Symonator wrote:And dave works with a large company that deals with this info alot, he will know that somehow sony must of had a really shitty network to even allow anyone to get this amount of details.. i mean really, like i said before.. who is going to even trust sony ps3/store etc now? i wouldn't.
I am actually very shocked that Sony are Legally able to hold this infomration.
If you go into a shop and and pay for some goods using your CC
The Holding Company of the terminal and Gateway may be called X for an example.
No way on earth does your Details get sent to Company X.
They get sent straight to a Dedicated company who handles and holds the infomration, and if i remember there is only a few Company's here in the UK that are aloud holds these details.
And company X can only request bits of Data back to investigate a problem. i.e. Missing Payment.... Incorrect Transaction etc etc
To do this requires Mass amounts of paper work, and even then the Staff do not get to touch this data, its only a Select number of people within company X that are aloud to handle this infomration IF it gets sent back, alot of the time its declined.
So Company X are the owners the Software on the Terminal and the Terminal its self.
You pay on your card on the Terminal. Logs get sent to Company X and a Authorisation code and Merchant numbers.
The Actual data of your card and along with Auto code and Merchant number are sent in a series of Encrypted files (Cannot recall how many bits it is) that only the Data Centre (Dedicated company) Can Encrypt the Data
This then get put though on the system and then Bank X is charged and then put through to the Creditors Bank
So Company X! the Owners of the Terminal and the Software and the company that take X% from each sale, Dont handle with any Personal Data including credit cards.
So the point that am getting to is How on earth and Why is this Data being held on Sony Servers like this.......
This really is one massive fuck up on Sonys Behalf
And again how is it not Encrypted.
A simple example here:
a Very Basic Shopping Cart, Stores a your password in order to login.
To Decrypted this Password, it has to be Able to Decrypt MD5.
Nice and Simple. But it does not.
It has to use a 4 - 5 Digit Code (Numbers and Letters) Called the Salt.
This gives it a Pattern to Decrypt the 64bit password.
So its kind of a 2 level Encryption, And this is at its Most Basic form.
In order to get this Information you would have to gain complete access to the Database in order to find the Password Field that is Encrypted and then Find the other Table for the Salt field, These being held in two complete different ends of the database,
Then you would need to gain access to the Source to see the Encryption Type.
And this is at its most basic form.
i can implement something like this on any site in a few minutes.
So i cannot understand how a Company as large as Sony have done nothing at all like this.
to give you an idea how easy it is to do this:
Code: Select all
$salt = substr(md5(uniqid(rand(), true)), 0, 5);
// $password = md5($salt.$plain).':'.$salt;
$password = md5($pass.$salt).':'.$salt;
return $password;
}
So to give you a Idea:
The Password "stella" Run through that code would give me:
A Encryption Password of: "18fa79b80d2f0bdf44bf80f80c461a50"
And a Salt Key of: "a9fea"
Use them details together knowing the encryption, you will Decrypt it to the password "stella"
And really you read all that you prob just waisted 5 minutes of your life!
But if it interested you
goodAnd i forgot to add!
without knowing the password its pretty impossible to decrypt that data!!
I set you the challenge to try and do so.
Without the Password its mathematically impossible.
With the Salt it becomes A hash password and a Hash is a one-way transform.
The only way you can test what i have used is true, is if you find a online site and use my Password and Encrypt to MD5 and use my Salt and check to see if the Hash key is the same
A small education lesson for anyone who is interested in Encryption and Decryption,
If your interested in more i can teach you many ways
