PS3: rumor - don't use a credit card

[VirusType2]

Sony has officially stated that anyone using hacked firmware or any sort of circumvention technology will have their console banned for life from the PlayStation Network, but how does the company know when such a console logs in? One person claims to have broken into the PlayStation Network, and what he has found is rather shocking. If his findings are accurate, your credit card information is being sent to Sony as an unencrypted text file, and Sony is watching every single thing you do with your system, keeping detailed records all the while.

"We've contacted Sony for comment, but have not received a reply at time of publication. "

http://arstechnica.com/gaming/news/...ing-stunning-lack-of-credit-card-security.ars

* They leech all the info they can get from your console, even what devices that are connected to your PS3, the information in your USB drives, TV, just about anything you can imagine!

* So, you thought all this time the highly security information like credit card is sent encrypted? No. It is in a ****ing plain text. Yes, in a plain text where people can spoof the network and steal it. Just like that.

* Example for a credit card in a plain text, creditCard.paymentMethodId=VISA&creditCard.holderName=Max&creditCard.cardNumber=4558254723658741&creditCard.expireYear=2012&creditCard.expireMonth=2&creditCard.securityCode=214&creditCard.address.address1=example street%2024%20&creditCard.address.city=city1%20&creditCard.address.province=abc%20&creditCard.address.postalCode=12345%20, cool huh?

* If you are still are not convinced, they are being stored online and updated each time you hit the login button.

Apparently, the security is so fail, you can get free games just by changing the URLs.

 

[ríomhaire]

* They leech all the info they can get from your console, even what devices that are connected to your PS3, the information in your USB drives, TV, just about anything you can imagine!

Seems like a bullshit statement. Simply because that would be a giant waste of Sony's bandwidth.

 

[VirusType2]

It seems like it might be bullshit, but not because of that. I mean how much bandwidth does a text file with a few strings use, less than a kb?

 

[Krynn72]

If its recording everything about your usb drive and whats on it, as well as everything else plugged in, its going to be more than a few strings, and more than a kb.

This is bullshit though, because if Sony wasn't encrypting the data for peoples cards, this fact would have come out a long, long time ago.

 

[Ennui]

They probably just record the file listing on any thumb drives you have connected, not actually downloading avis or mp3s or whatever you have on there.

The point is not that Sony is Big Brother watching you, the point is that Sony knows all this and doesn't have proper data security so ANYONE with enough knowledge can theoretically hack the PSN and figure out not only your username and credit card info but also even get into your files.

 

[sixteenth]

Well, it certainly does send information to Sony as soon as you connect the system to the internet. But, you don't have to be signed in on PSN. What information is actually broadcasted? Who knows. I've been lightly following some of the PSGroove forums and it's generally accepted that you don't have to be connected to PSN for this to occur. Those who have jailbroken stock PS3s and never connected to PSN (but have connected to their home wireless networks (w/ Internet) for media center capability) have received the warning/permaban emails.

So, if all that is true, Sony is probably not using credit card information to actually ban. They could just be using the information to track your PSN purchases so that they can be removed from your system once you get the ban-hammer.

 

[VirusType2]

If its recording everything about your usb drive and whats on it, as well as everything else plugged in, its going to be more than a few strings, and more than a kb.

You guys can't possibly be arguing that finding out what you have plugged into your PS3 would be cost prohibitive to Sony.

This is bullshit though, because if Sony wasn't encrypting the data for peoples cards, this fact would have come out a long, long time ago.

I know. But only a company as arrogant as Sony would do something this foolish (regarding credit card numbers being unencrypted). I almost believe it.

 

[AtomicSpark]

Update: A document written by the hackers has clarified what they did and what privacy and security risks they believe the PlayStation 3 poses. The PS3's connection to PSN is protected by SSL. As is common to SSL implementations, the identity of the remote server is verified using a list of certificates stored on each PS3. The credit card and other information is sent over this SSL connection. So far so good; this is all safe, and your web browser depends on the same mechanisms for online purchases.

Pretty much a pointless article. A custom firmware might have fraudulent settings? Oh shit!

 

[PimpinPenguin]

The article is horribly misleading. First unmodified PS3's are not compromised, only PS3's with custom firmware are. Essentially all they have done is installed their own certificates into the custom firmware and used a custom DNS server that directed PSN connections to their proxy. the proxy would decrypt the data sent to it, and then re-encrypt it and forward it to the real PSN servers. Unmodded PS3's are not effected and PSN is not hacked. If you are daft enough to use your Credit Card on a hacked and compromise firmware then you deserve everything you get. It's like blaming Microsoft is you get compromised by using a hacked pirated version of Windows.
As for Sony logging stuff about the console, this was known well ago back when the first jailbreak devices appeared and people were sniffing the outbound traffic and saw the PS3 was reporting back to Sony despite not being connected to PSN. Having the PS3 simply hooked up to an active internet connection is enough that why Sony is finding it very easy to see who has unauthorised software on their PS3. For example when you run backup manager on a PS3 the PS3 tells Sony you are running backup manager. Hackers haven't found any proper ways to hideing sending this info properly yet.

 

[<RJMC>]

is me or this is some rumor make to discourage people from buying game on theyr ps3 and amde by the hackers that sony is trying to chase?

cuz I think some days ago sony make some statement and something about a new firmware that will ban you if it find pirated software

 

[Warped]

so what about all my porn on my external drive...am I screwed if I have Asian Tentacle Rape?

 

[Vegeta897]

so what about all my porn on my external drive...am I screwed if I have Asian Tentacle Rape?

Yes Warped, you're screwed. The Asian Tentacle Rape police are going to come to your house and arrest you.

 

[Higlac]

You know all about those people, don't you Vegeta?

 

[Vegeta897]

I know about them, but they don't know about me.

Because I'm that good.

 

[Warped]

I know about them, but they don't know about me.

Because I'm that good.

you should write a book called How to Avoid the Asian Tentacle Rape Police and Other Shenanigans by Vegeta897

 

[Krynn72]

I'd buy it.

 

[Kyorisu]

I'm just waiting for the day someone queries why I have so much magnesium on my property.