PS3 security is "epic fail"

[ejstans]

when sony start suing instead of plugging the security hole, then you know they cant fix the problem and have lost.

Something to consider:

Reminder: do NOT update to future versions. PS3s are permanently owned  through hardware, but Sony can throw roadblocks in your way via SW.

[Iggy]

I have no doubt Sony will attempt to plug this via some "security" related update. And once they have they will insist that in order to access PSN you must have that update installed.
So Sony's security/protection scheme has failed. And its neat that we will have the full access to hardware that was previously blocked by the hypervisor.
But I think labeling this as "epic" is premature and I don't think this is over yet (not by a long shot).

[ejstans]

I have no doubt Sony will attempt to plug this via some "security" related update. And once they have they will insist that in order to access PSN you must have that update installed.
So Sony's security/protection scheme has failed. And its neat that we will have the full access to hardware that was previously blocked by the hypervisor.
But I think labeling this as "epic" is premature and I don't think this is over yet (not by a long shot).

It is epic, there is no other word for it, and it's certainly not premature to call it that. If you read the slides or watched the presentation, you'll see. It's an unbelieable screw up by Sony, simply unbelievable...

A conspiracy-inclined mind might well suspect it was intentional...

[actung_bab]

brasses me of some twit trying hack the system cuased them to take away install other os in the first place these people are pain in the a,,,
leave the ps3 to the real users stop wreaking it for us l dont want install linux on my ps3

[Iggy]

It is epic, there is no other word for it, and it's certainly not premature to call it that. If you read the slides or watched the presentation, you'll see. It's an unbelieable screw up by Sony, simply unbelievable...

A conspiracy-inclined mind might well suspect it was intentional...

Yes, the level of stupidity here makes it seem almost suspicious. But Sony has gone out of their way to prevent this in the past, so it probably is what it seems on the surface, a mistake.
And with time and consideration I wouldn't put it past Sony to devise a counter strategy. Its hard to anticipate how they might be able to plug this hole, but since they haven't responded yet I think its more than fair to consider calling this fight over to be premature..

[kolla]

@actung_bab
:roflmao:
And you're an Amiga user?

[nicholas]

@actung_bab
:roflmao:
And you're an Amiga user?

What I find even more amusing is he has the following in his sig!

Sony Ps 3 Orginal 6 port usb 160 gb hd (os 4.1 ready :-)

:roflmao:

[Hammer]

Just another part of the 'you don't really own it" logic that prevails these day. I'm waiting for some corporate scumbag to suggest an addition to the Digital Mellinium Copyright act that makes altering your own pocessions a crime. Seems like the next logical step now that ripping MP3s from CDs you own is now technically illegal.

Trust me, I glad immortality is not possible because I am convinced the future hold a lot of qualifiers for the freedoms we take for granted today.

I thought using calculators in school was stupid (having been taught multiplication when I went to school).
I can't wait for the day when people have to be hardwired 24/7 to the internet (or something more corrupt) just to compete. I promise you , one day, technology and the Republican party will Borg us all (and you won't have a say in it - hell you'll probably be convinced to support it).

Damn! Now I sound like some kind of hybrid Tea party/scifi geek/paranoid conspiracy nut job. But a new stage in evolution is soon to come upon us, and I'm glad I'm too old to have to face the negative aspects of it.

Android 2.1/2.2 needs constant internet connection(for Google cloud services) for hands-free/voice activation**. **A safety feature while driving the car. My old Nokia Smart Phone doesn't require this BS.

[Iggy]

Android 2.1/2.2 needs constant internet connection(for Google cloud services) for hands-free/voice activation**. **A safety feature while driving the car. My old Nokia Smart Phone doesn't require this BS.

Thanks Hammer,
That is the strongest argument I've heard against Android in a long time. My home State has started requiring hand free operation in vehicles as of Jan 1st.
Requiring an Internet connection is just stupid.

Its time consumer took a stand against devices that force specific "features" on us.

[nicholas]

Thanks Hammer,
That is the strongest argument I've heard against Android in a long time. My home State has started requiring hand free operation in vehicles as of Jan 1st.
Requiring an Internet connection is just stupid.

Its time consumer took a stand against devices that force specific "features" on us.

It's also complete bollox!

It doesn't require an internet connection to use my Bluetooth hands free adapter.

[Iggy]

It's also complete bollox!

It doesn't require an internet connection to use my Bluetooth hands free adapter.

A question, Nicholas. Do Android devices have to be constantly connected to the Internet to have any real utility or are there enough non-cloud based apps to make it worth using when you're not connected? Because frankly I'm not convinced that 'Cloud Computing' isn't another enormous scam.

[nicholas]

A question, Nicholas. Do Android devices have to be constantly connected to the Internet to have any real utility or are there enough non-cloud based apps to make it worth using when you're not connected. Because frankly I'm not convinced that 'Cloud Computing' isn't another enormous scam.

You don't need the internet for anything except installing apps from the market.

My 12yr old son's handset is NEVER connected to the internet except for when he visits me at weekends and uses my wifi to get more apps.

[TheBilgeRat]

Before going aggro on the hackers, realize that if it wasn't for hackers, there would be no internet (abusing/using the phone system to send and steal data, when it was origianlly designed for voice transmission).

[Iggy]

You don't need the internet for anything except installing apps from the market.

My 12yr old son's handset is NEVER connected to the internet except for when he visits me at weekends and uses my wifi to get more apps.

Thanks, I just like the idea of Linux based devices. The idea that Microsoft is readying a version of Windows 8 for ARM is troubling.

[ejstans]

Yes, the level of stupidity here makes it seem almost suspicious. But Sony has gone out of their way to prevent this in the past, so it probably is what it seems on the surface, a mistake.
And with time and consideration I wouldn't put it past Sony to devise a counter strategy. Its hard to anticipate how they might be able to plug this hole, but since they haven't responded yet I think its more than fair to consider calling this fight over to be premature..

I have no doubt it's were are talking "mistakes" here. But if they were really serious about security, it's something that wouldn't have occurred. Really. Regardless of whether Sony has the ability to rewrite a completely new and 100% secure firmware, the way they mucked up the crypto makes them deserve an "epic fail" stamped on their foreheads anyway.

And, even though fail0verflow were kind enough to classify it as  "just a bug in a loader", I'd say blindly copying user supplied data  with a user supplied size in a security-critical loader is pretty "epic  fail" that too. It's not like buffer overflows are unknown, or have been  for the last decades, geez!

It's kind of obvious that junior programmers are responsible for these things. If Sony really cared about security, they would hire better people to design and implement the security systems. And I don't mean they have to hire Geohot either.

What little I've seen of the 360, it's a LOT better designed (as well as implemented.)

[A1260]

geohot speaks on youtube...

[youtube]QXqIssgzML8[/youtube]