Ail said:
Kasz216 said:
JamaicameCRAZY said:
Kasz216 said:
Hey, if that's what the story states now. Ars Technica previously said it was completely unencrypted.
So, Sony can't be sued for neglect either... I don't see your point though... if they weren't encrypting it, even if you installed CFW, sony could be cpmsidered at fault.
|
The PS3's connection to PSN is protected by SSL. As is common to SSL implementations, the identity of the remote server is verified using a list of certificates stored on each PS3. The credit card and other information is sent over this SSL connection. So far so good; this is all safe, and your web browser depends on the same mechanisms for online purchases.
As flaws go, the risks here are not substantial. There is no generalized ability for hackers to grab credit cards from PSN users; only those using specially devised custom firmwares would be at risk. Essentially the same risk could be faced by anyone downloading a pirated version of Windows: extra certificates could be added to those normally trusted, along with suitable DNS entries, to allow interception of any traffic destined for, say, amazon.com. In practice, the risk of either of these is slight, and in any case, trivially avoided: don't use custom firmware.
from ars
|
I'm guessing you didn't read the article you quoted there... or just stopped when you saw the part you agreed with rather then actually you know... care about the information.
Note how that article has {Update} in big bold letters... and how right below that it lists [Original Story].
I read the original story.
Aside from which, I was right... and you were wrong, it's only an issue to those who dl the custom firmware.
You may want to read it though... and notice all the info sony is taking for you. Also, you would be "sadly misinformed" less.
|
The original PDF posted by said anonymous hacker actually stated the same thing ars technica posted in their update...
Most people just read uncrypted and ignored the SSL comment and went ballistic..
This is how false rumors get spread out...
Basically all the original thing said is that if you install software whose source you don't know ( CFW in this case), the data you send is at risk. Big deal, it's not the discovery of the year, or even the decade...( install a trojan on your PC and then watch your credit card balance...)
And just to be clear, it's only a possible issue if you download a CFW that was specially designed with a malicious intent, not every CFW will be like that ( and to be fair, if you loose your credit card information after downloading a CFW, you kinda deserve it...)
It was a non-issue that got blown out of proportions by a few people not understanding the technical details...
|
