By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - Sony Discussion - What people blaming Geohotz and the "hackers" seem to be missing...

Gnizmo on 28 April 2011
Grimes said:

Is it out of the realm of possibility that the hackers could have stolen the encryption keys?


Hrmm. No, I suppose not. If those were easily accessible you would have seen more going after the CC info though I suspect. Rocketpig would have a better insight here than I do though. Sony certainly would have made a point of itfor the personal data however. They were pretty forth coming with which data was or wasn't encrypted.



Starcraft 2 ID: Gnizmo 229

Around the Network
imaprettyhotguy on 28 April 2011
Gnizmo said:
imaprettyhotguy said:

You said the word practically so likely you are just putting your own spin on the fact that they said their telling you to change your pass and you just assumed it's unencripted and there is nothing in it about them admiting they were unprotected and the worse PR is every article saying it's the worst breach of personal info in history when there were bigger ones which have already been linked in this thread and you already saw


The personal data table was entirely unencrypted, and thats where your password was stored. It is all there. Read the Q&A and you will see this. The passwords were unencrypted, and stolen. Thats why they are forcing everyone to reset their password. At this point the potential for liability would be too high if they didn't.

Assumption is assumption stop basing things on assumptions 



rocketpig on 28 April 2011

I'm just glad that I used my third password tier on PSN. If I had to go around changing my bank, credit card, and site admin passwords (first password tier) right now, I'd be really, really pissed off.




Or check out my new webcomic: http://selfcentent.com/

rocketpig on 28 April 2011
Grimes said:

Is it out of the realm of possibility that the hackers could have stolen the encryption keys?

If they took the encryption key, Sony wouldn't be saying the CC data should be safe. That would mean that the hacker(s) had full access to that particular database and could have jacked the card numbers without much effort.




Or check out my new webcomic: http://selfcentent.com/

rocketpig on 28 April 2011
imaprettyhotguy said:
Gnizmo said:
imaprettyhotguy said:

You said the word practically so likely you are just putting your own spin on the fact that they said their telling you to change your pass and you just assumed it's unencripted and there is nothing in it about them admiting they were unprotected and the worse PR is every article saying it's the worst breach of personal info in history when there were bigger ones which have already been linked in this thread and you already saw


The personal data table was entirely unencrypted, and thats where your password was stored. It is all there. Read the Q&A and you will see this. The passwords were unencrypted, and stolen. Thats why they are forcing everyone to reset their password. At this point the potential for liability would be too high if they didn't.

Assumption is assumption stop basing things on assumptions 

And stop talking about things you obviously do not understand.

If the passwords were encrypted (meaning they were in a different database), Sony would have said as much in the Q&A.

On top of that, creating a database specifically for passwords is an unwieldy and overly complicated solution to a problem that doesn't exist if you just encrypt that table.




Or check out my new webcomic: http://selfcentent.com/

Around the Network
Acevil on 28 April 2011

Surprised this thread has gone this long, arguing the basics of what has happened. 



 

imaprettyhotguy on 28 April 2011
rocketpig said:
Grimes said:

Is it out of the realm of possibility that the hackers could have stolen the encryption keys?

If they took the encryption key, Sony wouldn't be saying the CC data should be safe. That would mean that the hacker(s) had full access to that particular database and could have jacked the card numbers without much effort.

Assuming they use the same key for CC as passwords, and the hacker never got into the part that holds CC (atleast there is no evidence)



imaprettyhotguy on 28 April 2011
rocketpig said:
imaprettyhotguy said:
Gnizmo said:
imaprettyhotguy said:

You said the word practically so likely you are just putting your own spin on the fact that they said their telling you to change your pass and you just assumed it's unencripted and there is nothing in it about them admiting they were unprotected and the worse PR is every article saying it's the worst breach of personal info in history when there were bigger ones which have already been linked in this thread and you already saw


The personal data table was entirely unencrypted, and thats where your password was stored. It is all there. Read the Q&A and you will see this. The passwords were unencrypted, and stolen. Thats why they are forcing everyone to reset their password. At this point the potential for liability would be too high if they didn't.

Assumption is assumption stop basing things on assumptions 

And stop talking about things you obviously do not understand.

If the passwords were encrypted (meaning they were in a different database), Sony would have said as much in the Q&A.

On top of that, creating a database specifically for passwords is an unwieldy and overly complicated solution to a problem that doesn't exist if you just encrypt that table.

You can store encrypted code on the same database as unencrypted text... you say I'm the one that doesn't understand what hes talking about lol



rocketpig on 28 April 2011
imaprettyhotguy said:
rocketpig said:
Grimes said:

Is it out of the realm of possibility that the hackers could have stolen the encryption keys?

If they took the encryption key, Sony wouldn't be saying the CC data should be safe. That would mean that the hacker(s) had full access to that particular database and could have jacked the card numbers without much effort.

Assuming they use the same key for CC as passwords, and the hacker never got into the part that holds CC (atleast there is no evidence)

Different database, different key.

Seriously, just stop.




Or check out my new webcomic: http://selfcentent.com/

Gnizmo on 28 April 2011
imaprettyhotguy said:

Assumption is assumption stop basing things on assumptions 


Sony is posting assumptiong now? Seems strange. The personal data table was unencrypted, and thats where the passwords were stored. That isn't an assumption. Thats fact.



Starcraft 2 ID: Gnizmo 229