Category Archives: Playstation
It’s not just North America getting some PlayStation Network and Qriocity service this weekend. Sony has taken to Twitter to confirm that phase one of the restoration is now rolling out in the UK, Ireland and the Middle East, as the company brings the reinforced servers back online.
After weeks of downtime, governmental scrutiny and untold user fury, Sony has finally begun to restore PlayStation Network and Qriocity streaming media services. It’s not been an easy journey, either: it wasn’t just server failure that took the PSN offline, but a security breach that saw millions of consumer records snatched out from under Sony’s nose. With only the slightest publicly-released information to go on, systems experts have looked on in horror as Sony took a forced deep-dive through server strata, uncovering the flaws – in its data centers and its ego – that allowed the hack to take place. Still, Sony may find that restoring the PlayStation Network and Qriocity services were the easy part – rebuilding its ailing reputation may be far trickier.
Sony started slow with its apologies and its explanations, letting users stew as they waited for the bad news to unfold. While the company insists that it only reached the realization that credit card information had been lost a week or so into the downtime, gamer consensus seems to be that they’d rather have had an earlier – if tentative – warning than feel like the people paying the fees were the last to know. Read the rest of this entry
Sony has confirmed that the PlayStation Network is coming back online, with a mandatory system software update (v3.61) for PS3 consoles before they can rejoin the PSN. The phased update has now spread across North American and Europe, though there may be some delay as servers repopulate. Plus, Sony’s Kazuo Hirai has shared a video message about the restoration, which you can see after the cut.
The first phase includes sign-in to PSN and Qriocity, online gaming across PS3 and PSP, Netflix and Hulu streaming, chat functionality and PlayStation Home, including other elements. Logging in on your PS3 will present users with a mandatory password change, and there will be limits in future as to which device you can change your password again.
“If using a PS3, your password can only be changed on your own PS3 (or a PS3 on which your PSN account was activated), as an added layer of security. If you have never downloaded any content using your account on the system, an email will be sent to the registered sign-in ID (email address) associated with your account when you first attempt to sign-in to PSN. This e-mail will contain a link that will enable you to change your password. In this email, click on the link and follow the instructions to change your password. Once you have changed your password you can sign-in to your account using your new password”
“We recognize that actions speak louder than words” Hirai admits, going on to detail Sony’s changes to the security systems compromised. Users already know they will get free access to identity protection tools.
Sony’s PlayStation Network breach saga continues, having left customers without PSN service for over a week and now with possibly compromised credit card information. Sony claims the credit card information is encrypted, but that doesn’t stop claims that the hackers have gotten to it and already offering it up for sale. There are surely many many questions PSN users have for Sony, and in response they have posted a Q&A list yesterday and one more today.
The questions answered yesterday focused on the security concerns regarding customers’ personal information and credit card data. Sony assured that they are working with law enforcement on the matter and insisted that all personal and credit card data was encrypted. However, they did note that although they have no current evidence to suggest that the encrypted credit card information was taken, they also cannot rule out the possibility.
The second batch of questions and answers posted today address some of the less threatening issues such as whether certain game data and history will be lost. On that front, Sony assures that no game trophies will be lost and that they will be re-synced when the network comes back on. Histories and friends lists also will remain intact. Sony is also evaluating a “goodwill gesture” for its PSN users to show its appreciation for their extraordinary patience.
[via PlayStation Blog]
Sony still refuses to detail the exact exploit used to hack the PlayStation Network and its Qriocitystreaming service, but has admitted that as well as updating the software security of the network, it is physically “moving our network infrastructure and data center to a new, more secure location.” The changes are part of a number of steps Sony has been forced to take after reportedly pulling down the PSN after rampant piracy took hold.
According to reports earlier this week, a custom PS3 firmware allowed hackers to unofficially gain access to the PlayStation Network developer channels. There, they were supposedly able to use false – and unchecked – credit card details to make purchases. Sony’s only recourse, it was suggested, was shutting down PSN access altogether.
In a new Q&A – which overlaps considerably with Sony’s previous FAQ on the subject – Sony’s Patrick Seybold, Senior Director for Corporate Communications & Social Media, confirms that the company is working with both law enforcement and “a recognized technology security firm” on what is being viewed as a criminal act. According to Seybold, credit card data was encrypted and users are only being warned about it “out of an abundance of caution”; personal data, however, was not encrypted but was, he insists, “behind a very sophisticated security system.”
It’s that security system which has been breached, of course, a side-effect of what Sony hacker George Hotz suggests is likely down to “arrogance and misunderstanding of ownership.”
“Traditionally the trust boundary for a web service exists between the server and the client. But Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client(can’t trust those pesky consumers), everything is good. Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server? This arrogance undermines a basic security principle, never trust the client … Notice it’s only PSN that gave away all your personal data, not Xbox Live when the 360 was hacked, not iTunes when the iPhone was jailbroken, and not GMail when Android was rooted. Because other companies aren’t crazy.” George Hotz
Sony maintains that certain services will be back online in under a week, though is yet to confirm which those services will be. The company is also facing a class action suit and what experts predict could amount to $24bn in credit card fraud.
The Sony Playstation Network or PSN has been offline for a while now. At first users were irritated that they weren’t able to play online games and watch movies via Netflix. As the outage drug on things started to look worse with Sony hinting early on that the breach was believed to have been caused by a third party. Things deteriorated when Sony finally admitted there had been a breach, and it was possible that all the user’s account data was stolen including the credit card information.
Sony says at this point it has no indication that user credit card data was stolen. However, Application Security CTO Josh Shaul said, “They [Sony] indicated that they’re worried about it, which is probably a very strong indication that everything was stolen.” Sony has said that purchase history and credit card details “may” have been stolen but the three-digit security code wasn’t. The lack of that three digit code will do very little to protect anyone whose credit card details were stolen.
Forbes reports that if the hacker or hackers responsible for the heist were successful in getting the credit card data this would be one of the biggest known thefts of financial data. Sony is already facing class action suits over the breach, and that is only a fraction of the monetary liability Sony could have in the incident. The Ponemon Institute says that the estimated cost per record of a data breach in 2010 resulting from malicious action was $318 per compromised record. With 77 million user accounts, exposed Sony is looking at $24 billion in possible expenses.
A new explanation for the ongoing Sony PlayStation Network downtime has been suggested, with claims that Sony has taken the service offline so as to close a loophole that had been responsible for “extreme piracy of PSN content.” PSX-Scene‘s “Chesh” took to Reddit to outline how a new PlayStation 3 custom firmware called Rebug was used by hackers to gain access to the PSN’s developer networks. From there, it was possible to input fake credit card information and buy content without ever paying for it.
The security glitch, it’s suggested, is because Sony was not validating credit card information since the users were on its trusted private developer network. Sony allegedly responded by pulling the plug on the network completely; the “additional security” Sony representatives have admitted is being installed is apparently to combat this sort of hacking.
Chesh admits that the explanation is speculation pieced together from information throughout the PlayStation hacking community, however sources with access to the SCE devnet servers have apparently confirmed that Sony is telling developers that, moving forward, only 3.60+ debug firmware will be allowed onto the network. If developers want to retain their access then they not only need to upgrade, it’s claimed, but contact Sony too.
Rebug’s developers are not responsible for the credit card hack, though whether Sony will look kindly on them anyway remains to be seen. However, user credit card information is believed to be secure still.
Sony’s PSP successor, the NGP, is readying to launch later this year and sure to have a great line up of games. The manufacturer is promising that from day one digital release games will be available for download at the same time the physical games become available.
In an interview with MCV, Sony Computer Entertainment Europe President Andrew House discussed their new game distribution strategy.
“One thing we learnt from PSP, is that we want to have simultaneous delivery in digital and physical for NGP. Just to clarify that, all games that appear physically will be made available digitally. Not necessarily all games have to be made available physically. And having the option of a digital-only method affords more creative risk-taking, and that’s because you don’t-have that in-built risk of physical inventory.”
The emphasis on having a strong digital game distribution means that there will be a hierarchy of games. Big high-end premium games are likely still to be purchased mostly in physical form, but lighter more experimental games are more likely to be downloaded digitally. This saves physical inventory on these types of games and allows for more experimentation in new game development.
[via PlayStation Lifestyle]
Spanish hacker called Naima has successfully released PS3 custom firmware called Naima CFW 3.55 / 60 hybrid. The new custom firmware is a CFW 3.55 with some files taken from the newly 3.60 firmware. More over, it spoofs PS3 console on 3.60 firmware which allows full PSN access for games and applications with preserving jailbreak capabilities of custom firmware 3.55.
Note: It’s highly recommended to avoid accessing PSN on your jailbroken PS3 in order to avoid possible bans from Sony.
Download 3.55-60CFW-naima.patch then apply it to official firmware 3.55
Disclaimer Note: This article is only for informational and testing purposes only. We did not create the hack, nor do we endorse or promote the use of it. We are not responsible for any bans that may occur, or the inability to sign-in to PSN. Use it at your own risk only.
Sony is still fighting against PS3 hackers and it looks like it won’t stop that. They’ve already sued Geohot & fail0verflow team for jailbreaking PlayStation 3. Now they have the German police on their side. PS3 hacker graf_chokolo’s house was raided by the German police.
As PS3 hacker George Hotz says on his new blog:
As many of you already know, 2 days ago his house was raided by the German police. Talk about a guy who clearly had no involvement at all with piracy, cheating, or the things Sony claims to care about. Do you want to know what he has that enrages the suits at Sony so much? Talent.
So, he had no involvement at all.. PS3 hackers are still fighting Sony and oh! Geohot has Microsoft on his side. Let’s see what’ll happen!