Some actual proof that the account has been accessed?lowrider007 said:They are official emails from Sony, what more do you need?
Metalmurphy said:Actually no I didn't. The websites were already down when I woke up and saw the emails. But the emails are indeed real and came from Sony servers. They are both "asking for confirmation" and a "final confirmation" email, so the password was indeed changed.
DoB wasn't breached, to be clear for this to happen they would have had to gotten your PSN email address and DoB from somewhere else. In this case, I told them.
Azih said:But I didn't get my password mailed to me in text in the confirmation emails. Is there something different in the Japanese and North American password change systems?
Metalmurphy said:How is it premature I got an email, from Sony, telling me my password was changed after I gave my info, don't think you need more confirmation then that.
And Sony took the password recovery page down afterwards.
toythatkills said:Some actual proof that the account has been accessed?
How else would I have gotten those emails?toythatkills said:Some actual proof that the account has been accessed?
TTP said:Can't you log in from your PS3 to double check?
^^^^^^Hanmik said:but did you try to acces your (you can still do it) PSN account on your PS3..?
lowrider007 said:http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/
"UPDATE 3: To clarify the situation, we had confirmed ourselves the method used last night, and contacted SCEE, SCEE have acted upon this information, we felt the information previously provided in our tweets and this article may have been a little too revealing to the vulnerability, thus we dumbed down the explanation of the security hole. We have provided SCEE with a detailed description of the security hole.
While its unclear at this time if they will actually patch the flaw while they have the system taken down, I can also confirm that the system went down approximately 15 minutes after I received a response from SCEE on the matter."
Metalmurphy said:Japanese account, servers are offline.
I don't know. I'm not a hacker and I don't know how easy it would be to make an email appear to have come from somewhere else.Metalmurphy said:How else would I have gotten those emails?
Rubenov said:Seems like Sony has go back to website security school :-/
toythatkills said:I don't know. I'm not a hacker and I don't know how easy it would be to make an email appear to have come from somewhere else.
If it's literally, totally impossible, then fair enough. If there's any chance at all that it's possible then you're making some quite major accusations here which may not be based in truth.
They can fake the address you see on the "sender" field, but they can't fake the actual sender once you see the message details, which I posted already. They came from Sony.toythatkills said:I don't know. I'm not a hacker and I don't know how easy it would be to make an email appear to have come from somewhere else.
If it's literally, totally impossible, then fair enough. If there's any chance at all that it's possible then you're making some quite major accusations here which may not be based in truth.
luxarific said:Fucking christ, Sony. Just hire Schneier or someone who actually knows something about security and fire the incompetents you apparently employ.
This part would be forgeable, but it would not be placed where it is in the headers of the mail.toythatkills said:I don't know. I'm not a hacker and I don't know how easy it would be to make an email appear to have come from somewhere else.
If it's literally, totally impossible, then fair enough. If there's any chance at all that it's possible then you're making some quite major accusations here which may not be based in truth.
Hanmik said:he is not making something up.. it was allready news yesterday..
http://gamerpunch.net/2011/05/18/so...ign-in-amidst-rumors-about-password-security/
I just want to know how he could change the password for a japanese account via the internet.. I tried and got the maintenance message everytime..
kurtrussell said:Didn't Geohot ask them for a job a few months ago?
LiK said:Good to know they're fixing it. Geez, who's the genius behind their network and websites?
kurtrussell said:Didn't Geohot ask them for a job a few months ago?
VGChampion said:Sony would be pretty stupid to hire Geohot. I know companies do this but it seems he pretty much started the whole mess indirectly.
Yes all people doing now is giving more attention to it.Zoe said:They really should have alerted Sony before posting the story. They originally gave vague instructions on how to do the exploit yourself.
Hanmik said:he is not making something up.. it was allready news yesterday..
http://gamerpunch.net/2011/05/18/so...ign-in-amidst-rumors-about-password-security/
smurfx said:i had originally used my gmail account to sign up to psn on my cousins ps3. i checked it the other day and it said that the password had been changed. thought it was strange that sony didn't require you to verify through email when changing the password.
Uh oh.arnoldocastillo2003 said:Yeah it happen to a co-worker of mine, someone else changed his password, he contacted SONY to see if they can reset his account.
Loudninja said:Yes all people doing now is giving more attention to it.
VGChampion said:Sony would be pretty stupid to hire Geohot. I know companies do this but it seems he pretty much started the whole mess indirectly.
Yep I agree, man some people harm more than they help lol.Zoe said:It's important to disclose exploits that may have affected people, but you don't want to do that until the fix is rock solid and in place, and you definitely don't want to tell other people how to do it.
nofi said:That only just went live after the other thread and the story on TSA.
Oni Jazar said:I remember this technique was posted in our megathread to reset the password sooner.
smurfx said:i had originally used my gmail account to sign up to psn on my cousins ps3. i checked it the other day and it said that the password had been changed. thought it was strange that sony didn't require you to verify through email when changing the password.
XeroSauce said:So just quickly catching up on this thread...there was no verification needed at all? It just said your password was changed, have a nice day?
Do people not know basic security nowadays?
strem said:I think it is time that the Japanese just forget that online services exist. For a country so tech savy they can't figure out this online stuff
Zoe said:It's important to disclose exploits that may have affected people, but you don't want to do that until the fix is rock solid and in place, and you definitely don't want to tell other people how to do it.
HaRyu said:Yeah... when I saw the article about it, I actually tried to see if I could do the exploit w/ my own account.
Then I realized that if and when Sony fixes the exploit, they might come under the assumption that I was some hacker trying to break into my account, so I pretty much stopped after a few minutes of trying.
TTP said:Can you elaborate a bit about the procedure without giving too much away? I'm just curious about it.