I don't see how we're "giving Aaron all our credentials" by doing this. Isn't his DNS server just simply redirecting us to his own text file which is telling our PS3s that our firmware is up to date instead of going to Sony's text file which says we should have firmware 3.21? So can someone please explain to me how exactly I would be giving information away to him? Because I thought DNS servers merely just tell us where to go (basically) and no information is really passed through them. Thanks.
@jay1199 Yeah, unless the PS3 has a habit of of sending all your credentials to DNS servers, this isn't much of a security risk. The worst he could do is monitor what sites you visit with the PS3's browser, and even then he'd only be able to tie it to an IP address.
@jay1199 DNS controls all). The attack method used is called a man-in-the-middle attack, which is simple if you can control where unencrypted data gets sent to (or if non-valid certificates are accepted).
Although what information the PS3 sends out, I have no idea.
@DWells55 Yeah, that's what my thinking is as well.
@YuriTenshi I see what you're saying. So basically, as long as this guy sets his DNS server to actually send us to the PSN servers (and not somewhere else where he can grab our information) and Sony encrypts the username, password, etc. then it should be secure? I mean, I know there isn't really such thing as 100% hacker-proof security when you're dealing with the internet and something like this, but as long as those criteria are met, it should be fairly secure, right?
@jay1199 Right, and it's fairly easy to prove whether that's happening or not. Even if it were, the important Sony traffic is encrypted and, unless Sony failed basic network security guidelines like failing to verify certificates - though I wouldn't be surprised if they did, it's not easy to get much personal info out of that. Tricky things like grabbing other site passwords that aren't so secure from people who use this fix and the web browser could technically happen...
Realistically, I'm not going to do that to thousands of people. And if you don't trust me, don't use it. I like to think I'm a reputable person though :) There are plenty of places on the net that explain how to set up something similar at home if you like, including some posts in the source thread on RVLution.
@AerialX Oh cool, so you're the guy who set this up? I was actually reading through the posts on RVLution and, yeah, I think you're a reputable person so I trust you with this. In fact, I'm using it right now. I don't really use the PS3 browser so the only info I would be sending is my PSN username and password and, like you said, unless Sony failed basic network security guidelines, everything should be encrypted and safe (not that I think you'd be doing anything bad with my info anyway). Oh, and thanks for doing this! I appreciate it!
Now that we've thrown 'em off the trail, use the form below to get in touch with the people at Engadget. Please fill in all of the required fields because they're required.
I don't see how we're "giving Aaron all our credentials" by doing this. Isn't his DNS server just simply redirecting us to his own text file which is telling our PS3s that our firmware is up to date instead of going to Sony's text file which says we should have firmware 3.21? So can someone please explain to me how exactly I would be giving information away to him? Because I thought DNS servers merely just tell us where to go (basically) and no information is really passed through them. Thanks.
@jay1199
Yeah, unless the PS3 has a habit of of sending all your credentials to DNS servers, this isn't much of a security risk. The worst he could do is monitor what sites you visit with the PS3's browser, and even then he'd only be able to tie it to an IP address.
@jay1199 DNS controls all). The attack method used is called a man-in-the-middle attack, which is simple if you can control where unencrypted data gets sent to (or if non-valid certificates are accepted).
Although what information the PS3 sends out, I have no idea.
Thanks for the replies.
@DWells55 Yeah, that's what my thinking is as well.
@YuriTenshi I see what you're saying. So basically, as long as this guy sets his DNS server to actually send us to the PSN servers (and not somewhere else where he can grab our information) and Sony encrypts the username, password, etc. then it should be secure? I mean, I know there isn't really such thing as 100% hacker-proof security when you're dealing with the internet and something like this, but as long as those criteria are met, it should be fairly secure, right?
@jay1199 Right, and it's fairly easy to prove whether that's happening or not. Even if it were, the important Sony traffic is encrypted and, unless Sony failed basic network security guidelines like failing to verify certificates - though I wouldn't be surprised if they did, it's not easy to get much personal info out of that. Tricky things like grabbing other site passwords that aren't so secure from people who use this fix and the web browser could technically happen...
Realistically, I'm not going to do that to thousands of people. And if you don't trust me, don't use it. I like to think I'm a reputable person though :)
There are plenty of places on the net that explain how to set up something similar at home if you like, including some posts in the source thread on RVLution.
P.S. It's cool to be an Engadget tag :D
@AerialX Oh cool, so you're the guy who set this up? I was actually reading through the posts on RVLution and, yeah, I think you're a reputable person so I trust you with this. In fact, I'm using it right now. I don't really use the PS3 browser so the only info I would be sending is my PSN username and password and, like you said, unless Sony failed basic network security guidelines, everything should be encrypted and safe (not that I think you'd be doing anything bad with my info anyway). Oh, and thanks for doing this! I appreciate it!