Sony's PSN password server online again
After the second security breach that allowed attackers to change the passwords of PlayStation Network (PSN) and Qriocity users, Sony has brought the web servers that manage accounts back online. In a post on its PlayStation Blog, Sony says that the security flaw which allowed for the resetting of passwords has now been fixed.
A brief test by The H's associates at heise Security confirmed that the hole could no longer be exploited. Nonetheless, users are still advised to make sure that their computers are protected with virus scanners and only download email via encrypted SSL connections in order to prevent sniffing attacks.
The security hole was open on May 16 and 17. In order to take advantage of the URL exploit, an attacker had to provide the registered email address of the account holder and their date of birth. PSN and Qriocity users who received unsolicited emails from Sony during that time telling them that their password had been reset or changed should immediately contact PSN support to regain access to their accounts. It is not yet known how many accounts were taken over on those two days.
Sony seems to be a popular target for hackers at present, even aside from PSN. Security specialist F-Secure's blog reports that unknown parties broke into Sony HD World's server in Thailand and set up a phishing site on it targeting customers of Italian credit card company CartaSi. As of writing, Sony has yet to remove the phishing site; anti-virus programs like Avira are, however, already blocking it.