PSN SOE被駭是內賊所為? - 改機
By Tom
at 2011-05-03T09:19
at 2011-05-03T09:19
Table of Contents
http://www.ps3hax.net/2011/05/psn-and-soe-attacks-an-inside-job/
According to online reports, Sony had fired ~200 employees from SOE a
few days before the PSN massive attack which led to the compromise of
user personal information. A 2 week notice was handed out on March
31st, 2011 which gave whomever enough time to think, plan and act on
the PSN attack – and would have all the clearance to easily to do it
. Whats even worse is that if it DID turn out to be a inside job then
the ex-employee could potentially have the tools to un-hash the stolen
passwords and possibly even have the tools/resources to decrypt the
important information such as your credit card numbers.
根據網路新聞報導,SONY在 PSN與 SOE被駭造成大量個資外洩的前幾天一口氣炒
了一盤 200人左右的大盤魷魚。SONY在三月底發出資遣通知,剛好給了這些人一
段思考的時間,也許他們就趁這段時間決定拿攻擊 PSN作為被資遣的報復,而且
這些人在職位或是技術上都是沒問題的。若以上推論屬實,則事態可能更進一步
惡化因為這些人很可能有能夠對雜湊過的密碼資料進行「反雜湊(*1)」的工具,
也許他們還能把SONY聲稱有加密過的信用卡資料進行解碼。
******
*1 雜湊函數(hash function) 通常是多對一函數,所以沒有確切的反函數,但
這邊沒有人看過SONY是怎麼實做他們家的雜湊函數,也許跟他們的亂數函數
一樣簡單也說不定,比如說:
輸入資料 → 跟某個金鑰進行 XOR運算 → 雜湊後的資料
那 XOR運算是一對一運算,反函數也是使用同一把金鑰的 XOR運算,所以有
雜湊後的資料 → 跟同一個金鑰進行 XOR運算 → 雜湊前的資料
XOR 布林運算邏輯如下:
true XOR true = false false XOR true = true
true XOR false = true false XOR false = false
--
○ ____ _ _ _ _ ____ _ _ ____ _____ ____
。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \
o _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧
(____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★
o
--
According to online reports, Sony had fired ~200 employees from SOE a
few days before the PSN massive attack which led to the compromise of
user personal information. A 2 week notice was handed out on March
31st, 2011 which gave whomever enough time to think, plan and act on
the PSN attack – and would have all the clearance to easily to do it
. Whats even worse is that if it DID turn out to be a inside job then
the ex-employee could potentially have the tools to un-hash the stolen
passwords and possibly even have the tools/resources to decrypt the
important information such as your credit card numbers.
根據網路新聞報導,SONY在 PSN與 SOE被駭造成大量個資外洩的前幾天一口氣炒
了一盤 200人左右的大盤魷魚。SONY在三月底發出資遣通知,剛好給了這些人一
段思考的時間,也許他們就趁這段時間決定拿攻擊 PSN作為被資遣的報復,而且
這些人在職位或是技術上都是沒問題的。若以上推論屬實,則事態可能更進一步
惡化因為這些人很可能有能夠對雜湊過的密碼資料進行「反雜湊(*1)」的工具,
也許他們還能把SONY聲稱有加密過的信用卡資料進行解碼。
******
*1 雜湊函數(hash function) 通常是多對一函數,所以沒有確切的反函數,但
這邊沒有人看過SONY是怎麼實做他們家的雜湊函數,也許跟他們的亂數函數
一樣簡單也說不定,比如說:
輸入資料 → 跟某個金鑰進行 XOR運算 → 雜湊後的資料
那 XOR運算是一對一運算,反函數也是使用同一把金鑰的 XOR運算,所以有
雜湊後的資料 → 跟同一個金鑰進行 XOR運算 → 雜湊前的資料
XOR 布林運算邏輯如下:
true XOR true = false false XOR true = true
true XOR false = true false XOR false = false
--
○ ____ _ _ _ _ ____ _ _ ____ _____ ____
。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \
o _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧
(____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★
o
--
Tags:
改機
All Comments
By Zanna
at 2011-05-08T01:41
at 2011-05-08T01:41
By Liam
at 2011-05-08T10:50
at 2011-05-08T10:50
By Aaliyah
at 2011-05-10T06:36
at 2011-05-10T06:36
By Brianna
at 2011-05-14T11:29
at 2011-05-14T11:29
By Anonymous
at 2011-05-15T18:36
at 2011-05-15T18:36
By Una
at 2011-05-20T12:44
at 2011-05-20T12:44
By Ethan
at 2011-05-22T23:20
at 2011-05-22T23:20
By Heather
at 2011-05-26T06:37
at 2011-05-26T06:37
By Caitlin
at 2011-05-30T23:03
at 2011-05-30T23:03
By Eden
at 2011-06-02T12:36
at 2011-06-02T12:36
By Lucy
at 2011-06-04T08:39
at 2011-06-04T08:39
By Frederic
at 2011-06-09T01:45
at 2011-06-09T01:45
By Madame
at 2011-06-10T07:43
at 2011-06-10T07:43
By Tristan Cohan
at 2011-06-12T16:55
at 2011-06-12T16:55
By Iris
at 2011-06-13T00:51
at 2011-06-13T00:51
By Hedwig
at 2011-06-16T20:36
at 2011-06-16T20:36
By Donna
at 2011-06-20T22:36
at 2011-06-20T22:36
Related Posts
店家改機的問題...
By Ophelia
at 2011-05-02T22:30
at 2011-05-02T22:30
請問一下關於3.55K 遊戲備份的問題
By Faithe
at 2011-05-02T22:22
at 2011-05-02T22:22
全改與半改
By Mason
at 2011-05-02T21:24
at 2011-05-02T21:24
有關本次 PSN的入侵方式
By Ursula
at 2011-05-02T15:55
at 2011-05-02T15:55
神奇電池
By Jack
at 2011-05-02T14:38
at 2011-05-02T14:38