Peeps pay for it now, secure it sony. no excuses this time.
Glad I can use paypal and psn cards.
Tachikoma said:
Research on active vulnerabilities isn't published on their site unless the vulnerability leads to a critical flaw, or unless the hole (however small) has been patched, if you want to sniff the sidetracks by all means join their newsgroups or IRC channels. The other thing to keep in mind is that they would not publish the vulnerability as "PSN HACK!", or even mention psn at all, they would publish it specifically under the module or platform it's running, such as apache, an associated module, or OS this keeps the people with a solid grasp of these things in the loop and the script kiddies out. I.e. you need to know what platform, what OS, what server software, what version of said software, what SQL driver and so on. If you're expecting a link to "hack found for psn login servers" then you do not understand how security advisory websites work. |
So you got the information from $somewhere and retried this on your own? Or did you read about this on "locked", let's say, forums?
| todd2r said: I wouldn't exactly call this news. Everyone knows how unstable and unsecure that network is. Its a shame really. This is just another reason why gamers are choosing Xbox One. With the reliability and security of Xbox live, to the amazing exclusives, its easy to see why Xbox One is THE place to game this holiday season. Thank you Microsoft. We are humbled. |
Finally we know the reason why XBox One is so far ahead of PS4 in sales. Praise Microsoft
| LiquorandGunFun said: Peeps pay for it now, secure it sony. no excuses this time. Glad I can use paypal and psn cards. |
the ironic thing is if these vector of attacks were so freaking common as many seem to paint psn security would be they would be hacked quite a bit more than it was! or has, thats the ironic thing, if it was so vulnerable that the exploits were so d@mn easy, the network would already be hacked to death until sony got the hint right? i mean
one time would not be enough it seems, maybe more lessons need to be applied right?
its very ironic such "security" experts are looking out for sony/to protect their consumer data, why are they going out of their way? to point out these such vulnerability vector of attacks that they really want to share this data with Sony right? for free right?
its like Anti-Virus software no one would ever put out a virus on purpose just so as to keep anti-virus software sale going right?
I AM BOLO
100% lover "nothing else matter's" after that...
ps:
Proud psOne/2/3/p owner. I survived Aplcalyps3 and all I got was this lousy Signature.
5 free games for moral damage.
Deus Ex (2000) - a game that pushes the boundaries of what the video game medium is capable of to a degree unmatched to this very day.
Seriously? An SQL injection? That's just bad.
| walsufnir said: So you got the information from $somewhere and retried this on your own? Or did you read about this on "locked", let's say, forums? |
IRC channel i frequent was discussing the find, some people did some poking, found that the login server is running a slightly older version of a particular module that is vulnerable to attack, as i said in my first and second posts though, the absolute maximum said vulnerability would expose would be numerical user id (useless), psn id (public info anyway) and salted emails (less useless but not worth cracking), the login servers were splintered away from the primary servers in 2011, hence why psn was down for so damn long.
The only way you could ever crack the userdb now would be to directly access the internal accounts server, which would involve a complete takeover of the login server (something sql injection isn't going to give), especially since their login servers are just multiple VM's on blade servers.
| Ninsect said: Finally we know the reason why XBox One is so far ahead of PS4 in sales. Praise Microsoft |
Praise Microsoft....for making Windows and IE so filled with holes and exploits, that most people focus on that :D
Tachikoma said:
IRC was discussing the find, some people did some poking, found that the login server is running a slightly older version of a particular module that is vulnerable to attack, as i said in my first and second posts though, the absolute maximum said vulnerability would expose would be numerical user id (useless), psn id (public info anyway) and salted emails (less useless but not worth cracking), the login servers were splintered away from the primary servers in 2011, hence why psn was down for so damn long. The only way you could ever crack the userdb now would be to directly access the internal accounts server, which would involve a complete takeover of the login server (something sql injection isn't going to give), especially since their login servers are just multiple VM's on blade servers. |
So IRC it was, ok... Well, whatever. Perhaps we get some official info on what is possible with this and what is not but the fact that there even is a vulnerability based on SQL injection doesn't put a good picture on Sony's attempt to secure their network.
And why do you explicitely mention blade servers running vm's? Nobody was expecting them to use one server.
About Us |
Terms of Use |
Privacy Policy |
Advertise |
Staff |
Contact
Display As Desktop
Display As Mobile
© 2006-2024 VGChartz Ltd. All rights reserved.
