Topic: PSN = Privacy? Security? Never!

[BranDonk Kong]

Sony had to add that to the PSN user agreement because hackers have recently found out that Sony monitors and records *every single thing* that you do on your PS3. They also will scan any USB device and record it's contents. They log your television make and model - and they even pull your credit card information (including the security code), which is transferred back and forth *in plain text*. People (as in just about anyone) can even run some software on their computer to spoof their console ID and account information, to make it looks like their using someone else's console, so whatever they choose to do, the other person gets the blame. The network is pathetic. I was so excited to get a second PS3 for a really good deal (so I could use it as a Netflix streaming machine and Blu Ray player in the bedroom), but I don't ever want to go online with my PS3 again. Just so everyone is aware, this has nothing to do with the recent hacks on the console, they've *always* been spying on their customers, and their network has *always* been this huge unsecure mess, the information was just recently shared. I expect many a lawsuit to be filed against Sony soon.

You can find more information here and here. It's really quite scary.

[TJ Spyke]

Um, this is pretty standard. And people agree to it. I don't expect a lawsuit (and any such lawsuit would easily fail) because people willingly accept these when signing up for PSN and patches (they usually just ignore the details and just click "Accept").

[BranDonk Kong]

Really dude? That is not pretty standard. Sending your unencrypted credit card and personal information over a completely compromised network is far from standard. Also, you don't even have to be signed into PSN - the console itself phones home and sends info to Sony whether or not you're using PSN, just having your PS3 connected to your network in general lets them spy on you. Also, even if you don't agree to the new TOS, it doesn't change the fact that they've been doing this for years *without your permission*.

[UncleBob]

Digitally transmitting unencrypted credit cards is a big no-no.

I had to send a request up to retrieve the card number used in a transaction by a customer who committed a theft (of another customer's property) on store property.  After getting a subpoena from the PD, my boss retrieved the number, but couldn't e-mail it to me because it was unencrypted.

[TJ Spyke]

Brandogg, do you have any actual proof of your accusations?

[broodwars]

Yeah, I had to agree to that new Terms & Conditions before I could log onto the PSN tonight, which I thought was odd considering I'd already agreed to one when I first started my PS3 (note: this PS3 is a replacement for my original one, which died shortly after I transferred all its data to my new PS3).  I skimmed through the agreement, and there's a lot of language in there pertaining to forbidding the user from running unauthorized programs or firmware on the PS3.  I agreed to it because, frankly, I don't have a problem with agreeing to something I wasn't doing anyway.  I only use my PS3 for legal purposes, unlikely apparently quite a few people.  I question just how much real data Sony can pull from just knowing that I use an HD LCD Television when I play my PS3.  Hooray for them?  As for the Credit Card info issue, this is worrisome.  Hopefully, Sony will take the advisement of this hacker and update their security protocols before stuff gets out of hand given that the scum of the internet have already shown just how much they love their "homebrew" with the custom firmware.

[Chozo Ghost]

I created a PSN account without supplying any credit card info. I don't see how they could have it....

But now more than ever I'm determined never to pay one single dime on their damn PSN store. If I did then they WOULD have it, and odds are if they had it hackers and so on soon would as well. We already see how well Sony handles security of stuff that belongs to them, so why would we trust them with the security of stuff that belongs to us?

[BranDonk Kong]

TJ, I provided 2 links, and if you read more on that site, you can find out some more dirty tricks that can be done. I didn't want to post everything. I'm not accusing anyone of anything, I'm telling you what is going on, or at least some of the stuff that I've found out recently.

I know in the other Sony thread I always took the side of the hackers (for the most part at least), but there is some potential evil going on now - but it's completely Sony's fault for leaving the system so vulnerable. I would recommend removing any CC info stored on your console, and only using PSN cards from the store if you plan on buying things online until they get a better system. It's not a matter of updating their security protocols, it's a matter of introducing[/] some security protocols. The names are blocked out in the chatlogs, but if you hang out in efnet you'll probably be able to figure out who user1, etc, is, and you'll know it's all legit.

[S-U-P-E-R]

I heard about the console ID spoofing, haven't heard about the unencrypted credit card data. Not like I bring my PS3 online anymore, though. 

[KDR_11k]

If it's unencrypted you can just check the validity of the claim by running a packet sniffer on your home network (of course you need to have a way to see TCP traffic that isn't directed at your computer like using a hub or a mirroring port), then check for your credit card number in the data that got transfered.

CC numbers are of great interest to the law so I wouldn't be surprised if sending this report to the appropriate authority could get Sony into SERIOUS trouble. Any man in the middle could steal credit card information!


Additionally data collection like this is a serious offense in the EU and even the ToS cannot save them from EU data protection laws.

[Chozo Ghost]

Is it just me or does it seem that Sony holds nothing but contempt for its consumers? The thing I don't understand is how there is such a thing as a Sony Fanboy, but apparently there are millions of them out there. To be a Sony Fanboy is to be a submissive servile masochist. Why would anyone want to be a fan of a company like that?

[broodwars]

Is it just me or does it seem that Sony holds nothing but contempt for its consumers? The thing I don't understand is how there is such a thing as a Sony Fanboy, but apparently there are millions of them out there. To be a Sony Fanboy is to be a submissive servile masochist. Why would anyone want to be a fan of a company like that?

Do you really want to start a fight between fans of the various consoles by insulting them?  There are tons of things I could accuse Nintendo Fanboys here of being, but I prefer to leave each to their own.

[Chozo Ghost]

Is it just me or does it seem that Sony holds nothing but contempt for its consumers? The thing I don't understand is how there is such a thing as a Sony Fanboy, but apparently there are millions of them out there. To be a Sony Fanboy is to be a submissive servile masochist. Why would anyone want to be a fan of a company like that?

Do you really want to start a fight between fans of the various consoles by insulting them?  There are tons of things I could accuse Nintendo Fanboys here of being, but I prefer to leave each to their own.

I would assume you are the one who just smited me. Right back at ya. I speak only the truth. If you took that as an insult it may be because the truth hurts. You know that Sony is an asshole company and treats their consumers like dirt. That's not an insult that's a fact.

[broodwars]

I would assume you are the one who just smited me. Right back at ya. I speak only the truth. If you took that as an insult it may be because the truth hurts. You know that Sony is an asshole company and treats their consumers like dirt. That's not an insult that's a fact.

Actually, I didn't smite you at all.  I haven't smited or applauded anyone in a couple weeks, not since I pulled TJ Spyke up temporarily into positive numbers again.  My, someone's awfuly paranoid here.       I'm just saying, there's no reason to get snippy with fans of the other consoles.  I may not like a lot of the things Sony does, but I really like their main console and I like its games far more than those out on Nintendo's console.

[Chozo Ghost]

Well, feel free to smite me then since I wrongly accused you.... I wouldn't blame you.

BTW, I own a PS3. I do so grudgingly because its the only way to play certain 3rd party games which never come to the Wii. So it was either a PS3 or a 360, and the only reason I went with the PS3 is because its free to play online, but now with all this bullshit going on I'm now wondering if I should have gotten a 360 instead... oh well. But my point is in my case even though I own a PS3 I'm not a fanboy of it. Sony holds contempt for me, so I return it and so the feelings are mutual. I'm a PS3 owner, but not a PS3 fan.

ETA: when I get a chance I will applaud you to offset the smite.

[Ian Sane]

I wouldn't see this as contempt for their customers, more like laziness or incompetence.  I highly doubt that the head of SCEI decided "hey, let's slack off huge on piracy protection and credit card security!"  It is probably something that happened way down the chain of command.  It might be the same stupidest programmer ever that made the system so easy to crack.

I don't think I've ever actually bought anything online using my PS3.  They wouldn't ask for my credit card for any other reason, would they?  I can't remember if I was ever asked to enter it.  You don't think "boy I better be careful about this".  You assume that this would be safe.

[TJ Spyke]

I have downloaded tons of free content on PSN and have never been asked for credit card info, so I think they only ask for it when you purchase something (and you can always choose to just buy a PSN card instead).

[Chozo Ghost]

I wouldn't see this as contempt for their customers, more like laziness or incompetence.  I highly doubt that the head of SCEI decided "hey, let's slack off huge on piracy protection and credit card security!"  It is probably something that happened way down the chain of command.  It might be the same stupidest programmer ever that made the system so easy to crack.

Its just the latest in a long string of examples of Sony's attitude towards consumers. Other examples include installing rootkits on PCs without the user's consent or knowledge, exploding laptop batteries, saying things like consumers need to get a second job to pay for their $600 PS3s and I remember people complaining about the buttons on the first model of the PSP and they just shrugged it off saying "it is working as intended" even though it was a serious problem because the buttons were sticking.

So it can't just be laziness or incompetence, because there are hubris comments from high ranking Sony executives basically saying they don't give a **** about consumers and they should just deal with it because that's the way they made things and they refuse to change it. So you deal with it and get your second job to pay for it but otherwise you can just go to hell. That's what their attitude is.

So the fact they are now in 3rd place and facing all these problems helps make a good case that there really is such a thing as Karma.

ETA: I'm now convinced it is TJ Spyke who has been smiting me. If its a smite war he wants, its a smite war he shall have.

[Ian Sane]

Well I'm not a fan of Sony.  I'm very much only a customer of their's.  But I could also read a similar laundry list for Nintendo.  The "it sucks but deal with it" attitude seems pretty familiar doesn't it?  Over time Nintendo has grinded me down to where I went from being a Nintendo fan to just being a Nintendo customer.

But that is the risk one takes when they become a fan of a business whose primary motivation is to earn money from you.  You run the same risk being a fan of a sports team or a band.

This is a ridiculous screw up on Sony's part and is utterly unacceptable.  But they don't have the monopoly on unacceptable screw ups.

[BlackNMild2k1]

Why is the "Sony Getting Hit Hard Lately" Thread still locked down? I guess this new PSN Sux thread will have to do.

http://www.psnathome.com/general/ps3-hackers-can-now-ban-legitimate-users-and-unban-consoles.html

As Sony finally begins to use their ban hammers against those who have jailbroke their consoles’, hackers have now found a way to Unban their PS3 console’s and ban legitimate users. Yes, you read that correctly. Hackers can now ban you in the process for doing absolutely nothing .

Website, PSX Scene is the first to report on user’s actually being able to do this.

From the forum post:

Hot off the press, and on the heels of Sony trying to find all the modded PS3 consoles, comes a funny story from SKFU’s Blog (an PS3 researcher/developer), along with a real way to UNBAN yourself, but watch out LEGIT PS3 owners, you could end up being banned by another user!

1) The bans are based on the users’ account and console ID’s.

2) We can modify all traffic sent and received by the PlayStation3

What if some skiddies start to modify their sent traffic to appear as another user and use backups?

The PSN servers would recognize the TOS violation and check the online user database for known connections based on the ID’s. The user and his consoles who really owns the ID’s would be banned.

Even a simple Windows application which goes through ALL ID’s may be possible. 24 hours and any console worldwide would be banned.

This should definitely be double-checked by SONY.

Now with these tool’s out, legit PSN users can be banned by the simple use of a program. We will not post the link to the forum post since we do not condone any use of these hacking tools at all on our site. But with the ablilty for hackers to ban and unban PS3 Consoles, what more can PSN user’s endure and what can Sony do about this now?

Picture Proof



We have been getting reports from multiple people that this is legitimate.

[UPDATE]

The Forum post on PSX Scene has been removed however this was NOT our original source. We’ll keep you up to date on the findings on this latest hack and update later to confirm if this is real or not.

This **** is just getting waaaaay out of control. I have literally LOL'd myself out of my damn chair and onto the floor.
Sony you are failing on so many levels right now it's just too funny to not laugh at. There are just no words......

[broodwars]

This **** is just getting waaaaay out of control. I have literally LOL'd myself out of my damn chair and onto the floor.
Sony you are failing on so many levels right now it's just too funny to not laugh at. There are just no words......

So Sony is "failing on so many levels right now" because low-life scum hackers are showing their true colors as people unworthy of sympathy?      Sorry, but if the hackers ever had any justifiable ground to stand on, they shattered it when they announced that they could ban the consoles of innocent players (though they do need to have the console ID to do so).  Go ahead, hackers: keep it up!  Keep proving with your actions that Sony was completely justified in removing Other OS with your pirating and destroying the playing experience of people who just want to play their PS3s.

[BlackNMild2k1]

I never said it was right of the hackers, I'm laughing at how quickly this **** is rolling uphill.

Sony takes away OtherOS, hackers crack the master keys.
Sony throws around lawsuits, PSN gets hacked
Sony starts banning people left and right, Hackers unban themselves and get innocents banned in the process

ontop of that Move isn't selling so well and software sales for PS3 are down and PSP is dead in the water (everywhere but Japan right now)

They are failing on so many levels, but the ones I'm mostly laughing at are the security ones and how they keep taunting the hacker community with a very public battle. The Wii got hacked, but you don't see Nintendo tossing around public lawsuits and trying to subpoena youtube and forum users because they know how to do it. Sony has let this get waaay to far out of hand and I am laughing my ass off at the whole situation.

Everything was fine up until OtherOS was removed and now all the **** has rolled up hill and parked itself on Sony's door step. Sony needs to get their **** together for the next console and put in several layers of security that don't all depend on the 1st one never being compromised. I'm not condoning anything that has happened, I just find it extremely hilarious that it is happening.

[broodwars]

Although I don't condone them going after forum and youtube commentors (go after the people who you can prove are pirates, Sony), I honestly can't blame Sony.  Self-righteous hackers are leading to a dangerous increase in piracy on an already-vulnerable platform.  Nintendo can just ignore Wii piracy because all those Blue Ocean folks keep them swimming in money.  Sony can't just stand by and allow this nonsense to continue when it is a direct threat to their sales, as they would appear even more weak and impotent to their competitors.  If this were just homebrew applications and whatnot, fine...whatever.  Enjoy your ability to play ripped SNES games on your PS3.
 
However, as I predicted when Holtz released the details of his hack to the world, the pirates and self-righteous hackers are using it to steal from Sony (which, I remind you, is why Sony removed Other OS to begin with: people were working on using it to steal from them).  Something had to be done, and while it may not be ideal it may have been the only way to do it with the existing hardware.  All Sony can do at this point is to try to minimize the damage and hold out until the next console generation when they can redesign and fortify the security measures.  The hackers are the ones escalating this whenever Sony threatens to deprive them of their illegal access.

[Chozo Ghost]

Why is the "Sony Getting Hit Hard Lately" Thread still locked down? I guess this new PSN Sux thread will have to do.

There was no point to locking it. Other threads just sprang up in its place (like this one), and now as soon as Morari shows up and starts posting the **** is going to hit the fan just like it did before.

But anyway, I do agree with you. I'm a moderate in this. I'm certainly not a Sony fanboy ass kisser, but on the other hand I don't like what the hackers are doing either. But it is fun to watch them both go at it. It reminds me of the game Bloodrayne when the Nazis are in this mine and the awaken these demon things which start attacking them. Its fun to watch two evil groups battle it out. Its just bad when innocents get caught in the crossfire, and unfortunately that's whats happening to some innocent people who are being wrongly banned and/or having their credit card info stolen. That's the real tragedy in all this.

[Ian Sane]

I'm not thrilled with how Sony operates but now that we're talking about hackers being able to ban innocent users or steal credit card numbers, I can't side with them at all.  Once you drag innocent people into this you cease to be rebels and become terrorists.  No, this ain't murder or anything nearly that serious but you're still fucking with innocent people.  This ain't sticking it to the man.

And realistically it never was.  Piracy doesn't just hurt Sony, it hurts every developer making PS3 games and they had nothing to do with Sony taking away Other OS.  The justification of all this has always been paper thin.  These hackers are thugs and they're the worst kind of thugs because they're bullshitting self-righteous thugs.

The internet provides security from reprisal.  You can be a jerk and a thief and get away with it and we see it all the time.  The guy who spams every Youtube video's comments does so because he can insult someone without them punching him in the face.  The piracy, the ability to steal credit card numbers or ban innocent users - that's all about the ability to jerk other people around without getting in trouble.

There are legitimate hacks and Sony are kind of dicks and the sheer incompetence they have shown here is somewhat amusing to me in a carwreck way.  But we're also dealing with some real jerkoffs here and Sony has the right to defend themselves.  Even if they never offered Other OS in the first place and never started the issue, I know there were people dedicating serious time to hacking the PS3 for nefarious purposes.  It's ridiculous to think that hackers would have left everything alone if they didn't lose Other OS.