There is no generalized ability for hackers to grab credit cards from PSN users only those using specially devised custom firmwares would be at risk. This information is shown to be extensive, but apart from the credit card data, probably not too sensitive or unreasonable.Īs flaws go, the risks here are not substantial. Such a scheme would be transparent to PSN users (except for any potential performance reduction caused by the proxying), and would give the attacker access to all the information that the PS3 sends to Sony. His proxy would decrypt the data sent to it, and then re-encrypt it and forward it to the real PSN servers. He would distribute a custom firmware that had a certificate corresponding to his proxy, and that used a DNS server that directed PSN connections to the proxy. This raises the prospect of a malicious entity operating his own proxies to snaffle sensitive data. A custom firmware can include custom certificates in its trusted list. The concern raised by the hackers is that custom firmwares could subvert this system. So far so good this is all safe, and your web browser depends on the same mechanisms for online purchases. The credit card and other information is sent over this SSL connection. As is common to SSL implementations, the identity of the remote server is verified using a list of certificates stored on each PS3. The PS3's connection to PSN is protected by SSL. Update: A document written by the hackers has clarified what they did and what privacy and security risks they believe the PlayStation 3 poses.
0 kommentar(er)
