Jump to content
Monochrome Heaven is closed. We have moved to JROCK ONE.
Sign in to follow this  
Followers 0
LIDL

Credit Card Theft through PSN. BEWARE!

By LIDL, in Entertainment

Recommended Posts

LIDL    692

LIDL
Posted

Dunno where this news belong, but since this is games related,

i guess this place is the most suitable one.

update version:

A document written by the hackers has clarified what they did and what privacy and security risks they believe the PlayStation 3 poses. The PS3's connection to PSN is protected by SSL. As is common to SSL implementations, the identity of the remote server is verified using a list of certificates stored on each PS3. The credit card and other information is sent over this SSL connection. So far so good; this is all safe, and your web browser depends on the same mechanisms for online purchases.

The concern raised by the hackers is that custom firmwares could subvert this system. A custom firmware can include custom certificates in its trusted list. It can also use custom DNS servers. This raises the prospect of a malicious entity operating his own proxies to snaffle sensitive data. He would distribute a custom firmware that had a certificate corresponding to his proxy, and that used a DNS server that directed PSN connections to the proxy. His proxy would decrypt the data sent to it, and then re-encrypt it and forward it to the real PSN servers.

Such a scheme would be transparent to PSN users (except for any potential performance reduction caused by the proxying), and would give the attacker access to all the information that the PS3 sends to Sony. This information is shown to be extensive, but apart from the credit card data, probably not too sensitive or unreasonable.

As flaws go, the risks here are not substantial. There is no generalized ability for hackers to grab credit cards from PSN users; only those using specially devised custom firmwares would be at risk. Essentially the same risk could be faced by anyone downloading a pirated version of Windows: extra certificates could be added to those normally trusted, along with suitable DNS entries, to allow interception of any traffic destined for, say, amazon.com. In practice, the risk of either of these is slight, and in any case, trivially avoided: don't use custom firmware.

source: read original story and more here

Share this post

Link to post
Share on other sites

SUBLIMINAL    52

SUBLIMINAL
Posted

I really, really hate people who hack and try to justify it, or use custom firmware because to basically cheat at a game - or, in extreme cases, this. It's appalling, but even more so that Sony is useless at protecting itself against hackers and always has been.

Share this post

Link to post
Share on other sites
Sign in to follow this  
Followers 0
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...