Sony is in knee-high shit right now.
Someone haxx their interwebz and stole PSN user's account info, credit card information, and addresses.This will reportedly cost Sony over $24 Billion.Goodbye PSN. I love you.Without you, I shall never know how to love again.R.I.P.
Actually the only thing encypted was credit card details. Everything else was unencrypted, even passwords, emails and phone numbers.
If sony had have Done Things Right, they wouldn't be blindly accepting client input, or basing their security around people not knowing the key, so trusting them to suddenly start conforming to standards is a bit risky.
I dunno about passwords, I reckon they would have been hashed, given that it is the standard way of storing passwords and that from my digging around on the internet, it does seem that PS3s hash passwords, seemingly in MD5. However, from what I have found digging around, the password recovery stuff is probably not encrypted or hashed, so that is the biggest issue, besides hackers having your email address.
And it's only going to get worse from here. :(
This is eventually going to get fucking insane, now that the FBI is hunting those hackers down.
I want to see haxxor bloodshed. >:DMD5 stopped being secure a while ago, plus they know what some of the passwords are (their own) which could help them figure out how it is hashed. I'm assuming its at least a bit more complicated than md5(password).
Yeah, quite likely, although I doubt anyone would actually bother to code a virus for the PS3, given that it would be a fair amount of work for little gain. Still, given the private keys and what not have been floating around for a few months now, there are people writing libraries and stuff now, so if there will be any viruses made, they will probably be coming soon.
@Kabob: Yeah I know, but it is still a pain to decrypt, unless you have GBs of rainbow tables or a distributed network large enough to brute force MD5 in any meaningful amount of time.If you have 77 million accounts possibly tied to credit card details, then there are people with large enough networks who will be falling over each other to help.
Well to the average person its ok, but if there was a specific person they wanted the password from (someone famous) I'm sure they would take the time.
@PY: Fair enough, but still, most people wouldn't be high enough priority to warrant the use of a large distributed network. Given they would have a hard time making use of ones credit card information, on account of it being encrypted, there isn't much gain in that. The way I see it, the most gain they could make from the whole thing is selling the 77 odd million email addresses to people running spam networks. Or selling phone numbers to telemarketing companies.