lol, another sony fail

Discussion in 'General Discussion' started by cfanon, May 18, 2011.

  1. cfanon Member

    Sony are still not out of hot water. The password reset is insecure, anyone who knows your email and DoB can reset the password at any point. Noting that the hackers already stole the email and DoB details for everyone...

  2. DeathHamster Member

    And that's why I give a different date of birth, etc, to every site that I sign up to.
    • Like Like x 1
  3. cfanon Member

    Good practice, but wouldn't stop it happening in this case as they'd already have your DoB for Sony (be it real or fake) from the hack. People need to change their email or DoB on Sony to stop this happening.

    Or rely on Sony to come up with a fix...
  4. Anonymous Member

    • Like Like x 5
  5. DeathHamster Member

    If they were doing it properly, they would send info to the email address (a confirmation link or code) that couldn't be deduced by a third party, even if they knew your email address (but not the password) and DoB. That's not rocket science.
  6. cfanon Member

    Agreed. The whole thing is ridiculous. Just using basic security practices that websites use could have saved this particular mess up from happening.

    Or atleast made it harder for the hackers with regards to the users they know the email passwords for (aka the idiots who use the same password for their PSN account as for the email it's set up with).
  7. DeathHamster Member

    And that's why they shouldn't ever be storing the cleartext of the PSN password, just the one-way hash of it, and enforce enough password rules that a straight dictionary attack won't help.
  8. cfanon Member

    A good strong dynamic salt with sha256 should be sufficient for another year atleast. So long as the algorithm for the dynamic salt is never leaked.

    PS dictionary attack? Rainbow table would be faster

    Anyway, this basicly means they're even more screwed. If I was a playstation owner, I'd be getting pretty worried (read as: tinfoil wearing) right now.
  9. DeathHamster Member

    Really? How big a list of words do you think PSN gamers use for their passwords? Killer, death, doom, evil, evildeath, evildeathkiller... :p
    • Like Like x 1
  10. Anonymous Member

    penis pen1s p3n15 etc.
    • Like Like x 1
  11. cfanon Member

    codmaster, xboxsux...

    But yeah, rainbow tables already has every combination in a range precalculated though, so you don't have to keep trying all those pesky different words - even if the combinations are lacking in imagination. Plus a dictionary attack wouldn't work if a salt is involved, but a rainbow table would still work so long as the salted password is still within the rainbow tables range.

    Difference between rainbow table on 1 password vs dictionary could be (depends on the password) 0.1 seconds vs 1/2 seconds. :p Then times that by 77 million users XD
  12. cfanon Member

  13. DeathHamster Member

    And this is the best they could come up with after shutting down for a month to completely revamp their security.

    /shakes head
  14. SwordofTruth Member

    Going to be lol at who they pick to scapegoat this time, mind you who ever it is the sheeple fanboys will eat it up.
  15. Paroxetine Samurai Moderator


    1) Cancel your PSN/SOE Account.
    2) If you don't have one, don't get one.
    3) ???
    4) Profit! (Except for Sony, of course)
    • Like Like x 1
  16. Anonymous Member

    It's a free account
  17. anonymous612 Member

    If you think Sony doesn't profit from accounts just because they don't cost to make you really don't understand basic business strategy.
  18. Anonymous Member

    The prodecure is as follows:
    1) Navigate to : (this is normally, via email, with the y's being a unique token) - do not enter the code at this point.
    2) Open a new tab in firefox, and go to (other pages will work too most likely), and click Login (Connexion)
    3) Click Recover password
    4) Enter the email and date of birth of the target account
    5) Click continue, then on the confirmation page, click "Reset using E-mail"
    6) Switch back to the original tab, and enter the code, then click continue
    7) You will now be asked to enter a new password for the target account
    • Like Like x 3
  19. anonymous612 Member

    So you don't even need access to the email to reset it?

    Whoopsie, Sony.
  20. cfanon Member

    Nice sneak edit there ;P

    And yeah, pretty bad...
  21. Anonymous Member

    Clearly you don't know either how things work at Sony.
  22. Nick_Nolte Member

    I'm sorry. I'm too busy playing Portal 2 and Mortal Kombat on my PS3 to care.
  23. Anonymous Member

    I got a fix for Sony

    • Like Like x 3
  24. Char. Limit Member

    And this is why I use a PC. I can get my own security software, and install it whenever I want too! No need to worry about Microsoft coming to me and saying that I can't use what I bought to do what I want.
  25. anonymous612 Member

    This is why God made PC gaming.
  26. Anonymous Member


Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins