Advertising (This ad goes away for registered users. You can Login or Register)

Sony keeps username & password in plain text format

Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
User avatar
Coldbird
Guru
Posts: 472
Joined: Sun Nov 14, 2010 12:33 am

Re: Sony keeps username & password in plain text format

Post by Coldbird » Mon Oct 03, 2011 9:49 pm

dang... now I REALLY beg users NOT TO use non PRO builds of PROCFW...
This could be exploited in so many bad ways by building a manipulated PROCFW which logs this...
Advertising
Image
PSP N-1000 ✔ / 6.20 PRO NIGHTLY ✔ / PRO ONLINE ✔

bpeterson
Posts: 50
Joined: Wed May 18, 2011 7:17 pm

Re: Sony keeps username & password in plain text format

Post by bpeterson » Mon Oct 03, 2011 9:51 pm

Good find. I wouldn't be surprised, if it worked the same way on the PS3.
Advertising
Follow me on Twitter: http://twitter.com/bpetersondev

User avatar
ViP3R
Posts: 615
Joined: Fri Dec 31, 2010 8:55 am
Location: Flash0:/Philippines
Contact:

Re: Sony keeps username & password in plain text format

Post by ViP3R » Tue Nov 29, 2011 11:05 am

Next time it's uncle sam's redeem codes in there. Why can't they store in it in generally, the "Sony-type-of-encryption" a.k.a. keeping them in .prx *oh God it's even worst than that... Or some sort they can figure out.
bpeterson wrote:Good find. I wouldn't be surprised, if it worked the same way on the PS3.
Meh, i dont know but, who knows if they're lazy as heck to store them in the HDD :roll:
Goodbye, Captain John "Soap" Mactavish
And Goodbye, Joe Frazier - thanks for encouraging me to have my own PSP

User avatar
Casavult
Moderator
Posts: 2330
Joined: Wed Jun 08, 2011 4:22 pm
Location: UK and Middle East

Re: Sony keeps username & password in plain text format

Post by Casavult » Tue Nov 29, 2011 2:29 pm

Hmmm, I could use this to get my brothers PSN details from his PSP. :lol:

But seriously, this sort of stuff should be heavily encrypted, but hey this is Sony...
• PS4 1K 2TB OFW • PS3 3K 1TB OFW • PS3 Slim (2103-B) 500GB 4.81 Rebug • PS3 Slim (2003-B) 250GB 4.81 Habib •
• PS VIta 1K 32GB 3.60 HENkaku • 3x PSP 2K (TA-085v1) 128GB 6.60 ME-2.3 • 1x PSP 2K (TA-085v2) 32GB 6.60 ME-2.3 •

Kaliki
Posts: 103
Joined: Tue Jan 11, 2011 12:30 am

Re: Sony keeps username & password in plain text format

Post by Kaliki » Fri Dec 02, 2011 1:22 pm

Casavult wrote: But seriously, this sort of stuff should be heavily encrypted, but hey this is Sony...
I agree, there should indeed be a lot more secure protection on this. But you can't really blame Sony because the risk only exists if you are using CFW, which is not supported by Sony's tech people. Otherwise, practically everyone can put TCFW on other peoples PSP's in seconds nowadays... :?
Security guy of Sony says: "I lost my keys.... some one found my keys?" (as found on Hellcat's twitter)

User avatar
m0skit0
Guru
Posts: 3817
Joined: Mon Sep 27, 2010 6:01 pm

Re: Sony keeps username & password in plain text format

Post by m0skit0 » Mon Dec 05, 2011 8:47 am

Kaliki wrote:But you can't really blame Sony because the risk only exists if you are using CFW, which is not supported by Sony's tech people.
I'm sorry but... WHAT? What about Sony reading your pass and stuff? And IIRC, Sony's servers also kept your personal data in plain text, so yeah, Sony is to blame, definitely. And even if not, any decent technology company will store your personal data encrypted. Even on a portable device. Shame on Sony.

And to everybody: please stop lickin' corporations' a**, you don't owe them anything.
I wanna lots of mov al,0xb
Image
"just not into this RA stuffz"

User avatar
FrEdDy
HBL Collaborator
Posts: 243
Joined: Mon Sep 27, 2010 7:08 pm
Contact:

Re: Sony keeps username & password in plain text format

Post by FrEdDy » Mon Dec 05, 2011 8:15 pm

m0skit0 wrote:
Kaliki wrote:But you can't really blame Sony because the risk only exists if you are using CFW, which is not supported by Sony's tech people.
I'm sorry but... WHAT? What about Sony reading your pass and stuff? And IIRC, Sony's servers also kept your personal data in plain text, so yeah, Sony is to blame, definitely. And even if not, any decent technology company will store your personal data encrypted. Even on a portable device. Shame on Sony.

And to everybody: please stop lickin' corporations' a**, you don't owe them anything.
Yes, Sony stored sensitive PSN information in plaintext. No matter where they store your information, it should be always protected.
https://github.com/freddy-156
<@n00b81> FREDDY CUTTIES

User avatar
ViKtory
Posts: 231
Joined: Wed Aug 17, 2011 8:07 pm
Location: India

Re: Sony keeps username & password in plain text format

Post by ViKtory » Tue Dec 06, 2011 6:56 pm

I guess this is why PSN got hacked so easily.

Kaliki
Posts: 103
Joined: Tue Jan 11, 2011 12:30 am

Re: Sony keeps username & password in plain text format

Post by Kaliki » Tue Dec 06, 2011 11:06 pm

m0skit0 wrote:And even if not, any decent technology company will store your personal data encrypted.
That got me thinking. It's obviously right. I still wonder why many consumers don't care more often about giving away their personal data. But that's a different story.
Security guy of Sony says: "I lost my keys.... some one found my keys?" (as found on Hellcat's twitter)

User avatar
toBsucht
VIP
Posts: 1933
Joined: Wed Dec 29, 2010 8:15 am
Contact:

Re: Sony keeps username & password in plain text format

Post by toBsucht » Sun Mar 18, 2012 7:33 pm

So if anyone share his nan dump with login data people can get it easy?! btw i think you know that thiere is a hb to get those data
HomeBrews working with Psp 6.xx fw viewtopic.php?f=2&t=2624
ofw (shrunk) HomeBrews viewtopic.php?f=2&t=1879

All Psp homebrews at mfi.re/toBsucht
http://pspinstaller.co.uk

Post Reply

Return to “Programming and Security”