Les liens du jour à ne pas manquer (Flux RSS) !
Sony admits that PSN personal data was NOT encrypted!
via PSX-SCENE: It only does everything else! – Latest News, de The Central Scrutinizer le 28 Apr 2011
Today, in a weak effort to answer many outstanding questions in regard to the why they lost over 77 million PSN accounts last week to an "external intrusion"!
Sony decided to release more details on their blog, which allows us to make the following comments regarding the now over ONE week breakdown of the PSN network!
Point #1: — They admit that PSN "personal data" was NOT encrypted!
|
All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack. |
Since the simple PLAINTEXT "personal data table", did contain your "email address", "birthdate", "real name", "password", and even tho Sony claims the "credit card" table was encrypted, most people sadly use the same password on multiple other accounts, so it would be very easy for a hacker to login into a matching email, or paypal, or bank account, and discover the missing bits of info needed like full credit or bank account numbers by going thru all your outside personal info, thanks to Sony giving him your "password" in plaintext!
Point #2 — Now we know why it is taking so long to restore the PSN network!
|
We are initiating several measures that will significantly enhance all aspects of PlayStation Network’s security and your personal data, including moving our network infrastructure and data center to a new, more secure location, which is already underway. |
So they are not just rebuilding the network, by updating the server software, they are moving to a whole new location, but this just opens up more questions! — What was wrong with the old location? — Was the "
external intrusion" just simply someone walking in and looking like a techie-person, and copying the data removing the need to break any security?
Rumor: We are in for big update, DLC wise, Game patch wise, firmware!
Reports are coming in from many mainstream blogs that a new firmware update will be released in May 2011 and that it will FORCE you to re-verify your complete PSN account, and you MUST create a new PASSWORD, and you WILL have to UPDATE to this new secure PS3 firmware if you wish to enjoy in the FUTURE newly released games!
There is also rumors that all licensed game developers are being shipped new SDK’s, and that they are being forced to re-compile all the DLC addon’s, and all their game patchs, before Sony will even think of turning on the new PSN network!
We Told You So! — Seems Everyone Knew But Sony!
[user12] I also know that the server that does the x-i-5 tickets is a bit more tight about the ciphers than any other system in sonyland
[user12] if sony is watching this channel they should know that running an older version of apache on a redhat server with known vulnerabilities is not wise, especially when that server freely reports its version and its the auth server
[user2] its not old version, they just didnt update the banner
[user12] I consider apache 2.2.15 old
[user2] which server
[user12] it also has known vulnerabilities
[user12] auth.np.ac.playstation.net
[user2] ya the displayed version u see via banner is not the real version
[user12] unless they updated it in the last couple weeks
[user12] I doubt that since its not trivial to change that
[user12] its a bit more invasive than just setting it to Prod like they do on their other servers
[user11] you know, watching this conversation makes me think about whether it was a good idea after all to buy a couple of games from psn using a visa card
[user2] its just backported security patches
[user11] i did remove all my info after downloading the games though
[user12] that is just psn not the store
[user12] they are running linux 2.6.9-2.6.24 on that box too
[user12] that too is old
[user2] lol @ buying on store
[user11] yes, but their general attitude towards security just seems…ugh
[user2] sony wont misuse the info i bet xD
[user2] but just prevent using cfw’s of unknown ppl
[user2] even better from ALL ppl
[user2] make ur own lol
[user12] so I doubt that they are spoofing the network stack on that box as well
[user12] my guess is that it really is undermaintained “it works why change anything”
[user2] could be
[user12] sony really should update that stuff to something more current
[user2] ya
[user2] but imagine
[user2] psn == 45 environments
[user2] and for example
[user2] every env has 50 subdomains
[user2] to external machines
[user2] its rly rly huge
[user2] who wants to do this xD
[user2] ppl r lazy
[user2] wont change
So there you have it all in a nutshell, the system was totally unsecure, and fully outdated, and Sony was just being infact lazy in doing anything about it!
Attached below is the full (nicknames-have-been-removed) IRC log from "Feb. 16th, 2011" that talks about how wide-open the PSN servers are!
Attached Files
 |
psnhackerirclog.txt (19.5 KB) |
Ubuntu 11.04 en version finale : l’interface Unity entre en piste
via PC INpact, de Vince@pcinpact.com (Vincent Hermann) le 28 Apr 2011
via Korben, de Korben le 28 Apr 2011
Portal est à la fête en ce moment ! Après Portal Kombat, voici Mario qui débarque avec son générateur de portail…
Imaginez maintenant si vous aviez le même dans la vraie vie… On pourrait vraiment se marrer !
[Source]
Sinon pour ce WE, il reste le split screen…
via Le Journal du Gamer, de François le 28 Apr 2011
Mine de rien, le WE approche… Et le PSN est toujours en rade… Du coup, je vous propose une petite vidéo bien utile dans la suite.
Cette dernière liste les meilleurs jeux multijoueurs en split screen sur PS3, il faudra tout de même supporter la voix haut perchée de l’anglaise qui essaye vaguement de vendre la vidéo…
Ben oui, après tout, le multi peut également se jouer de cette manière la…
Sinon pour ce WE, il reste le split screen… is a post from: Le Journal du Gamer
FTTH : une carte résume les intentions de déploiement d’ici 2016
via PC INpact, de nil@pcinpact.com (Nil Sanyas) le 28 Apr 2011
Un clavier pour votre média center
via Le Journal du Geek, de Auré – Kreed le 28 Apr 2011
Le Genius Wireless LuxeMate T810 Media Cruiser fait à la fois office de clavier, télécommande et souris sans fil destiné à contrôler votre PC sous Windows Media Center. Efficace jusqu’à une distance de 10 mètres et actuellement disponible pour 89.99 $ soit environ 61 €.
Copyright © JournalduGeek.com | Retrouvez-nous aussi sur Facebook et Twitter | Site hébergé par Typhon
Sony donne des détails sur les vols potentiels de données
via PC INpact, de Vince@pcinpact.com (Vincent Hermann) le 28 Apr 2011
10er10 – Un clone libre de Deezer
via Korben, de Korben le 28 Apr 2011
Si vous voulez mettre en place sur votre serveur, votre propre Deezer-like, je vous avais déjà parlé de Subsonic mais il existe d’autres alternative comme 10er10 qui est un clone de Deezer 100% libre et développé par Dready92, un français. Au niveau des fonctionnalités, l’application vous permet d’uploader vos propres morceaux, de créer vos playlists, de faire des recherches dans le catalogue de musique et bien sûr d’écouter tout ça en streaming. Vraiment sympa !
Si vous voulez vous lancer dans l’install de 10er10, il vous faudra installer sur votre serveur, CouchDB (pour la base NoSQL), Node.js sans oublier tous les binaires lame, oggenc, ogginfo, utrac, taginfo, vorbiscomment ou encore flac et metaflac. Tout ceci vous permettra de tagger les morceaux ou de les convertir d’un format à l’autre.
Dans le même genre, il existe aussi Ampache, qui fait à la même chose, avec des petits trucs en plus comme le support des radios shoutcast, l’intégration dans Amarok ou le support LastFM.
Tip top non ? Je trouve que Subsonic reste vraiment le meilleur, même si 10er10 a l’air très prometteur… Par contre, Ampache doit faire un tas de choses mais niveau interface, c’est un peu la cata…
D’ailleurs, pour ceux qui s’intéressent à Deezer, sachez que la beta de la prochaine version est disponible pour ceux qui veulent tester. Les furieux ont fait un site full HTML5 ! Adieu le flash. Et franchement, de ce que j’en ai vu, les mecs ont vraiment bien bossé ! Bravo !
[Source]
Canal+ gratuit jusqu’au 5 mai pour les clients Orange haut débit
via PC INpact, de sebastien_g@pcinpact.com (Sébastien Gavois) le 28 Apr 2011
via Le Journal du Geek, de Auré – Kreed le 28 Apr 2011
Angus MacLane aka CubeDude (animateur chez Pixar depuis 1997) modélise en Lego de façon caricaturale nos super-héros et stars du cinéma préférés. Les CubeDudes sont en vente sur Ebay pour certains en édition limitée. Une sélection vous attend dans la suite !
Copyright © JournalduGeek.com | Retrouvez-nous aussi sur Facebook et Twitter | Site hébergé par Typhon
Star Wars and baseball have been forced together into one rad…
via Rampaged Reality, de (author unknown) le 28 Apr 2011
Star Wars and baseball have been forced together into one rad design thanks to artist Ian Leino. You can get it on a raglan sleeve jersey at his personal store (Promo code “VADER10” = 10% off) or grab it up at RIPT tomorrow (4/28).
Contest: Reblog this post and follow Ian for chances to win a 3”x4” magnet.
Related Rampages: Lie to me | No Match for a Good Blaster (More)
The Empire Strikes Out by Ian Leino (Tumblr) (Flickr) (Facebook) (Twitter)
Via: ianleino
Ce post regroupe toutes les news de la journée que j’ai jugé les plus intéressantes.
Digest powered by RSS Digest
