The PlayStation Network is the online service by Sony Computer Entertainment, providing downloads of games, trailers, themes and much more. The service is free, but also offers a paid version for various benefits.
There is one thing I'm not clear about, as I have not used this Sony Reset Password functionality; what happens when you do reset the password?
What is it reset to? It doesn't seem to be sent to the user via email? Most sites sends you a randomized password that you can login with, but here it seems to be the hacker that selects the password and thus can access the account freely after logging in again?!?
If so; I don't understand everyone who defends this is a no-issue. Because if the above it true, and I don't know if it is, then ALL accounts are unsafe; even those with 'secure' (i.e. impossible to brute-force) passwords.
It's like everything is crumbling around Sony, an weare the ones getting the shit. Well, I have a few other emails. I'll just switch to those. Pain in the ass, it is.
For anyone interested in how the exploit was done, here it is:
The prodecure is as follows: 1) Navigate to : https://store.playstation.com/accounts/reset/resetPassword.action?token (this is normally, via email, https://store.playstation.com/accounts/reset/resetPassword.action?token=YYYYYYYYYYYYYYYYYYYYYYYY with the y's being a unique token) - do not enter the code at this point. 2) Open a new tab in firefox, and go to fr.playstation.com (other pages will work too most likely), and click Login (Connexion) 3) Click Recover password 4) Enter the email and date of birth of the target account 5) Click continue, then on the confirmation page, click "Reset using E-mail" 6) Switch back to the original tab, and enter the code, then click continue 7) You will now be asked to enter a new password for the target account
@captain_clayman: Gooder?? You have the nerve to crap on them and not even use proper english!! Please, the 360 had a 46% failure rate and no one has even cried this much about that. All they did was give you an extra warranty which doesn't cost them a cent. Sony is giving away free games and movies!! That costs much more then an extra warranty. Just saying.
Though really, who the hell was doing this online? Just use your console the next time you turn it on, it takes two seconds.
Except the last update made it so if PSN determined that your ps3 wasn't the one you originally used with that PSN ID, you MUST do it online. (unless this issue somehow doesn't affect the e-mails going out?)
I had no trouble, but a friend of mine has only ever used one ps3, and it forced him to change it via the web, not his console.
@captain_clayman: Gooder?? You have the nerve to crap on them and not even use proper english!! Please, the 360 had a 46% failure rate and no one has even cried this much about that. All they did was give you an extra warranty which doesn't cost them a cent. Sony is giving away free games and movies!! That costs much more then an extra warranty. Just saying.
I'm not going to defend the less than stellar quality of the Xbox 360 launch hardware. That said, how do you figure an extra warranty on hardware with what you state was a 46% failure rate would be cheaper than a selection of downloadable games that many affected users already own?
No physical parts to replace or transport, no repair labour required for the Sony offering. You may be going a little far in your harsh assessment of the RROD problem.
"... to simply reset your account password provided they know your PSN account email and your date of birth.
so what? Password reset by submitting email is on every web site login ever.
@Donos said:
Isn't this how password reset works for just about anything? You enter your login username, and an email is sent to whatever email account is associated with that username. It just so happens that for PSN, your username is your email account.They could just make it so the password isn't reset until you hit a password reset link in that email, though that would be more open to phishing scams.I don't see much reason to be mad at Sony for doing the exact same thing as every other account-based online service.Edit: Hell, the Giant Bomb password reset works the same way. Breaking news, Giant Bomb's password reset system has been compromised!!!
@teekomeeko said:
It took likely years to build the network to begin with, and they had no choice but to build it again in like a month. Whoever didn't see a weird exploit coming is out of their minds.
The simplicity of the password reset was necessary because the interwebs confuses too many people, but coincidentally that type of thing is what MOST password resets I've ever had to do use (I think Amazon has it fairly simple, too, and my credit card info is all over that bitch), so pretty much most of the internet is vulnerable to this type of account theft.
Man I love it when other people do my work for me.
@Zero_Dude said:
@Microshock said:
Hackers are real pieces of shit, aren't they. No-life basement dwelling losers that have nothing to do but to fuck peoples shit up.
They didn't even gain anything out of this! They're just deliberately being dicks to millions of people for no reason. The only reason I could think of is that they're upset with the GeoHotz thing, so they did this hoping that people wouldn't read into it and would just get mad at Sony. And you know what? It's fucking working! Yes, Sony deserved what was coming to them, they needed to fix their security issues, but the innocent PS3 owners should not have been involved in any way.I'm really rooting for Sony this E3. This was supposed to be their year and it still can be.
I love how they're not using a simple password reset system via e-mail (where you request a reset and then click a generated link that's sent to you), but simply allowing you to verify yourself via personal information.
Because, you know, it's not as if anyone just stole everyone's fucking personal information a month ago.
@Aarny: Remember that the first game was Tennis for Two hacked together on a oscilloscope, so we probably wouldn't even have video games if there were never any hackers.
@captain_clayman: Gooder?? You have the nerve to crap on them and not even use proper english!! Please, the 360 had a 46% failure rate and no one has even cried this much about that. All they did was give you an extra warranty which doesn't cost them a cent. Sony is giving away free games and movies!! That costs much more then an extra warranty. Just saying.
Not to be a dick here, but you really shouldn't make fun of someone's English if you can't tell the difference between "then" and "than". And how exactly does extending warranties on faulty hardware doesn't cost money?
@captain_clayman: Gooder?? You have the nerve to crap on them and not even use proper english!! Please, the 360 had a 46% failure rate and no one has even cried this much about that. All they did was give you an extra warranty which doesn't cost them a cent. Sony is giving away free games and movies!! That costs much more then an extra warranty. Just saying.
Not to be a dick here, but you really shouldn't make fun of someone's English if you can't tell the difference between "then" and "than". And how exactly does extending warranties on faulty hardware doesn't cost money?
"And how exactly does extending warranties on faulty hardware doesn'tcost money?" Grammar mistakes everywhere!
@Aarny: Remember that the first game was Tennis for Two hacked together on a oscilloscope, so we probably wouldn't even have video games if there were never any hackers.
But that's hacking something together that doesn't have any bad effects for other people. What the PSN hackers are doing annoy thousands of people.
A lot of systems have similar exploits. Facebook, with some quicksteps can reveal the email a person has his/her facebook account connected to, revealing part of the combination email / password needed to have access to the account. ^^
Eeeh...I fail to see where the hacking is involved here? Just sounds like they can reset your password? Or is there some way to intercept the newly generated password?
Either way this just sounds like a dumb design, not a security breach as such. You know, a dumb design made under intense pressure to get something out, anything, for the love of god get something out there....
This edit will also create new pages on Giant Bomb for:
Beware, you are proposing to add brand new pages to the wiki along
with your edits. Make sure this is what you intended. This will likely
increase the time it takes for your changes to go live.
Comment and Save
Until you earn 1000 points all your submissions need to be vetted by other
Giant Bomb users. This process takes no more than a few hours and we'll
send you an email once approved.
Log in to comment