Sony sends your playstation 3 credit card info unencrypted!!

It's pretty true. I thought that was slightly old news as GeoHot months and months ago pointed out a lot of data that could be taken from the official firmware via Other OS. I thought that was one of the reasons Other OS got removed. At the time he never explained how this was possible, but research by other parties is now shedding light on this.

guarenteed lies in my opinion

I love how their source is an anonymous un-named hacker.

Obviously false.

Just looked at the article and the post again. Okay viewing the info on the local end unencrypted, yes. That can be done. The data being SENT unencrypted? I'm highly sceptical.

if the psn was at risk from this type of hack it would b shut down straight away or sony could b looking at a huge court case from very angry customers with regards to the safe keeping of personal data ie credit cards etc

its bull

It's being sent in SSL and your credit card info is not the only thing sony can see regardless of if you login to psn or not..

http://arstechnica.com/gaming/news/2011/02/report-psn-hacked-showing-stunning-lack-of-credit-card-se...

Check the update. Your details are very much safe according to this. :D

Cheers Dannehkins thats better reading :Thumbs:

Heh, I am happy that the article has eased any fears that you may of had surrounding your card details.

I would still 'watch this space' in case all of this goes horribly wrong and it turns out that we are in danger, but judging from the information and the articles, I think we our security is very much safe. Some sites generally like to jump on the band-wagon too early and cause a racket even if their information has not even been sourced.

welcome to the interent the worlds biggest lier

---

@Dannehkins wrote:

http://arstechnica.com/gaming/news/2011/02/report-psn-hacked-showing-stunning-lack-of-credit-card-se...

Check the update. Your details are very much safe according to this. :D

---

 

In essence then, you card details are only at potential risk if you're using CFW. It would be somewhat ironic for those who have been using CFW for piracy to have had their card details stolen.

 

---

@rancidpunk wrote:

---

@Dannehkins wrote:

http://arstechnica.com/gaming/news/2011/02/report-psn-hacked-showing-stunning-lack-of-credit-card-se...

Check the update. Your details are very much safe according to this. :D

---

 

In essence then, you card details are only at potential risk if you're using CFW. It would be somewhat ironic for those who have been using CFW for piracy to have had their card details stolen.

---

Oh the irony. :)

 

 

---

@rancidpunk wrote:

---

@Dannehkins wrote:

http://arstechnica.com/gaming/news/2011/02/report-psn-hacked-showing-stunning-lack-of-credit-card-se...

Check the update. Your details are very much safe according to this. :D

---

 

In essence then, you card details are only at potential risk if you're using CFW. It would be somewhat ironic for those who have been using CFW for piracy to have had their card details stolen.

---

 

Not entirely, I think.

 

If I understand the report correctly (the full PDF), Sony are relying on their HTTPS security to ensure that our details are safe.  BTW, it's not just full CC details that are being transmitted un-encrypted, it's everything ever typed into your PS3 and everything ever connected to your PS3.  So, your address, email, name, DoB, PSN ID, password etc........(and all PSN messages) are transmitted this way.

 

CFW is not the only problem here.  The real issue is the interception of these un-encrypted bursts by way of Proxy or Script.

 

Why would Sony not encrypt this data?

 

Couple this with the new User Agreement changes, where Sony denies all liabilty for the theft or unauthorised use of this data by anyone other than SCE. :|

 

Given that, I want this stuff encrypted.

The new ToS paired with this news just looks like Sony confirming that the data is insecure (or not encrypted).

 

Credit card info (at least security code) should ALWAYS be encrypted (and obviously sent thro SSL). Normal practice in most websites/webstores.

 

Regarding the comment that said only CFW users will be affected... that's not totally true. If the CFW users install any and all CFWs they see, yes they'll be in greater risk but then again, they should have the brains to actually look at what they're installing.

For the OFW users, you can always be victim of a man-in-the-middle attack and your info may be captured (and well... it's plain text)...