia and Thailand. I highly doubt that the same developers who developed these websites are the same developers who worked on the Playstation Network, Sony Pictures, etc.,” said Derek Manky, a senior security strategist at Fortinet. "Quite simply, there is a tradeoff: Security dwindles as you add convenience and complexity."

While the novelty of hacking Sony may continue to diminish as other cybersecurity stories hit the news, it's clear Sony must get its act together or risk more attacks, a loss of customer faith and money and possible government intervention. 

"Sony needs time to get their security house in order," Jeremiah Grossman, the CTO of WhiteHat Security wrote in an email. "As an organization, Sony could see this as an opportunity. A year or more from now, they could be an example of how security SHOULD be done across the entire industry."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony Hacked Again, 1 Million User Data Compromised

Posted by Avik Sarkar On 6/03/2011 07:35:00 pm


A group of hackers that recently gained notoriety for hacking PBS.org’s home page with an image of NyanCat, announced Thursday that it has stolen data from Sony. It’s yet another in a seemingly endless string of embarrassing security incidents for the company, but what’s shocking is just how exposed the data was to begin with.
In a press release posted to their Web site, LulzSec claims to have broken into SonyPictures.com and “compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.”
The theft included 75,000 “music codes” and 3.5 million “music coupons,” according to the group. LulzSec has posted segments of data they claim to have taken from Sony’s server to serve as proof of their accomplishment.
There are two astonishing twists to this story - one is that LulzSec was apparently able to access the information fairly easily, using what they describe as “a very simple SQL injection, one of the most primitive and common vulnerabilities.” Secondly, “every bit of data we took wasn’t encrypted. Sony stored over 1,000,000 passwords of its customers in plaintext, which means it’s just a matter of taking it. This is disgraceful and insecure: they were asking for it.”
If true, it’s devastating news for Sony, which is just getting back on its feet after shutting down access to its PlayStation Network and Sony Online Entertainment servers after hackers made off with personal information on more than 100 million user accounts.
The PlayStation Network, which controls PlayStation 3 and PlayStation Portable users’ ability to connect to one another to play online games, was down for more than three weeks through the last half of April and first half of May as Sony struggled to secure the system.
And only in the past 24 hours has Sony brought back its PlayStation Store, which serves as a way for PS3 and PSP users to download games and content for their systems.
Sony hasn’t even yet initiated its “Welcome Back” package for consumers affected by the PSN blackout - a collection of about $100 worth of games and content, as well as access to the company’s premium “PlayStation Plus” service.
SonyPictures.com isn’t directly related to the PlayStation 3 or PlayStation Network - it’s Sony’s consumer-facing Internet site for information on their movies, television and home entertainment offerings on Blu-Ray Disc and other formats. But Sony’s many Web sites and servers have been on the receiving end of security probes and hack attacks for some time, exacerbated by the company’s legal proceedings against George “Geohot” Hotz, a programmer who sought to “jailbreak” or enable the PlayStation 3 console to support Linux operating system software - a feature Sony once supported itself, but later removed in a firmware update. Since the widely-publicized outage of the PlayStation Network, hackers have stepped up their attempts to break into Sony’s systems.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony blames hacktivist group Anonymous for Playstation Network intrusion

Posted by Avik Sarkar On 5/05/2011 10:47:00 am


File this one under “things not to do when dealing with massive network outages.” Sony has kicked the hornet’s nest today by blaming Anonymous, a massive network of hackers that regularly takes up activist causes, for indirectly causing a breach of security in its PlayStation Network (PSN) online gaming network that led to the attack that brought PSN down.
While the company isn’t blaming Anonymous for the attack itself, it said the hackers that stole gobs of sensitive data about PSN users were able to break into the network while it was defending itself from denial of service attacks orchestrated by Anonymous. Anonymous took on Sony after the company went after famed PS3 hacker George Hotz, who reverse engineered the PlayStation 3 to run unauthorized programs.
When the PlayStation Network crashed on April 21, Anonymous said it was not behind the attack. Instead, the hacktivist group said, “Sony is incompetent.” But an observer of the IRC forum used by members of Anonymous said the attackers behind this current Sony outage appear to have learned their methods from Anonymous’ activities of two weeks ago.
This really is not the time for Sony to start playing with fire. Anonymous doesn’t regularly respond to blame and threats, but because the network of hackers has taken on Sony before, there is no guarantee Sony’s latest accusation won’t spark some kind of retaliation. Anonymous has proven time and again that it is a force to be reckoned with. Sony has to focus on beefing up its network, not trying to shift blame around and incite more attacks against the already feeble network.
Hackers attacked the PSN on April 19, forcing the Japanese company to bring down the network, which has more than 77 million registered users. The nightmare then continued after hackers broke into the company’s Station.com site, which serves as a host for its PC games like Everquest. Hackers were able to steal information from as many as 24.6 million accounts on that site, according to Sony. In all, more than 100 million accounts might have been compromised.
The PSN breach was a massive security gaffe that has caused the U.S. government to get involved and demand answers — such as who attacked the network and what users were affected. Sony has sent warnings to PSN users about the possible credit card theft. The whole ordeal spawned an apology from Sony that lasted more than an hour and a half.
The network has been down for more than a week, denying 77 million registered gamers the ability to play online games, watch movies, listen to music or download other entertainment to their PlayStation 3 consoles and PlayStation Portable handhelds. The PlayStation Network is a critical service that competes with Microsoft’s Xbox Live online gaming service — as well as other online gaming services. There are also 948 games now available in the PlayStation Network store, as well as 4,000 pieces of add-on content for games.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony Online Entertainment Shut Down After 25 Million More Acounts Hacked

Posted by Avik Sarkar On 5/03/2011 04:40:00 pm



Sony Online Entertainment has temporarily shut down its online games service and its Facebook games after discovering the April break-in that led to the theft of 77 million user accounts also affected its system.
A spokesman for the online games unit said the service was taken down at 1:30 am Pacific time on Monday. The spokesman declined to say how many customers were affected and none were alerted beyond a terse message on its website.
Facebook games developed by Sony Online Entertainment including "PoxNora," "Dungeon Overlord," "Wildlife Refuge," as well as games based on the Star Wars movies, were all shut down.
Sony posted a message on Facebook saying "we had to temporarily take down SOE services during the night." A Sony spokesman said the Facebook games make money from microtransactions and the sale of virtual goods like costumes and weapons.
Facebook could not immediately be reached for comment.
Sony Online Entertainment is a division of Sony Corp, the global electronics company that operates online games such as "EverQuest" and is separate from the PlayStation video game console division.
Story continues below
The spokesman, who could not confirm a Nikkei report that 12,700 credit card numbers were stolen from the intrusion of Sony Online Entertainment, said it was not "a second attack" and was related to the April 17-19 break-in of the Sony PlayStation Network.
"In the course of our investigation into the intrusion into our systems we have discovered an issue that warrants enough concern for us to take the service down effective immediately," the company said on its website.
Sony on Monday denied on its official PlayStation blog that hackers had tried to sell it a list of millions of credit card numbers.
The news comes less than a week after Sony alerted customers that a hacker broke into Sony's PlayStation video game network and stole names, addresses, passwords and possibly credit card numbers of its 77 million customers.
Sony alerted customers a week after discovering the break-in.
Sony executives apologized on Sunday and said it would gradually restart the PlayStation Network with increased security and would offer some free content to users.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PlayStation Network Restored and Qriocity Services Begins

Posted by Avik Sarkar On 5/15/2011 02:19:00 pm


Sony Corporation and Sony Computer Entertainment (SCE) announced that Sony Network Entertainment International (SNEI, the company) will today begin a phased restoration by region of PlayStation®Network and Qriocity Services.  The phased restoration will be on a country by country basis beginning in the Americas, Europe, Australia, New Zealand, and Middle East.

The first phase of restored services for these countries and regions will include:
  • Sign-in for PlayStation®Network and Qriocity services, including the resetting of passwords
  • Restoration of online game-play across PS3 and PSP
  • Playback rental video content, if within rental period, of PlayStation Network Video Delivery Service on PS3, PSP and MediaGo
  • Music Unlimited powered by Qriocity, for current subscribers, on PS3 and PC
  • Access to 3rd party services such as Netflix, Hulu, Vudu and MLB.tv
  • 'Friends' category on PS3, including Friends List, Chat Functionality, Trophy Comparison, etc
  • PlayStation Home

Increased Security Measures
As the result of a criminal cyber attack on the company's data-center located in San Diego, California, U.S.A., SNEI shut down the PlayStation Network and Qriocity services on April 20, in order for the company to undergo an investigation and make enhancements to the overall security of the network infrastructure. Working closely with several respected outside security firms, the company has implemented new and additional security measures that strengthen safeguards against unauthorized activity, and provide consumers with greater protection of their personal information.
The company has made considerable enhancements to the data security, including updating and adding advanced security technologies, additional software monitoring and penetration and vulnerability testing, and increased levels of encryption and additional firewalls.  The company also added a variety of other measures to the network infrastructure including an early-warning system for unusual activity patterns that could signal an attempt to compromise the network.
"I'd like to send my sincere regret for the inconvenience this incident has caused you, and want to thank you all for the kind patience you've shown as we worked through the restoration process," said Kazuo Hirai, Executive Deputy President, Sony Corporation.  "I can't thank you enough for your patience and support during this time. We know even the most loyal customers have been frustrated by this process and are anxious to use their Sony products and services again. We are taking aggressive action at all levels to address the concerns that were raised by this incident, and are making consumer data protection a full-time, company wide commitment."
"During the past 18 months, we've seen a dramatic rise in the volume of cyber attacks, their sophistication and their impact on businesses. Thwarting cyber-crime requires an evolutionary approach to security that is well integrated, reduces risk exposure and improves efficiencies," said Francis deSouza, Senior Vice President, Enterprise Security Group, Symantec. "Today's cyber crime attacks are proving to be more covert, more targeted and better organized than those we've seen in years past. In working with Sony on the move of their data-center, it's clear they're implementing measures to reduce security risks moving forward."  
As an additional measure, Fumiaki Sakai, president of Sony Global Solutions Inc. (SGS), has been appointed acting Chief Information Security Officer of SNEI.  In addition to his current role at SGS, Mr. Sakai, in his role at SNEI, will work to further reinforce overall information security across the company's network infrastructure.  Mr. Sakai will lead the recruiting effort in finding a new and permanent CISO for SNEI.  As CISO, Mr. Sakai will report to Tim Schaaff, president, SNEI, as well as to Mr. Shinji Hasejima, CIO, Sony Corporation.  
"While we understand the importance of getting our services back online, we did not rush to do so at the expense of extensively and aggressively testing our enhanced security measures. Our consumers' safety remains our number one priority," Hirai continued. "We want to assure our customers that their personal information is being protected with some of the best security technologies available today, so that everyone can feel comfortable enjoying all that PlayStation Network and Qriocity services have to offer."  
The restoration of the services across the Americas, Europe, Australia, New Zealand, and Middle East are beginning, and consumers will be able to enjoy some of the online functionality provided by both the PlayStation Network and Qriocity services.  Phased restoration in Japan and other Asian countries and regions will be announced in due course.  The company expects to have the services fully restored by the end of May 2011.  
The company will be offering customers a "Welcome Back" package of services and premium content to all registered PlayStation Network and Qriocity account services.  The details of this program will be announced in each region shortly.  
For more information about the PlayStation Network and Qriocity services intrusion and restoration, please visit http://blog.us.playstation.com or http://blog.eu.playstation.com/


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hacking Group Denies Blame for Sony PlayStation Network Breach

Posted by Avik Sarkar On 4/26/2011 04:49:00 pm

The phrase, writ large on the hacking group Anonymous' AnonOps website, announced to the world that the security breach that has kept Sony's PlayStation network offline since last Wednesday was not Anonymous' fault.
Sony turned off its PlayStation network and Qriocity services -- used to facilitate audio for PlayStation 3 gaming -- after the networks were compromised on April 20 by "an external intrusion," Sony wrote on its PlayStation blog.
Pointing the finger at Anonymous might be a fair assumption -- earlier this month, the hacking collective launched "OpSony," which brought down several PlayStation 3 websites. The attack was in retaliation for Sony's legal pursuit of George Hotz, who published the details of his PS3 hack last year on his website, geohot.com.
Anonymous believes "Sony is taking advantage of Anonymous' previous ill will towards the company," to cover what Anonymous said is "actually an internal problem" with Sony's servers.
Sony said it is working to "resolve this situation quickly," and is rebuilding its network to guard against future security breaches. There is currently no timetable as to when PlayStation's more than 75 million customers will be able to get back to competitive online gaming.
It is not yet known if users' personal information or credit card numbers have been accessed as a result of the breach, PCWorld reported.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony says 25 million more accounts hacked

Posted by Avik Sarkar On 5/03/2011 08:26:00 pm




Sony Corp. said Monday that hackers may have taken personal information from an additional 24.6 million user accounts after a review of the recent PlayStation Network breach found an intrusion at a division that makes multiplayer online games.

The data breach comes on top of the 77 million PlayStation accounts it has already said were jeopardized by a malicious intrusion.

The latest incident occurred April 16 and 17 - earlier than the PlayStation break-in, which occurred from April 17 to 19, Sony said.

About 23,400 financial records from an outdated 2007 database involving people outside the U.S. may have been stolen in the newly discovered breach, including 10,700 direct debit records of customers in Austria, Germany, the Netherlands and Spain, it said.

The outdated information contained credit card numbers, debit card numbers and expiration dates, but not the 3-digit security code on the back of credit cards. The direct debit records included bank account numbers, customer names, account names and customer addresses.

Company spokeswoman Taina Rodriguez said Sony had no evidence the information taken from Sony Online Entertainment, or SOE, was used illicitly for financial gain.

"We had previously believed that SOE customer data had not been obtained in the cyber-attacks on the company, but on May 1 we concluded that SOE account information may have been stolen and we are notifying you as soon as possible," Sony said in a message to customers.

Sony said that it shut service Monday morning to Sony Online Entertainment games, which are available on personal computers, Facebook and the PlayStation 3 console. Its most popular games include "EverQuest," "Free Realms" and "DC Universe Online."

The company said it will grant players 30 days of additional time on their subscriptions, along with one day for each day the system is down. It is also creating a "make good" plan for its multiplayer online games.

On Sunday, Sony executives bowed in apology and said they would beef up security measures after an earlier breach caused it to shut down its PlayStation network on April 20. The company is working with the FBI and other authorities to investigate what it called "a criminal cyber attack" on Sony's data center in San Diego, Calif.

The company said it would offer "welcome back" freebies such as complimentary downloads and 30 days of free service to PlayStation customers around the world to show remorse and appreciation.

PlayStation spokesman Patrick Seybold, in a blog post Monday, denied a report that said a group tried to sell millions of credit card numbers back to Sony.

He also said that while user passwords had not been encrypted, they were transformed using a simpler function called a hash that did not leave them exposed as clear text.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony pegs loss of PlayStation Network and Qrirocity service to an ‘external intrusion’

Posted by Avik Sarkar On 4/25/2011 10:42:00 pm

sony-psn-playstation-network
Sony officially confirms that the loss of service on PlayStation Network and Qrirocity is the result of an "external intrusion," though hacker group Anonymous denies any involvement.
Sony has a bit of a problem on its hands. For a few days now, users have experienced a total blackout on the company’s PlayStation Network and Qrirocity online services. The loss of access is largely believed to the work of the hacker group Anonymous, which has pledged to keep the pressure on the Japan-based company in the wake of a very public legal dust-up with PlayStation 3 jailbreak hacker George “GeoHot” Hotz.
Sony’s online gaming and music streaming networks both went down in the middle of last week. The cause hasn’t been specified until today, with a new post on PlayStation Blog which pegs the loss of service to a Sony-initiated shutdown prompted by an “external intrusion.”
Sony senior director of communications and social media Patrick Seybold writes:
“An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services on the evening of Wednesday, April 20th. Providing quality entertainment services to our customers and partners is our utmost priority. We are doing all we can to resolve this situation quickly, and we once again thank you for your patience. We will continue to update you promptly as we have additional information to share.”
Don’t hold your breath, account holders. This is a significant event, and a pretty widespread one. Sony will certainly fix it as quickly as possible, and no doubt has a full team in the office this weekend to work on just that, but here are two subscription-driven services that had to be taken completely offline. You can almost hear the disgruntled masses gathered and throwing around words like “class action lawsuit.”
Interestingly, Anonymous is taking no credit for the service outage, and actually stepped forward to distance itself from the situation before Sony admitted to an “external intrusion” being the cause. The hacker group’s web-based news & updates outlet AnonNews features a post entitled “For Once We Didn’t Do It,” which pretty much says it all, doesn’t it? Anonymous admits that individual members may be responsible for the action, but the loss of service is not a group-wide initiative.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

19 Years Old Guy get Busted by London Police in Sony Hacking Case

Posted by Avik Sarkar On 6/21/2011 06:30:00 pm


A teenager has been arrested near London in connection with the hacking of Sony, London's Metropolitan Police said Tuesday. The 19-year-old is suspected of hacking into systems and mounting denial of service attacks against "a number of international businesses and intelligence agencies," police said. Naming suspects who have been arrested in Britain is illegal. Sony's PlayStation Network went down on April 20 after what Sony said was a massive data breach. It had more than 70 million subscribers at the time. It began coming back on line in mid-May. The PlayStation Store did not reopen until June 2.

The company estimated the cost of that attack will total $171 million. Hackers later broke into Sony Pictures website, compromising the accounts of over 1 million users, and the gaming company SEGA, stealing nearly 1.3 million users' details via a British subsidiary of the Japanese company. SEGA makes games for PlayStation and other gaming systems. The suspect's computer "will now be examined for ties to any potential group, including LulzSec," a police spokesman told CNN, declining to be named in line with custom. "This link has not been established yet as it is still early days," the spokesman said. The hacker group LulzSec claimed recently to have attacked the CIA website, and took credit for hacking into the website of the American public broadcaster PBS and posting a fake story saying the rapper Tupac Shakur was still alive. He was killed nearly 15 years ago. It's unclear whether LulzSec members played a role in the Sony PlayStation Network breach. But they have posted on their website what they claim is proprietary information from Sony Pictures and other Sony properties' websites. On Friday, on the occasion of their 1,000th tweet, the group posted a manifesto of sorts in which they said people, including their targets and advocates of Internet freedom, should be thankful. "The main anti-LulzSec argument suggests that ... our actions are causing clowns with pens to write new rules for you," the group wrote. "But what if we just hadn't released anything? What if we were silent? That would mean we would be secretly inside FBI affiliates right now, inside PBS, inside Sony... watching... abusing... ."
They seemed to suggest that by making their attacks public, they'll push websites to increase security. They said they're sitting on account information for 200,000 players of the online game Brink, but moments later said that releasing people's information is worth doing sometimes because it's fun. 
"Yes, yes, there's always the argument that releasing everything in full is just as evil, what with accounts being stolen and abused, but welcome to 2011," they wrote. "This is the lulz lizard era, where we do things just because we find it entertaining."
Analysts said the group appears to be some sort of spin-off of "Anonymous," the loose coalition of hackers that grew to prominence through their support of the whistle-blower site WikiLeaks.
But while Anonymous has its own set of moral codes and is largely politically motivated, LulzSec seems to be random.
For every hack like the one on PBS, which the group said came out of anger over a documentary about WikiLeaks, there's the cracking of porn site pron.com -- and a subsequent public list of members' e-mail addresses and passwords.
LulzSec has not yet posted a comment on the arrest of the teen in Essex, outside London, which police said was "intelligence-led."
The suspect was arrested Monday night and police are now examining a "significant amount of material," they said.


The Suspect Details:- 
Name: Mr Ryan Cleary
Alias: viraL
Age: 18-19
Address: 10 South Beech Avenue Wickford SS11 8AH
Phone Number: +447510557265
-NEWS SOURCE (CNN)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony disables PSN web login system after new exploit is discovered

Posted by Avik Sarkar On 5/19/2011 03:18:00 pm



Sony just can’t seem to stave off negative headlines these days.  Just 5 days after PSN services started to be restored throughout the world another nasty exploit has been uncovered allowing hackers to change your PSN account password.  The exploit was discovered by Nylevia last night and confirmed quickly by NeoGAF.
It was found that the web based password reset system on sites like Playstation.com and Qriocity.com will allow someone to change any account password if they know two simple pieces of information; the email address associated with the account, and the date of birth of the account holder, you know, the information that was stolen in late April when hackers first breached the PSN.  On the plus side you’ll get an email informing you that your password was reset.
Sony responded to these reports by taking down all PSN web based login systems.  Right now Sony has given no estimated time for this issue to be fixed.  The only thing Sony is saying is that PSN services won’t be impacted by this downtime.

“Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being,” said Sony. “This is due to essential maintenance and at present it is unclear how long this will take. In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information.”


While it is positive that these troubles won’t impact PSN services it is uncomfortable, to say the least, that Sony is continuing to have issues with their online security.  This has gotten so bad that Nylevia is recommending to maintain a separate email address specifically for use with PlayStation services.  The very idea of maintaining an email address for one account is absurd but it really seems necessary at this point.
This new issue has effectively killed much of the positive momentum Sony has been building since they started bringing PSN services back online last week.  With the Electronic Entertainment Expo (E3) only a few weeks away, Sony is putting themselves in the position where much of their press conference during the event will have to address these various security issues.  Sony is effectively going into one of the largest industry events of the year in damage control mode instead of creating consumer excitement for future products and games.
Hopefully Sony can address security concerns and strengthen all parts of their network against future attacks. Despite their efforts to improve overall network security they are one company who many will never again trust with their personal and credit card information.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Unpatchable Security Hole in PlayStation 3 Leading The "final hack" Also LV0 Cryptographic Keys Revealed

Posted by Avik Sarkar On 10/26/2012 05:59:00 am

Unpatchable Security Hole in PlayStation 3 Leading The "final hack" Also LV0 Cryptographic Keys Revealed

We all are very much aware that Sony along with its product's were always been a very hot favorite target of hackers. But here there are few twists, so the word 'Hack' will be be the appropriate one to describe of what happened to Sony. According to a report on Eurogamer Sony's PlayStation 3 is facing a new security threat - one it hasn't seen since the system was cracked via the PSJailbreak in 2011. The PS3 has been hacked before, but Sony was able to inhibit the hack with an update to its own firmware. This is much like the history of jailbreaking on Apple's iOS. But the latest PS3 break is being dubbed unpatchable and the final hack. That's because this hack isn't giving you an exploit to use against a programming hole. It's giving you Sony's so-called LV0 (level zero) cryptographic keys
A decryption key that is reported to be circulating on the net is said to remove the final protective barrier on some models of Sony's PlayStation 3 consoles. In the long run, the release of the key will probably allow unsigned software such as homebrew games, Linux distributions, or pirate copies of software to run on some PS3 consoles. Allegedly, the private key can be used to modify and sign the "LV0" (Level 0), for example to disable its security checks. When the PS3 system boots, from version 3.60 of the PS3's firmware, the LV0 is directly launched by the bootloader (bootldr) that is built into the system's hardware – which means that the chain of trust is broken at a very early stage. As Sony won't be able to update the bootloader with a software update, the hacker community considers this the "final hack" of the PS3 in its current forms. Eurogamer says that these keys may not have been released at all if not for a Chinese hacking outfit called "BlueDiskCFW," who gained access to the keys and planned to charge for new custom firmware updates it would create. The original group that created the LV0 had no plans on releasing them, but eventually they were leaked onto the Internet in some limited fashion. Seeing that someone was going to profit on them, the group known as "The Three Tuskateers" decided to release them into the wilds of the Internet. 
In a statement the hacker group says that "You can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now," 





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PSN Network Password Recovery Exploited

Posted by Avik Sarkar On 5/19/2011 12:32:00 pm




Patrick Seybold, Sr. Direct of Corporate Communications and Social Media, has released a statement on the PlayStation.Blog regarding this situation. Seybold clarifies, it was not a “hack”, but a URL exploit that Sony has now fixed. See the full statement (and original article) after the jump.
Here’s the official statement:
We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.
Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up.
[Original Article] The Password Recovery program that has been implemented by Sony since the PSN’s return has been moving along nicely. With such a huge influx of people requesting their information through their secure email connection, as opposed to on a PS3, Sony stated that the process would take a little longer than originally estimated. It may be even longer now. While the hack that shut down the PSN was quite “sophisticated,” a small little exploit seems to have been discovered to change the passwords again.
But if you’re worried that your PS3 will go silent once again, fret not. This password exploit seems to only be affecting various web-based Sony services. An official community moderator on the EU PlayStation forums have indicated that several sites are offline, including PlayStation.com, the forums, the Blog, Qriocity.com, and others. The login functions for these services are currently unavailable. For the time being all PlayStation Network activity is still online for PS3 and PSP users. So you don’t have to worry about that. But what DID happen?
If you wanted to reset your PSN password from your computer, you were sent an email with a unique URL to match your account. The entire process is actually fairly primitive. Note that it won’t work right now, as login services are offline.
The prodecure is as follows:
1) Navigate to : https://store.playstation.com/accounts/reset/resetPassword.action?token (this is normally, via email, https://store.playstation.com/accounts/reset/resetPassword.action?token=YYYYYYYYYYYYYYYYYYYYYYYY with the y’s being a unique token) – do not enter the code at this point.
2) Open a new tab in firefox, and go to fr.playstation.com (other pages will work too most likely), and click Login (Connexion)
3) Click Recover password
4) Enter the email and date of birth of the target account
5) Click continue, then on the confirmation page, click “Reset using E-mail”
6) Switch back to the original tab, and enter the code, then click continue
7) You will now be asked to enter a new password for the target account
Fortunately, if your account WAS compromised, you should have received an email that said something along the lines of “Thank you for changing your password, if you were unaware of this change please contact Sony,” or something to that effect. While this method is as effective as it is simple, it would take a lot of time to physically access any large number of accounts. It sounds like Sony found out about this and shut off its only access point fairly quickly. Only one more question left:
When will it just end?

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony is Going to Release "PlayStation Vita" (Portable Video Game Player)

Posted by Avik Sarkar On 10/21/2011 07:33:00 pm



Sony is planning to release the PlayStation Vita, a portable video game player, on February 22, 2012, in the United States, Canada and Europe, the company announced at a technology conference on Tuesday.
The Vita will succeed the PlayStation Portable, or PSP, and PlayStation Go, a smaller version of the hand-held device. The Vita has a touchscreen and a touch-sensitive pad on the back of the device, along with the buttons and control sticks gamers expect to see on controllers.
Sony Computer Entertainment CEO Jack Tretton and a Sony spokesman demonstrated a sequel to a popular PlayStation 3 game called "Uncharted: Golden Abyss." Players can use the standard controller or manipulate the character using touch controls, as the spokesman showed onstage at the Web 2.0 Summit. The game looks very attractive -- but when shown on the big screen, not as sharp as a console game.
Sony previously announced pricing for the Vita, with a version that connects to the Web via Wi-Fi costing $250 and another that has 3G wireless data connectivity for $300.
Nintendo made deep price cuts to its portable 3DS system just five months after a strong launch when sales began to slow.
Analysts expect Sony will struggle to sell consumers a dedicated hand-held game machine now that smartphones and tablets have become powerful enough to handle powerful games.
"The advent of smartphone gaming is quite additive to what we're trying to accomplish," Tretton said. People may look to the Vita when they want to graduate from more simplistic games sold on phones, he said.
The Vita will first hit stores on December 17 in Japan, where Sony's portable systems have fared better.


-News Source (Sony & CNN)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony's website in 13 countries been hit by hackers

Posted by Avik Sarkar On 5/24/2011 10:11:00 pm




Sony Corp bounced from two-month lows after the electronics conglomerate said this year's operating profit would match last year's, easing worries about the impact of the March earthquake. In its first estimate for the year to March 2012, Sony said operating profit would come in around 200 billion yen (USD 2.44 billion), prompting Macquarie to upgrade its rating on the stock to outperform from neutral. Morgan Stanley, Credit Suisse and UBS reiterated their overweight, buy or outperform ratings. Separately, Sony said on Tuesday websites in three countries were hacked and personal information for 8,500 people were leaked from its Greek Sony Music Entertainment website, in the latest of a series of security breaches. The company said all three sites had been taken down and that no credit card information had been registered. Analysts said Sony had provided markets with a realistic view of the impact of the quake and a PlayStation network hacking incident, both of which had weighed on the shares. Sony said it expects the quake and the hacking incident to drag down operating profit by 164 billion yen in the current financial year. In contrast, the decline in Sony's market capitalisation of 264 billion yen since the quake "looks overdone," Macquarie analyst Jeff Loff wrote in a report. "With shares cheap and cost impacts one-time in nature, we expect the stock to reverse its fall." Sony expects to report a net loss of 260 billion yen (USD 3.2 billion) for the year ended March 31, its third straight annual net loss, after writing of tax credits following Japan's earthquake and tsunami.
Many of Sony's rivals, including Panasonic Corp, have yet to issue forecasts for the current year due to uncertainty following the disaster. Shares in Sony, the maker of PlayStation video games and Vaio computers, were up 2.4% by 0340 GMT, outperforming a flat Tokyo electrical machinery subindex . Sony's shares dipped nearly 1% in early trade, to its lowest since the immediate aftermath of the earthquake. Some fund managers however said the shares, down 22% so far this year, might not see sharp gains. "I agree that shares are unlikely to keep sliding, but neither do I see any new catalysts that would bring the share price up. I expect shares to continue meandering back and forth at low levels," said Makoto Kikuchi, chief executive officer at Myojo Asset Management. "It's not just Sony. Panasonic, Sharp -- all Japanese home electronics makers have seen the base of their share price sink. They can't compete in prices, so the only route they have is to create new markets with high added value. Products that would make people pay more." "Sony used to have this ability. But I don't see anything that would make share prices rise this fiscal year." Sony has seen a series of hacking attacks that have exposed more than 100 million accounts on its online gaming network to possible data theft, casting doubt on Sony's bid to reinvent itself through its online business. The company cut its annual net earnings forecast for the year ended March 31 to a loss of 260 billion yen from its previous estimate of a profit of 70 billion yen. Credit Suisse analyst Shunsuke Tsuchiya said shares in Sony were close to bottoming out and Morgan Stanley's Masahiro Ono said the announcement cleared uncertainty and was a positive. Sony has been largely squeezed out of the portable music market by Apple Inc's iPod, while losing market share to Samsung Electronics in flat-screen TVs. Sony, which had developed but scrapped products that could be said to predate both the iPod and iPad, is set to announce its full results on Thursday.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony: Credit data at risk in PlayStation hacking Network shut down; info on 77 million users said compromised halted

Posted by Avik Sarkar On 4/27/2011 10:40:00 pm


Sony Corp. said Tuesday that the credit card data of PlayStation users around the world may have been stolen in a hack that forced it to shut down its PlayStation Network for the past week, disconnecting 77 million user accounts.
Some players brushed off the breach as a common hazard of operating in a connected world, and Sony said some services would be restored in a week. But industry experts said the scale of the breach was staggering and could cost the company billions of dollars.
"Simply put, one of the worst breaches we've seen in several years," said Josh Shaul, chief technology officer for Application Security Inc., a New York-based company that is one of the country's largest database security software makers.
Sony said it has no direct evidence credit card information was taken, but said, "we cannot rule out the possibility."
It said the intrusion was "malicious" and the company had hired an outside security firm to investigate. It has taken steps to rebuild its system to provide greater protection for personal information and warned users to contact credit agencies and set up fraud alerts.
"Our teams are working around the clock on this, and services will be restored as soon as possible," it said in a blog post Tuesday.
The company shut down the network last Wednesday after it said account information, including names, birth dates, e-mail addresses and log-in information was compromised for certain players in the days prior.
Sony says people in 59 nations use the PlayStation network. Of the 77 million user accounts, about 36 million are in the U.S. and elsewhere in the Americas, 32 million in Europe and 9 million in Asia, mostly in Japan.
Purchase history and credit card billing address information may also have been stolen, but the intruder did not obtain the three-digit security code on the back of cards, Sony said. Spokesman Satoshi Fukuoka said the company has not received any reports yet of credit card fraud or abuse resulting from the breach.
Shaul said that not having direct proof of credit card information theft should not instill a sense of security, and could mean Sony just didn't know what files were touched.
"They indicated that they're worried about it, which is probably a very strong indication that everything was stolen," he said.
If the intruder successfully stole credit card data, the heist would rank among the biggest known thefts of financial data.
Recent major hacks included some 130 million card numbers stolen from payment processor Heartland Payment Systems. As many as 100 million accounts were lifted in a break-in at TJX Cos., the chain that owns discount retailers T.J. Maxx and Marshalls, and some 4.2 million card numbers were stolen from East Coast grocery chain Hannaford Bros. Those attacks allegedly involved a single person: Albert Gonzalez, a Miami hacker who was sentenced last year to 20 years in prison for the attacks.
The Ponemon Institute, a data-security research firm, estimated that the cost of a data breach involving a malicious or criminal act averaged $318 per compromised record in 2010, up 48 percent from the year earlier.
That could pin the potential cost of the PlayStation breach at more than $24 billion.
Alan Paller, director of research for the SANS Institute, a security training organization, said that even if credit numbers weren't stolen, knowing someone's name, e-mail address and which games he or she likes can lead to expertly crafted scam e-mails. Knowing billing histories can be even more harmful, since they can identify big spenders.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Phishing site found on Sony’s servers.

Posted by Avik Sarkar On 5/20/2011 06:55:00 pm


Okay, okay. Sony has had a lot to deal with of late, what with its Playstation network being hacked and subsequently being taken offline for quite some time. But we believe that Sony has been hacked yet again, this time its Sony Thailand’s website.
As security firm f-secure reports, Sony Thailand’s hdworld.sony.co.th URL has a phishing site running on it, leading to an Italian credit card company.
SonyThailandHack
As you can see, visiting the site on Google Chrome reveals a blatant warning that the site is in fact a phishing scam:

The phishing site is in fact  a sub-domain of Sony Thailand’s website, and it’s possible the hackers either have access to Sony Thailand’s DNS record or there could be a redirect in place on the servers itself, but we can’t be sure. We’ll update this as more information comes in and once we’ve spoken to a security consultant to learn how this could actually be possible.
Update
Okay, we’ve now spoken with Jobert Abma, an online security consultant from Online24. When asked how common this is, he said:
“It’s not as common as other vulnerabilities such as ‘usual’ web issues like data injection. But, when having mayor issues like file access, the success rate of such an attack becomes much higher.”
When asked how phishers actually carried out these hacks, Abma stated that the hackers simply looked for weaknesses in the application or infrastrucutre:
“It can be done through, for example, having file access. To grant such access, weaknesses in the application or infrastructure need to be found. As application issues, you’d mention database access to write files, including remote scripts, able to execute commands on the server and so on. As for weaknesses in an infrastructure, weak passwords or buffer overflows in software could be used to grant access.”
Following on from our chat with Jobert Abma, we spoke with Mikko H. Hyppönen from f-secure – the firm that found this latest hack. Hyppönen came across the site while investigating potential Playstation phishing scams. After confirming it was definitely a hack, Hyppönen gave his thoughts on how access was gained:
“If you have a large site with lots of legacy apps and mini-sites, it’s not unheard of for something like this to happen. In Sony’s case, it’s likely its a PHP or SQL hole rather than DNS access or  htaccess edit on the server itself.”
Hyppönen also stated that this doesn’t necessarily mean that Sony.co.th or Sony.com got hacked, because the sub-domain in question may run on an external party’s server:
“I believe this particular site might run on some ad agency’s IP address. Nevertheless, it’s under Sony’s name, so technically, it’s Sony’s server.”
But it’s not just Sony that will suffer from this. It’s likely that part of the scam will involve spamming people with .it (Italy) email addresses whilst this phishing site is still live. And the hope for the scammers, of course, is they’ll hit someone who does hold the credit card in question.
So, not a good few weeks for Sony at all.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PSN Hacked Again By Anonymous! 10 Million Users Affected [Sony Denis The Hack]

Posted by Avik Sarkar On 8/16/2012 05:46:00 am

PSN Hacked Again By Anonymous! 10 Million Users Affected [Sony Denis The Hack]

Oh! no again Sony Play Station Network faced cyber attack. Guess who was behind this??? Yes this time also hacker collective Anonymous have breached the PSN and stolen more than ten million account details (Email-id & encrypted passwords). Anonymous announced the hack on its Twitter account on Wednesday (though that tweet has since been removed). 

That tweet has claimed that yet again Anonymous have broken into PlayStation Network and has a 50 gigabyte database of email accounts and their passwords – this would put more than ten million accounts at risk. This would be a huge blow to Sony if Anonymous has in fact completed a successful PSN hack and PlayStation Network breach. If PSN has been breached millions of users personal information, including credit cards, would be in the hands of potentially malicious users.
However note that Sony completely denies the hack. The official twitter account of PSN says- "We can confirm that the recent claim that PSN was illegally hacked & that customer PWs and email addresses were accessed is completely false".

According to Kotaku reports that the list in the Pastebin doc is a copy of a seemingly unrelated list of email addresses from March 2012, called "Email accs! // universe security sucks." The PSN hack, in other words, appears to be a rumor that didn't turn out to be true.But still we have to wait for Sony's official response about the whole matter. 
Since last year the battle between hacktivist Anonymous, Lulzsec and Sony is running. Hackers have penetrated Sony's PSN network and stolen millions of user personal information. Later Sony was forced to shutdown its entire network & apologized for the whole massacre. Not only PSN, also Sony Online Entertainment, Sony Pictures, Several Sony's official website from different countries fallen victim to the hackers. 




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Sony Again Under Massive Attack, 93K Accounts Compromised

Posted by Avik Sarkar On 10/12/2011 05:45:00 pm


Sony's online services have been the target of another large-scale attack. In a press release, Sony said that attackers made multiple attempts to intrude into users' Sony online service accounts. Apparently, the attacks targeted the Playstation Network (PSN), the Sony Entertainment Network (SEN) and Sony Online Entertainment (SOE) between 7 and 10 October. 

According to Official Press Release of Sony:-
"Sony Network Entertainment International LLC and Sony Online Entertainment (SOE) have detected a large amount of unauthorized sign-in attempts on PlayStation®Network (PSN), Sony Entertainment Network (SEN) and Sony Online Entertainment (SOE) services. We discovered these attempts and have taken steps to mitigate the activity.
Less than one tenth of one percent of our PSN, SEN and SOE consumers may have been affected. There were approximately 93,000 accounts (PSN/SEN: approximately 60,000 accounts; SOE: approximately 33,000) where the attempts succeeded in verifying those accounts’ valid sign-in IDs and passwords, and we have temporarily locked these accounts. As a preventative measure, we will be sending email notifications to these account holders and will be requiring secure password resets or informing consumers of password reset procedures.
Credit card numbers associated with these accounts are not at risk as a result of these unauthorized attempts. Only a small fraction of these 93,000 accounts showed additional activity prior to being locked. We are continuing to investigate the extent of unauthorized activity on any of these accounts.
These attempts appear to include a large amount of data obtained from one or more compromised lists from other companies, sites or sources. These were unauthorized attempts to verify valid user accounts on our services using very large sets of sign-in IDs and passwords. Between October 7 - 10 US Pacific Daylight Time, we confirmed that these were unauthorized attempts, and took steps to thwart this activity. "


-News Source (Sony Corporation)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Anonymous to target Iran with DoS attack

Posted by Avik Sarkar On 4/30/2011 12:07:00 pm


Anonymous says its next target is Iran.
The hacker group Anonymous has its next denial-of-service (DoS) target in sight: Iran, CNET has learned.
Members of the loosely organized group are planning "Operation Iran," an attack designed to shut down Iranian Web sites beginning Sunday, according to their latest online proclamation. May 1 is International Worker's Day.
"The people of Iran have the admiration of Anonymous, and the entire world," the statement says. "We can see that Iran still suffers at the hands of those in power. Your former government has seized control, and tries to silence you. People of Iran--your rights belong to you."
The operation seemed to already have begun late today with Web page defacements ostensibly targeted at Iranian hackers. Anonymous left messages on several Web sites that had allegedly been previously attacked by the Iranian Cyber Army, including the site of a Canadian information systems firm and the site of a Ukrainian dancing group, according to an observer on an Anonymous Internet Relay Chat channel that members use to coordinate their operations.
Anonymous is known for its renegade cyberattacks in defense of perceived underdogs or to support freedom of expression or other anti-establishment causes. In defense of whistle-blowing site WikiLeaks, the group targeted PayPal, Visa, MasterCard, and other companies late last year that had stopped enabling WikiLeaks to receive contributions.
Earlier this month, Anonymous targeted Sony in protest of the company's treatment of Sony PlayStation hacker George Hotz. Hotz and Sony have since settled the lawsuit Sony filed, and Anonymous has denied any involvement in a recent serious breach that exposed information of millions of Sony PlayStation Network customers.
Other Anonymous targets have been: Broadcast Music Inc., the Church of Scientology; the governments of Egypt, Iran, and Sweden; the Westboro Baptist Church; conservative activist billionaires Charles and David Koch and their companies; as well as security firm HBGary Federal, which had reportedly been working with the FBI to identify the leaders of Anonymous.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search