psynergylover
Member
what are you even talking about? so this "hacker" does all this shit so he can gain access to the persons PSN account then use that said account to then use remote play so he can mess around on the PS4....
WUT????
-
Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.
Is remote play for PS4 is a hacker's dream?
- Thread starter RhyDin
- Start date
what are you even talking about? so this "hacker" does all this shit so he can gain access to the persons PSN account then use that said account to then use remote play so he can mess around on the PS4....
WUT????
InsaneTiger
Member
OP, nothing is safe. Nothing. You are presenting an absolute worse case scenario. Yes, it can happen but if hackers really want something they will work to get it. The banks aren't safe, the credit bureaus aren't safe, we know the Feds aren't safe.
Every user should do what they can to protect themselves but with you fear mongering attitude there is no reason to connected to anything. Put your money under your mattress OP.
Every user should do what they can to protect themselves but with you fear mongering attitude there is no reason to connected to anything. Put your money under your mattress OP.
I'm not making anything up and I'll be the last one to fall victim to this, I'm just passionate about ITSEC. I've played with MITM functions using consumer products like the WiFi Pineapple. Stuff like this is incredibly easy to do and while unlikely to reach a widespread use, still bonkers that Sony made it so easy. All they would have had to do is disable remote play by default and disallow web browser access over remote play (since there's no reason to have it, anyway).
But for users that might have their credentials already compromised and not know it (clearly, still happening) and the remote feature being enabled by default (most people don't even know Remote Play is a thing), it's only a matter of time before someone executes something like this or targets a particular user with it.
Melchiah
Member
Trying to claim victory with something that is in contradiction to your point isn't really effective.
Bear Force One
Banned
What is happening here?
If Phishing didn't work nobody would do it. It works very very well. If you send a million mails and you only get 10 responses, that is very good because you didn't spend any money in it. And the number of people falling for it is a lot higher than that. Which is why every bank in the world keeps warning their clients about it. Even when they have 2 factor.
TheSpoiler
Member
Lmao he didn't even read that topic before posting it.
Gravy Boat
Member
To be fair, if my PSN account got phished and someone was spending my money as a result, I couldn't care less wether or not they were also deleting people off my friends list. This is the equivalent of having your credit card cloned and being worried that they might cancel your Netflix or something.
Cthulhu_Steev
Member
Are you adding more to your story every time you see a post in the other thread? What a fucking mess you're in here.
Cthulhu_Steev
Member
Imagine a hacker goes through the trouble hacking your PC just to delete your savegames
They could hide all those games you have zero trophies for and couldn't be bothered to sort- there's always an upside!
TheSpoiler
Member
He just won't admit to being hyperbolic, so he keeps doubling down as much as possible. This is embarrassing.
The only embarrassing part of this topic is the amount of users that aren't technically savvy, which leads me to want to retract my previous statement on phishing via e-mail being presumably ineffective against what would be the core PS4 owners (this isn't 1999-2003 anymore, most people know to check their address bar.)
It's only further evident by the amount of posters repeating the same thing I stated were prerequisites to the rule, the posters that totally misunderstand my points in how this is a bad security practice, as well as posters continuing to post about how hacking PSN accounts or taking over a user's network with MITM attacks or other would be purely for monetary gain. The repetition of posts saying "lol money" and "why hack PSN accounts lol it's worthless" are astoundingly ignorant statements.
The amount of times someone in this topic said, "no, you can't do that because" and I proved you theoretically could, it always comes down to insults and memes. Sorry, but as long as there are possibilities in furthering exploits from lax security, there will be someone out to explore how far they can take them - if only out of curiosity. It seems nobody will bite until a proof of concept (people ITT literally questioning if I've ever done a basic traffic interception, which any script kiddy can Google and figure out) or a mass herd of accounts is jacked with these kinds of methods, which probably won't happen, but is still quite sad that it isn't taken seriously.
Gravy Boat
Member
Your original premise of this thread was 'Guys they can reformat your hard drive', then it changed to 'they can delete you friends and saves' when that was proven false. Then some other poster mentioned the web browser thing and you've now latched on to it as if it was your point all along. It's hard to take you seriously when you keep changing what it is that we should be worried about.
TheSpoiler
Member
You wrote a lot of words to deviate from the fact that your end point in all this is that if a person has your shit, they can delete your saves. I have no problem with telling people to protect their passwords, but you are acting like RP can introduce huge security flaws in the form of getting rid of or organizing someone's saved data when the bigger issue is that someone has access to your account in the first place.
As someone already said, it's like breaking into a house and leaving the fridge door open so the food spoils.
It's not that we don't take this stuff seriously, as seen by the other topic. We just don't take you seriously, especially after you posted that same topic without actually reading what happened within, and you hardly seem willing to admit that this is a mountain out of a molehill.
The mental gymnastics displayed by Rhy almost made me forget that the original point(s) were completely different.
Three pages and this dude has not learned to take the L gracefully.
The moral here is to be worried about everything.
.
The OP on that other thread had his email/pass stolen... he used the same password to multiple sites... a big no no...
And never use the same password to multiple services.
hikarutilmitt
Member
I like how you're accusing people of this and then still going on with this otherwise idiotic rant.
You started with "Remote Play can be hacked because of this thing!"
Then it became "That's not what I meant! I meant if they have your credentials!"
Then it became "THEY HAVE YOUR CREDENTIALS BECAUSE YOU'RE ALL STUPID!!"
Then it further extended to "They're gonna login to your PS4 then use the browser to edit settings using your ALSO poorly protected router and do a MITM and screw you over with everything!"
The ONLY security threat here is the user. Period. I'm not saying it's not technically possible, but it's insane to think it's going to happen like this and because of RP itself, not protecting your credentials appropriately.
I deal with compromised websites and servers all day at work. The 2 main reasons anyone gets hacked on this are
1) not keeping their software version up-to-date
2) their credentials got stolen by some means (that sure as hell wasn't our system getting hit without us knowing)
Please. OP. Stop this madness. Just give up. Stop editing your initial post to look less foolish in light of everyone proving you wrong and just stop. You have the power to end this.
potatohead
Member
InsaneTiger
Member
Anybody that says phishing doesn't work is clueless. It still works today, why do you think we still hear about people being tricked into going to fake website or giving out information to imposters.
I have had multiples times where my wife, a successful business owner, has asked me numerous times if an email was real or fake and had to train on how to determine these phishing attempts and I still have to tell her what is real and what is fake. She almost gave our her CC and other info to apple@gmail.com asking her to confirm her iCloud account and I know for a fact she has no iCloud account.
Phishing works OP.
I have had multiples times where my wife, a successful business owner, has asked me numerous times if an email was real or fake and had to train on how to determine these phishing attempts and I still have to tell her what is real and what is fake. She almost gave our her CC and other info to apple@gmail.com asking her to confirm her iCloud account and I know for a fact she has no iCloud account.
Phishing works OP.
kingkenny76
Member
And the smarter the better, as they are smart enough to be ashamed in reporting it to the police.