Reply
Treasure Hunter
Registered: 03/12/2007
Online
4495 posts
 

Re: Please BAN ISE: EDO top 10 prize already hacked...

Feb 28, 2013

HearItWow wrote:

 

This is a fantastic honeypot if Sony uses it properly. If they don't, it shows that they don't care at all about ISE exploits. If I were a third party developer, I'd demand a system like this be put in place, or I'd stop offering merit-based rewards altogether. 


Agreed... And the fact is ISE has been widely and blatantly used for over three years.  So it does not appear Sony or the developers care about it all that much.  After all, as you, I and others have pointed out, there are ways of preventing it, and have been used in the past sporadically... Like the Iron man outfits and others.

 

It may even be more evidence that Sony simply considers Home a VERY low priority, and ISE is simply not much of a concern to them.

Sony's PlayStation Home updated mission statement...


"Like it never happened"


- Stand for something better than mediocrity and don't disguise it as adequate, when clearly it is far from that to anyone willing to be objective and unbiased. -

Message 101 of 202 (333 Views)
0 Likes
Survivor
Registered: 01/02/2009
Offline
1924 posts
 

Re: Please BAN ISE: EDO top 10 prize already hacked...

[ Edited ]
Feb 28, 2013

HearItWow wrote:

There's no reason for ISE to even exist. Here's the two-minute fix:

 

Every item in home has a unique back-end code. Attach the code for the Top 10 items, and only those 10 items, to a lookup table that identifies the 10 users who legitimately have them.

 

During the content verification process, set a red flag on the Tiger Bike Locomotion that triggers the lookup table. If the PSN ID with the item is not one of the 10 known winners, automatically disconnect the user and flag the account for moderation. Ban the user or remove all ISE items.

 

Since ISE hackers tend to steal everything, you're going to catch a lot of people this way. Since the lookup table only has 10 names in it, the extra login time shouldn't even be noticable. Maybe a second on a very taxed server.

 

This is a fantastic honeypot if Sony uses it properly. If they don't, it shows that they don't care at all about ISE exploits. If I were a third party developer, I'd demand a system like this be put in place, or I'd stop offering merit-based rewards altogether. As someone correctly pointed out, purchases were needed to participate in this event, which means Granzella lost out on revenue from people who decided to simply steal the rewards. That's a hit on their bottom line, and that's not good business.


 

That could work. But someone would have to program that.. And they would have to test it. And it would have to go through sony approval. And then we have to pray it didn't malfunction and didn't start throwing random people offline.

 

 

The answer is easier to me. I've run large databases before. Just run a database query for the tiger minibikes. There are only 10 users in each region.  Just type the command to query for that item. You will get a list of accounts that own that. Compare the results of the query to the list of winners.

 

That will give you a list of who hacked it immediately.

 

 

Message 102 of 202 (322 Views)
Treasure Hunter
Registered: 02/20/2008
Offline
8666 posts
 

Re: Please BAN ISE: EDO top 10 prize already hacked...

Feb 28, 2013

HearItWow wrote:

There's no reason for ISE to even exist. Here's the two-minute fix:

 

Every item in home has a unique back-end code. Attach the code for the Top 10 items, and only those 10 items, to a lookup table that identifies the 10 users who legitimately have them.

 

During the content verification process, set a red flag on the Tiger Bike Locomotion that triggers the lookup table. If the PSN ID with the item is not one of the 10 known winners, automatically disconnect the user and flag the account for moderation. Ban the user or remove all ISE items.

 

Since ISE hackers tend to steal everything, you're going to catch a lot of people this way. Since the lookup table only has 10 names in it, the extra login time shouldn't even be noticable. Maybe a second on a very taxed server.

 

This is a fantastic honeypot if Sony uses it properly. If they don't, it shows that they don't care at all about ISE exploits. If I were a third party developer, I'd demand a system like this be put in place, or I'd stop offering merit-based rewards altogether. As someone correctly pointed out, purchases were needed to participate in this event, which means Granzella lost out on revenue from people who decided to simply steal the rewards. That's a hit on their bottom line, and that's not good business.


Well, that is nice and all but none of that is in Home as of now.  Also the only way that could ever work would be if we

  1. Got another core update
  2. The Game developers of the space would all need to reprogram each and every space

As for the people who use the ISE "exploit" stealing?  When an item is free then your not really stealing it.

***********************************
Folding@home Team #118000
***********************************
GAPHome

             

               General

Message 103 of 202 (274 Views)
0 Likes
Uncharted Territory
Registered: 08/08/2011
Offline
1649 posts
 

Re: Please BAN ISE: EDO top 10 prize already hacked...

Feb 28, 2013

King0fHearts2007 wrote:

HearItWow wrote:

There's no reason for ISE to even exist. Here's the two-minute fix:

 

Every item in home has a unique back-end code. Attach the code for the Top 10 items, and only those 10 items, to a lookup table that identifies the 10 users who legitimately have them.

 

During the content verification process, set a red flag on the Tiger Bike Locomotion that triggers the lookup table. If the PSN ID with the item is not one of the 10 known winners, automatically disconnect the user and flag the account for moderation. Ban the user or remove all ISE items.

 

Since ISE hackers tend to steal everything, you're going to catch a lot of people this way. Since the lookup table only has 10 names in it, the extra login time shouldn't even be noticable. Maybe a second on a very taxed server.

 

This is a fantastic honeypot if Sony uses it properly. If they don't, it shows that they don't care at all about ISE exploits. If I were a third party developer, I'd demand a system like this be put in place, or I'd stop offering merit-based rewards altogether. As someone correctly pointed out, purchases were needed to participate in this event, which means Granzella lost out on revenue from people who decided to simply steal the rewards. That's a hit on their bottom line, and that's not good business.


Well, that is nice and all but none of that is in Home as of now.  Also the only way that could ever work would be if we

  1. Got another core update
  2. The Game developers of the space would all need to reprogram each and every space

As for the people who use the ISE "exploit" stealing?  When an item is free then your not really stealing it.


Except the items aren't free. It's impossible to beat the mission, let alone make top 10 without store bought goods.

 

Message 104 of 202 (258 Views)
Treasure Hunter
Registered: 02/20/2008
Offline
8666 posts
 

Re: Please BAN ISE: EDO top 10 prize already hacked...

Feb 28, 2013

Grand_Moff wrote:
King, you don't think ANYTHING is breaking the rules. You have absolutely no moral code. None whatsoever. 

I love how everyone posts opinions on here no one ever trys to post facts.  Why don't you show me how I'm wrong and post the rule in question.  I bet that would make you very happy showing how I'm wrong.

***********************************
Folding@home Team #118000
***********************************
GAPHome

             

               General

Message 105 of 202 (254 Views)
0 Likes
Lombax Warrior
Registered: 08/14/2009
Offline
143 posts
 

Re: Please BAN ISE: EDO top 10 prize already hacked...

Feb 28, 2013

HearItWow wrote:

There's no reason for ISE to even exist. Here's the two-minute fix:

 

Every item in home has a unique back-end code. Attach the code for the Top 10 items, and only those 10 items, to a lookup table that identifies the 10 users who legitimately have them.

 

During the content verification process, set a red flag on the Tiger Bike Locomotion that triggers the lookup table. If the PSN ID with the item is not one of the 10 known winners, automatically disconnect the user and flag the account for moderation. Ban the user or remove all ISE items.

 

Since ISE hackers tend to steal everything, you're going to catch a lot of people this way. Since the lookup table only has 10 names in it, the extra login time shouldn't even be noticable. Maybe a second on a very taxed server.

 

This is a fantastic honeypot if Sony uses it properly. If they don't, it shows that they don't care at all about ISE exploits. If I were a third party developer, I'd demand a system like this be put in place, or I'd stop offering merit-based rewards altogether. As someone correctly pointed out, purchases were needed to participate in this event, which means Granzella lost out on revenue from people who decided to simply steal the rewards. That's a hit on their bottom line, and that's not good business.


This actually makes me think of something rather interesting . . . so it's clear that Sony doesn't much care about ISE hacks, but developers would naturally have a right to be upset about this, as they lose revenue because of it. As such, developers should do the vouchers like people have been saying, because it would be a way to continue their rewards, keep them exclusive, and they wouldn't have to do it through Sony.

So I guess the ultimate fix for this on the developer side would be "For future reference, use redeemable codes and not the reward system itself to hand out your exclusive gifts."

On the other side of things, I guess I'm becoming more cynical when it comes to Home or something because I'm starting to see it slowly start to spin around in the toilet bowl. If what HearItWow says is true then that fix would legitimately take a fraction of a single work day to implement, and it wouldn't even take a genius to do it, so why hasn't it been done? I would like to think Sony has somebody working for them who thought of this process . . . If they haven't, then the creative mind behind Home is seriously lacking.

Message 106 of 202 (251 Views)
Treasure Hunter
Registered: 02/20/2008
Offline
8666 posts
 

Re: Please BAN ISE: EDO top 10 prize already hacked...

Feb 28, 2013

LunarEmerald wrote:
Except the items aren't free. It's impossible to beat the mission, let alone make top 10 without store bought goods.

 


Good point, but is that the way Sony see's it?  The last core update (in my opinion) was made to fix people who use the ISE exploit from getting paid items from the gift machine.  So if your right this problem will not be here for long and should be fixed in the next core update.

***********************************
Folding@home Team #118000
***********************************
GAPHome

             

               General

Message 107 of 202 (234 Views)
0 Likes
Survivor
Registered: 07/25/2010
Offline
1691 posts
 

Re: Please BAN ISE: EDO top 10 prize already hacked...

[ Edited ]
Feb 28, 2013

King0fHearts2007 wrote:

Grand_Moff wrote:
King, you don't think ANYTHING is breaking the rules. You have absolutely no moral code. None whatsoever. 

I love how everyone posts opinions on here no one ever trys to post facts.  Why don't you show me how I'm wrong and post the rule in question.  I bet that would make you very happy showing how I'm wrong.


PS3 Jailbreak Users Being Banned On PSN

 

Click the link^. Read the link. Doesn't matter, though. You'll wind up spinning it, despite it being FLAT IN YOUR FACE.

 

You believe jailbreaking is NOT against the rules, as there is no rule stating you cannot jailbreak. Wrong. You think Sony cannot do anything to your PS3. Wrong.

Message 108 of 202 (396 Views)
Uncharted Territory
Registered: 08/08/2011
Offline
1649 posts
 

Re: Please BAN ISE: EDO top 10 prize already hacked...

Feb 28, 2013

King0fHearts2007 wrote:

LunarEmerald wrote:
Except the items aren't free. It's impossible to beat the mission, let alone make top 10 without store bought goods.

 


Good point, but is that the way Sony see's it?  The last core update (in my opinion) was made to fix people who use the ISE exploit from getting paid items from the gift machine.  So if your right this problem will not be here for long and should be fixed in the next core update.


I'm sure that's the way Granzella sees it. Which is why they should be notified of it.

 

Message 109 of 202 (381 Views)
Highlighted
Treasure Hunter
Registered: 10/01/2009
Offline
5310 posts
 

Re: Please BAN ISE: EDO top 10 prize already hacked...

Feb 28, 2013

F1REFLY_SEREN1TY wrote:

HearItWow wrote:

There's no reason for ISE to even exist. Here's the two-minute fix:

 

Every item in home has a unique back-end code. Attach the code for the Top 10 items, and only those 10 items, to a lookup table that identifies the 10 users who legitimately have them.

 

During the content verification process, set a red flag on the Tiger Bike Locomotion that triggers the lookup table. If the PSN ID with the item is not one of the 10 known winners, automatically disconnect the user and flag the account for moderation. Ban the user or remove all ISE items.

 

Since ISE hackers tend to steal everything, you're going to catch a lot of people this way. Since the lookup table only has 10 names in it, the extra login time shouldn't even be noticable. Maybe a second on a very taxed server.

 

This is a fantastic honeypot if Sony uses it properly. If they don't, it shows that they don't care at all about ISE exploits. If I were a third party developer, I'd demand a system like this be put in place, or I'd stop offering merit-based rewards altogether. As someone correctly pointed out, purchases were needed to participate in this event, which means Granzella lost out on revenue from people who decided to simply steal the rewards. That's a hit on their bottom line, and that's not good business.


 

That could work. But someone would have to program that.. And they would have to test it. And it would have to go through sony approval. And then we have to pray it didn't malfunction and didn't start throwing random people offline.

 

 

The answer is easier to me. I've run large databases before. Just run a database query for the tiger minibikes. There are only 10 users in each region.  Just type the command to query for that item. You will get a list of accounts that own that. Compare the results of the query to the list of winners.

 

That will give you a list of who hacked it immediately.

 

 


That's more or less what I was aiming for, though I realize now I wasn't entirely clear about it. Automate the search and run it against the 10-person lookup table for that particular item, not for all items.

 

As a database admin, I'm sure you know how incredibly simple it is to set something like that up. Manual lookups would work as well, but now you've got to have someone with database access go in and do it, plus the bans have to be handed out manually as well.

 

Much more fun to have hackers log in and get an error message that says, "Illegal items have been found in your account. Your access to PlayStation Home is suspended until further review."

Follow me on Twitter:
twitter.com/hearitwow

Watch past episodes:
HomeCast at HomeStation Magazine

Message 110 of 202 (357 Views)