http://www.ps3hax.net/2011/04/psn-hack-information-by-skfu/
PSN掛點之後,知名開發團體TeamICE 的領導人SKFU在個人部落格上發表了自己
最近對於 PSN伺服器相關的安全測試,以下引述該部落格的內容:
The PSN is down, all accounts got dumped by an anonymous hacker
and the community is crying for answers. 77 million accounts with
password and sometimes CC info are worth a lot in several hack chans.
This is a very huge case.
PSN掛了,所有的帳號相關的資訊都給盜了,遊戲社群則希望SONY能早日給個
交待。大概有七千七百萬組帳號與密碼都受害,這些個人資訊對於一些駭客團
體而言已經是殂上肉,對於SONY而言則是一個河蟹不掉的大事件。
Now SONY engaged an external security company to discover the
holes in SONY's system and find answers. As I was wondering if there
may be some information about the actual case we can find out
publically, I researched a bit myself.
SONY請了一些資安顧問公司來協助檢查整個系統的漏洞,希望能夠找出問題所
在。但我個人覺得,有些答案恐怕是沒辦法攤在陽光下的,對此,我做了些研
究。
One interesting point I found is a not secured access log of a
PSN environment(Check Image Below).
http://www.ps3hax.net/wp-content/uploads/2011/04/psnlog.jpg
我發現了一個有趣的東西,就是主機部份的紀錄檔是不需要特殊權限就可以讀
取的,底下那張圖就是證據。
You will quickly notice the IP 214.1.211.251, which sends
requests like a vulnerability scanner.
大家很快就可以發現到214.1.211.251 這個位址的行為像是在掃描整個系統的
漏洞一樣。
The IP points to the DoD Network Information Center, based in
Ohio USA.
透過反查,我們知道這個IP是屬於俄亥俄州的〔美國〕國防部通資中心。
The first log entry of this IP is [03/Mar/2011:07:10:38 -0800].
As the DoD is knows as beeing easy to hack, the anonymous hacker
could have used this as proxy.
這個IP最早的出現紀錄是2011年 3月 3日上午 7點10分38秒(GMT-8) ,當然
國防部的電腦輕易被入侵並不用感到意外,只是匿名的駭客可以藉此把國防
部的電腦當成跳板。
Maybe SONY might want to take a look at this IP, I hope soon we
get some news and details about the case...
也許SONY應該好好檢查一下個個IP,希望我們能夠早點得到一些新的資訊。
--
○ ____ _ _ _ _ ____ _ _ ____ _____ ____
。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \
o _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧
(____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★
o
--
PSN掛點之後,知名開發團體TeamICE 的領導人SKFU在個人部落格上發表了自己
最近對於 PSN伺服器相關的安全測試,以下引述該部落格的內容:
The PSN is down, all accounts got dumped by an anonymous hacker
and the community is crying for answers. 77 million accounts with
password and sometimes CC info are worth a lot in several hack chans.
This is a very huge case.
PSN掛了,所有的帳號相關的資訊都給盜了,遊戲社群則希望SONY能早日給個
交待。大概有七千七百萬組帳號與密碼都受害,這些個人資訊對於一些駭客團
體而言已經是殂上肉,對於SONY而言則是一個河蟹不掉的大事件。
Now SONY engaged an external security company to discover the
holes in SONY's system and find answers. As I was wondering if there
may be some information about the actual case we can find out
publically, I researched a bit myself.
SONY請了一些資安顧問公司來協助檢查整個系統的漏洞,希望能夠找出問題所
在。但我個人覺得,有些答案恐怕是沒辦法攤在陽光下的,對此,我做了些研
究。
One interesting point I found is a not secured access log of a
PSN environment(Check Image Below).
http://www.ps3hax.net/wp-content/uploads/2011/04/psnlog.jpg
取的,底下那張圖就是證據。
You will quickly notice the IP 214.1.211.251, which sends
requests like a vulnerability scanner.
大家很快就可以發現到214.1.211.251 這個位址的行為像是在掃描整個系統的
漏洞一樣。
The IP points to the DoD Network Information Center, based in
Ohio USA.
透過反查,我們知道這個IP是屬於俄亥俄州的〔美國〕國防部通資中心。
The first log entry of this IP is [03/Mar/2011:07:10:38 -0800].
As the DoD is knows as beeing easy to hack, the anonymous hacker
could have used this as proxy.
這個IP最早的出現紀錄是2011年 3月 3日上午 7點10分38秒(GMT-8) ,當然
國防部的電腦輕易被入侵並不用感到意外,只是匿名的駭客可以藉此把國防
部的電腦當成跳板。
Maybe SONY might want to take a look at this IP, I hope soon we
get some news and details about the case...
也許SONY應該好好檢查一下個個IP,希望我們能夠早點得到一些新的資訊。
--
○ ____ _ _ _ _ ____ _ _ ____ _____ ____
。 ★(_ _)( \( )( \/ )( ___)( \( )(_ _)( _ )( _ \
o _)(_ ) ( \ / )__) ) ( )( )(_)( ) / ● ‧
(____)(_)\_) \/ (____)(_)\_) (__) (_____)(_)\_) ★
o
--
All Comments