PS3 security is "epic fail"

[A1260]

geohot speaks on youtube...

[youtube]QXqIssgzML8[/youtube]

[A1260]

more news here...

Hotz stands firm on his motivation behind hacking the console (he wanted to return the "Other OS" feature to the PS3) and also takes the opportunity to refute claims he's only interested in hacking so the PS3 can play pirated games.

read..
http://kotaku.com/5733293/ps3-hacker-being-sued-for-making-sony-mad

[runequester]

What little I've seen of the 360, it's a LOT better designed (as well as implemented.)

Wide spread piracy leading to MS banning modded consoles, and the first generation of 360's coughing and dying on a regular basis?

Im not sure I'd take the 360 as an example of better design

[ejstans]

Wide spread piracy leading to MS banning modded consoles, and the first generation of 360's coughing and dying on a regular basis?

Im not sure I'd take the 360 as an example of better design

It is indeed dangerous to speak out when I only know so very little, but I did mean security model, not hardware design of course And yeah, I forgot about the foul up with the insecure DVD drive, but other than that, what little I've seen of the design seems pretty good, no? Certainly not without flaws (I think the most serious the bug that allowed extraction of the CPU key, but unlike the PS3, this was not due to failure of the whole security model, and did require pretty impressive sophistication to hack, well, far as I know at least...) but the security model seems cohesive, whereas Sony just seems to have tossed together bits and pieces without caring how they support (or in Sony's case, don't!) each other.

 One nifty thing, for example, X360 memory is apparently protected with secure hashes and no code/data ever goes outside the CPU in clear text. Unlike the PS3 which places all faith in the XDR mem being out of reach to attackers due to its high speed. Geohot's original supervisor hack (XDR glitching) is just a special case of manipulating the XDR, and really, Sony can do nothing (like removing OtherOS) to protect against that. For sure! So yeah, someone could "just" hook up to the XDR and inject any code they want to run, unlike the 360 where this is impossible, by design.

[foleyjo]

Can someone who is in the know provide an answer to the following question.

I've been following this as I was interested in using Emulators on my PS3. However the emulators I've seen state that they need to run on Geohots Unofficial Firmware.

So if you need unofficial firmware won't Sony be able to see that your PS3's firmware is different to the official one, which in turn would allow them to act against people using it.

[A1260]

Can someone who is in the know provide an answer to the following question.

I've been following this as I was interested in using Emulators on my PS3. However the emulators I've seen state that they need to run on Geohots Unofficial Firmware.

So if you need unofficial firmware won't Sony be able to see that your PS3's firmware is different to the official one, which in turn would allow them to act against people using it.

until now they havent seen anyone... so the ps3 jailbreak usb plug with the latest cracked xmb 3.55 firmware update is safe so far. but to be 100% save you unplug the ps3 from the net.

[kedawa]

I was under the impression that you need the CFW to install the package files for the emulators, but once they're installed, you can revert to the official firmware and still play them, since they are properly signed executables.

[actung_bab]

I have no doubt Sony will attempt to plug this via some "security" related update. And once they have they will insist that in order to access PSN you must have that update installed.
So Sony's security/protection scheme has failed. And its neat that we will have the full access to hardware that was previously blocked by the hypervisor.
But I think labeling this as "epic" is premature and I don't think this is over yet (not by a long shot).

gezz how many people here posting actually own a ps3 you have to update the software to log on to psn network always been that way, as for the other comment am l a aimga person yes l am . and just brought my second ps3 orginal 60 gb model so l got 2  ps3 s hehe

[kolla]

gezz how many people here posting actually own a ps3 you have to update the software to log on to psn network always been that way, as for the other comment am l a aimga person yes l am . and just brought my second ps3 orginal 60 gb model so l got 2  ps3 s hehe

I had a PS3, but gave it away. The only game I got for it was orange box to play portal, the rest of the time I used it for Linux. Never bothered with PSN. With PS3 security now shattered, I'm considering picking up a slim to play with Linux on it again. I also have two Wii consoles for which I have bought lots of games, but both of them also have homebrew and also run Linux. I have two old XBOX machines with modchip and XBMC, and for them I have quite a few games that I bought. I also have a Gamecube that I bought solely for hacking, it has modchip, custom cabinet to allow regular sized DVDs and used Gecko to bootstrap Linux. I also run Linux on three Amigas and an old m68k Mac Quadra 910, my G4 minimac, G4 iBook, 4 NSLUs, WL500gx, WLHDD, Zaurus SL5500, eeePc 901, a handfull of PCs and emulated systems (aranym, qemu).

Are you saying I should give up my hobby of hacking linux on whatever device I want, just so you can have peace in mind?

[TheBilgeRat]

I had a PS3, but gave it away. The only game I got for it was orange box to play portal, the rest of the time I used it for Linux. Never bothered with PSN. With PS3 security now shattered, I'm considering picking up a slim to play with Linux on it again. I also have two Wii consoles for which I have bought lots of games, but both of them also have homebrew and also run Linux. I have two old XBOX machines with modchip and XBMC, and for them I have quite a few games that I bought. I also have a Gamecube that I bought solely for hacking, it has modchip, custom cabinet to allow regular sized DVDs and used Gecko to bootstrap Linux. I also run Linux on three Amigas and an old m68k Mac Quadra 910, my G4 minimac, G4 iBook, 4 NSLUs, WL500gx, WLHDD, Zaurus SL5500, eeePc 901, a handfull of PCs and emulated systems (aranym, qemu).

Are you saying I should give up my hobby of hacking linux on whatever device I want, just so you can have peace in mind?

Awesome!  :roflmao:

[cpfuture]

and just brought my second ps3 orginal 60 gb model so l got 2  ps3 s hehe

You know what's even cooler? Having 3 PS3's:

http://www.youtube.com/watch?v=uh1jB4hVJRg

[A1260]

latest...

FOR IMMEDIATE RELEASE:
January 14, 2011

Law Firms defend Sony's Accusations against George Hotz

San Francisco, California – Today, attorneys Stewart Kellar and Yasha Heidari announced they intend to vigorously defend the baseless accusations asserted by Sony Computer Entertainment America LLC (“Sony”) against Mr. George Hotz.

“Make no mistake,” Stewart Kellar, intellectual property attorney and e-ttorney at law™ stated, “this case is not about Sony attempting to protect its intellectual property or otherwise seek bona fide relief from the court. Rather, it's an attempt from Sony to send a message that any individual using Sony hardware in a way Sony does not deem appropriate will result in harsh legal consequences from a multi-billion dollar company, irrespective of any legal basis or authority for such action.”

Sony recently filed suit against a number of individuals, including Mr. Hotz, a 21-year-old computer prodigy who is well-known for his accomplishments and innovations in the field of phone and computer development, such as for creating the ability to provide for iPhone interoperability between various cellular network carriers. Citing unfounded concerns and a dubious legal basis for jurisdiction, Sony seeks relief from the Court due to Mr. Hotz re-enabling core functionality of the Playstation 3.

“I think it is quite telling that Sony, who is legally required to provide notice to Mr. Hotz before seeking any special relief with the Court, decided to e-mail Mr. Hotz a copy of their motion at 7 p.m. when a hearing was scheduled for the next morning at 9 a.m. in California, while Mr. Hotz does not even live in California. Sony is seeking various unreasonable relief, such as seizing Mr. Hotz's personal property and computers. Luckily, the Court postponed the hearing,” said Yasha Heidari, Esq., managing partner at Heidari Power Law Group, LLC.

Mr. Kellar added, “This case not only has profound implications for the parties involved, but it also implicates core property rights for every consumer out there.” Recently in April of 2010, citing the fact that the Playstation 3's terms and conditions reserve the right to modify the PS3's settings and features, Sony inexplicably issued an “upgrade” that removes the end user's ability to utilize the PS3's OtherOS functionality. Consumer familiar with the PS3 know that OtherOS is a powerful tool that is critical in allowing its users to utilize the PS3 as a personal computer. Sony had previously touted the PS3's OtherOS as a major selling point and feature that would receive Sony's continued support. Yet, despite this, Sony took the position that consumers must either choose to upgrade the PS3 to play newer game titles and lose OtherOS support, or ignore the update to keep OtherOS but be prohibited from playing newer titles.

Mr. Heidari stated, “While most companies issue firmware upgrades to increase a product's abilities over its life cycle, Sony has taken the unacceptable and draconian approach of decreasing the PS3's capabilities by actually destroying a core feature of the PS3. Imagine taking in your car for an oil change and having the manufacturer remove your car's air conditioner, radio, and half its horsepower because of fears that other hypothetical individuals might abuse their vehicles. It just doesn't make any sense, and it's a slap in the face to the consumers that put their support behind the product.” Mr. Kellar proclaimed, “This case rests on Sony's misguided belief that it has the unfettered ability to control how consumers use the products they legitimately purchase.”

Both attorneys agree that Sony's interpretation of the law is quite troubling. The attorneys state they hope the judge will deny Sony's motion, but regardless of how the judge rules, they fully intend to defend Mr. Hotz in this action, which has wide-spread implications for consumers globally.

News Source:
http://www.hplawgroup.com/PR-Hotz-Jan-14-2011.pdf

[A1260]

some great news! the custom 3.55 firmware is ready for ps3...

http://twitter.com/hackinblack/status/26973008144891905

[ElPolloDiabl]

Okay here's the latest: If you buy a PS3 game you will only be able to install it 5 times before it is junked. Info in this article:

http://www.techeye.net/security/sony-plugs-ps3-root-key-hole-with-blu-ray-serial-keys

I would call it the anti-piracy mutually assured destruction arms race.

[runequester]

Okay here's the latest: If you buy a PS3 game you will only be able to install it 5 times before it is junked. Info in this article:

http://www.techeye.net/security/sony-plugs-ps3-root-key-hole-with-blu-ray-serial-keys

I would call it the anti-piracy mutually assured destruction arms race.

The gap between consoles and PC's continue to close

[psxphill]

If it's true then it will kill the second hand market for ps3 games.
Although it can only count if you go online.
 
Rather boring if that is all they could come up with.