Wednesday, May 18, 2011

Sony Pulls Plug On The PlayStation Network Yet Again

Sony has pulled the plug on the PlayStation Network yet again, this time due to an exploit that allows hackers to re-set the passwords of anyone using only a PSN account email and date of birth.

Update:

Sony's Senior Director of Corporate Communications & Social Media, Patrick Seybold, told 1UP that it did indeed take down the PSN and Qriocity password reset page as a result of the issue. However, there was no hack involved; this was a matter of a URL exploit that Sony says it has since fixed. Sony is still encouraging users to reset their PSN passwords on their PS3 or through the website once it's returned.

The problem was first reported by games news site Nylevia.com.

"While we will not reveal specific details regarding how the exploit is performed for obvious reasons, we can say that the exploit involves a vulnerability in the password reset form currently implemented, not properly verifying tokens," the site reported.

From the evidence I've seen, and I might not have the full picture, there is no actual "hacking" going on here. Sony simply dropped the ball on user verification. Instead of making use of a stronger system they implemented a week verification system that only uses a users email address and date of birth. Users requesting to change their passwords are then sent out an email that should contain a confirmation link. Apparently, this "exploit" works to get around those emails.

For now Sony has taken down the Web based PSN login/password recovery page as well as PSN sign-in for a number of its websites, including PlayStation.com the PlayStation forums, PlayStation Blog and Qriocity.com. All PlayStation game titles are also unavailable.

"Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being," Sony said. "This is due to essential maintenance and at present it is unclear how long this will take.

"In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information."

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you
Geek-News.Net