After weeks of downtime, governmental scrutiny and untold user fury, Sony has finally begun to restore PlayStation Network and Qriocity streaming media services. It’s not been an easy journey, either: it wasn’t just server failure that took the PSN offline, but a security breach that saw millions of consumer records snatched out from under Sony’s nose. With only the slightest publicly-released information to go on, systems experts have looked on in horror as Sony took a forced deep-dive through server strata, uncovering the flaws – in its data centers and its ego – that allowed the hack to take place. Still, Sony may find that restoring the PlayStation Network and Qriocity services were the easy part – rebuilding its ailing reputation may be far trickier.
Sony started slow with its apologies and its explanations, letting users stew as they waited for the bad news to unfold. While the company insists that it only reached the realization that credit card information had been lost a week or so into the downtime, gamer consensus seems to be that they’d rather have had an earlier – if tentative – warning than feel like the people paying the fees were the last to know. Read the rest of this entry
According to a report by CVG, Android Market downloads of games specifically designed to run on Sony Ericsson’s Xperia PLAY handset have been extremely low. As evidence in its case, the report hones in on five Play titles that all have under 1,000 total Market downloads: Cool Boarders 2, 100–500; Destruction Derby, 500–1,000; Jumping Flash, 50–100; MediEvil, 100–500; and Syphon Filter, 100–500. Despite this, the handset’s creator is undeterred. “There’s no concerns, it’s a revolutionary device, it’s shaking up the market, we’re very pleased with it,” said Dominic Heil- Read the rest of this entry
Sony has confirmed that the PlayStation Network is coming back online, with a mandatory system software update (v3.61) for PS3 consoles before they can rejoin the PSN. The phased update has now spread across North American and Europe, though there may be some delay as servers repopulate. Plus, Sony’s Kazuo Hirai has shared a video message about the restoration, which you can see after the cut.
The first phase includes sign-in to PSN and Qriocity, online gaming across PS3 and PSP, Netflix and Hulu streaming, chat functionality and PlayStation Home, including other elements. Logging in on your PS3 will present users with a mandatory password change, and there will be limits in future as to which device you can change your password again.
“If using a PS3, your password can only be changed on your own PS3 (or a PS3 on which your PSN account was activated), as an added layer of security. If you have never downloaded any content using your account on the system, an email will be sent to the registered sign-in ID (email address) associated with your account when you first attempt to sign-in to PSN. This e-mail will contain a link that will enable you to change your password. In this email, click on the link and follow the instructions to change your password. Once you have changed your password you can sign-in to your account using your new password”
“We recognize that actions speak louder than words” Hirai admits, going on to detail Sony’s changes to the security systems compromised. Users already know they will get free access to identity protection tools.
Sony still refuses to detail the exact exploit used to hack the PlayStation Network and its Qriocitystreaming service, but has admitted that as well as updating the software security of the network, it is physically “moving our network infrastructure and data center to a new, more secure location.” The changes are part of a number of steps Sony has been forced to take after reportedly pulling down the PSN after rampant piracy took hold.
According to reports earlier this week, a custom PS3 firmware allowed hackers to unofficially gain access to the PlayStation Network developer channels. There, they were supposedly able to use false – and unchecked – credit card details to make purchases. Sony’s only recourse, it was suggested, was shutting down PSN access altogether.
In a new Q&A – which overlaps considerably with Sony’s previous FAQ on the subject – Sony’s Patrick Seybold, Senior Director for Corporate Communications & Social Media, confirms that the company is working with both law enforcement and “a recognized technology security firm” on what is being viewed as a criminal act. According to Seybold, credit card data was encrypted and users are only being warned about it “out of an abundance of caution”; personal data, however, was not encrypted but was, he insists, “behind a very sophisticated security system.”
It’s that security system which has been breached, of course, a side-effect of what Sony hacker George Hotz suggests is likely down to “arrogance and misunderstanding of ownership.”
“Traditionally the trust boundary for a web service exists between the server and the client. But Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client(can’t trust those pesky consumers), everything is good. Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server? This arrogance undermines a basic security principle, never trust the client … Notice it’s only PSN that gave away all your personal data, not Xbox Live when the 360 was hacked, not iTunes when the iPhone was jailbroken, and not GMail when Android was rooted. Because other companies aren’t crazy.” George Hotz
Sony maintains that certain services will be back online in under a week, though is yet to confirm which those services will be. The company is also facing a class action suit and what experts predict could amount to $24bn in credit card fraud.
A new explanation for the ongoing Sony PlayStation Network downtime has been suggested, with claims that Sony has taken the service offline so as to close a loophole that had been responsible for “extreme piracy of PSN content.” PSX-Scene‘s “Chesh” took to Reddit to outline how a new PlayStation 3 custom firmware called Rebug was used by hackers to gain access to the PSN’s developer networks. From there, it was possible to input fake credit card information and buy content without ever paying for it.
The security glitch, it’s suggested, is because Sony was not validating credit card information since the users were on its trusted private developer network. Sony allegedly responded by pulling the plug on the network completely; the “additional security” Sony representatives have admitted is being installed is apparently to combat this sort of hacking.
Chesh admits that the explanation is speculation pieced together from information throughout the PlayStation hacking community, however sources with access to the SCE devnet servers have apparently confirmed that Sony is telling developers that, moving forward, only 3.60+ debug firmware will be allowed onto the network. If developers want to retain their access then they not only need to upgrade, it’s claimed, but contact Sony too.
Rebug’s developers are not responsible for the credit card hack, though whether Sony will look kindly on them anyway remains to be seen. However, user credit card information is believed to be secure still.
Sony v. Geohot litigation heats up, SCEA demands YouTube give up Hotz and Fail0verflow’s personal info
Now that Sony has started gathering the evidence it needs via discovery in the lawsuit over Hotz and friends’ PS3 jailbreak, the company has dropped a hammer by moving to reduce the amount of time the hackers have to get Sony the information it wants. Sony filed the motion — which will be heard by the court tomorrow — to better arm itself with information to oppose Geohot’s motion to dismiss, scheduled to be heard in early March. Casting its evidence-gathering net far and wide, SCEA has demanded that YouTube surrender not only information for Hotz’s account where his jailbreak video was posted, but also how many users accessed the video, the usernames of those with access to the video, and all usernames and IP addresses of everyone who posted or published comments to the vid. In addition to hitting up YouTube for dirt, Wired reports that Sony has demanded Twitter hand over the personal info of fail0verflow’s members — we’re waiting for Sony’s lawyers to don TSA gear as the next step in their search. Geohot’s attorney thinks the requests seem a bit much, but we think they make sense given Sony’s strategy of going after the entire fail0verflow team. While these goings-on make for fairly standard legal tactics, they won’t do much for Sony’s public image.
as never that impressed by the original PSP, the games on the system weren’t that great and the portable device itself was just not as fun as the Nintendo DS to me. When Sony unveiled the NGP last month the new portable looks great and I am excited about it. The unveiling of the NGP early in the year for a launch near the holiday season of 2011 left a lot of us wondering why the console was announced so early.
Sony’s Kaz Hirai has sat down for an interview with the Official PlayStation Blog about the NGP to answer a few questions. The reason the console was announced so far ahead of the launch according to Hirai was so that Sony could talk openly about the portable with game developers all around the world. Sony wants a large and robust list of launch titles for the portable and should have it.
We all know that the details would have been leaked in short order as Sony lined up developers so this was a preemptive move it seems. Hirai also noted that having a stable platform that would stay for years to come was important in the developing stage of the new portable. He also said that Sony hopes to match the install base of the PSP and then move beyond that with the NGP. Check out the video to hear what he had to say.
A few days ago, a small group of German hackers called fail0verflow found an exploit that could completely open up the PlayStation 3 console. Dubbed as “epic PS3 security bypass”, they found the method to calculate the security keys, which is just a Sony signature that lets thePS3 know whether the application they’re trying to open is legit, or not.
Today, the infamous iPhone hacker George Hotz (or just Geohot) has released the PS3 Root Key publicly along with a message thanking the fail0verflow team. He also said, he doesn’t condone piracy, and “it’d be fun to be on the other side” with console makers, helping them in making their consoles more secure.
erk: C0 CE FE 84 C2 27 F7 5B D0 7A 7E B8 46 50 9F 93 B2 38 E7 70 DA CB 9F F4 A3 88 F8 12 48 2B E2 1B
riv: 47 EE 74 54 E4 77 4C C9 B8 96 0C 7B 59 F4 C1 4D
pub: C2 D4 AA F3 19 35 50 19 AF 99 D4 4E 2B 58 CA 29 25 2C 89 12 3D 11 D6 21 8F 40 B1 38 CA B2 9B 71 01 F3 AE B7 2A 97 50 19
R: 80 6E 07 8F A1 52 97 90 CE 1A AE 02 BA DD 6F AA A6 AF 74 17
n: E1 3A 7E BC 3A CC EB 1C B5 6C C8 60 FC AB DB 6A 04 8C 55 E1
K: BA 90 55 91 68 61 B9 77 ED CB ED 92 00 50 92 F6 6C 7A 3D 8D
Da: C5 B2 BF A1 A4 13 DD 16 F2 6D 31 C0 F2 ED 47 20 DC FB 06 70
props to fail0verflow for the asymmetric half
no donate link, just use this info wisely
i do not condone piracy
if you want your next console to be secure, get in touch with me. any of you 3.
it’d be fun to be on the other side.
…and this is a real self, hello world
although it’s not NPDRM, so please wait to run…
shouts to the guys who did PSL1GHT
without you, I couldn’t release this
Now this root key is in the open, anyone can create their own applications, custom firmwares or even pirated ISOs and the PS3 will work with them without any problems. fail0verflow team has said that this exploit will make Linux run again on PS3 systems. This feature waspreviously removed by Sony, after Geohot claimed he had hacked the PS3. [via PSX-Scene]