Not so long ago, we heard news of a “Playstation 3 rootkit” which turned out to be rumours based on misinterpretation of comments made in IRC.
Today, we wake up to the alleged relevation that your “credit card info is not secure” on the Playstation 3 network. This all stems from a five page research document entitled “Call of Privacy: Modern Spyware by Playstation network”.
Click to Enlarge
As a result of the above document mentioning unencrypted credit card data, reports quickly spread that your payment information was being sent unencrypted across the network, which seemed strange (what happened to SSL?) – and sure enough, it seems initial reports were inaccurate. The (theoretical) danger to your payment details is an issue when using custom firmware – otherwise, you should be fine. Even then, the attacker would apparently have to use custom firmware, certificates, proxies and third party DNS.
The research document above did mention that custom firmware was the reason payment information was being sent unsecured, but that seems to have got lost in the background noise – even though the sole reference to credit cards takes up one single page out of the five. The rest of the document mainly talks about banhammers, the fact that SONY may know what kind of television you have connected to the PS3 and provides links to the (completely unrelated) rootkit story from 2005.
Ars Technica has an updated article which sheds some light on the confusion. For now, if you’re running non custom firmware on your PS3 you shouldn’t panic too much about this one.
Christopher Boyd
Related Posts
- How to access my home computer from another PC? Learn with Panda Security
Published by Blanca Carton, Abril 2011
How many times you wished you could have accessed documents stored in your home PC when you were out? In my case, many. And I hate to say “I cannot send it right... - Dr.Web AV-Desk in the Ukraine — another step towards information security
DrWeb — Stels ISP LLC, the general-purpose telecoms operator, announced the launch of the Dr.Web Anti-virus service to its clients. Thanks to this deployment, the number of protected computers and no... - Adobe Reader X: giving PDF security another chance?
If one software vendor has taken a lot of heat in the past couple years it’s got to be Adobe. It almost became a common thing to hear of yet another 0 day in Reader or Flash… Truth is, wh... - Layer 2 Security – Private VLANs (the Story Continues …), (Wed, May 12th)
Rob, you say - it's been a little while since we talked about Layer 2 Security (almost a week) - does that mean that we're done?
Not a chance - we haven't talked about Private VLANs yet!
A ... - Google+ Project Vs Facebook Safety Features
Today there are many social networks on the internet and everyday new ones are being introduced with new and better features. They have unique and useful features, which makes it easy for users to rem... - Browser Updates
Just a few days ago, two major web browsers have been updated to fix security vulnerabilities which may allow attackers to infect the computer with malware just by visiting a hacked website.Google rel... - Cyber Crooks All Set to Crash the British Royal Wedding
As we have seen with many major events in the past, news of the British Royal Wedding is currently being used by cyber criminals to bolster their spam campaigns and push rogue antivirus software throu... - 419 Scammers Still Open to ‘Traditional Postal Services’ Option
Communication in the today's world is dominated by email, instant messaging, and social networking. However, for making any formal statement or announcement, hard-copy letters are still sent using pos... - DLL-Based FAKEAV Returns In The Wild
In our previous FAKEAV whitepaper, we presented how Trend Micro researchers tracked down the evolution of FAKEAV and classified its development, behavior-wise, according to generations. One of the ear... - Adobe updates Reader and Acrobat
A little earlier as announced, Adobe released updated versions of Adobe Acrobat and Reader. These programs were vulnerable to the Flash Player zero-day-vulnerability as well, which was fixed last week...
Posted on 18 February 2011. Tags: another, Security, Story
The above information is reprinted from and copyrighted © by GFI Software.
