Sony ditches PlayStationNetwork Branding, PSN to be known as Sony Entertainment Network

Perhaps part of Sony’s strategy for integrating their services, or maybe to distance itself from the bad reputation gained due to the continuous string of PSN break-ins – whatever may be the reasons, Sony has announced that they will be rebranding their online gaming & digital delivery service, the PlayStation Network or PSN.Sony PSN

PSN will be known as Sony Entertainment Network as of Feb 7, 2012. Curiously, the announcement was revealed as part of a Terms of Service & Privacy Policy update. Typically, you’d expect the general public to not read privacy policies & take them for granted – but Sony chose this method to make it known that PSN accounts will now be known as Sony Entertainment Network accounts.

Sony makes it clear that this will be only a name change & the existing usernames & passwords will not be affected. A firmware update in the near future will ensure that the Sony Entertainment Network branding will be applied to the PlayStation 3, PlayStation Vita – but not the PlayStation Portable.

Here’s the full email listing:

On February 7, 2012, Sony Network Entertainment International LLC (“SNEI”) will update its Terms of Service and User Agreement and its Privacy Policy. As a part of this update, your “PlayStation®Network account” will be renamed a “Sony Entertainment Network account” The first time you sign in to your Sony Entertainment Network account on or after February 7, 2012, you will be asked to agree to the new Terms of Service and User Agreement and Privacy Policy with SNEI if you wish to continue using your Sony Entertainment Network account. Please review all changes to the Terms of Service and User Agreement and Privacy Policy carefully before indicating your agreement. In particular, these are some of the additions and changes we have to these agreements:

  • New terms for parents of minor, subaccount holders regarding the limitations of chat parental controls. Your reacceptance of the Terms of Service and User Agreement and Privacy Policy affirms your consent to the sharing of your child’s data that may occur if your child utilizes certain communication functionalities on PlayStation devices such as PlayStation 3 and PlayStation Vita systems.
  • New terms that explain the location-based services offered through the PlayStation Vita system. For parents of minor, subaccount holders your reacceptance of the Terms of Service and User Agreement and Privacy Policy affirms your consent to your subaccount holder’s user of these services on the PlayStation Vita system.
  • A description of our “What’s New” section, which provides topical information about our services and advertisements.
  • Information about pre-ordering content.
  • The name of your “PlayStation Network account” is changing to a “Sony Entertainment Network account.”

You may click here to review the changes to the Terms of Service and User Agreement and you may click here to review the changes to the Privacy Policy. The rebranding of PlayStation Network accounts to Sony Entertainment Network accounts is a change in name only. Your username or password will not change, nor are we asking you to change them. On Sony Computer Entertainment’s PlayStation 3 and PlayStation Vita systems, this rebranding will occur in connection with software updates for these devices. (Note, this change will not be applied to the PSP® (PlayStation®Portable) system at this time.) This transition is based on Sony’s goal to enhance its unique digital entertainment offering. As a series of these activities Sony started last September, PlayStation Network will be aligned with “Sony Entertainment Network.” This helps us get closer to our goal of establishing a global comprehensive network platform of services across games, movies, music and more, all accessible from one convenient account. The Sony Entertainment Network account also enables use of Sony’s compelling non-game services such as Music Unlimited, Video Unlimited and PlayMemories Online (currently called Personal Space) across a variety of network-connected devices. If you do not agree with the new Terms of Service and User Agreement or Privacy Policy, you may decline to accept them, and you will no longer be able to access your account. If you wish to close your account or request a refund of your wallet balance, or have any questions, please contact Customer Service by clicking here. For more information, please click here. Thank you very much for being a customer!

How PlayStation Network Attack, Password Reuse And Unmonitored Account Resulted in Mass Phishing

Today seemed like just another day. Little did I know, in a span of about 20 minutes, the resulting set of events would be hugely embarrassing for me. I had barely woken up, when my phone started going bonkers with notifications coming from emails, chats & twitter replies. A glance at the notifications indicated that my email account had been compromised and phishing emails had been sent to every one in my contacts list.

The Analysis

I logged into my Google Apps email account and had a look at the recent account activity details, nothing out of the ordinary there.

Gmail Recent Account Activity

Checking the sent mail folder indicated that no emails had been sent in the recent past. It occurred to me to check my other Gmail account.

And indeed, soon as I logged in to my Gmail account, there was a huge red mark indicating activity from China.

Gmail Suspicious Activity

 

Sure enough, the Sent folder had a copy of the spam mail

Spam email

So, what went wrong? It all boils down to a culmination of the PlayStation Network hacking,  some bad habits from my yesteryear and some nice features from Gmail which resulted in the phishing email to look like it came from my current domain account instead of the old Gmail account.  Let’s have a look at each vector:

  1. PlayStation Network break-in
  2. Not monitoring my email account
  3. Password Reuse
  4. Send mail as and Reply-to set to my domain address

 

PlayStation Network break-in

PlayStation network was hacked recently, with all 77 million accounts compromised as a result of this break-in. I firmly believe this is the primary reason behind my  email account being compromised. The fact that my email account was accessed from a China IP barely 2 days after the break-in before sending off the mails is proof enough to convince me that the user information was sold off to spammers in China.

Not monitoring my email account

Before switching over to my Google Apps account, I had been using this Gmail account. Once the Google Apps account had been setup, I migrated all my contacts and mail over to my Google Apps account. Furthermore I had also used Google Apps’s Auto Forwarding to ensure that any stray email to the old id would get fetched and forwarded automatically to my new account. This resulted in me never monitoring the account. If I had monitored the account, I would have noticed the big red mark under Gmail’s unusual activity and would have changed the password right then.

Password reuse

You’ve heard this before lots of times, and probably are guilty of it – password reuse refers to using the common password across most/all of web services that you use. What starts as convenience turns out to be a single point of failure – just access to this one password is enough for spammers / hackers to gain access to all your accounts.  In my case even though password reuse is something I had kicked out quite some time ago ( thanks to LastPass), back then when I had setup my accounts – I had used the same password for Gmail & PSN. With spammers getting access to my password with the PSN break-in and my failure in having used the same password – getting access to my account was easy.

Send mail as and Reply-to set to my domain address

Gmail has this nice “Send mail as” feature – basically it allows you to send email originating from one Gmail account to appear as originating from another Gmail account(that you have access to, of course). I had used this feature, along with Reply-to set to my current email address during my stages of migration from Gmail to Google Apps. Post migration, however I let these settings remain as-is and did not change them.

End result of all of these:

  • My Gmail account was broken in
  • All the contacts in my contact list were spammed with phishing email
  • To make this worse, they appeared to have originated from my domain account, instead of the dormant Gmail account.

So, what happened then?

As I had mentioned above, soon as the email was sent, I received numerous emails, IMs, and twitter replies about phishing mail being sent from my account. I used the steps outlined by Keith in his earlier post about how to handle a situation like this. I changed the password on my prior Gmail account immediately(mind you: my previous password was not a dictionary password – and neither was it easy to guess or brute force). I sent an apology email to the unintended  recipients  of the phishing mail. (Un)fortunately, Gmail had already marked mails coming from that account as suspicious and that my account might have been compromised so I had to reply to some people mentioning that the second email was a genuine one from me.

Learnings from this event

As a Super User, I take pride (and great pains as well) in knowing and trying to ensure that accounts were never compromised. Today’s account has been a huge embarrassment – and a learning experience for me. To summarize:

  • The ghost of your past bad practices will return!
  • Never, ever let any account, especially as critical as email – even if it dormant – go unmonitored. If you aren’t using it, close it or delete it.
  • On event of any service break-in – always change the password!
  • Don’t use the same password for each service

 

 

 

Sony Finally Comes Clean on PSN and Qriocity Intrusion, Admits That Almost All User Information Was Stolen

SonySony has finally come clean on the PlayStation Network and Qriocity intrusion, and everyone’s worst fears have been realized. Last week Sony pulled down its highly popular PlayStation Network and Qriocity services, which have remained offline since. Initially, Sony offered little by the way of clarification, and only stated that they are working on rebuilding PSN and Qriocity, which have been victims of external intrusion. Rumors flew thick and fast. Most people pointed fingers at “Anonymous“, which had earlier caused temporary outages of PSN. Some suggested that Sony’s actions might have been prompted by the release of a custom firmware called Rebug, which enabled PlayStation users to pirate content from PSN using fake credit card credentials. Unfortunate, the real situation is a lot more critical.

Sony has now revealed that “certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion” into their network. Sony became aware of the intrusion between 17th and 19th April, and turned off PSN and Qriocity on 20th April. The intruder managed to gain access to profile data, which includes name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. Needless to say, all of this is extremely sensitive information. In the wrong hands, this kind of information can be misused in any number of ways. However, the bad news for PSN users doesn’t stop at this. According to the official update:

While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

The fact that your credit card information might be up for sale is unnerving. PlayStation Network, which is accessible via the PlayStation 3 (PS3) and PlayStation Portable (PSP), has more than 60 million registered accounts. If you had your credit card information stored with either PSN or Qriocity, then it’s highly recommended that you change your credit card number. Get in touch with your credit card issuer to find out how you can do so. However, this is something that will take time. In the meanwhile, it’s recommended that you place a fraud alert on your card.

At no charge, U.S. residents can have these credit bureaus place a fraud alerton your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity.

To do this, contact any one of the agencies recommended by Sony (Experia, Equifax and TransUnion). If you also have the nasty habit of using the same password for multiple services, you will have to go through the time-consuming procedure of manually changing passwords for each of those services that had the same password as your PSN account.

In the coming days and weeks, Sony will have a lot of answering to do. What is baffling me is the fact that sensitive information like account password and credit card were obtained by the hacker. It is common practice to secure such data by using encryption along with salting. Unless, the information was stored in plain text, or encrypted using weak techniques like MD5 hashing, the intruder should never be able to extract the original data. If Sony didn’t implement appropriate security measures, then they have no one to blame but themselves, and they will probably have to pay very dearly.

It was also irresponsible to sit on this information for a week before alerting affected users. Sony should have come clean as soon as they knew what had happened. Instead they seem to have been busy trying to save their own ass.

This incident once again highlights the pitfalls of storing your information on the cloud. Every time you trust an online service with your data, you add another source that might be exploited by hackers. It’s time that the congress makes it mandatory for every service that stores sensitive information like credit card numbers to have certain minimum security protections. Sony is currently working on making PSN and Qriocity more secure, and hopes to restore services, at least partially, within this week.

Plausible Reason For The PlayStation Network’s Downtime Revealed

Slight disclaimer: we do not usually beautify content from Reddit and put it up as an exclusive reveal. That is left for other blogs of repute.

PSN

A PSX-Scene.com moderator has put up a post on Reddit with a speculative reason (it may not be the real reason) as to why the PlayStation Network has   been down for a long time now. Most of the information below comes from facts and logical inferences:-

Some days ago a new Custom Firmware (CFW) called Rebug was released for the PlayStation 3. A CFW allows the user to run unsigned content. What this usually means is that Homebrew games and applications can be made to run only on a PS3 running a CFW. Whenever a PS3 is flashed with a CFW, it cannot connect to the PlayStation Network (PSN) since some necessary files for the connection are overwritten (I am not very familiar with the internal dynamics of the system).
As is usual with CFWs, third party developers caught on and released a patch that allowed users to connect to the PSN via the PlayStation Developers Network. So far, so good.

However, the trouble began when some CFW users found out that the PSN did not bother verifying your credit card credentials whenever you enter it for purchasing a game. Apparently, since the CFW is on the developer’s network, it is a trusted network so security is lax.

What followed was a torrent of piracy (I think I may be on to something with that collective noun) that led to Sony shutting down PSN and keeping mum about it for days on end.

This is a seemingly logical explanation since the chronology allows for that conclusion (from the post):-

1. Rebug was released on 3/31/11.
2. First guides of how to use the dev network to get back on COD games on 4/3/11.
3. Word of “shady” sites finding a way to pirate PSN content via the dev networks on 4/7/11 (basing this on posts I had to delete on the website). 4. PSN goes down on 4/20/11

Since Anonymous vehemently denies any hackingattempt on the PSN this could definitely be one of the reasons. It also fits under the external intrusionexplanation allegedly given by Sony, since this is technically external intrusion.

Thoughts, readers?

PlayStation Network Continues to Remain Offline as Sony Works on Rebuilding It

PSNSony’s PlayStation Network (PSN) is down for the fifth straight day, and there is no word on when it will become operational again. Earlier, we reported that PSN and Qriocity were pulled down by Sony due to “external intrusion”. In a sparsely worded update, Sony’s Patrick Seybold wrote, “We sincerely regret that PlayStation Network and Qriocity services have been suspended, and we are working around the clock to bring them both back online”.

While Sony didn’t divulge any specifics, it did state that it is working on re-building the system to further strengthen its network infrastructure. The simple fact that Sony chose to suspend its services, instead of restoring the services as it is, and working on beefing up security in the background, suggests that the intrusion was quite severe. The big question is exactly what kind of information, if any, did the hackers manage to get hold of. The PSN is an online multiplayer gaming, and content distribution service that is an integral part of the PlayStation 3 and PlayStation Portable (PSP) experience. Many customers have sensitive information like credit card details. Unconfirmed reports suggest that admin dev accounts were breached. Understandably, Sony is remaining tightlilpped about the nature and the extent of the intrusion. Hopefully, once it manages to get PSN and Qriocity back online, it will share more details. For now, the only thing that we can do is wait.

Sony Confirms That PlayStation Network Downtime Is Due to “External Intrusion”

A couple of days back, Sony’s PlayStation Network and Qriocity services went offline without any prior notice. Immediately speculation began to mount that “Anonymous”, an infamous band of hacktivists, had succeeded in hacking the PSN. Anonymous had earlier taken issue with Sony’s strong stance against jailbreaking of the PS3, and the treatment meted to Geohot. It had threatened to fight back against Sony. However, after initially causing intermittent outages of PSN, Anon decided to stop its attempts to knock out the PSN, in order to avoid inconveniencing users.

Now, Sony has finally broken its silence, and has confirmed that the PlayStation Network and Qriocity were taken offline due to “an external intrusion”. Anonymous has, however, distanced itself from the hacking of the PSN through its press release titled “For Once We Didn’t Do It”. The release states that, “While it is possible that other Anons have acted by themselves, AnonOps was not related to this incident and does not take responsibility for whatever has happened”.

Anonymous-PlayStation-Network

Irrespestive of the cause of the outage, this is bad news for gamers all over the world. Sony hasn’t clarified how long the outages are likely to continue; however, there is a good chance that the services will not be restored within the next couple of days. This means that PS3 owners are going to have a long weekend.

PlayStation Network Adds a Slew of Games Including Plants vs. Zombies

Sony is becoming quite well versed with the time and tide of things. First Angry Birds was released as a PlayStation Portable (PSP) Mini, and now the hit tower defense game (more correctly, home defense using murderous plants game) Plants vs. Zombies is in for a release on the PlayStation Network (PSN).

pvz_logo_stacked_rgb

In addition to the much loved Plants vs. Zombies, the new titles on the PSN include Acceleration of Suguri X Edition, Slam Bolt Scrappers, Akimi Village, Sideway, and Rochard.

From the press release:-

Plants vs. Zombies: Debuting this February, we all know what this game is all about. If you still have not played this incredibly cute but insanely addictive tower defense game, you should definitely get the PSN version.

Acceleration of Suguri X Edition: SOE and Rockin’ Android have again teamed up for more anime-style robot beat em up! Take up the role of a scorned robot and beat your way to prove your point!

Slam Bolt Scrappers: Building skyscrapers while battling baddies sounds good for you? This game is built for you, then!

Akimi Village: Construct Akimi village and help get rid of its gloom. The details are a bit murky on this one.

Sideway: This art based game places you in the feet of Nox, a 2D rebellious artist in the gritty 3D streets of a nu-art-age New York cityscape. Ambitious and quite possibly the newest kind of game to hit the PSN in a while!

sideway_logo

Rochard: Players play the role of space miner John Rochard in his gravity bending adventures. Side-scrolling fun!

Cloud Storage on the PS3 with FW 3.60

It seems that the PS3 is in for a major update after quite some time. Remember what they said about Portal 2 for the PS3 also incorporating Steam Cloud? Well Sony is really pleased with this idea and want to generously put up this service for PlayStation Plus subscribers with the newest update.

psn

Calling it the very unimaginative Online Savingprocess, Sony has informed developers about this new axis of storing files and save data with their forthcoming 3.60 firmware update. Cloud storage has the dual advantage of not only making sure the gamer has his/her peace of mind, knowing that their save data is safely backed up on a remote server, it also enables the gamer to play the same game from the same save point on multiple consoles, since the save data is tied to a specific PlayStation Network account.

There is a catch with all this generosity, as mentioned before only PlayStation Plus subscribers will be able to utilize this Online Saving process. The general public (also known as Those-Who-Refuse-To-Pay-For-Demos) is largely barred from this process. Also, since the game data is copied beyond the gamer’s console, some game developers might not be happy with the idea and can thus choose to opt out their video game’s data from being saved on the cloud.

Hopefully it will be implemented well by Sony.

Portal 2 PS3 Version Will Include SteamPlay Version Free

Well this is a first for both Valve and Sony. The highly anticipated successor to the really awesome First Person Puzzle Solver That Ate Your Brains Out While Being Ridiculously Funny Portal will very probably be one of the firsts in gaming history; Portal 2‘s PS3 version will come with an activation key for the Steam version to play on your PC (or Mac), completely free!

Portal2GLaDOS

All you need to do is type up the key on Steam and voila, you’ll have Portal 2 waiting to be downloaded and played by you, the gamer on the go. Apparently, this cross-platform gaming will also include PS3-to-PC chatting between players, and might also involve a good deal of cross-platform play (obviously) and will include syncs between your PlayStation Network (PSN) ID and your Steam account.

However, the clincher is that the PS3 version will include SteamCloud support which means that if you save at a certain point on your PS3, it syncs to Steam’s servers, and you can start the game from the exact place on your PC! So, just in case GLaDOS screws you over at a certain level and you decide to throw your controller at your PS3 very forcibly (thereby killing it instantly), fear not for SteamCloud will come to the rescue (of your game, not your console).

Here’s to looking at more console and PC friendships!

Gamertrolls, the commenting area is your arena. Fight!