Category Archives: Security

PSN more detail please…

On reading through the FAQ of the PSN “outage” it seems that Sony are trying to skirt the difficult questions. Mainly well for me anyway over the disclosure of the incident . Question 12 demon straits there intersessions I fear:

Q.12?????How serious is this???Have the hackers broken the? security on PSN/Qriocity???Are you taking necessary measures to prevent such outage happening in the future?

Since this is an overall security related issue, we will not comment further on this case but we are working to restore and maintain the services, including countermeasures against future intrusions.

This would lead me to believe that Sony doesn’t intend to outline the failing of the system and what they have done to put this right.

I have posted a question to Sony about this as well as asking for detail of the format of my password as stored on there system (ether hashed or plan). If I get an answer I will post it here.

I have herd rumours but that is all they are that the CVT codes for credit cards might have got out as well. These should never have been stored and so I am sceptical but will post more as I find out.

PSN Email

I have just tonight received the email I have been waiting for from Sony in regard to there PSN “Outage”. As you are all probably aware the PSN has been down for a week now and looks like it will be down for at least another week. It would appear that Sony have managed to loose there entire user database to an intruder. the only think they seem to have protected is the security code for credit cards though they are not finished investigating the breach so there is time yet…

The one thing that has struck me is that they have lost all the users passwords… Now this is quite alarming in a number of ways. Firstly let me note the two options I see there being for the loss of passwords as described by Sony (which is vague at best):

1. The passwords were stored in the clear (not protected by a hash) and were in the same databases that have been taken. Or.

2.The passwords were stored in a database that was compromised but they were hashed password.

Now if option 2 is the case I can only guess that there is some worry that the hashing method used is not very strong I.E. a known algorithm with no salt. This would be bad but excusable.

I fear however that Sony have kept the passwords in the clear. This is inexcusable. IF this turns out to be the case I dare say the protection of the credit card security codes will be as equally poor.

I will await the full disclosure of this incident before I decide weather to leave the PlayStation platform for good.