Tag Archives: PSN

Sony ditches PlayStationNetwork Branding, PSN to be known as Sony Entertainment Network

Perhaps part of Sony’s strategy for integrating their services, or maybe to distance itself from the bad reputation gained due to the continuous string of PSN break-ins – whatever may be the reasons, Sony has announced that they will be rebranding their online gaming & digital delivery service, the PlayStation Network or PSN.Sony PSN

PSN will be known as Sony Entertainment Network as of Feb 7, 2012. Curiously, the announcement was revealed as part of a Terms of Service & Privacy Policy update. Typically, you’d expect the general public to not read privacy policies & take them for granted – but Sony chose this method to make it known that PSN accounts will now be known as Sony Entertainment Network accounts.

Sony makes it clear that this will be only a name change & the existing usernames & passwords will not be affected. A firmware update in the near future will ensure that the Sony Entertainment Network branding will be applied to the PlayStation 3, PlayStation Vita – but not the PlayStation Portable.

Here’s the full email listing:

On February 7, 2012, Sony Network Entertainment International LLC (“SNEI”) will update its Terms of Service and User Agreement and its Privacy Policy. As a part of this update, your “PlayStation®Network account” will be renamed a “Sony Entertainment Network account” The first time you sign in to your Sony Entertainment Network account on or after February 7, 2012, you will be asked to agree to the new Terms of Service and User Agreement and Privacy Policy with SNEI if you wish to continue using your Sony Entertainment Network account. Please review all changes to the Terms of Service and User Agreement and Privacy Policy carefully before indicating your agreement. In particular, these are some of the additions and changes we have to these agreements:

  • New terms for parents of minor, subaccount holders regarding the limitations of chat parental controls. Your reacceptance of the Terms of Service and User Agreement and Privacy Policy affirms your consent to the sharing of your child’s data that may occur if your child utilizes certain communication functionalities on PlayStation devices such as PlayStation 3 and PlayStation Vita systems.
  • New terms that explain the location-based services offered through the PlayStation Vita system. For parents of minor, subaccount holders your reacceptance of the Terms of Service and User Agreement and Privacy Policy affirms your consent to your subaccount holder’s user of these services on the PlayStation Vita system.
  • A description of our “What’s New” section, which provides topical information about our services and advertisements.
  • Information about pre-ordering content.
  • The name of your “PlayStation Network account” is changing to a “Sony Entertainment Network account.”

You may click here to review the changes to the Terms of Service and User Agreement and you may click here to review the changes to the Privacy Policy. The rebranding of PlayStation Network accounts to Sony Entertainment Network accounts is a change in name only. Your username or password will not change, nor are we asking you to change them. On Sony Computer Entertainment’s PlayStation 3 and PlayStation Vita systems, this rebranding will occur in connection with software updates for these devices. (Note, this change will not be applied to the PSP® (PlayStation®Portable) system at this time.) This transition is based on Sony’s goal to enhance its unique digital entertainment offering. As a series of these activities Sony started last September, PlayStation Network will be aligned with “Sony Entertainment Network.” This helps us get closer to our goal of establishing a global comprehensive network platform of services across games, movies, music and more, all accessible from one convenient account. The Sony Entertainment Network account also enables use of Sony’s compelling non-game services such as Music Unlimited, Video Unlimited and PlayMemories Online (currently called Personal Space) across a variety of network-connected devices. If you do not agree with the new Terms of Service and User Agreement or Privacy Policy, you may decline to accept them, and you will no longer be able to access your account. If you wish to close your account or request a refund of your wallet balance, or have any questions, please contact Customer Service by clicking here. For more information, please click here. Thank you very much for being a customer!

LulzSec Breaks Into Sony Developer Network, Leaks Their Source Code

Continuing  their recent streak of break-ins into Sony web properties, the self proclaimed “world’s leaders in high-quality entertainment at your expense” Lulzsec just released a full 54MB archive consisting of Sony Computer Entertainment’s Developer network source code. Lulzsec tweeted their latest accomplishment just under half hour ago.

Sony has been under an ever-increasing spate of attacks and break-ins – the most recent being Sony Brazil, Sony Europe and  Sony Pictures Russia which was one of the most biggest hacks with over a million user names and passwords stolen. With this latest break-in ,16 of Sony’s web properties have been hacked into just under 45 days, giving an average hack rate of an astonishing 2.8 websites hacked per day.

While Lulzsec claims that the archive comprises of the Developer  network source code, a commentator on Hacker News mentions that the archive consists of Website source code rather than the actual PSN code.

Sony Hacked Again

Hard to believe, but Sony has been hacked again!

SonyAccording to a report in the Wall Street Journal, an intruder broke into So-net Entertainment Corp, a Japanese ISP owned by Sony, and stole customers’ redeemable gift points worth about $1,225.

An official statement on the site (in Japanese) explains “What we’ve done is stopped the So-Net points exchanges and told customers to change their passwords,”

Personal information of some 100 million Sony user accounts was stolen last month when its online gaming systems,  PlayStation Network and Sony Online Entertainment were hacked.

How PlayStation Network Attack, Password Reuse And Unmonitored Account Resulted in Mass Phishing

Today seemed like just another day. Little did I know, in a span of about 20 minutes, the resulting set of events would be hugely embarrassing for me. I had barely woken up, when my phone started going bonkers with notifications coming from emails, chats & twitter replies. A glance at the notifications indicated that my email account had been compromised and phishing emails had been sent to every one in my contacts list.

The Analysis

I logged into my Google Apps email account and had a look at the recent account activity details, nothing out of the ordinary there.

Gmail Recent Account Activity

Checking the sent mail folder indicated that no emails had been sent in the recent past. It occurred to me to check my other Gmail account.

And indeed, soon as I logged in to my Gmail account, there was a huge red mark indicating activity from China.

Gmail Suspicious Activity

 

Sure enough, the Sent folder had a copy of the spam mail

Spam email

So, what went wrong? It all boils down to a culmination of the PlayStation Network hacking,  some bad habits from my yesteryear and some nice features from Gmail which resulted in the phishing email to look like it came from my current domain account instead of the old Gmail account.  Let’s have a look at each vector:

  1. PlayStation Network break-in
  2. Not monitoring my email account
  3. Password Reuse
  4. Send mail as and Reply-to set to my domain address

 

PlayStation Network break-in

PlayStation network was hacked recently, with all 77 million accounts compromised as a result of this break-in. I firmly believe this is the primary reason behind my  email account being compromised. The fact that my email account was accessed from a China IP barely 2 days after the break-in before sending off the mails is proof enough to convince me that the user information was sold off to spammers in China.

Not monitoring my email account

Before switching over to my Google Apps account, I had been using this Gmail account. Once the Google Apps account had been setup, I migrated all my contacts and mail over to my Google Apps account. Furthermore I had also used Google Apps’s Auto Forwarding to ensure that any stray email to the old id would get fetched and forwarded automatically to my new account. This resulted in me never monitoring the account. If I had monitored the account, I would have noticed the big red mark under Gmail’s unusual activity and would have changed the password right then.

Password reuse

You’ve heard this before lots of times, and probably are guilty of it – password reuse refers to using the common password across most/all of web services that you use. What starts as convenience turns out to be a single point of failure – just access to this one password is enough for spammers / hackers to gain access to all your accounts.  In my case even though password reuse is something I had kicked out quite some time ago ( thanks to LastPass), back then when I had setup my accounts – I had used the same password for Gmail & PSN. With spammers getting access to my password with the PSN break-in and my failure in having used the same password – getting access to my account was easy.

Send mail as and Reply-to set to my domain address

Gmail has this nice “Send mail as” feature – basically it allows you to send email originating from one Gmail account to appear as originating from another Gmail account(that you have access to, of course). I had used this feature, along with Reply-to set to my current email address during my stages of migration from Gmail to Google Apps. Post migration, however I let these settings remain as-is and did not change them.

End result of all of these:

  • My Gmail account was broken in
  • All the contacts in my contact list were spammed with phishing email
  • To make this worse, they appeared to have originated from my domain account, instead of the dormant Gmail account.

So, what happened then?

As I had mentioned above, soon as the email was sent, I received numerous emails, IMs, and twitter replies about phishing mail being sent from my account. I used the steps outlined by Keith in his earlier post about how to handle a situation like this. I changed the password on my prior Gmail account immediately(mind you: my previous password was not a dictionary password – and neither was it easy to guess or brute force). I sent an apology email to the unintended  recipients  of the phishing mail. (Un)fortunately, Gmail had already marked mails coming from that account as suspicious and that my account might have been compromised so I had to reply to some people mentioning that the second email was a genuine one from me.

Learnings from this event

As a Super User, I take pride (and great pains as well) in knowing and trying to ensure that accounts were never compromised. Today’s account has been a huge embarrassment – and a learning experience for me. To summarize:

  • The ghost of your past bad practices will return!
  • Never, ever let any account, especially as critical as email – even if it dormant – go unmonitored. If you aren’t using it, close it or delete it.
  • On event of any service break-in – always change the password!
  • Don’t use the same password for each service

 

 

 

Sony Public Relations Posts Grim Update On PSN Situation.

HUGE ALERT TO ALL THOSE READING THIS: If you use one password on all services online then stop reading this post and go change ALL of those passwords. Done? Okay, good. Read on.

PSNup

Here is the bad news: your Credit Card information has probably been stolen. Here is the extremely bad news: the hackers also know where you live and your phone number, as well as the password that you use on most of your services (if you are the one password is enough for a bajillion accounts I am very secure!kind of person). Here’s the gist:-

What they have stolen:-

  • Name
  • Address
  • Country
  • Birthday
  • Email Addresses
  • PSN ID/Password
  • Probably Your Trophies As Well

What they might have stolen:-

  • Purchase History
  • Credit Card numbers used for purchase
  • Security question on your PSN account (which is usually the same across many platforms, so change this one too)

What Sony officially advises you to do:-

If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

To protect against possible identity theft or other financial loss, we encourage you to remain vigilant to review your account statements and to monitor your credit or similar types of reports.

How did the hackers obtain your password in the first place?

Why, it was in plaintext, my good man!

<user2>  creditCard.paymentMethodId=VISA&creditCard.holderName=Max&
creditCard.cardNumber=**********&creditCard.expireYear=****&creditCard.
expireMonth=*&creditCard.securityCode=***&creditCard.address.address1=
example street%2024%20&creditCard.address.city=city1%20&creditCard.
address.province=abc%20&creditCard.address.postalCode=12345%20

<user2>  sent as plaintext

<user3>  uh

<user3>  did you censor that card?

<user2>  ya its fake

<user3>  good

<user1>  wow, plaintext :S

<user5>  plaintext wow

<user3>  im never putting in my details like that

<user2>  ya is all fake lol

<user2>  i never used cc on ps3

<user2>  normally you ATLEAST enccrypt the securtity code, even if its ssl

PSNDRM

As the entire chat log of the hackers while they were penetrating the PlayStation Network shows at one point of time, I really cannot believe that a network that puts so much Digital Rights Management (DRM) protection on every game manages to store passwords without any kind of encryption. Thoroughly unbelievable. It is going to take a lot of coaxing from them for me to get back to the network. Thoroughly disgusting and outrageous.

Plausible Reason For The PlayStation Network’s Downtime Revealed

Slight disclaimer: we do not usually beautify content from Reddit and put it up as an exclusive reveal. That is left for other blogs of repute.

PSN

A PSX-Scene.com moderator has put up a post on Reddit with a speculative reason (it may not be the real reason) as to why the PlayStation Network has   been down for a long time now. Most of the information below comes from facts and logical inferences:-

Some days ago a new Custom Firmware (CFW) called Rebug was released for the PlayStation 3. A CFW allows the user to run unsigned content. What this usually means is that Homebrew games and applications can be made to run only on a PS3 running a CFW. Whenever a PS3 is flashed with a CFW, it cannot connect to the PlayStation Network (PSN) since some necessary files for the connection are overwritten (I am not very familiar with the internal dynamics of the system).
As is usual with CFWs, third party developers caught on and released a patch that allowed users to connect to the PSN via the PlayStation Developers Network. So far, so good.

However, the trouble began when some CFW users found out that the PSN did not bother verifying your credit card credentials whenever you enter it for purchasing a game. Apparently, since the CFW is on the developer’s network, it is a trusted network so security is lax.

What followed was a torrent of piracy (I think I may be on to something with that collective noun) that led to Sony shutting down PSN and keeping mum about it for days on end.

This is a seemingly logical explanation since the chronology allows for that conclusion (from the post):-

1. Rebug was released on 3/31/11.
2. First guides of how to use the dev network to get back on COD games on 4/3/11.
3. Word of “shady” sites finding a way to pirate PSN content via the dev networks on 4/7/11 (basing this on posts I had to delete on the website). 4. PSN goes down on 4/20/11

Since Anonymous vehemently denies any hackingattempt on the PSN this could definitely be one of the reasons. It also fits under the external intrusionexplanation allegedly given by Sony, since this is technically external intrusion.

Thoughts, readers?