Tag Archives: Sony

Sony Goes Down Again, This Time SQL Injection Takes Down SonyBMG

In what seems to be yet another set of never ending series of hacks, break-ins, Sony took another hit when the Greece website of it’s music division, SonyBMG was hit by SQL injection.

Sophos reports that an anonymous poster has uploaded to pastebin.com  a full user database, including the usernames, real names and email addresses of users registered on SonyMusic.gr.

After searching a bit, I found the relevant paste where the data was uploaded(I won’t link here, you should be able to find out) – but it would appear that about 8,385 rows of user data have been leaked.

If you’ve an account at SonyMusic.gr, I recommend you change your password ASAP – else you might end up unknowingly spamming your entire contact list.

Sony Hacked Again

Hard to believe, but Sony has been hacked again!

SonyAccording to a report in the Wall Street Journal, an intruder broke into So-net Entertainment Corp, a Japanese ISP owned by Sony, and stole customers’ redeemable gift points worth about $1,225.

An official statement on the site (in Japanese) explains “What we’ve done is stopped the So-Net points exchanges and told customers to change their passwords,”

Personal information of some 100 million Sony user accounts was stolen last month when its online gaming systems,  PlayStation Network and Sony Online Entertainment were hacked.

How PlayStation Network Attack, Password Reuse And Unmonitored Account Resulted in Mass Phishing

Today seemed like just another day. Little did I know, in a span of about 20 minutes, the resulting set of events would be hugely embarrassing for me. I had barely woken up, when my phone started going bonkers with notifications coming from emails, chats & twitter replies. A glance at the notifications indicated that my email account had been compromised and phishing emails had been sent to every one in my contacts list.

The Analysis

I logged into my Google Apps email account and had a look at the recent account activity details, nothing out of the ordinary there.

Gmail Recent Account Activity

Checking the sent mail folder indicated that no emails had been sent in the recent past. It occurred to me to check my other Gmail account.

And indeed, soon as I logged in to my Gmail account, there was a huge red mark indicating activity from China.

Gmail Suspicious Activity

 

Sure enough, the Sent folder had a copy of the spam mail

Spam email

So, what went wrong? It all boils down to a culmination of the PlayStation Network hacking,  some bad habits from my yesteryear and some nice features from Gmail which resulted in the phishing email to look like it came from my current domain account instead of the old Gmail account.  Let’s have a look at each vector:

  1. PlayStation Network break-in
  2. Not monitoring my email account
  3. Password Reuse
  4. Send mail as and Reply-to set to my domain address

 

PlayStation Network break-in

PlayStation network was hacked recently, with all 77 million accounts compromised as a result of this break-in. I firmly believe this is the primary reason behind my  email account being compromised. The fact that my email account was accessed from a China IP barely 2 days after the break-in before sending off the mails is proof enough to convince me that the user information was sold off to spammers in China.

Not monitoring my email account

Before switching over to my Google Apps account, I had been using this Gmail account. Once the Google Apps account had been setup, I migrated all my contacts and mail over to my Google Apps account. Furthermore I had also used Google Apps’s Auto Forwarding to ensure that any stray email to the old id would get fetched and forwarded automatically to my new account. This resulted in me never monitoring the account. If I had monitored the account, I would have noticed the big red mark under Gmail’s unusual activity and would have changed the password right then.

Password reuse

You’ve heard this before lots of times, and probably are guilty of it – password reuse refers to using the common password across most/all of web services that you use. What starts as convenience turns out to be a single point of failure – just access to this one password is enough for spammers / hackers to gain access to all your accounts.  In my case even though password reuse is something I had kicked out quite some time ago ( thanks to LastPass), back then when I had setup my accounts – I had used the same password for Gmail & PSN. With spammers getting access to my password with the PSN break-in and my failure in having used the same password – getting access to my account was easy.

Send mail as and Reply-to set to my domain address

Gmail has this nice “Send mail as” feature – basically it allows you to send email originating from one Gmail account to appear as originating from another Gmail account(that you have access to, of course). I had used this feature, along with Reply-to set to my current email address during my stages of migration from Gmail to Google Apps. Post migration, however I let these settings remain as-is and did not change them.

End result of all of these:

  • My Gmail account was broken in
  • All the contacts in my contact list were spammed with phishing email
  • To make this worse, they appeared to have originated from my domain account, instead of the dormant Gmail account.

So, what happened then?

As I had mentioned above, soon as the email was sent, I received numerous emails, IMs, and twitter replies about phishing mail being sent from my account. I used the steps outlined by Keith in his earlier post about how to handle a situation like this. I changed the password on my prior Gmail account immediately(mind you: my previous password was not a dictionary password – and neither was it easy to guess or brute force). I sent an apology email to the unintended  recipients  of the phishing mail. (Un)fortunately, Gmail had already marked mails coming from that account as suspicious and that my account might have been compromised so I had to reply to some people mentioning that the second email was a genuine one from me.

Learnings from this event

As a Super User, I take pride (and great pains as well) in knowing and trying to ensure that accounts were never compromised. Today’s account has been a huge embarrassment – and a learning experience for me. To summarize:

  • The ghost of your past bad practices will return!
  • Never, ever let any account, especially as critical as email – even if it dormant – go unmonitored. If you aren’t using it, close it or delete it.
  • On event of any service break-in – always change the password!
  • Don’t use the same password for each service

 

 

 

Sony Finally Comes Clean on PSN and Qriocity Intrusion, Admits That Almost All User Information Was Stolen

SonySony has finally come clean on the PlayStation Network and Qriocity intrusion, and everyone’s worst fears have been realized. Last week Sony pulled down its highly popular PlayStation Network and Qriocity services, which have remained offline since. Initially, Sony offered little by the way of clarification, and only stated that they are working on rebuilding PSN and Qriocity, which have been victims of external intrusion. Rumors flew thick and fast. Most people pointed fingers at “Anonymous“, which had earlier caused temporary outages of PSN. Some suggested that Sony’s actions might have been prompted by the release of a custom firmware called Rebug, which enabled PlayStation users to pirate content from PSN using fake credit card credentials. Unfortunate, the real situation is a lot more critical.

Sony has now revealed that “certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion” into their network. Sony became aware of the intrusion between 17th and 19th April, and turned off PSN and Qriocity on 20th April. The intruder managed to gain access to profile data, which includes name, address (city, state, zip), country, email address, birthdate, PlayStation Network/Qriocity password and login, and handle/PSN online ID. Needless to say, all of this is extremely sensitive information. In the wrong hands, this kind of information can be misused in any number of ways. However, the bad news for PSN users doesn’t stop at this. According to the official update:

While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained.

The fact that your credit card information might be up for sale is unnerving. PlayStation Network, which is accessible via the PlayStation 3 (PS3) and PlayStation Portable (PSP), has more than 60 million registered accounts. If you had your credit card information stored with either PSN or Qriocity, then it’s highly recommended that you change your credit card number. Get in touch with your credit card issuer to find out how you can do so. However, this is something that will take time. In the meanwhile, it’s recommended that you place a fraud alert on your card.

At no charge, U.S. residents can have these credit bureaus place a fraud alerton your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. This service can make it more difficult for someone to get credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it also may delay your ability to obtain credit while the agency verifies your identity.

To do this, contact any one of the agencies recommended by Sony (Experia, Equifax and TransUnion). If you also have the nasty habit of using the same password for multiple services, you will have to go through the time-consuming procedure of manually changing passwords for each of those services that had the same password as your PSN account.

In the coming days and weeks, Sony will have a lot of answering to do. What is baffling me is the fact that sensitive information like account password and credit card were obtained by the hacker. It is common practice to secure such data by using encryption along with salting. Unless, the information was stored in plain text, or encrypted using weak techniques like MD5 hashing, the intruder should never be able to extract the original data. If Sony didn’t implement appropriate security measures, then they have no one to blame but themselves, and they will probably have to pay very dearly.

It was also irresponsible to sit on this information for a week before alerting affected users. Sony should have come clean as soon as they knew what had happened. Instead they seem to have been busy trying to save their own ass.

This incident once again highlights the pitfalls of storing your information on the cloud. Every time you trust an online service with your data, you add another source that might be exploited by hackers. It’s time that the congress makes it mandatory for every service that stores sensitive information like credit card numbers to have certain minimum security protections. Sony is currently working on making PSN and Qriocity more secure, and hopes to restore services, at least partially, within this week.

Plausible Reason For The PlayStation Network’s Downtime Revealed

Slight disclaimer: we do not usually beautify content from Reddit and put it up as an exclusive reveal. That is left for other blogs of repute.

PSN

A PSX-Scene.com moderator has put up a post on Reddit with a speculative reason (it may not be the real reason) as to why the PlayStation Network has   been down for a long time now. Most of the information below comes from facts and logical inferences:-

Some days ago a new Custom Firmware (CFW) called Rebug was released for the PlayStation 3. A CFW allows the user to run unsigned content. What this usually means is that Homebrew games and applications can be made to run only on a PS3 running a CFW. Whenever a PS3 is flashed with a CFW, it cannot connect to the PlayStation Network (PSN) since some necessary files for the connection are overwritten (I am not very familiar with the internal dynamics of the system).
As is usual with CFWs, third party developers caught on and released a patch that allowed users to connect to the PSN via the PlayStation Developers Network. So far, so good.

However, the trouble began when some CFW users found out that the PSN did not bother verifying your credit card credentials whenever you enter it for purchasing a game. Apparently, since the CFW is on the developer’s network, it is a trusted network so security is lax.

What followed was a torrent of piracy (I think I may be on to something with that collective noun) that led to Sony shutting down PSN and keeping mum about it for days on end.

This is a seemingly logical explanation since the chronology allows for that conclusion (from the post):-

1. Rebug was released on 3/31/11.
2. First guides of how to use the dev network to get back on COD games on 4/3/11.
3. Word of “shady” sites finding a way to pirate PSN content via the dev networks on 4/7/11 (basing this on posts I had to delete on the website). 4. PSN goes down on 4/20/11

Since Anonymous vehemently denies any hackingattempt on the PSN this could definitely be one of the reasons. It also fits under the external intrusionexplanation allegedly given by Sony, since this is technically external intrusion.

Thoughts, readers?

Sony Announces The ‘Sony Tablets’ – S1 And S2

Remember the Sony S1 Honeycomb tablet, which leaked a couple of months ago? Well, Sony has finally gone ahead and announced the S1, and the S2.

Both the tablets, S1 and S2, are running on Google’s Android 3.0 Honeycomb OS and support 3G/4G.

The S1 sports a 9.4-inch screen with a resolution of 1280*800, and is powered by the Nvidia Tegra 2 chipset. The tablet has a curve at the top, when held in landscape orientation, and an off-center gravity form-factor so as to give it a magazineshape.

clip_image001

The second tablet the S2 sports two displays, each measuring 5.5-inches with a resolution of 1024×480. The two displays can be combined to be used as one large display for web browsing etc. The tablet can also be folded, so as to make it portable. The Sony S2 is like the bigger version of the Kyocera Echo.

Sony has also modified the UI of the tablet to their liking, and integrated Qriocity’ with it. Both the tablets are also PlayStation Certified, which means users will have access to Sony Ericsson’s PS Suite for a variety of PS1 and PS2 games.

According to Sony, the S1 can also control majority of their home entertainment devices including AV devices, thanks to Infrared. The S1 and the S2 are the codenames of the Sony tablet’, and Sony will be assigning these tablets a new name before it’s launched sometime this fall.

PlayStation Network Continues to Remain Offline as Sony Works on Rebuilding It

PSNSony’s PlayStation Network (PSN) is down for the fifth straight day, and there is no word on when it will become operational again. Earlier, we reported that PSN and Qriocity were pulled down by Sony due to “external intrusion”. In a sparsely worded update, Sony’s Patrick Seybold wrote, “We sincerely regret that PlayStation Network and Qriocity services have been suspended, and we are working around the clock to bring them both back online”.

While Sony didn’t divulge any specifics, it did state that it is working on re-building the system to further strengthen its network infrastructure. The simple fact that Sony chose to suspend its services, instead of restoring the services as it is, and working on beefing up security in the background, suggests that the intrusion was quite severe. The big question is exactly what kind of information, if any, did the hackers manage to get hold of. The PSN is an online multiplayer gaming, and content distribution service that is an integral part of the PlayStation 3 and PlayStation Portable (PSP) experience. Many customers have sensitive information like credit card details. Unconfirmed reports suggest that admin dev accounts were breached. Understandably, Sony is remaining tightlilpped about the nature and the extent of the intrusion. Hopefully, once it manages to get PSN and Qriocity back online, it will share more details. For now, the only thing that we can do is wait.

Sony Confirms That PlayStation Network Downtime Is Due to “External Intrusion”

A couple of days back, Sony’s PlayStation Network and Qriocity services went offline without any prior notice. Immediately speculation began to mount that “Anonymous”, an infamous band of hacktivists, had succeeded in hacking the PSN. Anonymous had earlier taken issue with Sony’s strong stance against jailbreaking of the PS3, and the treatment meted to Geohot. It had threatened to fight back against Sony. However, after initially causing intermittent outages of PSN, Anon decided to stop its attempts to knock out the PSN, in order to avoid inconveniencing users.

Now, Sony has finally broken its silence, and has confirmed that the PlayStation Network and Qriocity were taken offline due to “an external intrusion”. Anonymous has, however, distanced itself from the hacking of the PSN through its press release titled “For Once We Didn’t Do It”. The release states that, “While it is possible that other Anons have acted by themselves, AnonOps was not related to this incident and does not take responsibility for whatever has happened”.

Anonymous-PlayStation-Network

Irrespestive of the cause of the outage, this is bad news for gamers all over the world. Sony hasn’t clarified how long the outages are likely to continue; however, there is a good chance that the services will not be restored within the next couple of days. This means that PS3 owners are going to have a long weekend.

Sony Ericsson Xperia Play, Arc And Neo Rooted!

It was just a few days ago, that Sony Ericsson released details on how to unlock the Xperia Arc, Play and Neo handsets boot loader.

Now, in just a matter of days the talented developers over at XDA forums have managed to get root access on all the above said handsets.

Xperia_root

The method to get root access is a pretty simple one Users first need to unlock their boot loader, and then flash some required files using fast boot. However, at the moment this method works only on the UK firmware of the Arc and the Play.

The developers behind gaining the root access Bin4ry and zdzihu are already working on rooting the global firmware.

Xperia Neo and Arc owners should head over to this thread, while Play owners should head over to this thread for the required steps and file.

Hopefully, Sony Ericsson will soon release the Android 2.3 Gingerbread source for the the latest bunch of the Xperia handsets. This will help the developers in cooking custom ROMs for the Xperia Arc, Neo and Play.

Via – Xperia Blog

Sony Kills the PSP Go

According to a report by AV Watch, Sony is apparently ending sales of the PSP Go portable gaming console in Japan. The PSP Go was launched in October 2009, and came with a new slider design, very different from the original PSP. Unlike its predecessors, it didn’t have a UMD drive, which was a flop anyway.

With the launch of the iPod Touch, Apple had taken a large chunk of the portable gaming market, but I don’t think that had much to do with Sony’s decision to kill the PSP Go, as Sony will continue to offer the PSP 3000 and it will also go ahead with the launch of the NGP, or the PSP 2, which should be launched by the end of 2011.

Sony recently launched the Sony Ericsson Xperia Play, which was largely inspired by the PSP Go, but came with phone capabilities and the Android OS. It is much better than the PSP Go, in terms of both, functionality and specifications.

One reason for the lack of popularity of the PSP Go could be its high initial price – $250 – which was higher than the PSP 3000. It was subsequently dropped to $199, but even then it failed to attract many buyers. Sony will continue to provide updates and support for the PSP Go.

Were you a big fan of the PSP Go? Let us know your views in the comments.

PSP Go

via Engadget