• God of War Ascension Multiplayer Beta Open to Everyone

    // Gradly // blog, Games, PS3, Sony No Responses

    God of War Ascension Multiplayer Beta Open to Everyone

    God of War Ascension Multiplayer Beta Open to Everyone

    Sony has unlocked the God of War: Ascension multiplayer beta for everyone with a US PSN account. The beta will last until Monday, January 22, 12:00am PST.

    Redeem the universal code using the US Store to get into action if you haven’t already:

    F2TA – HMNB – 762G

    Sony also announced a full-fledged God of War: Ascension demo will debut in late February offering a good portion of the game campaign.

  • LulzSec Retires, Ending All Hacking Activities

    // Gradly // blog, Consoles, Featured, Games, Hack, News, PS3, Rants & Raves 2 Responses

    Popular hacking group LulzSec, responsible behind hacking the PSN, have announced that they will be retiring, exactly 50 days after forming the group.

    The group have released a farewell statement urging all its supporters to support the AntiSec movement, saying:

    “Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. So with those last thoughts, it’s time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind – we hope – inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.”

    LulzSec did go out with a bang however, the group claims they have obtained 50,000 passwords of Gaming forum members, 55,000 Battlefield Heroes Beta users’ data, AT&T Internal Data, 200,000 hackforums member data, AOL internet data and more. Read the full statement here.

    Previously, the group were said to be taken down by a 17-year-old member of a hacking group named TeaMp0isoN_. While gaining attention through their acts of “hackery,” the group annoyed some members of the hacking community, as a member of hacking group TeaMp0isoN_ hacked the site of a LulzSec member, posting the following message (after defacing the site):

    BREAKING NEWS: TEH LULZBOAT HAS OFFICALY SANK WITH 100S OF ANON MEMBERS ON BOARD!

    No matter how many bots you gather, no matter how much people you lie to, no matter how much pre-made tools you use, you will _NEVER_ represent the real hacking scene, we warned you, we told you we do not make empty threats, we gave u 48hrs to secure your ircs yet u failed to do so, instead u posted hashes from public forums and then claimed you doxed us and laughed at the fact that i was 17years old. stop telling yourself that u are hackers, putting a ip into a irc is NOT hacking nor is using pre-made tools and scripts to grab databases… you do not represent the anti-sec movement, u are not allowed to greet underground groups like zf0, ab, h0n0, el8 like your member “AnonSabu” was doing, you will never be apart of the underground scene, if anyone thinks you are underground and can actually hack they have no idea about what happens in the underground scene. oh and TeaMp0isoN Issue 2 is coming out VERY soon exposing lulzsec members (pictures, addresses, passwords, ips,phone numbers etc). . . . not so anonymous anymore are you? lets hope that you can swim because the lulzboat just got titanic’d

    Adding a little “humor,” a video clip of the song “My Heart Will Go On” from the movie Titanic was also posted. In addition, the group also stated that they will post the identities of every LulzSec member in the next issue of their magazine. So far, the Twitter account of LulzSec has remained quiet since the attack by TeaMp0isoN_.

    You can check out a copy of the hacked site here for your own amusement.

    Later, Sven Swootleg, the Dutch owner of the website hacked by TeaMp0isoN_ has denied that he is involved with LulzSec, and his statement can be found below.

    This website was compromised through exploiting a plugin in an outdated WordPress setup, uploading a shell, and replacing the index page. I am not a member of Lulzsec (a statement I have made several times before in various places), noone “hacked the server” (this has been verified by the hosting company, as this website is on shared hosting) and this was definitely not an “elite hack”. I am not available for further comments to press.

    How can we know that he’s telling the truth? The members of LulzSec are meant to stay anonymous, and he’s NOT going to publicly admit he’s affiliated with the group. However, who knows?

    [via grindgadget]

  • Sony Hacked Again New Phishing Sites Identified

    // Gradly // blog, Consoles, Featured, News, PS3, Scandal, Sony 1 Response

    It seems like a nightmare for Sony as Reuters now reports that the Internet service provider unit of Japan’s Sony, alerted customers that an intruder broke into its system and stole virtual points from account holders worth $1,225.

    This latest attacks comes after personal information of some 100 million Sony user accounts was stolen last month when its online gaming systems, the PlayStation Network and Sony Online Entertainment, were hacked.

    “What we’ve done is stopped the So-Net points exchanges and told customers to change their passwords,” So-Net said in a statement to customers on its website in Japanese.

    About 100,000 yen ($1,225) was stolen from accounts that were attacked. The company said there was no evidence that other accounts in the online system had been hacked.

    “At this point in our investigations, we have not confirmed any data leakage. We have not found any sign of a possibility that a third party has obtained members’ names, address, birth dates and phone numbers.”

    Security experts, however said that Sony’s networks around the world remain vulnerable to attack.

    Update:

    There’s signs of a credit card phishing scam apparently running, live, on one of the company’s servers as reported by slashgear where F-Secure discovered the fake site, at hdworld.sony.co.th, inviting people to enter all their details for a card they’ll never get.

    At time of writing the page was still up, though Google’s Chrome browser did warn us that it was a reported phishing site. F-Secure has apparently notified Sony, and we’re expecting the company to move with reasonable speed to make sure this all gets removed.

    Actually figuring out how the pages got onto the servers, however, and what loopholes are being taken advantage of may take longer, and it seems that Sony isn’t out of the woods yet when it comes to addressing its security. There are also unconfirmed reports that phishers are sending out fake PSN password reset emails, so do be careful where you click.

  • PSN Accounts Threatened by New Password Exploit [Updated]

    // Gradly // blog, Consoles, Featured, News, PS3, Scandal, Sony 1 Response

    Sony’s new PlayStation Network security measures have seemingly been compromised just days after the service reboot.

    According to reports from Nyleveia, a new exploit enables attackers to change other users’ passwords via the PSN password reset page members are forced to access when they first reconnect to the online service.

    Attackers can apparently reset the password themselves using just a PSN account email and date of birth, pieces of data that were compromised in the recent PSN hack.

    Despite the methods currently employed to force a password change when you first reconnect to the PlayStation network, your accounts still remain unsafe.
    A new hack is currently doing the rounds in dark corners of the internet that allows the attacker the ability to change your password using only your account’s email and date of birth.

    It has been proven to me through direct demonstration on a test account, so I am without any shadow of a doubt that this is real.

    I would suggest that you secure your accounts now by creating a completely new email that you will not use ANYWHERE ELSE, and switching your PSN account to use this new email. You risk having your account stolen, when this hack becomes more public, if you do not make sure that your PSN account’s email is one that cannot be affiliated with or otherwise traced to you.

    While we originally assumed this was a poor hoax designed only to stir the community into another frenzy, the individual who we are in contact with requested just two pieces of information from us: this being an account email and the date of birth used for that account. We promptly created a new account via us.playstation.com and provided the individual with the email address and date of birth used.

    Roughly a minute later they requested that we try to login with the password we used for the account (which they did not know at any point), and sure enough, we were presented with an invalid username and/or password prompt.

    While we will not reveal specific details regarding how the exploit is performed for obvious reasons, we can say that the exploit involves a vulnerability in the password reset form currently implemented, not properly verifying tokens.

    Updated:

    Sony has fixed the security breach found today. Sony’s Patrick Seybold has issued an update via the PlayStation Blog denying it was a “hack”, and saying Sony has fixed the issue.

    We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.

    Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up.