PSN's F.U.B.A.R, Catch 22, He said-She said? or Body of Lies?

Today was a funny day....or pathetic.Waking up, hearing and reading people freaking out about PSN. Seems like everybody is running and ducking for cover on this one, will Sony and co. take any responsibility on any personal damages this mess may cause? hmmmmmm....there seems to be many contradicting articles circling around...thus let the uncertainty begin. Dang it, just feels horrible to be using SOCOM as a paper weight right now!!! govna....ali dobra pesma lol xD



"One person claims to have broken into the PlayStation Network, and what he has found is rather shocking. If his findings are accurate, your credit card information is being sent to Sony as an unencrypted text file, and Sony is watching every single thing you do with your system, keeping detailed records all the while. (PS3)"

Update
A document written by the hackers has clarified what they did and what privacy and security risks they believe the PlayStation 3 poses. The PS3's connection to PSN is protected by SSL. As is common to SSL implementations, the identity of the remote server is verified using a list of certificates stored on each PS3. The credit card and other information is sent over this SSL connection. So far so good; this is all safe, and your web browser depends on the same mechanisms for online purchases.
The concern raised by the hackers is that custom firmwares could subvert this system. A custom firmware can include custom certificates in its trusted list. It can also use custom DNS servers. This raises the prospect of a malicious entity operating his own proxies to snaffle sensitive data. He would distribute a custom firmware that had a certificate corresponding to his proxy, and that used a DNS server that directed PSN connections to the proxy. His proxy would decrypt the data sent to it, and then re-encrypt it and forward it to the real PSN servers. Such a scheme would be transparent to PSN users (except for any potential performance reduction caused by the proxying), and would give the attacker access to all the information that the PS3 sends to Sony. This information is shown to be extensive, but apart from the credit card data, probably not too sensitive or unreasonable. As flaws go, the risks here are not substantial. There is no generalized ability for hackers to grab credit cards from PSN users; only those using specially devised custom firmwares would be at risk. Essentially the same risk could be faced by anyone downloading a pirated version of Windows: extra certificates could be added to those normally trusted, along with suitable DNS entries, to allow interception of any traffic destined for, say, amazon.com. In practice, the risk of either of these is slight, and in any case, trivially avoided: don't use custom firmware.

The original story is below, but note that the claims originally made by the hacker quoted in the article are unsubstantiated."- N4G.com


"Sony says stolen PlayStation credit data encrypted

By : The Associated Press

NEW YORK — Sony is telling PlayStation users that it had encrypted the credit card data that hackers may have stolen, reducing the chances that thieves could have used the information.

Sony Corp. says that while it had no direct evidence the data were even taken, it cannot rule out the possibility. It did not say how strong the encryption was, and it's possible for hackers to decipher files that are weakly encrypted.

On Tuesday, Sony said account information, including names, birthdates, email addresses and log-in information, was compromised for certain players using its PlayStation Network. In a blog post Wednesday, Sony said that data had not been encrypted and had been kept in a separate location from the credit card information." - AP