Wow more Playstation problems The password reset form…

Wow, more Playstation problems. The password reset form on the various Playstation websites is vulnerable to exploit and allows malicious people to change the passwords of other users.

When will it end? A password reset form is a basic web form. How the hell did they get that wrong? The mind boggles.

Fortunately only their websites have been affected and are disabled. If you already logged into PSN and changed your password then you won’t be affected by this problem.

Next week hackers will make your PS3 play pirated Xbox 360 games. So there!

PSN: Leaving so soon?

The exodus has started. David started playing on Xbox 360 last night and even the Russian Badger has left the fair shores of PSN for the rough and tumble of XBL. Some retailers have reported that the number of PS3 machines traded in has increased dramatically. Many machines swapped for sparkling new Xbox 360s!

So, the end is nigh for PSN or is this just a (not so) minor blip in the life of an online console? (Please PSN, come back soon, if only so I can login to Steam and err, use my PC to play Portal 2…)

IRC chatlog of PSN hackers

PSN is still down (as it was this morning when I wrote the exact same words in this post) because hackers broke in and Sony discovered the breach a few weeks ago.

How long ago? This boards.ie thread links to this pastebin log which is apparently an IRC conversation between a few guys discussing the security problems Sony had.

The hostname updptl.de.np.community.playstation.net is mentioned and a week or two ago I fired off a “lynx -head -dump” request to find out what it’s running and it was definitely running an old version of Apache at that time. I tried this morning and the request was forbidden so thankfully Sony are tightening up things.

The forum thread also links here, a post written back in February. Unfortunately that site is down but I found the meat of that post here.

A well known hacker i don’t want to reveal here had all the Sony PlayStation Network functions 100% decrypted as well as providing some nice info about how Sony dealing with PSN members privacy in their online servers.

Apparently, Sony server gathered everything they can from the PSN connected PS3 console. When i said everything, i meant it. Here, i make all the list of what they squeezed from the IRC chat logs conversation between the hackers.

Sony monitors all messages over PSN.
All connected devices return values sent to Sony server returns TV, Firmware version, Firmware type, Console model
They also collects data in your USB attached device.
Credit card sent as plain text, example:
Code:
creditCard.paymentMethodId=VISA&creditCard.holderName=Max&creditCard.cardNumber=4558254723658741&creditCard.expireYear=2012&creditCard.expireMonth=2&creditCard.securityCode=214&creditCard.address.address1=example street%2024%20&creditCard.address.city=city1%20&creditCard.address.province=abc%20&creditCard.address.postalCode=12345
The best part of all, the list is stored online and updated when u login PSN and random.
But, that’s not all, with the PSN functions fully decrypted, this hacker can use the function to get all games, DLC, you name it, from PSN store without paying anything.

Wow, i am just speechless! We can really sue Sony for monitoring ALL data including our credit card info providing that we are connected to PSN, of course. Man, that is really big fail, as well as the PSN fail oh and the PS3 fail. Everything just FAIL, Sony!

You can read the IRC chat logs at the link below. We censored the names just to be safe.

This IRC log seems to be the source for this ARS article from back then in February. Despite what the report above says, the data was sent over SSL however. The main problem then was for people using custom firmware because the credit card details were stored on the machine too.

As a final note to finish, the replies on this thread on playstation.com are I think unfortunate.

Heh, I am happy that the article has eased any fears that you may of had surrounding your card details.

I would still ‘watch this space’ in case all of this goes horribly wrong and it turns out that we are in danger, but judging from the information and the articles, I think we our security is very much safe. Some sites generally like to jump on the band-wagon too early and cause a racket even if their information has not even been sourced.

Here’s hoping PSN comes back soon.

Not got Portal 2 yet

I guess last week was a good time to go on holiday. Portal 2 was released early in the week but it didn’t come out in Europe until Friday (and retailers broke that embargo by a day or two). My copy from Amazon.co.uk should hopefully arrive today. Woohoo!

I ordered the PS3 version like a few of my gaming friends who also have gaming PCs. Unfortunately PSN has been down for the last 5 days and there’s no indication it’s coming back any time soon. This post on Joystiq (and this reddit post has more details) suggests it’s because a custom firmware allowed users to add money to their PSN wallet using fake credit cards. Odd that since they boasted that the latest firmware update was supposed to stop all firmware hacking …

Well, it also turns out that some people over at NGU found out that you could provide fake CC# info and the authenticity of the information was never checked as you were on Sony’s private developer PSN network (essentially a network that Sony trusted). What happened next was extreme piracy of PSN content. Sony realizing the issue here shut down the network.

Anyway, I’m looking forward to playing Portal 2. I know several of you have already finished the game so no spoilers please! I’ve avoided every single review of the game so far except for the glowing tweets from friends. Hopefully when PSN comes back up I can connect my Steam account to my PSN account.

While away from my consoles I’ve been digging into Half Life 2 and I think I’m near the end of the game. What a ride! Such a good game. If you haven’t got it yet, grab the Orange Box on console or login to your Steam account on PC and go buy this beautiful game!
I have to admit I’m playing it on easy setting. I just want to enjoy the experience in the small chunks of time I have available to play games.

In other news the Minecraft server has been updated with the latest version of Bukkit so the Bukkit plugins are back and working!

Update: Late this evening Sony announced that personal information, possibly including credit card details, may have been stolen. If that’s true, Sony will be in a world of hurt with the authorities for their lax security.

PS3 support appears in Steam

This is cool. Support for PSN has appeared in the latest Steam update. If you logout, next time you login you’ll see a dialog like the one above with an option for “Playstation Network Players”. If you click the “FIRST TIME SIGNING IN” button you’re brought to a page asking you if you have played the PS3 version of Portal 2, and if you have you can login using your PSN credentials.

If you have already played Portal 2 on PlayStation®3, you can sign in using your PlayStation®Network login.

Once you have signed in, you’ll find your profile on the Steam community includes information about what you have been doing in Portal 2. You’ll also be able to play your copy of Portal 2 on your computer by redeeming the code provided in your PS3® Portal 2 box.

Nice…

Modern Combat: Domination (demo) review

This is a video review of Modern Combat: Domination that appeared on PSN yesterday. It’s a review of only the demo where search & destroy is the only game mode.

While I appreciated that they used an objective game mode for their demo it was a shame they didn’t include any of the other modes in the 45 minutes allowed to play the demo.

The game may simply be too slow for some people. The default sensitivity is like wading through chest high water. You turn ever so slowly but that can I’m sure be fixed by upping the sensitivity.

In the demo I didn’t play against humans at all, it was all bots and they were of a difficulty level to match recruit level (or maybe normal) in Black Ops Combat Training. Even though it was all bots I sometimes got “room full” errors when trying to join games!

In the review I wasn’t too sure if I’d get the game but after sleeping on it I probably will. It’s only $8 but I’ll wait a few days for the metacritic score to fill out first.

Edit: While writing this post this morning I almost forgot one huge glaring bug that I mention in the video. I couldn’t hear any sound. My headset is hooked up via the digital output while my HDPVR is hooked up via component cables and as you can hear from the video was able to record audio.
I thought it might be my setup, but I tried another game and that was fine. I found one person complaining of the same thing on a forum (that was down when I tried it, I checked the cached copy) so try the demo before you buy. That’s one bug that will stop me buying this game.

PS. Two positive reviews of the full game:

Looks like I’m the only one with sound problems!

Charge the PS3 controller from your PC

You might not have realised it but you can charge your PS3 controller by plugging the USB charging lead into a bog standard USB port on a PC or Mac.

No need to have the PS3 powered up and draining your household electricity. Much better to use that PC you’re checking your email on and browsing the net. 🙂

Yes, I’ll freely admit I hadn’t thought of this, mainly because the controllers last quite a while and it’s usually when I’m playing a game that I notice there’s one bar of power left.

It’s kinda crazy having different usern…

It’s kinda crazy having different usernames on XBL and PSN so I’m going to send a load of friend requests to my current friends list on PSN from a new “xeer2000” account I registered a while back.

Now, if only I could think up pronounceable usernames so random strangers don’t stumble over my name …

Oh, since I’ve built up a mid-level character on BfBC2 I’m going to use donnchaoc for playing that but xeer2000 for any other games. Friend Requests will be flying out the door over the next day or so!

I logged into PSN and my friends list wa…

I logged into PSN and my friends list was gone! ARGH!

In desperation I tried my message box and tried to send a friends request to bigpresh, the last email in there but it said we were already friends. Phew. All the friends have appeared again but they’re all logged off which seems odd for 9pm on a Sunday evening.

Something up with PSN?