I think Kaz is beheading people right now. Now that video makes him look like an idiot.
PlayStation Network (PS3)
Platform »
The PlayStation Network is the online service by Sony Computer Entertainment, providing downloads of games, trailers, themes and much more. The service is free, but also offers a paid version for various benefits.
Well, Crap... Sony's Password Reset System Has Been Compromised [UPDATED]
There is one thing I'm not clear about, as I have not used this Sony Reset Password functionality; what happens when you do reset the password?
I was about to say I didn't know what the big deal was because I logged in just fine, but then I read that it was the web version.
For anyone interested in how the exploit was done, here it is:
1) Navigate to : https://store.playstation.com/accounts/reset/resetPassword.action?token (this is normally, via email, https://store.playstation.com/accounts/reset/resetPassword.action?token=YYYYYYYYYYYYYYYYYYYYYYYY with the y's being a unique token) - do not enter the code at this point.
2) Open a new tab in firefox, and go to fr.playstation.com (other pages will work too most likely), and click Login (Connexion)
3) Click Recover password
4) Enter the email and date of birth of the target account
5) Click continue, then on the confirmation page, click "Reset using E-mail"
6) Switch back to the original tab, and enter the code, then click continue
7) You will now be asked to enter a new password for the target account
god with all this bad shit going down. I really do hope Sony got some super good stuff to reveal during E3.
ngp for $100 WOOWEOWOWOWOO!
Though really, who the hell was doing this online? Just use your console the next time you turn it on, it takes two seconds.Except the last update made it so if PSN determined that your ps3 wasn't the one you originally used with that PSN ID, you MUST do it online. (unless this issue somehow doesn't affect the e-mails going out?)
I had no trouble, but a friend of mine has only ever used one ps3, and it forced him to change it via the web, not his console.
I'm not going to defend the less than stellar quality of the Xbox 360 launch hardware. That said, how do you figure an extra warranty on hardware with what you state was a 46% failure rate would be cheaper than a selection of downloadable games that many affected users already own?@captain_clayman: Gooder?? You have the nerve to crap on them and not even use proper english!! Please, the 360 had a 46% failure rate and no one has even cried this much about that. All they did was give you an extra warranty which doesn't cost them a cent. Sony is giving away free games and movies!! That costs much more then an extra warranty. Just saying.
No physical parts to replace or transport, no repair labour required for the Sony offering. You may be going a little far in your harsh assessment of the RROD problem.
@warmonked said:@Zero_Dude said:"... to simply reset your account password provided they know your PSN account email and your date of birth.@Donos said:so what? Password reset by submitting email is on every web site login ever.Isn't this how password reset works for just about anything? You enter your login username, and an email is sent to whatever email account is associated with that username. It just so happens that for PSN, your username is your email account.They could just make it so the password isn't reset until you hit a password reset link in that email, though that would be more open to phishing scams.I don't see much reason to be mad at Sony for doing the exact same thing as every other account-based online service.Edit: Hell, the Giant Bomb password reset works the same way. Breaking news, Giant Bomb's password reset system has been compromised!!!@teekomeeko said:It took likely years to build the network to begin with, and they had no choice but to build it again in like a month. Whoever didn't see a weird exploit coming is out of their minds.Man I love it when other people do my work for me.The simplicity of the password reset was necessary because the interwebs confuses too many people, but coincidentally that type of thing is what MOST password resets I've ever had to do use (I think Amazon has it fairly simple, too, and my credit card info is all over that bitch), so pretty much most of the internet is vulnerable to this type of account theft.
@Microshock said:True, true.Hackers are real pieces of shit, aren't they. No-life basement dwelling losers that have nothing to do but to fuck peoples shit up.They didn't even gain anything out of this! They're just deliberately being dicks to millions of people for no reason. The only reason I could think of is that they're upset with the GeoHotz thing, so they did this hoping that people wouldn't read into it and would just get mad at Sony. And you know what? It's fucking working! Yes, Sony deserved what was coming to them, they needed to fix their security issues, but the innocent PS3 owners should not have been involved in any way.I'm really rooting for Sony this E3. This was supposed to be their year and it still can be.
I love how they're not using a simple password reset system via e-mail (where you request a reset and then click a generated link that's sent to you), but simply allowing you to verify yourself via personal information.
Because, you know, it's not as if anyone just stole everyone's fucking personal information a month ago.
how do you know they don't have successful lives where they dwell in real houses, with lots to do in their lives?Hackers are real pieces of shit, aren't they. No-life basement dwelling losers that have nothing to do but to fuck peoples shit up.
@Microshock said:Do they really deserve respect, though?how do you know they don't have successful lives where they dwell in real houses, with lots to do in their lives?Hackers are real pieces of shit, aren't they. No-life basement dwelling losers that have nothing to do but to fuck peoples shit up.
just because they hack and damage other people's online property, you stereotype them ?way to go, gamer.
@Ahmad_Metallic said:No, they don't. Fuck them.@Microshock said:Do they really deserve respect, though?how do you know they don't have successful lives where they dwell in real houses, with lots to do in their lives?Hackers are real pieces of shit, aren't they. No-life basement dwelling losers that have nothing to do but to fuck peoples shit up.
just because they hack and damage other people's online property, you stereotype them ?way to go, gamer.
@captain_clayman: Gooder?? You have the nerve to crap on them and not even use proper english!! Please, the 360 had a 46% failure rate and no one has even cried this much about that. All they did was give you an extra warranty which doesn't cost them a cent. Sony is giving away free games and movies!! That costs much more then an extra warranty. Just saying.Not to be a dick here, but you really shouldn't make fun of someone's English if you can't tell the difference between "then" and "than". And how exactly does extending warranties on faulty hardware doesn't cost money?
"And how exactly does extending warranties on faulty hardware doesn'tcost money?"@NL_Buddha said:
@captain_clayman: Gooder?? You have the nerve to crap on them and not even use proper english!! Please, the 360 had a 46% failure rate and no one has even cried this much about that. All they did was give you an extra warranty which doesn't cost them a cent. Sony is giving away free games and movies!! That costs much more then an extra warranty. Just saying.Not to be a dick here, but you really shouldn't make fun of someone's English if you can't tell the difference between "then" and "than". And how exactly does extending warranties on faulty hardware doesn't cost money?
Grammar mistakes everywhere!
@Ahmad_Metallic said:yea man, way to go! .... wtf?! are you serious, they derserve to be stereotyped because what they do is wrong so fuck em@Microshock said:Do they really deserve respect, though?how do you know they don't have successful lives where they dwell in real houses, with lots to do in their lives?Hackers are real pieces of shit, aren't they. No-life basement dwelling losers that have nothing to do but to fuck peoples shit up.
just because they hack and damage other people's online property, you stereotype them ?way to go, gamer.
@Aarny: Remember that the first game was Tennis for Two hacked together on a oscilloscope, so we probably wouldn't even have video games if there were never any hackers.But that's hacking something together that doesn't have any bad effects for other people. What the PSN hackers are doing annoy thousands of people.
Wow, maybe it's time I sell the ps3 and get a blu ray player with a xbox 360 instead. If they can't figure this out, then I can't trust them.
Well, that's not unheard of...
Eeeh...I fail to see where the hacking is involved here? Just sounds like they can reset your password? Or is there some way to intercept the newly generated password?
Please Log In to post.
This edit will also create new pages on Giant Bomb for:
Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.Comment and Save
Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.
Log in to comment