News via http://ps3.gx-mod.com/modules/news/a...p?storyid=2779

A hacker named No_One published a PDF hackers supposed to help better understand the firmware 3.6x with the aim to help get the decryption key of said firmware and create a CFW.

The document is based on the use of a dual system firmware through the integration of a second NOR Flash / NAND. Although the presentation is clear, the content is nevertheless technical and requires some knowledge.

All this remains theoretical and there is no evidence that this information will achieve the objective. ...

News via http://dknute.livejournal.com/38217.html

So... SONY manages to have their PSN data stolen. And not just any data - the most sensitive kind, their customers' personal data. SONY calls that a high-profile malicious attack but in reality their system had gaping security holes. Known vulnerabilities were not patched for months. Very proffesional, let me guess, it was all outsourced to cut the costs?

How bad is it? So bad that they don't even know WHAT was taken since the logs were compromised as well. Because SONY not only failed to run a proper server stack, they failed to setup a logging system that would run independently. Apparently if it wasn't for the attackers clumsy attempts to cover their tracks, nobody would even know the intrusion took place!

To add insult to injury I was away from country as it got reported and could not block my card or else I'd end up with no money to pay bills and return home...

Words fail to properly convey my feelings about this, I'll try though. Let's start with PSP - it got hacked, with a spoofed "service battery" of all things. Way to include a backdoor into your secure product, guys. Just brilliant. PS3 - got hacked with a stupid buffer overflow in USB layer, again with the help of a backdoor system known as "service JIG". Then it got owned completly because SONY decided to use curve-based crypto rather than the usual RSA-like system, and nobody understood the new algorithms well enough to actually use them properly. I was laughing so hard when this was published... And what does SONY do? Blame the hackers.

Next thing SONY fails at is running a secure database with all of their clients data. And not just PSN, apparently the SOE one was raided too. You couldn't do worse if you tried. Hell, SONY might have as well just copied and send out the data themselves - at least that way we wouldn't have to endure a lenghty downtime of their services. But wait, that's not all of it yet. Now they got their collective asses moving and decided to actually upgrade the Apache to the latest version - and maybe (though doubtful) to keep doing that from now on. And with the claim that it's secure now they made it into grand reopening. Some lesser CEO even apologized. Wow. It would be much more impressive if not for another exploit that was discovered, what, less then 24 hours after the restart? This seems to be the extent of their new security - they just can't code shit, even if their lives depended on it.

Also, as it turns out, Japanese government is not happy with the way SONY handled the situation and forbid PSN reopening until all the issues are properly resolved, and explanations are made as to what steps were undertaken to prevent this mess from happening again in future. Now, this might just be a political struggle but it does kinda make you wonder just how secure this "new" system really is. It sure bothers me.

We are talking about 100 million accounts, this is THE BIGGEST data leak in history. Ever. SONY fails time and time again, and there seem to be no consequences whatsoever. I'm really unhappy with EU and USA authorities not demanding formal apology and proper compensation. I suppose the unnamed hackers will again take all the blame, since apparently big companies can do no evil. Nobody died, right? Move along folks, nothing to see here.

Oh and don't get me started on the Welcome Back Programme - it's just as insulting as the half-hearted apology. Rather than get a wallet bonus or something to the effect, we are given old games that many already have. And this is no accident, SONY knows well what games we have and play (via PSN reports) so this way they just pretend to give us something without actually investing too much money. Think of it this way, you just exchanged all of your personal data, including possibly credit card info, for 2 lousy games and 30 days of PSN+. Was it worth it?

I'm pretty sure kids won't mind. When you're 16 or so, what do you care who knows what your name and date of birth is. But proper adults should realize the potential consequences of identity theft. I've seen it happen to someone who had ID card stolen and let me tell you - it ain't pretty. First of all it won't hit you right away, usually takes months, but then it will haunt you for many months to come. And there is nothing you can do about it, except work hard to clear your name. In the meantime it's quite possible you'll be visited by debt collectors asking for money you never had, and even receive threats from people who think you owe them. Banks might lock your accounts every now and then, your cards will stop working due to all the stuff happening, and so on. And the worst thing is you know none of this is your fault. Welcome to your personal hell.

I won't ask anybody to boycott SONY. You do what you think is right in that situation. I will probably keep using my PS3 since the milk is spilt and nothing will change that. I sure won't enter my card detais into the console again, ...

Development has been progessing quite nicely on [Matlo's] PlayStation 3 controller spoofing project. This is a package that allows you to identify a PC as a PS3 controller. We know what you’re thinking: why would you want to do that? When we originally looked in on the project about a year ago we mentioned that this allows you to use any Linux-friendly peripheral as a PS3 controller. In the clip embedded below you’ll see that nothing beats a good keyboard and gaming mouse when it comes to first-person shooters. [Matlo's] solution not only allows you to use alternative control hardware, but there’s almost unlimited configurability.

And speaking of configuration, he’s done a ton of work on the GUI. After the initial package installation no terminal typing needs to be done to get the system configured. Once in place, you can set the MAC address of a Bluetooth dongle to spoof the address of your SixAxis controller. From there you can set up the button mapping, calibrate mouse hardware and the like, and even program macros (fantastic). Now go out and pwn everyone at deathmatch now that the PlayStation Network is back up and running.

http://hackaday.com/2011/05/25/ps3-c...ps-and-bounds/ ...

Sony has announced that its PlayStation Network is now back online in Japan after over a month of down time.

A full statement from the company was released last night, alongside a new video from PlayStation global boss Kaz Hirai. Both can be read/watched below:

Sony Corporation and Sony Computer Entertainment (SCE) announced that Sony Network Entertainment International (SNEI, the company) will begin a phased restoration of PlayStationNetwork and Qriocity Services in Japan and Asian countries and regions including Taiwan, Singapore, Malaysia, Indonesia, and Thailand*1 on May 28. A new identity protection program will also be offered in conjunction with the phased restoration for PlayStation Network and Qriocity customers in Japan.


Increased Security Measures

Working closely with respected outside security firms, the company has implemented new and additional security measures that strengthen safeguards against unauthorized activity, and provide consumers with greater protection of their personal information.

The company has made considerable enhancements to the data security, including updating and adding advanced security technologies, additional software monitoring and penetration and vulnerability testing, and increased levels of encryption and additional firewalls. The company also added a variety of other measures to the network infrastructure including an early-warning system for unusual activity patterns that could signal an attempt to compromise the network.

As an additional measure, a Chief Information Security Officer was created at SNEI who will work to reinforce overall information security across the company's network infrastructure.

"I'd also like to send my sincere regret to customers in Japan and Asian countries and regions for the inconvenience these events have caused you," said Kazuo Hirai, Executive Deputy President, Sony Corporation. "We are taking aggressive action including increasing security measures and working with respective authorities to address the concerns that were raised by this incident. We are making consumer data protection a full-time, company wide commitment so that our customers can rest assured about enjoying their entertainment."

The first phase of restored services for these countries and regions will include:

* Sign-in for PlayStationNetwork and Qriocity services, including the resetting of passwords
* Restoration of online game-play across PS3 and PSP
* 'Friends' category on PS3, including Friends List, Chat Functionality, Trophy Comparison, etc
* PlayStation Home
* Access to other network features on services such as torne*
(Customers will not be able to download movies rented through PlayStation Network video download service because movies have expired as a result of PlayStation Network service being turned off since April 21 (JST).) **
* torne is a service available only in Japan.
** Please contact customer support if this is the case.
*** PlayStation Store, Video on Demand Powered by Qriocity service for Japan and any service that involves transaction is not available at this time.

Identity Protection Measures

While there is no evidence at this time that credit card data was taken, the company is committed to helping its customers protect their personal data and is continuing to work with several security firms to determine the extent of customer data which may have illegally been taken following the criminal cyber-attack on PlayStation Network and Qriocity services in April. Also credit card companies have not reported any increase in the number of fraudulent credit card transactions as a result of the attack, nor have they reported any fraudulent transactions that they believe are a direct result of the illegal attack.

* In addition to the existing customer service call center, SCE has established a phone hotline to offer customer guidance on the restoration of services, or measures to protect themselves against identity theft and fraud (operating hours: 9AM to 7PM*3).
* With the support from credit card companies, SCE will bear the expenses to reissue new credit cards to those customers who request to replace their existing credit cards when it involves charges.
The company will be offering a "Welcome Back" package of services and premium content to all registered customers. The details of this program will be announced in each region shortly. For details on Japan, please refer to the separately attached sheet or visit: http://cdn.jp.playstation.com/msg/state.html

Details on Asian countries and regions will be announced shortly.

*1 Service restoration in Korea and Hong Kong will be announced as soon as ready.

*2 Measures are subject to change depending on the finding from the investigation.

*3 Opening hours once part of the PlayStation Network service resumes. SCE will extend its normal operating hours of 10AM to 6PM.

http://www.computerandvideogames.com...VG-General-RSS ...

Following Sony's announcement of the PSN data leak, Congress sent an inquiry to the company seeking more information about the breach and Sony's response to it. And Sony responded to that with ... an open letter.

Now Sony Network Entertainment president Tim Schaff plans to make an actual, personal appearance before the House subcommittee on Commerce, Manufacturing, and Trade, to discuss follow-up questions sent to the company by Representative Mary Bono Mack. The questions speak to the nature of the stolen data, the method through which it was stolen, and how Sony plans to keep data safe in the future. Schaff will be joined by a representative from Epsilon, a marketing company who suffered its own recent data breach.

We're guessing the members of the subcommittee will all have their "Welcome Back" copies of InFamous hand-delivered.

http://www.joystiq.com/2011/05/27/so...ess-next-week/ ...

Perhaps Sony deemed the Ultimate Weapon too powerful (or too expensive) for PlayStation 3 owners, but these new wireless cans ought to keep your ears warm, at the very least. The new official PS3 Wireless Stereo Headset features 7.1 virtual surround sound, a retractable, mutable microphone, and standard embedded volume controls. These proprietary sound-muffs connect via USB dongle, and push headset related status updates (that's your battery status) directly to your TV screen; if you're into that sort of thing. Sony-approved hearing will set you back $100 starting this September.

http://www.engadget.com/2011/05/28/p...s3-stereo-fra/ ...

Sony CFO Masaru Kato told investors this week that the company won't be looking to put the same kind of massive R&D into PS4 as they did with PS3. PS3's costs were astronomical because of Blu-ray and the Cell chip, but Sony's bottom line can't take another similar hit. Analysts are speculating that this will leave the door open for competitors like Microsoft. 'PS4's hardware could be less impressive than the PS3 at its launch. I think Microsoft will really be able to put the screws to Sony in the next console war,' Panoptic analyst Asif Khan commented to IndustryGamers."

http://games.slashdot.org/story/11/0...-PlayStation-4 ...

EA has formally announced FIFA 12, "a revolutionary not evolutionary" next step for the series.

The crux of the "transformation" stems from a Player Impact Engine that EA has been beavering away at for two years.

"The Player Impact Engine processes decisions continuously in real-time at every point of contact on a player's body to create an infinite variety of natural and believable outcomes in every collision," EA explained.

These physics also apply to injuries, as the game analyses "the force of the collision and impact on the body". Send a non-fully recovered player out at your own peril.

We've already seen the results of the Player Impact Engine in a leaked FIFA 12 video.

However, the Impact Engine will only power the PS3 and Xbox 360 versions of the game. FIFA 12 will also be released on PC, Wii, PS2, 3DS, PSP and the iOS trinity of platforms.

Complimenting the Impact Engine will be precision dribbling for tight control, tactical defending and pro player intelligence. The latter bestows rudimentary personalities upon footballers. Kaka will apparently be "more likely - and quicker - to pick out a run from a teammate farther away than a player with poorer vision".

Elsewhere, the Career mode will expand to tell "real-world storylines" that involve player morale, on-pitch form and league position.

There's a "brand new", customisable menu system tailored towards your choice of arena player, Virtual Pro and favourite club.

Matches gain a "real-world broadcast look and feel", "dramatically improved lighting", "more authentic crowds" and a new default camera angle.

On PS3, up to seven people can play FIFA 12 together offline. On Xbox 360, that number is four.

Online, up to 22 people can play FIFA 12 together in full 11 vs. 11 matches.

http://www.eurogamer.net/articles/20...reveal-details ...

Sony has announced planned PSN maintenance for this coming Tuesday, 31st May.

The service will be offline from 7pm that evening until 1am Wednesday morning, wrote Sony Community Team member "RabidWalker" on the European PS community forum.

During that time you won't be able to use:

PC Registration
Console Storefront
PS3 Account Management
PS3 Network Account Registration
PSP Network Account Registration
Qriocity Account Management
However, if you're already signed in you will stay connected. You won't be able to use the above services, though.

The post doesn't mention PlayStation Store. Will the PS3's virtual shop finally re-open on that day?

http://www.eurogamer.net/articles/20...ance-next-week ...