Sponsored Links

Sponsored Links

Page 13 of 14 FirstFirst ... 311121314 LastLast
Results 121 to 130 of 138



  1. #121
    Registered User nannou's Avatar
    Join Date
    Oct 2009
    Posts
    36
    Sponsored Links
    Sponsored Links
    The DNS thing isn't safe? Why is that?

  2. #122
    Contributor korn16ftl3's Avatar
    Join Date
    Mar 2010
    Posts
    40
    Sponsored Links
    Sponsored Links
    Quote Originally Posted by nannou View Post
    The DNS thing isn't safe? Why is that?
    The public DNS that some one else set up mentioned earlier in the thread isn't safe. i myself don't use anything like that less its trusted in the first place.

  3. #123
    Registered User triple7's Avatar
    Join Date
    Jun 2006
    Posts
    121
    Sponsored Links
    Sponsored Links
    Quote Originally Posted by nannou View Post
    The DNS thing isn't safe? Why is that?
    It's not safe because when using this DNS, your communication with Sony's servers passes through this server. This means whoever owns the server might be able to listen in on the communication and possibly steal your PSN password, credit card details etc.

  4. #124
    Registered User jimmychoochewit's Avatar
    Join Date
    Apr 2010
    Posts
    1
    Sponsored Links

    Lightbulb

    Sponsored Links
    Opendns is a good public server. Pretty popular too..

    So, what can this exploit lead to in the future? I have some knowledge, but nothing like this.
    Last edited by jimmychoochewit; 04-04-2010 at 04:03 PM

  5. #125
    Registered User sapperlott's Avatar
    Join Date
    Nov 2009
    Posts
    129
    Just took a brief look at the dump and basically you can ignore anything after offset 0x1000000 since that's where Linux lives.

    Compared to a "regular" LV1 dump, there's different content starting at 0x800000. So if you're looking for LV2 content your best chance to find something is in between 0x800000 and 0xffffff.

    Another interesting fact: this dump was taken from the same PS3 the LPT triggered dump originates from. So it could help to compare the new dump to the LPT triggered one.
    Last edited by sapperlott; 04-05-2010 at 06:28 AM Reason: Automerged Doublepost

  6. #126
    Senior Member GrandpaHomer's Avatar
    Join Date
    Apr 2005
    Posts
    1,316
    In regards of using (any) "unverified" or nontrusted DNS servers - it is indeed impossible (directly) to do much via DNS server itself ... BUT - who says it will not redirect the certain specific services / downloads / etc. (apart of the much needed version bypass) via his own servers to do some sniffing, eh?

    As unfortunatelly using several "local" bypass methods the connection / program was pretty unstable with getting disconencted all the time and not even being able to connect to some games online at all (e.g. Everybody's Golf: World tour / Hot Shots Golf) I'm using that proxy on 2 of 3 of mine PS3s (not working for one with fw 1.50 neither any of the proxy programs so far) and all I can suggest is to remove your creditcard details linked to your PSN account and change your passwords often and keep them long and strong. It does indeed use https communication so chance of any of your details are pretty slim but still - better be sure than sorry.

    A bit of OT - anyone still uses PS3 with some of the lower FWs (2.00 or 1.50 or similar) to go online? If yes - can you please at least briefly direct me to teh right direction for mine 1.50 (UK) one? I believe it SHOULD work with proxy if the "correct" version file is supplied but after several attempts to do so and all failing I'm a bit sceptic now ... Any help will be much appreciated.

  7. #127
    Registered User gravesg's Avatar
    Join Date
    Apr 2006
    Posts
    26
    Quote Originally Posted by triple7 View Post
    It's not safe because when using this DNS, your communication with Sony's servers passes through this server. This means whoever owns the server might be able to listen in on the communication and possibly steal your PSN password, credit card details etc.
    dns servers serve to give you an ip address when you enter a .com, net, org, etc

    it works like this, lets say i want to goto ps3news.com. i tell my browerser ps3news.com my computer tells the dns server ps3news.com and the dns server tells my computer/modem 74.52.36.42 and then wahh laaa .. i get a web site.

    THERE IS NO DATA THAT TRANSFERS through the dns server. IT WOULD BE IMPOSSIBLE TO STORE SO MUCH.

    I have a computer engineering degree. so i trust i explained this as simple as possible. Even it were possible to hi-jack the data .. you'd need an IBM blade server with a bunch of cell cpu's

    you gotta realize every major isp runs dns servers and lets use comcast for example, they'd have 20 million people requesting websites every 10-14 seconds.

    thats 100 million in less than a minute, do you know how big a log file would be for an hour, it'd take you YEARS to decipher any infomation you might have stolen, which i may add is not possible.

  8. #128
    Registered User daGraveR's Avatar
    Join Date
    Mar 2010
    Posts
    25
    This is true, unless the 'hacker' controls the DNS, like in this case. There's nothing preventing the 'hacker' to change the address of ps3news.com to 1.2.3.4, which would act as a proxy sniffing out interesting stuff and then forwarding requests to 74.52.36.42 and send it back to the client.

    [Register or Login to view links]
    I have a computer engineering degree.
    Seriously, I'd ask my money back if I were you...
    Even it were possible to hi-jack the data .. you'd need an IBM blade server with a bunch of cell cpu's
    No, you don't in case of SSL-traffic MITM-attacks also work nicely with forged/faked certificates.

  9. #129
    Senior Member CodeKiller's Avatar
    Join Date
    Nov 2009
    Posts
    130
    Quote Originally Posted by daGraveR View Post
    No, you don't in case of SSL-traffic MITM-attacks also work nicely with forged/faked certificates.
    If that would be so easy, many bank-accounts would have been hijacked. The SSL is not hack-proof, but serious pages uses comlex methods of validating connection. MITM have been known so many years now that it should not be an option.

    However naive users can be fooled by page look-alikes but these cannot been certificated properly. (also possible malicious redirection...)

  10. #130
    Junior Member Bulldogzz's Avatar
    Join Date
    Apr 2010
    Posts
    73
    Quote Originally Posted by GrandpaHomer View Post
    In regards of using (any) "unverified" or nontrusted DNS servers - it is indeed impossible (directly) to do much via DNS server itself ... BUT - who says it will not redirect the certain specific services / downloads / etc. (apart of the much needed version bypass) via his own servers to do some sniffing, eh?

    As unfortunatelly using several "local" bypass methods the connection / program was pretty unstable with getting disconencted all the time and not even being able to connect to some games online at all (e.g. Everybody's Golf: World tour / Hot Shots Golf) I'm using that proxy on 2 of 3 of mine PS3s (not working for one with fw 1.50 neither any of the proxy programs so far) and all I can suggest is to remove your creditcard details linked to your PSN account and change your passwords often and keep them long and strong. It does indeed use https communication so chance of any of your details are pretty slim but still - better be sure than sorry.

    A bit of OT - anyone still uses PS3 with some of the lower FWs (2.00 or 1.50 or similar) to go online? If yes - can you please at least briefly direct me to teh right direction for mine 1.50 (UK) one? I believe it SHOULD work with proxy if the "correct" version file is supplied but after several attempts to do so and all failing I'm a bit sceptic now ... Any help will be much appreciated.
    try this for your 1.50 FW Issues:

    Code:
    # UK
    Dest=87;CompatibleSystemSoftwareVersion=1.1500-;
    Dest=87;ImageVersion=0000a21e;SystemSoftwareVersion=1.1500;CDN=http://duk01.ps3.update.playstation.net/update/ps3/image/uk/2009_1210_54ee80e14e479f8351b988ab9a472042/PS3UPDAT.PUP;CDN_Timeout=30;

 

Sponsored Links

Page 13 of 14 FirstFirst ... 311121314 LastLast
Affiliates - Contact Us - PS3 Downloads - Privacy Statement - Site Rules - Top - © 2014 PlayStation 3 News