Sony denies hackers attempted to sell back credit card database

Sony has issued yet another update on the PSN situation, following the security compromise which saw the network being taken offline nearly two weeks ago.

You might recall on Friday there was some speculation on parts of the net that underground forums had alleged credit card details stolen off PSN for sale. Indeed, one report suggested that Sony itself had been offered the chance to buy back the database.

Although it’s true that the source in question was less than convinced that the supposed hackers weren’t pulling their leg and making this whole story up.

However, Sony has clarified that it hasn’t been offered the chance to purchase such a list.

On the EU PlayStation blog, Nick Caplin, Head of Communications at SCEE, wrote: “One report indicated that a group tried to sell millions of credit card numbers back to Sony. To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list.”

Furthermore, in a clarifying mode, Sony also went on to make a point about the passwords which were pinched off PSN.

It had previously said that these weren’t encrypted and left it at that. However, they were subject to a cryptographic hash function – in other words, they weren’t just stored in cleartext form.

We found it hard to believe that they would have been, but given Sony’s lack of any clarification regarding the passwords, everyone was rather left in the dark as to exactly what security was maintained.

Of course, that doesn’t mean your password is safe by any means. Sony notes: “When the PlayStation Network and Qriocity services are fully restored, we strongly recommend that you log on and change your password.”

When PSN comes back online later this week, when users log on a forced system update will ensure they change their password.

But Sony also reminds: “Additionally, if you use your PlayStation Network or Qriocity user name or password for other unrelated services or accounts, we strongly recommend that you change them, as well.”

By Darren Allen

UK Government: Fight online fraud with free iPods

A senior manager in the UK Department of Trade and Industry has come up with a unique alternative to the government's ID Card scheme — give everyone in the country a free iPod installed with a digital certificate.

Patrick Cooper, head of applications and data services at the DTI, floated the idea — albeit with his tongue firmly in cheek — at a event on Tuesday, hosted by Adobe, to discuss technology predictions for 2006.

Cooper said that two of the main issues facing the IT industry are network authentication and security — particularly when using government services online. He claimed that the ubiquity of ADSL networks has come at a price — and that price is security. ISDN was an inherently more secure medium than ADSL but was too expensive to meet the needs of most consumers or small businesses.

But a mobile phone or an iPod equipped with a digital signature or digital certificate which consumers or business users plugged into their home machines would be an efficient way to solve online authentication and identity management problems, Cooper argued.

"If you had a mobile phone with a digital certificate you could dock it into your PC — an iPod with a digital certificate would also work," said Cooper. "My boss would give everyone in the UK an iPod — that would also mean there would be no reason for anyone to steal one because everyone would have one."

Cooper quipped that the iPod scheme would also be a more cost-efficient alternative to other government plans to combat online fraud, such as equipping the proposed National ID Card with a PIN or password system to enable it to work as an online authentication device.

The Government has been facing mounting pressure to combat online fraud after it emerged in December last year that the tax credit Web site had been hit by over £30m of fraudulent claims.

The cost per ID card could rise to almost £500 due to the cost of integrating the IT infrastructure with other government departments and public sector bodies, according to recent figures from the London School of Economics

"It [an iPod with a digital certificate] would be cheaper than the ID Card scheme because everyone at the London School of Economics has told us how expensive ID Cards are going to be," said Cooper.

Under Cooper's plan, giving everyone in the UK an iPod Nano would work out at roughly £139 — even before factoring in the kind of discount that Apple may offer for a bulk purchase of 60 million units.

The LSE has also calculated that integrating the ID card IT infrastructure with all the government departments and public bodies expected to use the national identity register will cost an extra £5bn to £10bn — bringing the total cost of the scheme nearer to £30bn.

According to Apple, the company sold 14 million iPods in the final quarter of 2005 and 32 million for the year in total.

Man Arrested For Credit Card Fraud In New York

Braintree - A man giving the name Alix Z. St. Jean, 30, of Brooklyn, N.Y. was arrested at the South Shore Plaza on the afternoon of April 13 after allegedly attempting to use a fraudulent credit card to obtain 500 Euros and 1000 Pounds from the Travel Ex America international currency kiosk, Deputy Police Chief Russell Jenkins told the Forum.

Officers were first alerted to a problem at the kiosk when an employee, recognizing that the name St. Jean was using had been “flagged” for prior fraudulent transactions, pressed the hold-up alarm.

An employee informed Officer Matthew Crowley that St. Jean allegedly used fraudulent credit cards in New York, New Jersey, and earlier in the day had made an attempt at the Prudential Center.

“While speaking with St. Jean, he attempted to flee, and Officer Crowley, assisted by Officers Joseph Molloy and Thomas Molloy, chased him for a short distance before apprehending him at Milton’s,” Jenkins said. After bringing St. Jean back to the kiosk, the officers learned that he presented an Indiana driver’s license and a credit card in the name of another man.”

St. Jean was placed under arrest and charged with possessing fraudulent credit cards, passing a fraudulent card, disturbing the peace when he fled from the officers and resisted their efforts to control him, attempted larceny of the international currency, and possession of a false driver’s license.

St. Jean was held overnight on $20,000 bail pending his arraignment in Quincy District Court.