Current PSN outage: Don't abuse or we lose this thread.

  • Thread starter BWX
  • 2,574 comments
  • 184,290 views
Dravonic
What this means is, he found out that when your PS3 talks to the PSN, it relies entirely on the ssl connection to keep the information safe. That is a noobish mistake indeed, but it doesn't mean the CC information stored in PSN servers is unencrypted. I do have my doubts since if they made such a rookie mistake while transferring the data, it makes you wonder if they made a comparable mistake while storing it.
Click to expand...

You have to explain, how using ssl "alone" is a rookie mistake...?
What other security-measures do you think Sony should have used?

To my knowledge ssl is widely trusted to secure communication of semi-sensitive data across the internet... Most trusted payments-systems rely on that technology alone... Also most online-banking systems finds it suitable with "only" ssl...
 
lack of psn made me this bored :grumpy:

60275934.png
 
MikaelK
You have to explain, how using ssl "alone" is a rookie mistake...?
What other security-measures do you think Sony should have used?

To my knowledge ssl is widely trusted to secure communication of semi-sensitive data across the internet... Most trusted payments-systems rely on that technology alone... Also most online-banking systems finds it suitable with "only" ssl...
Click to expand...

SSL has known vulnerabilities, which is why sensible information should be encrypted even when using SSL. Even if someone is capable to decrypt the SSL connection (like the guy in that chat log claimed to do), the sensible data inside (like CC data) will still be encrypted.

Think of SSL as a safe, but a safe that everyone uses and is known to have flaws which allows penetration. So you put the crucial information inside another safe, one that's even safer. Even if someone breaks open the big safe, they'll hardly break open the small one inside it.
 
Last edited:
Almost not even worth quoting the PS blog anymore, but...

We are aware that you may no longer be able to log-in to the PlayStation.Blog and leave comments. This is because every time you log-in using your PlayStation Network ID, a cookie is created to keep you logged in for one week. These cookies have now started to expire and you will not be able to log back in until PSN has been restored.

However, you can still read the PlayStation.Blog without logging in and I will continue to post any news as soon as I hear of it.

In the meantime, please leave any questions or feedback on the following official PlayStation twitter feeds.
Click to expand...

I know, I know. This says nothing at all. But that's not really a new quality of this whole fiasco. I posted it just to make sure everyone is up-to-date on what they're saying without having to go to their site every 10 seconds.
 
I'm ready for PSN to go back up so I can put in my CC info and buy the new Shift 2 DLC.

No worries from me that a little common sense can't overcome. The vast majority of folks are Fear Mongering and exaggerating because they think it's funny
 
Dravonic
SSL has known vulnerabilities, which is why sensible information should be encrypted even when using SSL. Even if someone is capable to decrypt the SSL connection (like the guy in that chat log claimed to do), the sensible data inside (like CC data) will still be encrypted.
Click to expand...

Correct that there are known vulnerabilities, but that has little to do with decrypting the data-stream. The vulnerabilities can be exploited to trick human beings into think they communicate with a "known" site, but instead they has been tricked to "evilhackers.com"...
Machine to machine (PS3 to PSN) are not vulnerable to this, as they don't let them be tricked to go by a link in a hackers phishing-email...

As for decrypting the data, a hacker needs to have a copy of the private key of the certificate, holded and protected by the web-server...
Correct, that could be prevented if Sony did strengthen their server-certificate with a Diffie-Hellman type of key-exchange, instead of the common RSA key-exchange... Then even with a copy of the private key, the data wouldn't be able to be decryptet by a sniff of a complete datastream. But that demands for support of DH by the client-browser, and a client like IE8 doesn't supports DH key-exchange..
And pure brut-force on the datastream to decrypt it would take years..

My point...
Is it fair to accusing Sony for not implementing and use technology specifically stronger than widely used by other companies for exchanging creditcard- AND banking-info with their customers?
And is it then fair to call it "neglect" by Sony, and accusing them of "probably not done better on internal security" when they got hacked?
 
Nuck81
I'm ready for PSN to go back up so I can put in my CC info and buy the new Shift 2 DLC.

No worries from me that a little common sense can't overcome. The vast majority of folks are Fear Mongering and exaggerating because they think it's funny
Click to expand...

I may have missed something but I didn't see anything in the chat log of the hackers about wanting to steal everyone's credit card info and go shopping. I dunno I'm not super worried either. Even though I used a bank card not a credit card I still think the bank will do its job and we monitor our account daily so I'm not extraordinarily worried.
 
Man, this game is boring without online. Grinding, grinding, grinding.........I've been reading that next Tuesday could be the day the psn goes back up. Can't get here fast enough, whenever it happens ya know?
 
DA__dogg
Man, this game is boring without online. Grinding, grinding, grinding.........I've been reading that next Tuesday could be the day the psn goes back up. Can't get here fast enough, whenever it happens ya know?
Click to expand...

HP3 is boring without online. GT5 is playable for me since I had no intentions of going online the day I bought it.
 
AOS-
HP3 is boring without online. GT5 is playable for me since I had no intentions of going online the day I bought it.
Click to expand...

HP3? Other than the 9 hr and 24 hr endurance races, I have nothing left to do in this game besides grind. I hate it. Online is where it's at for me because I race against other people...a lot. That's why this game sucks for me without the psn.
 
And 'cause it's part of the AUP.
AUP
You will not use profanity in the forums, nor link to content which contains offensive language without sufficient warning.
Click to expand...

I saw a video somewhere in the Black Ops thread and there was a guy talking about how PSN will be back up on the 3rd because that's when Escalation is coming out and starts talking about encryption stuff and that your credit card should be fine 👍
 
Last edited:
Daniel
And 'cause it's part of the AUP.

I saw a video somewhere in the Black Ops thread and there was a guy talking about how PSN will be back up on the 3rd because that's when Escalation is coming out and starts talking about encryption stuff and that your credit card should be fine. Doubt it :P
Click to expand...

Why do you doubt it. The CC details were encrypted, my CC is on PSstore and hasn't been used fraudulently. The expected return of PSN acoording to Sony is around 3rd-4th May. Do you have information which disputes these things, or are you speculating.
 
Sony said they emailed all 77 million PSN users to let them know what's going on (email posted by other users previously). I know my email details were correct but I never received any email!
 

Similar threads

Famine
  • Locked
PSN outage/restoration - latest news from PS Blog
Replies
0
Views
10K
Famine
Famine
Grimlock213
  • Locked
Just to keep you all informed about psn
Replies
4
Views
2K
Scaff
Scaff
S
PSN phishing attempt: Watch out!
Replies
2
Views
3K
sam_i_am
S
tazmanuk
PSN Maintenance Scheduled
Replies
7
Views
869
Ross
Ross
MasterFocus
  • Locked
PSN back
Replies
5
Views
981
niky
niky

Latest Posts

Back