It is now the 8th May 2011 and although Sony have been making noises about offering a free Month of PSN+ service, a free game of some sort and other such good things, In the UK nothing has been heard and still no news of getting the service back. I have heard of people selling there PS3 and buying an XBOX360 and saying they will never buy a Sony product ever again and if you do not, then you must be a fan boy or something. I want to set the record straight from my own viewpoint of this whole PS3 debates.

What is PSN

This free service allows you to play on-line with others, send and receive messages (rather like email then) and voice and/or video chat with them if you have the right gear. In the world of PC’s – on-line games each have there own server and you end of with various names across the board. Sony by placing a central service means you may well have one name but once this middle man goes down – you are left high and dry.

The only game which I used On-line to be honest was LittleBigPlanet which allows others to jump in and help you complete the levels. I suck as First person Shooters on a console, so 99% of the time I am playing single player anyhow. As I have other means to chat to people instead of PSN, this feature never gets used and I have yet to speak to a single person on-line even though I have all the gear.

Are you Selling your PS3?

I bought the PS3 unit itself, this costs me £200 for the 160GIG unit. We then bought the Bluetooth microphone – £23, we add to this the Move Starter kit, another £40 and we have 11 games ranging from £10 to £20. This means I have easily spent Over £400 on that lot. If I were to sell this at some store, I would be lucky to get half of that – what sane person would chuck away half of there money just because the PSN part is currently off-line?

The PS3 still serves it purpose in that it plays games I enjoy playing, the games are cheap to come by and there is still a lot of life in the thing. I can browse the web (with flash) and I can play movies no problems.

Items I wish I had never bought

The Bluetooth headset I should only have bought once I got speaking to people, these days my online chat sessions are limited even on the PC never mind the PS3. I can use it with the PC though and it charges via a cradle so it was not 100% waste of my money and it was only £23. The other item I have not used much (due to lack of games) is the Move, I did get the camera (which I was going to buy anyhow) and it is fun but I could have lived without it.

The one console that remained rock steady in the light of people hacking them to play illegal and unsigned software was the playstation 3. A person by the name of Geohot managed to work out the secret security key that all playstation software is signed with. Armed with this information, you could load a game / application onto the PS3 and it thought it was an official piece of software and ran no problems. Ther was in fact three area’s that were of concern here and these were playing pirated games (Sony looses money), Install Homebrew software and finally hacking on-line games somehow. Sony recently not only updated the firmware to 3.56 to combat this but also issued an email to all people it suspected of running the firmware and saying it would ban them if they did not remove it.

The email from Sony

Important: Access to the PlayStation(R)Network and Access to Qriocity(TM) Services Notice

Unauthorized circumvention devices for PlayStation(R)3 system have been recently released by hackers for the PlayStation(R)3 system.  These devices permit the use of unauthorized or pirated software.

Use of such devices or software violates the terms of your “System Software License Agreement for the PlayStation(R)3 System” and the “Terms of Services and User Agreement” for the PlayStation(R)Network/Qriocity(TM) and its Community Code of Conduct provisions.  In addition, copying or playing pirated software is a violation of International Copyright Laws.

A circumvention device and/or unauthorized or pirated software currently resides on your PlayStation(R)3 system.

Immediately cease use and remove all circumvention devices and delete all unauthorized or pirated software from your PlayStation(R)3 system.  Failure to do so will result in termination of your access to PlayStation(R) Network and access to Qriocity(TM) services through your PlayStation(R)3 system.

The Background

I am happy to buy games for my playstation, they range from £8 to £21 with most going for the lower £10 price tag. I have enough games to keep me going for a while and was not going to test the water by hacking my firmware. There is always the chance that you can brick the PS3 if it goes wrong. One night I got bored and I gave it a go, it went smooth and after I installed the 3.55 firmware by GeoHot, I now had the ability to “Install package Files”. I installed a few homebrew titles such as emulators and FTP Programs.

The Update

When 3.56 came out and I was not on-line, I had no issues with updating to the latest version, I felt at this point after removing any traces of the software I had installed, I was back to been legal. I could not install any files, I could not access any previous titles (they had been removed anyhow) and all was god in the world right?

I still got that email – this means Sony may have detected I ran such a thing but am I now safe? I started to doubt myself at this stage, had I removed all the file I need to? Should I have gone back to 3.55 Official before I updated to 3.56? Will I still get banned at some point? If I do get banned, is it the console or just me?

My thoughts

Sony first of all need to produce a way for people to make there console 100% legal, so people can sleep easy at night they have done the right thing. Sending emails with warning that you better sort it out or else we will ban you is not a good PR move.

I have the Sony Bluetooth Headset, I have the Sony Move and Webcam and countless bought games. I have spent a good chunk of money on this Sony made device. If they start to go wild and ban people who are now legal – they might as well forget about making the PS4. If I had installed a Chip and carried on using it after they told me it was against the rules – thats fine by me but blanket emails is not good. I am start to loose faith in Sony and the PS3 – remember people such as me will tell friends and family “You should buy a PS3 and not the XBOX360″.

I just did a system update again – and it updated from 3.56 to 3.56 – Very odd.

Before I jump into the story, let me tell you a bit of background. I only have a paypal account as I sold some items on eBay many years ago and recently I used this method I think to buy something from eBay. As a general rule I do not log into my PayPal account, I have no funds on there and I honestly thought it was safe. Yet more background – my passwords are so hard (Uppercase, Lowercase, Numbers – no real words, longer than 12 characters in length) that I have to write them in a book which is secure. I would like to say that maybe Chrome saves my passwords but in the case of Paypal and the fact I had not logged into it for so long, it was not stored on this computer.

So what is the Hack you may ask? Well let me go through a sequence of events which all took place today and I am glad I carry a phone that shows my emails as they come in.

The flood of emails

The first email came in at 14:22, it read:

Dear Thomas,

You have initiated a PayPal Mobile payment for $1,080.00 USD to tommy1988tommy@yahoo.com. This payment will be completed once the recipient has accepted the payment.

It may take a few moments for this transaction to appear in the Recent Activity list on your Account Overview.

Currency conversion: £712.48 GBP = $1,117.02 USD

The exchange rate for this purchase is 1 GBP = 1.56779USD

Payment details

Amount: $1,080.00 USD
Transaction Date: 15 February 2011
Transaction ID: XXXXXXXXXXXXX (Not real)

Message:
I have recieved this virtual item will not charge back . Sent using the PayPal Mobile application.

As I get loads of these fake emails, I headed to my work computer to check it out, I got another email though at 14:27

Dear Thomas,

This Apple® mobile digital device was removed from your PayPal account: Owner’s iPod.

The next time you log in to PayPal on this device, it will link to your account again.

I do not own an iPod – this was swiflty followed at 14:43:

Your account has been limited until we hear from you

Dear Thomas,

We need your help resolving an issue with your account. To give us time to work together on this, we’ve temporarily limited what you can do with your account until the issue is resolved.

You can see the sequence of events taken place, somebody managed to somehow make a payment from my account via an iPod using the Mobile paying service and PayPal locked the doors quickly as they suspected something.

Checking the real PayPal

I was not sure if these emails were even real, never click on any links in an email in such a case and always just go to the site in question and log in to check it out instead – which is what I did. The first thing that annoyed me was it stated that this had gone through and would be taken from the credit card on my account. I would not be a happy bunny if $1000 left my credit card, I filed a fraud claim and I called them up. They assured me it will be dealt with and said no money will leave any account plus they will look into IP’s that logged in and so forth.

Security

When I did go to the page, it made me not only change all my details but also to confirm via phone various items and on top of this I have now switched on the SMS function that requires me having my mobile with me. On top of this I have removed any credit cards on there and my bank details.

Thoughts on this

My Password to my knowledge was secure and not easy to guess and why did PayPal lock my account down straight away after the transaction? Why do I not have access to see what IP’s address logged into my account?

I do know that once this is sorted, I am closing down my PayPal account. I have just checked with my credit card people and in fact they tried to take 3 x $1000, the 2nd two got denied and thus why my PayPal account got locked down I guess. The transaction is authorised but has not been collected from Paypal – this means while my account might show me as been £712 down, it has not physically entered into the other persons bank. If Paypal do not come up with the goods I shall have to go to the credit card side and get the money back this way.

My Advice since this happened? If you do use Paypal, make sure you remove the credit card after you have used it for the proper purpose.

** Update 16 Feb 2011 **

I got an email first thing this morning:-

We’ve finished reviewing your unauthorised activity claim and you’ll receive a refund for the transaction amount. It may take up to five working days for the funds to appear in your account.

Any portion of the payment that was funded with your credit card will be refunded directly to your credit card. You will see this in your transaction log as two entries. The first is the refund to your PayPal account and the second is the credit to your credit card. Credits to a credit card generally take two to three working days to clear, and may not

be immediately reflected in the card’s balance.

This is great news – but later tonight, I thought I better check Paypal and low and behond:

A Cancellation fee of $37.02 has been placed on my account – I reach for the phone. They said that a Fee for any transaction returned is paybale by the person of the account. My point here was that the account was used fraudulently (i.e. a crime had been committed) and yet PayPal felt the need to charge me for the fact? They explained that the money will be returned once it is all sorted and she could not put me though to anybody else as all the other departments were closed. There is no credit card assigned to that account now – will they try and take it off the card that was registered before?

I wrote another email and my plan of attack is as follows:

• Call the Credit Card company on Friday to verify that the money has gone back on.
• Get them to issue a new set of cards so no more money can be taken no matter what.
• Close the Paypal Account once this is all sorted once and for all.

*** Update 17 Feb 2011 ***

This now sort of concludes, I emailed them and they replied:

Thank you for contacting PayPal in relation to the unauthorized payment that was taken out from your account. I can sense the importance of this matter so please let me get to the bottom of this.

Mr. Hill, having reviewed your account it shows that indeed the transaction was proven to be fraudulent thus refunding you the amount that was taken from your card.

When a transaction was initiated PayPal will charge a corresponding fee and this will be paid by either the seller or the buyer which in this case was charged on your account. Since the transaction was cancelled, the payment fee of $37.02 USD has been cancelled as well. So therefore, PayPal did not take any charge on the said transaction and refunded you the full amount of £712.48 that was the amount originally taken from your card.

I hope I was able to address your concern today and should you need further assistance please don’t hesitate to contact us again.

I understand that you have been patient and understanding about this matter and it is very much appreciated.

I did call them up to ask why was my account comprised – they searched the records and could not come up with any answers. They suggested all of the following (Shifting the blame to me):

• I Clicked a link in a false email from Paypal and my account was stolen.
• There is a virus on my computer which stole the password.
• My Password was in fact very simple to guess.
• A Friend may have used my account (which of course I gave the password to).
• They plain just guessed the password.

Needless to say – I do not feel at all safe using paypal period and I will tell my story to all that will listen, I was lucky and got my money back quickly, you may not be so lucky.

It has been some years since I have even bothered to look at Hotmail or in fact MSN Live Messenger as it is now called. As I removed most of the Social networks now which includes Twitter and Skype – I thought I would install MSN once again and see if anybody was about for a chat and such. It had been such a long time that I had forgot my password – I went through and reset this to something I would know though still hard to guess. Once I booted up Messenger, it informed me I was already logged in somewhere else and it would log me off that location (very odd). As I had so many email I had not read in years, I set up Outlook to also grab the mails.

Next day….

I logged in once again and fired up Outlook – I saw that a LOT of messages were “Undeliverable” – one to each of my contacts in fact with some link, some badly written English and 100% not from me. I know people can easy spoof emails who they are from – so I checked my sent items and sure enough there was all of the emails I had sent out. I am sure my contacts wonder why I am sending them some email with me swearing as the topic and me sending them a link – I hope none of them clicked the said link.

It makes you wonder though..

I had changed the password yet somehow they managed to do this very thing and the password was pretty intense with Capitals, lowercase and numbers and not even a real word. They sent them today, this means they managed to do this in the last 24 hours but unlike Google Mail which shows you who logged in and from where – I have no idea how to check this.

Removal of all things Microsoft

As I expected, nobody was actually on-line on my MSN List, they have either blocked me (as I thought I had left or blocked them maybe) or they were just not using MSN also. I never use my Hotmail for anything at all and 90% of the messages were in fact Spam, do MS not have a Spam filter like Google then? I de-installed the Live package (which included MSN and such) and closed down my account – or at least tried to. I have to wait 72 hours without logging in to see if it finally is all gone, I personally hope so.

Yet less on-line interaction then?

You might be forgiven to thinking I am trying to disappear from the net – I have since lost all 3 Twitter Account, removed my Skype, deleted all other Social Networking logins / sites and now we remove MSN. I do not even have Chat enabled on FaceBook and if you try and search for me – good luck in actually finding me, I have set the privacy so low that it just won’t come up.

Maybe I am happier that I can choose who to contact and how I want to contact them without every single person known the slights movement I make right? Maybe the people who seem to Live and thrive on these social networking sites have limited outside contact with real humans? Anyhow – lets hope MSN goes away soon.

A new keylogger disguised as a World of Warcraft add-on is stealing account info and goods.

Last week reports of a “man-in-the-middle-attack” surfaced in regards to Blizzard’s MMORPG. World of Warcraft. Apparently hackers have created a tool that grants them access to accounts protected by an authentication tool. Once they are in control of the account, hackers can thus steal virtual gold and possessions until the account password is reset. Currently there’s no indication if the hackers gain access to data such as credit cards or other personal information.

The tool in question is a keylogger, possibly a file named emcor.dll which can be found in C:/Documents and Settings/Users/[username]/Application Data/Temp. Once the user launches the keylogger, the PC is infected and will in turn cause World of Warcraft to crash. Once the players re-start the game and log back into the account, the authenticator code is intercepted by the hacker. A different code is sent to Blizzard’s servers, locking the player out.

So how do players get the keylogger on their PC? It all starts with a sponsored link in Google showing up as a top result for WowMatrix, a free World of Warcraft add-on installer and updater. The problem is that the listing isn’t a genuine, leading gamers to the malware. “Several downloads are available and I decided to check out the installer / updater,” reads this forum post. “Results are pretty low at virustotal for the executable. The detection of the DLL hooked into our system is even worse, only 1 antivirus suspects some illegal activity.”

Because authenticator codes only last for 30 seconds, hackers have access to the WoW account until they log out. “This is still perpetrated by key loggers, and no method is always 100% secure,” Blizzard said in this forum post.

WoW gamers are warned to stay away from the following sites, which are actually based on legitimate WoW related sites with a typo at the end of each URL:

• wowmatrixf(dot)com
• Cursea(dot)com
• deadlybossmodss(dot)com
• gamesacca(dot)com