Hacking Group Denies Blame for Sony PlayStation Network Breach

The phrase, writ large on the hacking group Anonymous' AnonOps website, announced to the world that the security breach that has kept Sony's PlayStation network offline since last Wednesday was not Anonymous' fault.

Sony turned off its PlayStation network and Qriocity services -- used to facilitate audio for PlayStation 3 gaming -- after the networks were compromised on April 20 by "an external intrusion," Sony wrote on its PlayStation blog.

Pointing the finger at Anonymous might be a fair assumption -- earlier this month, the hacking collective launched "OpSony," which brought down several PlayStation 3 websites. The attack was in retaliation for Sony's legal pursuit of George Hotz, who published the details of his PS3 hack last year on his website, geohot.com.

Anonymous believes "Sony is taking advantage of Anonymous' previous ill will towards the company," to cover what Anonymous said is "actually an internal problem" with Sony's servers.

Sony said it is working to "resolve this situation quickly," and is rebuilding its network to guard against future security breaches. There is currently no timetable as to when PlayStation's more than 75 million customers will be able to get back to competitive online gaming.

It is not yet known if users' personal information or credit card numbers have been accessed as a result of the breach, PCWorld reported.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hacking Group Denies Blame for Sony PlayStation Network Breach"https://www.voiceofgreyhat.com/2011/04/hacking-group-denies-blame-for-sony.html</a>

PlayStation Network Restored and Qriocity Services Begins

Sony Corporation and Sony Computer Entertainment (SCE) announced that Sony Network Entertainment International (SNEI, the company) will today begin a phased restoration by region of PlayStation®Network and Qriocity Services.  The phased restoration will be on a country by country basis beginning in the Americas, Europe, Australia, New Zealand, and Middle East.

The first phase of restored services for these countries and regions will include:

• Sign-in for PlayStation®Network and Qriocity services, including the resetting of passwords
• Restoration of online game-play across PS3 and PSP
• Playback rental video content, if within rental period, of PlayStation Network Video Delivery Service on PS3, PSP and MediaGo
• Music Unlimited powered by Qriocity, for current subscribers, on PS3 and PC
• Access to 3rd party services such as Netflix, Hulu, Vudu and MLB.tv
• 'Friends' category on PS3, including Friends List, Chat Functionality, Trophy Comparison, etc
• PlayStation Home

Increased Security Measures
As the result of a criminal cyber attack on the company's data-center located in San Diego, California, U.S.A., SNEI shut down the PlayStation Network and Qriocity services on April 20, in order for the company to undergo an investigation and make enhancements to the overall security of the network infrastructure. Working closely with several respected outside security firms, the company has implemented new and additional security measures that strengthen safeguards against unauthorized activity, and provide consumers with greater protection of their personal information.
The company has made considerable enhancements to the data security, including updating and adding advanced security technologies, additional software monitoring and penetration and vulnerability testing, and increased levels of encryption and additional firewalls.  The company also added a variety of other measures to the network infrastructure including an early-warning system for unusual activity patterns that could signal an attempt to compromise the network.
"I'd like to send my sincere regret for the inconvenience this incident has caused you, and want to thank you all for the kind patience you've shown as we worked through the restoration process," said Kazuo Hirai, Executive Deputy President, Sony Corporation.  "I can't thank you enough for your patience and support during this time. We know even the most loyal customers have been frustrated by this process and are anxious to use their Sony products and services again. We are taking aggressive action at all levels to address the concerns that were raised by this incident, and are making consumer data protection a full-time, company wide commitment."
"During the past 18 months, we've seen a dramatic rise in the volume of cyber attacks, their sophistication and their impact on businesses. Thwarting cyber-crime requires an evolutionary approach to security that is well integrated, reduces risk exposure and improves efficiencies," said Francis deSouza, Senior Vice President, Enterprise Security Group, Symantec. "Today's cyber crime attacks are proving to be more covert, more targeted and better organized than those we've seen in years past. In working with Sony on the move of their data-center, it's clear they're implementing measures to reduce security risks moving forward."  
As an additional measure, Fumiaki Sakai, president of Sony Global Solutions Inc. (SGS), has been appointed acting Chief Information Security Officer of SNEI.  In addition to his current role at SGS, Mr. Sakai, in his role at SNEI, will work to further reinforce overall information security across the company's network infrastructure.  Mr. Sakai will lead the recruiting effort in finding a new and permanent CISO for SNEI.  As CISO, Mr. Sakai will report to Tim Schaaff, president, SNEI, as well as to Mr. Shinji Hasejima, CIO, Sony Corporation.  
"While we understand the importance of getting our services back online, we did not rush to do so at the expense of extensively and aggressively testing our enhanced security measures. Our consumers' safety remains our number one priority," Hirai continued. "We want to assure our customers that their personal information is being protected with some of the best security technologies available today, so that everyone can feel comfortable enjoying all that PlayStation Network and Qriocity services have to offer."  
The restoration of the services across the Americas, Europe, Australia, New Zealand, and Middle East are beginning, and consumers will be able to enjoy some of the online functionality provided by both the PlayStation Network and Qriocity services.  Phased restoration in Japan and other Asian countries and regions will be announced in due course.  The company expects to have the services fully restored by the end of May 2011.  
The company will be offering customers a "Welcome Back" package of services and premium content to all registered PlayStation Network and Qriocity account services.  The details of this program will be announced in each region shortly.  
For more information about the PlayStation Network and Qriocity services intrusion and restoration, please visit http://blog.us.playstation.com or http://blog.eu.playstation.com/

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">PlayStation Network Restored and Qriocity Services Begins"https://www.voiceofgreyhat.com/2011/05/playstation-network-restored-and.html</a>

Hackers, Crackers, Tramps & Thieves

Recently, we have saw a “hacker group,”, loosely known as Anonymous wage a denial of service attack (DDoS) against various companies that withdrew services to WikiLeaks. This was done in a supposed noble defense of WikiLeaks. Now it appears the same group has taken credit for attacks against Sony. Why attack Sony? Because Anonymous believes individuals should be able to modify PlaySation3 consoles and Sony’s says they no they shouldn’t be and are fighting the copyright infringement with legal action. It is sort of like I disagree with you and we end up in court and you then throw a rock through my window (funny…. I didn’t mean to bring Microsoft into the mix…LOL). Well apparently, more then a rock got thrown through Sony’s “window".It now appears that 2.2 million credits cards with CVV were stolen as well . Anonymous is now only claiming they broke the window, not that they stole anything. Who exactly are “hackers”?
Initially the term came to refer to individuals who pushed technology to its limits. Hacking was making technology (hardware/software) do more, more efficiently, etc. However, somewhere along the mix it began to be used as a term to describe individuals exploiting technology for illegal purposes. Latter the term crackers came to refer to hackers who did bad things, such as breaking into systems, causing damage, stealing data, etc. We also had the “color” system if you will, in part no doubt due to the old adage in Western movies, good and bad guys wear different colored hats. Yep you guessed it you have White Hat hackers (good guys) and Black Hat Hackers (bad guys). Of course, you also then have the Grey Hat Hackers (good or bad, depending upon what they are doing). As an old John Wayne fan I never really paid much attention to what hat he was wearing but that is beside the point.
In my opinion, hackers have come to enjoy a unique position in our society. For instance, there is no such thing as a “white hat” embezzler, drug dealer, or bank robber. The closest think I can think of is maybe Robin Hood, where he was a criminal but his ends justified his means (steal from the rich and give to the poor). I suppose there was some romanticizing about train/bank robberies, Jessie James or even Bonnie and Clyde. But in the end we still consider them criminals when all is said and done. We just don’t have other offender groups being described by their head apparel. I also am amazed being a hacker is viewed by some as the best pathway to becoming an IT security expert. It is sort of like someone being a burglar or robber as a path to a career as security professional. I guess these folks think honest hard work and education just doesn’t look as good as I was a criminal on a resume.
So what does this have to do with corrections? Well, many of these folks do get caught. They go before a judge and someone has to look at what was done and make a call. Answering it was illegal is easy. What do you do with them? Some would argue they are Robin Hoods, making information free for the world. Some believe they are just really smart and the corporations are the real corrupt ones. (See The Conscience of a Hacker)
Here is the problem I have. My Robin Hood didn’t burn Sherwood Forrest to help the poor. He also did not use the poor as pawns in his fight with the rich. Take a look at the Sony case. They have a right to protect their intellectually property. They were pursing the matter in court, following the law. A group of offenders breaks into Sony, allegedly to embarrass them. However, someone during the break-in, (more then likely the same folks that broke in) stole 2.2 million credits cards with CVV. There are reports that those card number are being sold. Sony looks bad for the security breach. But was it really necessary to harm Sony’s customers in the fight to make right? So, are hackers misguided “Robin Hoods”, out to defend us against the big bad corporations out there? Or are they what we normally call, common criminals?
On the other hand some of these “criminals” are what we call in the business, “success” stories. “rtm”who released the first Internet worm, later went on to get a doctorate and is a respected expert in the field. The “Condor” is an author and runs a successful information security consulting firm (not withstanding my comment about criminals becoming future security experts). The “Dark Dante” is a senior editor for a major publication as well as an accomplished author.
The bottomline to this discussion, is corrections must do what we always do. Condemn the acts but not the individuals. Hackers, whatever the reasons, are offenders, not modern Robin Hoods. They can be rehabilitated. They are however not modern day technological heroes. Making them sound like a quarter pounder with cheese does not change the fact they have no meat between the buns. Take care and be safe. Time for a cigar! 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Hackers, Crackers, Tramps & Thieves"https://www.voiceofgreyhat.com/2011/05/hackers-crackers-tramps-thieves.html</a>

Sony Released Head Mounted Display Equipped With High Definition OLED Panel (Personal 3D Viewer, HMZ-T1)

 

Sony Corporation announced the launch of Head Mounted Display “Personal 3D Viewer” ‘HMZ-T1’, a device that offers a spectacular new style for viewing both 2D and 3D content. Simply slip the device onto your head to experience the movie theater-like virtual screen (equivalent to a 750-inch screen*2) expand before your eyes.*3
It is equipped with the newly-developed 0.7-inch (diagonal 18.0mm) high definition OLED panel (1280 x 720), which have been realized through Sony’s unique expertise in both OLED display and semiconductor silicon drive technologies. The ‘HMZ-T1’ achieves HD picture quality that makes full use of the OLED display’s high contrast, color reproducibility, and fast response. In addition, the device adopts the ‘Dual Panel 3D Method’ which consists of separate panels for the left and right eye in order to display independent HD picture quality to each eye, which realize 3D vision. The viewer can enjoy natural and bright 3D picture quality that is crosstalk-free. Furthermore, we have achieved a wide horizontal viewing angle of 45 degrees by incorporating an optical lens that thoroughly suppresses unwanted elements such as aberration and distortion. Viewers can now enjoy watching video on a movie theater-like big-screen (750-inch virtual screen, virtual viewing distance approx. 20m)*2. Sony has also adopted its original virtual surround signal processing technology. Combined with the high-resolution 3D picture quality, viewers will be able to fully enjoy powerful acoustics equivalent to a maximum of 5.1ch through the left and right headphones alone.

 Sony group has offered a wide range of 3D products and 3D content production systems, from industrial 3D filming and editing equipment and movie theater systems through to its “BRAVIA” LCD TVs, home projectors, Blu-ray™ Disc devices, Personal Computer VAIO and “PlayStation 3” while its “Handycam” and “Cyber-shot” cameras even enable people to film 3D video themselves. And now, this new 3D viewing style provided by ‘HMZ-T1’ will enable users to enjoy the movie theater-like experience whilst relaxing on their living room sofa, thus further expanding Sony’s 3D world.

Main Features:-

1. The high definition OLED panel delivers HD picture quality.
2. The ‘Dual Panel 3D Method’ delivers natural and bright 3D picture quality that is crosstalk-free.
3. Optical lens which realize wide 45-degree horizontal viewing angle (750-inch virtual screen, virtual viewing distance approx. 20m)*2 which is equivalent to a movie theatre screen, while the shielding construction creates a deep feeling of immersion.
4. ‘5.1ch Virtual Surround Technology (Virtualphones Technology)’ for realistic and expressive sound.  

Demo:-

 

 

For more information & to see the official press release by Sony click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Sony Released Head Mounted Display Equipped With High Definition OLED Panel (Personal 3D Viewer, HMZ-T1)"https://www.voiceofgreyhat.com/2011/09/sony-released-head-mounted-display.html</a>

Anonymous Gave Warning To Sony (#OpBlackout, #OpLulzxmas, #OpMayhem)

Earlier we have told that Anonymous has reacted against the controversial Stop Online Piracy Act (SOPA) reconvenes by the US Senate. This bold protest of Anonymous continues. Recently the have posted a YouTube video declaring that they will hack Sony again. If Sony doesn't stop their support of the Stop Online Piracy Act. They have specifically said they are not hacking the PlayStation Network. "We're hacking the SONY network and exploiting its servers. NOT PLAYSTATION NETWORK" 

Video Release Of Anonymous:- 

According To The Video:-

"Your support to the act is a signed death warrant to SONY Company and Associates," Anonymous said in the video. "Therefore, yet again, we have decided to destroy your network. We will dismantle your phantom from the internet. Prepare to be extinguished. Justice will be swift, and it will be for the people, whether some like it or not. Sony, you have been warned."

A Message From Anonymous To Sony:- 

Brief About SOPA:-
The Stop Online Piracy Act is a bill that was introduced in the United States House of Representatives on October 26, 2011. The bill will increase the power of the U.S. Department of Justice and copyright holders.  The bill "would expand the ability of federal law enforcement to shut down foreign Web sites and services that that use counterfeited or pirated content created by U.S. firms."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Anonymous Gave Warning To Sony (#OpBlackout, #OpLulzxmas, #OpMayhem)"https://www.voiceofgreyhat.com/2012/01/anonymous-gave-warning-to-sony.html</a>

LulzSec Hacker Cody Kretsinger Sentenced 1 Year Imprisonment For Sony Breach

LulzSec Hacker Cody Kretsinger Sentenced 1 Year Imprisonment For Security Breach of Sony Pictures Entertainment  

Infamous LulzSec hacker Cody Kretsinger who pleaded guilty last year in front of Federal Court of California for taking part in an extensive computer breach of Sony Pictures Entertainment server has faced judgement. 25 year aged Kretsinger who is also known as "Recursion" was one of the key member of Lulz Security, widely known to us as LulzSec, an offshoot of the international hacking group Anonymous. According to federal prosecutors, Cody Kretsinger has been sentenced to one year in prison in  Los Angeles. This court rule has been followed by home detention. Kretsinger, was also been ordered by a U.S. district judge in Los Angeles to perform 1,000 hours of community service after his release from prison, said Thom Mrozek, spokesman for the U.S. Attorney's Office in Los Angeles. Although prosecutors refused to say whether the hacker was co-operating with authorities in return for a softer sentence. 

During last year's plea hearing, Kretsinger told a federal judge that he gained access to the Sony Pictures website and gave the information he found there to other members of LulzSec, who posted it on the group's website and Twitter. "I joined LulzSec, your honor, at which point we gained access to the Sony Pictures website," said Kretsinger in the federal court. Prosecutors said Kretsinger and other LulzSec hackers, including those known as "Sabu" and "Topiary," stole the personal information of thousands of people after launching an "SQL injection" attack on the website; ultimately caused the unit of Sony Corp more than $600,000 in finical damage, along with that the attack caused bad impact and loss of faith for Sony Corporation and it's customers across the globe. 

While talking about this story, we would like to recap the decent history - where the arrest followed by guilty pleading of all the key members of LulzSec including  Ryan Cleary, Jake Davis, Jeremy Hammond, Raynaldo Rivera & Cody Kretsinger came a month after court documents revealed that Anonymous leader "Sabu," whose real name is Hector Xavier Monsegur, turned traitor to his community and became FBI informer and provided all the information on fellow hackers.

-Source (Reuters & Yahoo) 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">LulzSec Hacker Cody Kretsinger Sentenced 1 Year Imprisonment For Sony Breach"https://www.voiceofgreyhat.com/2013/04/Cody-Kretsinger-Get-1-Year-Imprisonment-For-Sony-Breach.html</a>

Unpatchable Security Hole in PlayStation 3 Leading The "final hack" Also LV0 Cryptographic Keys Revealed

Unpatchable Security Hole in PlayStation 3 Leading The "final hack" Also LV0 Cryptographic Keys Revealed

We all are very much aware that Sony along with its product's were always been a very hot favorite target of hackers. But here there are few twists, so the word 'Hack' will be be the appropriate one to describe of what happened to Sony. According to a report on Eurogamer Sony's PlayStation 3 is facing a new security threat - one it hasn't seen since the system was cracked via the PSJailbreak in 2011. The PS3 has been hacked before, but Sony was able to inhibit the hack with an update to its own firmware. This is much like the history of jailbreaking on Apple's iOS. But the latest PS3 break is being dubbed unpatchable and the final hack. That's because this hack isn't giving you an exploit to use against a programming hole. It's giving you Sony's so-called LV0 (level zero) cryptographic keys. 

A decryption key that is reported to be circulating on the net is said to remove the final protective barrier on some models of Sony's PlayStation 3 consoles. In the long run, the release of the key will probably allow unsigned software such as homebrew games, Linux distributions, or pirate copies of software to run on some PS3 consoles. Allegedly, the private key can be used to modify and sign the "LV0" (Level 0), for example to disable its security checks. When the PS3 system boots, from version 3.60 of the PS3's firmware, the LV0 is directly launched by the bootloader (bootldr) that is built into the system's hardware – which means that the chain of trust is broken at a very early stage. As Sony won't be able to update the bootloader with a software update, the hacker community considers this the "final hack" of the PS3 in its current forms. Eurogamer says that these keys may not have been released at all if not for a Chinese hacking outfit called "BlueDiskCFW," who gained access to the keys and planned to charge for new custom firmware updates it would create. The original group that created the LV0 had no plans on releasing them, but eventually they were leaked onto the Internet in some limited fashion. Seeing that someone was going to profit on them, the group known as "The Three Tuskateers" decided to release them into the wilds of the Internet. 

In a statement the hacker group says that "You can be sure that if it wouldn't have been for this leak, this key would never have seen the light of day, only the fear of our work being used by others to make money out of it has forced us to release this now," 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Unpatchable Security Hole in PlayStation 3 Leading The "final hack" Also LV0 Cryptographic Keys Revealed"https://www.voiceofgreyhat.com/2012/10/SecurityHole-in-PlayStation3-Leading-The-finalhack.html</a>

Sony: Credit data at risk in PlayStation hacking Network shut down; info on 77 million users said compromised halted

Sony Corp. said Tuesday that the credit card data of PlayStation users around the world may have been stolen in a hack that forced it to shut down its PlayStation Network for the past week, disconnecting 77 million user accounts.

Some players brushed off the breach as a common hazard of operating in a connected world, and Sony said some services would be restored in a week. But industry experts said the scale of the breach was staggering and could cost the company billions of dollars.

"Simply put, one of the worst breaches we've seen in several years," said Josh Shaul, chief technology officer for Application Security Inc., a New York-based company that is one of the country's largest database security software makers.

Sony said it has no direct evidence credit card information was taken, but said, "we cannot rule out the possibility."

It said the intrusion was "malicious" and the company had hired an outside security firm to investigate. It has taken steps to rebuild its system to provide greater protection for personal information and warned users to contact credit agencies and set up fraud alerts.

"Our teams are working around the clock on this, and services will be restored as soon as possible," it said in a blog post Tuesday.

The company shut down the network last Wednesday after it said account information, including names, birth dates, e-mail addresses and log-in information was compromised for certain players in the days prior.

Sony says people in 59 nations use the PlayStation network. Of the 77 million user accounts, about 36 million are in the U.S. and elsewhere in the Americas, 32 million in Europe and 9 million in Asia, mostly in Japan.

Purchase history and credit card billing address information may also have been stolen, but the intruder did not obtain the three-digit security code on the back of cards, Sony said. Spokesman Satoshi Fukuoka said the company has not received any reports yet of credit card fraud or abuse resulting from the breach.

Shaul said that not having direct proof of credit card information theft should not instill a sense of security, and could mean Sony just didn't know what files were touched.

"They indicated that they're worried about it, which is probably a very strong indication that everything was stolen," he said.

If the intruder successfully stole credit card data, the heist would rank among the biggest known thefts of financial data.

Recent major hacks included some 130 million card numbers stolen from payment processor Heartland Payment Systems. As many as 100 million accounts were lifted in a break-in at TJX Cos., the chain that owns discount retailers T.J. Maxx and Marshalls, and some 4.2 million card numbers were stolen from East Coast grocery chain Hannaford Bros. Those attacks allegedly involved a single person: Albert Gonzalez, a Miami hacker who was sentenced last year to 20 years in prison for the attacks.

The Ponemon Institute, a data-security research firm, estimated that the cost of a data breach involving a malicious or criminal act averaged $318 per compromised record in 2010, up 48 percent from the year earlier.

That could pin the potential cost of the PlayStation breach at more than $24 billion.

Alan Paller, director of research for the SANS Institute, a security training organization, said that even if credit numbers weren't stolen, knowing someone's name, e-mail address and which games he or she likes can lead to expertly crafted scam e-mails. Knowing billing histories can be even more harmful, since they can identify big spenders.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Sony: Credit data at risk in PlayStation hacking Network shut down; info on 77 million users said compromised halted"https://www.voiceofgreyhat.com/2011/04/77-mn-identities-hacked-from-sony.html</a>

2 Hacker From UK Get Busted For Stealing Michael Jackson Back Catalog From Sony

2 Hacker From UK Get Busted For Stealing Michael Jackson Back Catalog From Sony

Two hacker from UK have allegedly been arrested for illegally downloading more than 50,000 tracks from Sony's collection of world's famous pop star Michael Jackson's back catalog. James Marks, 26 and from Daventry, and 25-year-old James McCormick from Blackpool, were arrested last May and are due to stand trial in January 2013.

Sony purchased the rights from the Jackson estate in 2010 for $200 million to complete 10 projects over seven years. The actual crime happened last April when the Sony PlayStation Network was hack and shut down for 23 days due to hackers breaching the company's servers. Personal data from about 77 million customers were compromised in the cyber attack, including names, home addresses, birthdays, usernames and passwords. Sony apologized to customers and offered free identity theft protection services.

-Source (BBC)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">2 Hacker From UK Get Busted For Stealing Michael Jackson Back Catalog From Sony"https://www.voiceofgreyhat.com/2012/03/2-hacker-from-uk-get-busted-for.html</a>

PSN Network Password Recovery Exploited

Patrick Seybold, Sr. Direct of Corporate Communications and Social Media, has released a statement on the PlayStation.Blog regarding this situation. Seybold clarifies, it was not a “hack”, but a URL exploit that Sony has now fixed. See the full statement (and original article) after the jump.
Here’s the official statement:

We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.
Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up.

[Original Article] The Password Recovery program that has been implemented by Sony since the PSN’s return has been moving along nicely. With such a huge influx of people requesting their information through their secure email connection, as opposed to on a PS3, Sony stated that the process would take a little longer than originally estimated. It may be even longer now. While the hack that shut down the PSN was quite “sophisticated,” a small little exploit seems to have been discovered to change the passwords again.
But if you’re worried that your PS3 will go silent once again, fret not. This password exploit seems to only be affecting various web-based Sony services. An official community moderator on the EU PlayStation forums have indicated that several sites are offline, including PlayStation.com, the forums, the Blog, Qriocity.com, and others. The login functions for these services are currently unavailable. For the time being all PlayStation Network activity is still online for PS3 and PSP users. So you don’t have to worry about that. But what DID happen?
If you wanted to reset your PSN password from your computer, you were sent an email with a unique URL to match your account. The entire process is actually fairly primitive. Note that it won’t work right now, as login services are offline.

The prodecure is as follows:
1) Navigate to : https://store.playstation.com/accounts/reset/resetPassword.action?token (this is normally, via email, https://store.playstation.com/accounts/reset/resetPassword.action?token=YYYYYYYYYYYYYYYYYYYYYYYY with the y’s being a unique token) – do not enter the code at this point.
2) Open a new tab in firefox, and go to fr.playstation.com (other pages will work too most likely), and click Login (Connexion)
3) Click Recover password
4) Enter the email and date of birth of the target account
5) Click continue, then on the confirmation page, click “Reset using E-mail”
6) Switch back to the original tab, and enter the code, then click continue
7) You will now be asked to enter a new password for the target account

Fortunately, if your account WAS compromised, you should have received an email that said something along the lines of “Thank you for changing your password, if you were unaware of this change please contact Sony,” or something to that effect. While this method is as effective as it is simple, it would take a lot of time to physically access any large number of accounts. It sounds like Sony found out about this and shut off its only access point fairly quickly. Only one more question left:
When will it just end?

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">PSN Network Password Recovery Exploited"https://www.voiceofgreyhat.com/2011/05/psn-network-password-recovery-exploited.html</a>

LulzSec Hacker Cody Kretsinger Pleaded Guilty in Sony Breach

LulzSec Hacker Cody Kretsinger Pleaded Guilty in Sony Breach 

Accused LulzSec hacker Cody Kretsinger pleaded guilty on Thursday in federal court in California to taking part in an extensive computer breach of Sony Pictures Entertainment. Kretsinger, a 24-year-old who used the moniker "Recursion," pleaded guilty to one count each of conspiracy and unauthorized impairment of a protected computer in a deal with prosecutors.
"I joined LulzSec, your honor, at which point we gained access to the Sony Pictures website," Kretsinger told the judge after entering his guilty plea. He testified that he gave the information he got from the Sony site to other members of LulzSec, who then posted it onto the group's website and on Twitter. Kretsinger flew from Decatur, Illinois, to Los Angeles for the hearing, and responded to the judge's questions calmly, with his hands clasped behind his back.
He and other LulzSec hackers, including those known as "Sabu" and "Topiary," stole the personal information of thousands of people after launching an "SQL injection" attack on the website, and ultimately caused Sony Pictures Entertainment more than $600,000 in damages, Assistant U.S. Attorney Eric Vandevelde said.The plea agreement is under seal, although Vandevelde said Kretsinger would likely receive substantially less than the 15-year maximum sentence he faces. He could also be forced to repay any damages. His sentencing is scheduled for July 26. Neither Kretsinger nor his lawyer would comment after the proceedings.

-Source (Yahoo News & Reuters)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">LulzSec Hacker Cody Kretsinger Pleaded Guilty in Sony Breach"https://www.voiceofgreyhat.com/2012/04/lulzsec-hacker-cody-kretsinger-pleaded.html</a>

Young Hacker been Approached Diplomatically To Avoid Backlash by Microsoft

Sony’s recent nightmarish experiences with hackers has made Microsoft rethink their policies regarding how to engage with hackers. If we are to believe the words of Microsoft Corp.’s Ireland General Manager Paul Rellis, his company has learned a valuable lesson from the recent assault on Sony’s worldwide network, and has decided to approach hackers more diplomatically, TechEye reports. 

Apparently a 14-year-old Irish boy was caught trying to break into the Xbox LIVE network, but instead of prosecuting him, Microsoft has decided to help him become a better coder. Microsoft hopes that by helping the young hacker he will become a productive, white-hat hacker in the future instead of an online trouble-maker, and that they company will earn some respect from the hacker community in the process. 

Sony's problems began when they prosecuted the hacker Geohot for jailbreaking the PlayStation 3. Jailbreaking a device allows users to run their own code and, while it is controversial, its legality is still a matter of dispute.

Sony's harsh reaction to an activity that most online hackers consider relatively harmless brought about the attacks that have cost Sony more than $100 million in damages according to their own reports.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Young Hacker been Approached Diplomatically To Avoid Backlash by Microsoft"https://www.voiceofgreyhat.com/2011/05/young-hacker-been-approached.html</a>

Anonymous to target Iran with DoS attack

The hacker group Anonymous has its next denial-of-service (DoS) target in sight: Iran, CNET has learned.

Members of the loosely organized group are planning "Operation Iran," an attack designed to shut down Iranian Web sites beginning Sunday, according to their latest online proclamation. May 1 is International Worker's Day.

"The people of Iran have the admiration of Anonymous, and the entire world," the statement says. "We can see that Iran still suffers at the hands of those in power. Your former government has seized control, and tries to silence you. People of Iran--your rights belong to you."

The operation seemed to already have begun late today with Web page defacements ostensibly targeted at Iranian hackers. Anonymous left messages on several Web sites that had allegedly been previously attacked by the Iranian Cyber Army, including the site of a Canadian information systems firm and the site of a Ukrainian dancing group, according to an observer on an Anonymous Internet Relay Chat channel that members use to coordinate their operations.

Anonymous is known for its renegade cyberattacks in defense of perceived underdogs or to support freedom of expression or other anti-establishment causes. In defense of whistle-blowing site WikiLeaks, the group targeted PayPal, Visa, MasterCard, and other companies late last year that had stopped enabling WikiLeaks to receive contributions.

Earlier this month, Anonymous targeted Sony in protest of the company's treatment of Sony PlayStation hacker George Hotz. Hotz and Sony have since settled the lawsuit Sony filed, and Anonymous has denied any involvement in a recent serious breach that exposed information of millions of Sony PlayStation Network customers.

Other Anonymous targets have been: Broadcast Music Inc., the Church of Scientology; the governments of Egypt, Iran, and Sweden; the Westboro Baptist Church; conservative activist billionaires Charles and David Koch and their companies; as well as security firm HBGary Federal, which had reportedly been working with the FBI to identify the leaders of Anonymous.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Anonymous to target Iran with DoS attack"https://www.voiceofgreyhat.com/2011/04/anonymous-to-target-iran-with-dos.html</a>

Amazon cloud service blamed for Sony hacking

An anonymous source claims the person who hacked into Sony’s Playstation network did so using Amazon’s cloud computing servers. If true, it would suggest previous warnings of the potential for misuse were very much valid.
An unnamed Bloomberg source says the Sony hacker carried out the attack using Amazon’s EC2 service which, unlike more basic forms of cloud computing that are mainly for storage or document editing, allows users to carry out the data processing of their choice on a pay-per-use basis.
Sensibly enough, the hacker is said to have used a bogus name to set up the EC2 account and has since disabled the account. Amazon — which can probably expect a visit from the FBI if the story is true — does have measures to keep track of who uses its services, such as requiring a valid phone number and credit card. There are ways round both of those checks, though it would require a little more determination.
It’s not just the potential for anonymity that can make cloud computing services attractive, however. Back in January a German security consultant said he’d been able to use EC2 to successfully break a wireless password in 20 minutes and that he believed he could cut that to six minutes. That’s not just an issue of saving time, but also money: with Amazon’s pricing structure, a six-minute attack could cost under $2.
If EC2 was indeed used in the Sony attack, it’s clearly going to have been a slightly more sophisticated technique than a brute force attack on a wireless password (in effect, guessing every possible answer, usually starting with dictionary words.) But the basic principle remains the same: using cloud computing allows access to intensive processing without the hardware costs.
Amazon has previously noted that its acceptable use policy bars customers using EC2 for unauthorized hacking, though it isn’t clear if or how it attempts to stop such behavior.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Amazon cloud service blamed for Sony hacking"https://www.voiceofgreyhat.com/2011/05/amazon-cloud-service-blamed-for-sony.html</a>

Three million PS3 users in danger of fraud

Gaming giant Sony has confirmed subscribers’ card details have been stolen in the world’s biggest online hacking.

Following the revelation that 77 million subscriber accounts on Sony’s PS3 network had been hacked into, three million Brits are now vulnerable to being victims of identity fraud scams.

Customers should keep a close eye on their account for any unusual activity

The data stolen by the hackers includes names, postal addresses (including postcode, city and country), dates of birth, online IDs, email addresses, online passwords and other log-in details.
Sony has confirmed that all credit card data on its systems was stored in encrypted form, which should limit its usefulness for financial fraud.
However, other user data, such as passwords and address details, was stored in plain text, and will be open to use by “phishers” and spammers.
Although it took Sony a week to admit the colossal breach of online security, bank industry body Financial Fraud Action UK (FFA UK) has issued an urgent alert to victims.
“There’s no need for customers to contact their bank or card company at this stage,” said a FFA UK spokesman.
“However, customers should continue to do what they should normally be doing: checking their statement and keeping a close eye on their account for any unusual activity. If they spot any, they should contact their bank or card company.”
One of the major worries for UK PS3 subscribers is that many customers use the same passwords for their PlayStation account as they do for other financial accounts. FFA UK recommends they should change these passwords as soon as possible.
Victims of hacking have also been warned to watch out for spam emails - “phishing” attacks - which are targeted attempts to acquire confidential information.
Phishers send out emails that look like a genuine communication from the recipient’s credit card company or bank, with the request they fill in an online form with personal information.
This information can then be used to open accounts in the victim's name, such as mobile phone contracts or utility services, or used to apply for credit cards and loans.
Fraudsters can also open bank accounts, apply for state benefits, order goods in someone else's name and obtain genuine legal documents such as passports, driving licences and birth, marriage and death certificates. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Three million PS3 users in danger of fraud"https://www.voiceofgreyhat.com/2011/04/three-million-ps3-users-in-danger-of.html</a>

Security Expert Believes PSN Should Remain Offline

The PSN has been up for a few days now, in most of the world. However, in Japan, the country where Sony calls home, the network has yet to be restored due to governmental blocks in place before it can be separately verified that the new infrastructure is secure. Now at least one security expert in Australia has taken a similar stance.

Bill Caelli, Senior Research Scientist at the Information Security Institute in the Queensland University of Technology, recently spoke with The Australian, a website for the region. He stated that in his opinion the government should have intervened with the restart of the PlayStation Network, to have its new security tested by an outside party. Mr. Caelli begs the question: “Why is it that in the IT industry enterprises certify themselves?” He claims that the average consumer has “no way of assessing the assurances given by the owners of the system themselves.” Australian Privacy Commissioner Timothy Pilgrim stated that an investigation into the incident is currently in progress, and he was also pondering if the commission should seek out more information from Sony.
Have Sony disclosed enough information, or should governments play a more active role in determining if any corporation’s actions are sufficient following a massive data and privacy leak like the one Sony has just gone through? The PSN service is currently up in Australia, but of course we will update you if and when the situation changes.
Roger Thompson, AVG’s Chief Research Officer also recommended holding off inputting your credit card details straight away in an exclusive interview (Part 1, Part 2) with PlayStation LifeStyle during the PSN downtime. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Security Expert Believes PSN Should Remain Offline"https://www.voiceofgreyhat.com/2011/05/security-expert-believes-psn-should.html</a>

What the PlayStation Network Hack Teaches Us about Cyber Security??

Cyber security is becoming increasingly important as more everyday transactions take place on the Internet.
Sony Computer Entertainment America (SCEA) announced in April that its PlayStation Network (PSN) had been “hacked” and that an unidentified intruder may now possess every bit of personal data ever uploaded by its clients onto its servers.
The list of information includes names, telephone numbers, birth dates, email addresses, personal and billing addresses, credit card numbers, account passwords, PSN passwords and even purchasing data collated and stored by SCEA.
Somewhere between 70 and 100 million PSN clients have been exposed to the security breach, which SCEA chairman Kazuo Hirai said may have been made by the hacker’s collective known as Anonymous, which the chairman said had been initiating denial of service (DDoS) attacks against SCEA since January.
Anonymous is an organization, but it is also a label used by many independent hackers who participate in “hacktivism” in support of Internet freedom and freedom of speech. The organization, however, has denied any involvement in the hack, challenging that its schemes are benign and intended only to raise awareness.
The seriousness of the attack has put the spotlight on the need for increased commercial cybersecurity, and the US government is insisting on more transparency from Sony about how the attack occurred, its practices and its failure to immediately alert its clients upon learning that their personal information may have been compromised. It has also asked several national and foreign government agencies to investigate, including the FBI.
While Sony’s PSN services are now back, clients are wondering what they should be doing. Cybersecurity and criminal justice experts warn that credit cards must be monitored and passwords must be changed.
The problem, they say, is that many people use the same passwords for most or all of their Internet transactions because it makes them easier to remember as the need for more passwords continues to grow. One previous hack revealed that the majority of passwords collected were either “12345” or “password” and that these were likely used interchangeably with other accounts.
Cybersecurity must evolve, but Internet users must also realize the dangers involved with Internet transactions and practice vigilance as well. Ensuring that websites and businesses are legitimate and have cybersecurity measures in place is the first step; protecting oneself by creating difficult and different passwords and changing them often is the second step, and just as important as the first, as the attack on Sony has proven.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">What the PlayStation Network Hack Teaches Us about Cyber Security??"https://www.voiceofgreyhat.com/2011/05/what-playstation-network-hack-teaches.html</a>

LulzSec said: "Hack Attacks Will Continue Until Group Caught"

In a catch-me-if-you-can explanation of why it has targeted the likes of Sony, the U.S. Senate, an FBI affiliate, and online porn sites, the LulzSec hacking group says it plans to keep having fun until it gets caught. A statement the group has posted says going public with user personal details after a hack attack is better than keeping exploits private. It gives users a chance to change their passwords, the group says. Such public releases are also arguably good for websites too. After the group published 26,000 emails and passwords stolen from porn sites last week, Facebook automatically locked every account linked to the email addresses, stopping the kind of unauthorized access LulzSec discusses. LulzSec says its hack attacks will continue until "we're brought to justice, which we might well be." The group's statement amounts to a manifesto and is surprisingly more erudite than might be expected. "We're attracted to fast-changing scenarios, we can't stand repetitiveness," the group says. "Nobody is truly causing the Internet to slip one way or the other, it's an inevitable outcome for us humans." And not everything the group has done has appeared malicious. Although ithacked into the British health system computers, it declined to cause damage or publish details, instead warning admins that the system was insecure.

The group denies it's locked in a hacker war with similar group Anonymous. This had been suggested after LulzSec targeted the 4Chan website with a denial of service attack following attempts by 4Chan users to expose members of LulzSec.

LulzSec members were considered righteous vigilantes by some sectors of the Internet after their repeated attacks against Sony, which were carried out in response to Sony's hounding of PS3 hardware hacker George Hotz. However, support has been waning after the group targeted non-Sony game servers this week. Perhaps surprisingly, in the statement the group attempts to distance itself from these attacks, pointing out they were done "by the request of callers [to its telephone request line], not by our own choice".  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">LulzSec said: "Hack Attacks Will Continue Until Group Caught""https://www.voiceofgreyhat.com/2011/06/lulzsec-said-hack-attacks-will-continue.html</a>

Lulzsec Member Recursion Might Have to Face 15 Years of Imprisonment

The FBI has arrested a member of the LulzSec hacking group over its attacks on Sony Pictures earlier this year. Cody Kretsinger, who goes by the name ‘Recursion', was arrested during a raid on his home in home in Arizona. Kretsinger has been charged with conspiracy and the unauthorized impairment of a protected computer, and faces a statutory maximum sentence of 15 years in prison.
An FBI statement alleges that Kretsinger was involved in the hack on Sony Pictures, and the distribution of information stolen from the company. The statement said that he posted the stolen information on the LulzSec site, and announced the attack via Twitter. He is also alleged to have erased the hard drive of the computer used to attack Sony, in a bid to avoid detection. Four other raids were conducted looking for members of Anonymous, which has loose affiliations with LulzSec.
LulzSec embarked on a string of high profile attacks between May and July this year, targeting the US Senate, the CIA, the NHS, and Sony, but the group claimed to have disbanded.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Lulzsec Member Recursion Might Have to Face 15 Years of Imprisonment"https://www.voiceofgreyhat.com/2011/09/lulzsec-member-recursion-might-have-to.html</a>

Microsoft Said, Our Security is Stronger than Sony & RSA, also We are not Vulnerable to DDoS

Microsoft's John Howie claims Microsoft security is stronger than Sony and RSA which were hacked due to "rookie mistakes." The software giant also released Volume 10 of its Security Intelligence Report.

Uh-oh. There's nothing quite like throwing down the gauntlet and virtually taunting hackers to prove a proud boast is false. In what some attackers might consider a dare,  John Howie, Microsoft's senior director in the Online Services Security & Compliance (OSSC) team, basically claimed that Microsoft sites are unhackable and can't be DDoSed.

According to Microsoft, "rookie mistakes" by Sony and security firm RSA caused the corporations to be brought down by hackers. Howie told Computing News that Sony was coded badly and failed to patch its servers. "These are rookie mistakes," Howie said.  In regards to the breach at RSA, Howie stated, "RSA got hacked because someone got socially engineered and opened a dodgy email attachment. A rookie mistake."

Howie added, "At Microsoft we have robust mechanisms to ensure we don't have unpatched servers. We have training for staff so they know how to be secure and be wise to social engineering. We have massively overbuilt our internet capacity, this protects us against DoS attacks. We won't notice until the data column gets to 2GB/s, and even then we won't sweat until it reaches 5GB/s. Even then we have edge protection to shun addresses that we suspect of being malicious."

In other Microsoft security news, after analyzing 600 million computers worldwide, Microsoft released Volume 10 of its Security Intelligence Report. It  focuses on malware, software vulnerability disclosures, vulnerability exploits, and related trends. The majority of all vulnerabilities in 2010 were vulnerabilities in applications versus operating systems or web browsers. Exploiting Java vulnerabilities topped the list of exploitation categories over generic HTML/scripting exploits, operating system exploits, and document exploits. Adobe Acrobat and Reader accounted for the highest number of document format exploits. Windows 7 and Windows Server 2008 R2 had the lowest operating system infection rate for both client and server platforms. 64-bit versions of Windows 7 which "appeal to a more technically savvy audience than their 32-bit counterparts" have the lowest infection rates.

In regard to malicious websites, phishers targeted gaming sites in the first half of 2010 but then targeted social networks. Yet the "number of active sites targeting gaming sites remained relatively high during the second half of the year, which suggests that more campaigns may be coming."

According to the SIR [PDF] Global Threat Assessment graph below, in the 4th quarter of 2010, the most common threat in the USA  was miscellaneous Trojans which affected 38.6% of all cleaned computers. This was down from 43.8% in the 3rd quarter. The second most common threat was Adware which affected 28.3% of all cleaned computers and was up from 23% in the third quarter. "Miscellaneous Potentially Unwanted Software" was the third most common threat in the U.S. and affected 24.6% of cleaned computers. The MSRT detected malware on 11.6 of every 1,000 computers scanned in U.S. in 4Q10 giving the States "a CCM score of 11.6, compared to the 4Q10 average worldwide CCM of 8.7."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Said, Our Security is Stronger than Sony & RSA, also We are not Vulnerable to DDoS"https://www.voiceofgreyhat.com/2011/07/microsoft-said-our-security-is-stronger.html</a>