Tag: hacked

DigitalOutbox Episode 84
In this episode the team discuss Sony Fail, Apple Fail, Tom Tom Fail and Amazon Fail. Fail.

Playback
Listen via iTunes
Listen via M4A
Listen via MP3

Shownotes
2:30 – Sony Hacked
– Down since Wednesday evening – 5 days and counting
– Initially no word on what is causing this issue
– Eventually admitted it was an external intrusion and because of it Sony themselves had closed the network down – hack on the PS Network/Qriocity
– Second update on Sunday morning – having to rebuild network and increase security
– Monday headlines in Wall Street Journal – Sony Shuts Down PlayStation Network Indefinitely
– http://blogs.wsj.com/digits/2011/04/25/22402/
– Then it got a whole load worse
– http://blog.eu.playstation.com/2011/04/26/psnqriocity-service-update/
– Due to the hack Sony have:
– 1) Temporarily turned off PlayStation Network and Qriocity services;
2) Engaged an outside, recognized security firm to conduct a full and complete investigation into what happened; and
3) Quickly taken steps to enhance security and strengthen our network infrastructure by re-building our system to provide you with greater protection of your personal information.
– Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity passwords and login, and handle/PSN online ID. It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained. If you have authorized a sub-account for your dependent, the same data with respect to your dependent may have been obtained. While there is no evidence that credit card data was taken at this time, we cannot rule out the possibility. If you have provided your credit card data through PlayStation Network or Qriocity, to be on the safe side we are advising you that your credit card number (excluding security code) and expiration date may also have been obtained.
– Biggest ID theft yet? 71 million users worldwide, around 3 million in the UK
– What started off as embarrassing to the Sony brand and gaming network has taken a very serious and sinister turn
– But never mind – Sony hope to have the network back up and running in a week
– Further update
– http://blog.eu.playstation.com/2011/04/28/playstation-network-and-qriocity-outage-faq/
– Credit card data was encrypted
– They didn’t store the CVC (three digit number) at all
– Search your email for mail from “DoNotReply@ac.playstation.net”, subject “Wallet Funding”, to find which credit cards you’ve used on PSN. Those emails will show the first 4 and last 4 digits of any card you’ve used for PSN purchases.
– Passwords were in cleartext though – doh!!!!!!!!! Update – One other point to clarify is from this weekend’s press conference. While the passwords that were stored were not “encrypted,” they were transformed using a cryptographic hash function. There is a difference between these two types of security measures which is why we said the passwords had not been encrypted. But I want to be very clear that the passwords were not stored in our database in cleartext form. For a description of the difference between encryption and hashing, follow this link.

– Hacker forums are spreading news that the hackers have 2.2 million credit card details alongside names and addresses – http://bits.blogs.nytimes.com/2011/04/28/hackers-claim-to-have-playstation-users-card-data/
– Also claim that the hackers want to sell the database for upwards of $100,000 and also offered it back to Sony
– True or false? Sony deny it.
– Geohot’s thoughts – http://geohotgotsued.blogspot.com/2011/04/recent-news.html
– Sony execs probably haughtily chuckled at the idea of threat modeling. Traditionally the trust boundary for a web service exists between the server and the client. But Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client(can’t trust those pesky consumers), everything is good. Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server? This arrogance undermines a basic security principle, never trust the client. It’s the same reason MW2 was covered in cheaters, Activision even admitted to the mistake of trusting Sony’s client. Sony needs to accept that they no longer own and control the PS3 when they sell it to you. Notice it’s only PSN that gave away all your personal data, not Xbox Live when the 360 was hacked, not iTunes when the iPhone was jailbroken, and not GMail when Android was rooted. Because other companies aren’t crazy.
– http://blog.eu.playstation.com/2011/05/01/some-playstation-network-and-qriocity-services-to-be-available-this-week/
– Latest update – some services to resume this week, full service – this month
– Added automated software monitoring and configuration management to help defend against new attacks
– Enhanced levels of data protection and encryption
– Enhanced ability to detect software intrusions within the network, unauthorized access and unusual activity patterns
– Implementation of additional firewalls
– Welcome back program
– Each territory will be offering selected PlayStation entertainment content for free download. Specific details of this content will be announced in each region soon.
– All existing PlayStation Network customers will be provided with 30 days free membership in the PlayStation Plus premium service. Current members of PlayStation Plus will receive 30 days free service.
– Music Unlimited powered by Qriocity subscribers (in countries where the service is available) will receive 30 days free service.
– PlayStation boss Kaz Hirai said that up to ten million customer’s account details could have been compromised
– Worse – there was an earlier breech
– http://www.guardian.co.uk/technology/blog/2011/may/03/sony-data-breach-online-entertainment
– The crisis at Sony deepened on Tuesday as it admitted that an extra 25m customers who played games on its Sony Online Entertainment (SOE) PC games network have had their personal details stolen – and that they were taken before the theft of 77m peoples’ details on the PlayStation Network (PSN).
The electronics giant said the names, addresses, emails, birth dates, phone numbers and other information from PC games customers were stolen from its servers as well as an “outdated database” from 2007 which contained details of around 23,400 people outside the US. That includes 10,700 direct debit records for customers in Austria, Germany, the Netherlands and Spain, Sony said.
The dataset was stolen on 16 and 17 April, before the PSN break-in, which occurred from 17 to 19 April. Sony said that it had not previously thought that the data was copied by the hackers who broke into its systems.
– Lost faith in Sony.
– Upside of a poor console is that I hadn’t used my newer credit card with them – cc details not lost – achievement unlocked
13:02 – Sony Android Tablets
– The S1, sports a 9.4-inch screen. The other is the S2; it bears a novel dual-screen design. The device’s two 5.5-inch screens can be used separately or together; they can also be folded onto one another to create a compact and highly portable package.
– Both tablets are WiFi and 3G/4G compatible and integrate with PlayStation Suite, Sony’s new Android-friendly platform that allows users to download and play PlayStation games.
Sony says the S1 in particular “uses infrared technology and works as a universal remote control for a variety of AV devices … turning on TVs, changing the channel and adjusting the volume.” The tablets can also take advantage of DLNA functionality to “project” content to other, larger screens and speakers.
– Most notable that it’s not Windows
14:12 – iPhone Privacy Fears
– Security researchers have discovered that Apple’s iPhone keeps track of where you go – and saves every detail of it to a secret file on the device which is then copied to the owner’s computer when the two are synchronised.
– The file contains the latitude and longitude of the phone’s recorded coordinates along with a timestamp, meaning that anyone who stole the phone or the computer could discover details about the owner’s movements using a simple program.
– For some phones, there could be almost a year’s worth of data stored, as the recording of data seems to have started with Apple’s iOS 4 update to the phone’s operating system, released in June 2010
– To view the data yourself – http://petewarden.github.com/iPhoneTracker/
– Nice Mac app that visualises your data
– Ian – don’t see the issue really although it would have been good to:
– Know about it
– Switch it off if I want to
– Saying that – vis is cool, love it to be honest and I blog, RunKeeper, Flickr and Fitbit anyway – it’s mostly all out there allready
– Similar data captured on Android
– http://online.wsj.com/article/SB10001424052748703983704576277101723453610.html?mod=WSJ_Tech_LEADSecond
– Similar data captured and sent to Google on Android devices
– One big difference – it’s an opt in so if you feel uncomfortable switch it off
– That’s the right way to do it
– Good technical explanation of what is being captured and why – http://alexlevinson.wordpress.com/2011/04/23/3-new-thoughts-on-mobile-location/
– Data is being sent to Apple but only on radio device locations, not where you have been
– Apple eventually responds officially – http://www.apple.com/pr/library/2011/04/27location_qa.html
– Treating this seriously – Jobs, Phil Schiller and Scott Forstall do interviews – http://mobilized.allthingsd.com/20110427/qa-jobs-and-apple-execs-on-tracking-down-the-facts-about-iphones-and-location/
– Also admit bugs and and changes to come
– Sometime in the next few weeks Apple will release a free iOS software update that:
– reduces the size of the crowd-sourced Wi-Fi hotspot and cell tower database cached on the iPhone,
– ceases backing up this cache, and
– deletes this cache entirely when Location Services is turned off.
– In the next major iOS software release the cache will also be encrypted on the iPhone.
– Out today – iOS 4.3.3 improves the way iPhones and iPads handle the location tracking database stored on-device by making is smaller and encrypted. The location database will be no longer backed up to iTunes and it will be deleted entirely when Location Services are turned off.
23:54 – The White iPhone
– Available on April 28th
– Same price as black iPhone – same features, nothings changed, well almost – 0.2mm thicker (maybe) – http://www.macrumors.com/2011/04/28/white-iphone-4-slightly-thicker-than-black-iphone-4/
– 9 months after black iPhone
– “It was challenging,” Apple senior vice president Phil Schiller said during a joint interview with CEO Steve Jobs on Wednesday. “It’s not as simple as making something white. There’s a lot more that goes into both the material science of it–how it holds up over time…but also in how it all works with the sensors.”
Schiller said that it turned out there were a lot of unexpected interactions between the color of the device and various internal components. Also, like fair-skinned humans, white iPhones need a little more UV protection from the sun.
– Stopgap as iPhone 5 is in the Autumn this year?
25:31 – New iMacs
– Sandy bridge
– 2 thunderbolt ports on 27”
– Facetime HD – 720p camera in widescreen
– New AMD graphics up to 2GB of ram
– Can drive 2 external displays (27” only) so you could have 3 screens
– Up to 16gb of RAM
– Powerful machines…at a powerful price
30:49 – Digital Magazine Tipping Point
– Time Inc., the country’s largest magazine publisher, has reached a deal with Apple Inc. to make all its iPad editions free for print subscribers, marking a break in the impasse between publishers and Apple and lending support to Time’s contention that it’s business-as-usual after the ouster of its chief executive.
– Starting Monday, subscribers to Sports Illustrated, Time and Fortune magazines will be able to access the iPad editions via the apps, which will be able to authenticate them as subscribers. Time Inc.’s People magazine already had such an arrangement, but readers of most publications have had to pay separately for the iPad version regardless of their subscriber status.
32:14 – Push Pop Press
– Developed by former Apple employees Mike Matas and Kimon Tsinteris, Push Pop Press will be a publishing platform for authors, publishers and artists to turn their books into interactive iPad or iPhone apps — no programming skills required.
– First book is Our Choice from Al Gore – £2.99
– Gore approached them in late 2009 – The result of the project was Push Pop Press, a full-on publishing platform that the pair have been developing for about a year-and-a-half.
– Gore’s book, which goes live in the App Store on Thursday morning, is in part a demonstration of the capabilities of Push Pop Press.
– Much better take on an interactive book/magazine than Wired for example
– Navigation is very easy – you know where you are at all times
– Photo’s are geotagged so you can see where they were taken – extra context
– Very fast despite all the animations – impressive – best attempt so far at adigital magazine that suits a tablet format
35:26 – Spotify Updates
– The European music service is rolling out new versions of its desktop and mobile apps today, which will allow all users (even those pesky ad-supported freeloaders) to sync Spotify desktop tracks with mobile devices, be they iPods, iPhones or Androids.
– Spotify intends to compete directly with iTunes, Spotify is also introducing its own music store, or “download service”, in which users can buy a range of MP3 “bundles” at 10 songs for roughly 8 pounds. Or 100 songs for 50 pounds. (Roughly the equivalent of $13 and $82, respectively.)
– So, not only will Spotify be offering its more than 10 million registered users a music store, it wants its music player to become the default mobile app on its listeners’ devices. To encourage this adoption, Spotify has enabled desktop-to-mobile sync-ing over WiFi. (Something iTunes, cough, doesn’t offer.)
37:17 – Tom Tom sells your data
– The company confessed that they’d been giving data to Dutch police who used it to target drivers.
– TomTom chief executive Harold Goddijn said the company sold the anonymous data believing it would be used to improve safety or relieve traffic bottlenecks.
– “We never foresaw this kind of use and many of our clients are not happy about it.”
– “We make this information available to local governments and authorities. It helps them to better understand where congestion takes place, where to build new roads and how to make roads safer.
– “We are now aware that the police have used traffic information that you have helped to create to place speed cameras at dangerous locations where the average speed is higher than the legally allowed speed limit. We are aware a lot of our customers do not like the idea and we will look at if we should allow this type of usage.”
– In an update today TomTom CEO Harold Goodijn stresses that the tracking of its devices is voluntary and that customers can choose not to allow it. He also says the data is provided anonymously, and is valuable information the company uses to improve the guidance of its devices, by identifying problem areas and routing customers around them.
39:11 – Amazon Cloud Outage
– EC2 (Elastic Compute Cloud) had a bumpy few days
– Problems took down Foursquare, Quora, Redit and many others
– Amazon was fairly quiet during this outage
– Can you really blame amazon? What’s the fallback for these services?
– Highights need for redundancy – http://broadcast.oreilly.com/2011/04/the-aws-outage-the-clouds-shining-moment.html
– Also shows everything isn’t right for the cloud – https://forums.aws.amazon.com/thread.jspa?threadID=65649&tstart=0
– Life of our patients is at stake – I am desperately asking you to contact
– We are a monitoring company and are monitoring hundreds of cardiac patients at home.
We were unable to see their ECG signals since 21st of April
– Not restored. Not heard from Amazon
People out there – please take a look at our volumes!
This not just some social network website issue, but a serious threat to peoples lives!
– Don’t be that guy – great post from SmugMug on how they survived the outage – http://don.blogs.smugmug.com/2011/04/24/how-smugmug-survived-the-amazonpocalypse/
– Amazon eventually post long explanation – http://aws.amazon.com/message/65648/
– Make commitment to improve comms, speed up recovery and make it easier to use multiple availability zones
44:24 – DropBox Growth and Security Issues
– 25 million users
– 200 million files are saved daily to the service
– However, concerns are growing around Dropbox security – http://www.tuaw.com/2011/04/19/dropbox-under-fire-for-security-concerns/
– Recently changed T&C’s to say that they will hand over your data to US government if asked, removing Dropbox encryption before doing so
– http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/
– config.db file (stores Dropbox client and security details) is portable, not tied to the system and so could be taken and used on another computer
– if used on another compute it would sync that persons Dropbox folder without notifying original user or prompting for any passwords or usernames
– So many app’s have built in Dropbox syncing as an option so hard to move away if your concerned
– Box.net is an alternative although I’ve no idea if it works in the same way
– Wuala from Lacie is another alternative – http://www.wuala.com/
50:24 – 30% of Youtube videos now in WebM
– Google have announced that all new video’s uploaded to YouTube are being transcoded to WebM
– They’ve also transitioned 30% of it’s whole library to WebM
– Sounds low but that 30% account for 99% of the views on YouTube
– WebM was the open source video format that Google has backed
– Bit confusing – if it’s open source why have Google just announced a WebM community cross-licence initiative – http://blog.webmproject.org/2011/04/introducing-webm-community-cross.html
– Is this to protect future users from patent threat?
53:05 – Google Docs and Talk Android Apps
– With this new app it’s easy to filter and search for your content across any Google account, then jump straight into editing docs using the online mobile editors.
– The app also allows you to easily share items with contacts on your phone, right from within the app
– The Docs app also allows you to upload content from your phone and open documents directly from Gmail. You can also add a widget to your home screen for easy access to three core tasks: jumping to your starred documents, taking a photo to upload, or creating a new document with one tap
– Also does OCR – take a photo with text on it and it will try and convert to editable text
– Doesn’t work with handwriting or some fonts but Google expects it to get better over time
56:07 – Delicious Acquired
– Chad Hurley and Steve Chen, the founders of YouTube, have acquired the Delicious bookmarking service from Yahoo for an undisclosed price and added it to their new internet company Avos.
– aim is to “continue to provide the same great service users love and make the site even easier and more fun to save, share and discover the web’s ‘tastiest’ content.”
– Whats next – who knows
58:01 – Twitter break Osama Death
– News of Obama addressing the nation
– Keith Urban, ex bush staffer breaks the news
– Retweeted thousands of times
– Finally confirmed
– Turns out the attack was tweeted by @ReallyVirtual
1:03:16 – Nintendo admit disappointing 3DS sales
– Sold 3.6 million in March but had predicted 4 million…and probably wanted a whole load more so they could boast on it’s success
– CEO Satoru Iwata – The value of 3D images without the need for special glasses is hard to be understood through the existing media. However, we have found that people cannot feel it just by trying out a device, rather, some might even misestimate it when experiencing the images in an improper fashion.
– It is now clear that the combination of these new features is not necessarily easy-to-understand by just saying one word to those without experience… We have found that not all Nintendo 3DS users enjoy this software. There seems to be more than a few consumers who have Nintendo 3DS hardware but don’t know about this software and possibly haven’t had a chance to get interested in it.
– Mobile phones eating into Nintendo’s core market
1:05:47 – Darren Gibson quits twitter after 2 hours
– First Coleen Rooney joins twitter and gets abused
– Then Wayne Rooney joins and starts to defend her – gets 200,000 followers in 2 days
– Cue Darren Gibson joining twitter…before shutting the account down – why?
– @dgibbo28 your performance on saturday was one of the worst I’ve ever seen of any utd player. scared of the ball much?’
@dgibbo28 hasn’t tweeted yet. Seems somewhat fitting after the countless anonymous performances we’ve seen from the ‘footballer’
@dgibbo28 my mate thought you were about 33 years old in the heart of midfield! Movement like pirlo!!
@dgibbo28 team do all hard work keeping possession then u hit row Z every fuckin time!!
@dgibbo28 the biggest compliment i can give you is that you are better than Carrick
– Bless

Picks
Chris
Portal 2 Free DLC
– DLC – new test chambers for players, leaderboards, challenge mode for single and multiplayer modes, and more.
– Free on steam and as it will be free on PS3, for first time it will be free on 360 too
Ian
Planetary
– Visual music player for the ipad
– lovely – artists are stars, albums are planets, tracks are moons
– very nice way of browsing music collection
Terra
– browser with tabs for ipad
– nice app – fast
– incognito mode and can appear as ie7, firefox etx
– more features than safari