Sony PlayStation Network Hacked Once Again

Wednesday, May 18, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

UPDATE: Sony issued a statement saying that there was no "hack" - but they did suspend the login page while an "exploit" was patched. Sony stated, "we temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed."

*   *   *

On the heels of Sony CEO Howard Stringer's admission that no network can guarantee security, reports have surfaced that the PlayStation Network is experiencing more problems with unauthorized access.

The presence of the vulnerability may have caused Sony to temporarily shut down the PSN login page just days after the beleaguered network returned to service.

A report in PCWorld states that "the hack involves the PSN web-based password reset page, where it’s said anyone can change someone else’s password using their PSN account email and date of birth—both details possibly (though not confirmedly) obtained by hackers in the mid-April breach."

According to Nyleveia—involves “a vulnerability in the password reset form currently implemented, not properly verifying tokens.”

While the vulnerability has not been confirmed by Sony, Nyleveia indicates that the login page went offline “approximately 15 minutes after [it] received a response from SCEE [Sony Computer Entertainment Europe] on the matter,” and the site now displays the following:

image

Over the weekend, Sony began a phased relaunch of the PlayStation Network, complete with updated software and the promise of much higher standards for security.

The assurances of better security measures was enough to make PSN service offerings available across the United States and several other nations, but was not enough to satisfy officials in the company's home country of Japan, which is requesting more information about the security upgrades before allowing the network to resume offering services.

In late April, Sony announced that the company's PlayStation network servers had been hacked, exposing the records of more than 70 million customers. During the course of the investigation, Sony discovered that the company's Online Entertainment network had also been compromised, exposing another 25 million customer records.

The breaches forced Sony to shut down both the PSN and Online Entertainment networks. Sony has since been the subject of a great deal of criticism regarding the company's delay in notifying authorities and customers of the exposure of account details, as well as for alleged security lapses leading to the breach.

Possibly Related Articles:
7266
Network Access Control
Authentication Access Control Headlines Network Security Sony Login hack PlayStation PSN
Post Rating I Like this!
Default-avatar
Ken Major We hire a CISO and we still have breach!
I said it before and I'll say it again, security is just a wast of time.

Yours truly,
SONY President and CEO


1305750585
49afa3a1bba5280af6c4bf2fb5ea7669
Mike Meikle So it seems they have a software quality assurance problem too.

I foresee the new CISO resigning in the near future.
1305752265
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.