The PlayStation Network is down once again in response to a new exploit discovered just days after Sony began reopening the service following a lengthy outage resulting from a security breach last month.
It appears this was not a hack or outside attack but a lapse in logic (and verification) on Sony's part. The April breach exposed the personal information of tens of millions of PSN users -- including but not necessarily limited to passwords, email addresses and credit card info. In taking the network back online earlier this week, Sony insisted that users reset their passwords before doing anything else.
However, any hacker in possession of user info from the April breach could gain access through a process involving entering a user's date of birth and email address on the password reset page.
According to gaming site Nyleveia:
While we will not reveal specific details regarding how the exploit is performed for obvious reasons, we can say that the exploit involves a vulnerability in the password reset form currently implemented, not properly verifying tokens.The exploit cannot be executed while the system is down. Just another rainy day without the PlayStation Network.
Your Los Angeles Media Connection LAMediaWatch.com
No comments:
Post a Comment