I didnt read all the threads, but "epic fail" seems a bit extreme to me
The term was used by the researchers who presented it at the 27C3. I've just seen the entire presentation, and I can understand why they called it "epic fail".
The security system used by the PS3 is layered, so in theory an adversary would have to break down each layer for the whole system to be compromised. But as the presentation showed, the layer design is either bungled (e.g. the media encryption, the code signing), effectively irrelevant to security (e.g. the Hypervisor, the crypto functions of the dedicated security processor) or so brittle that there is no defense against compromised components (e.g. the bootstrapping process).
A lot of effort went into implementing these security measures, but taken as a whole their effectiveness is reduced to security by obscurity, which is shocking if you are familiar with the technology. This ought to have been designed and implemented much better.
What is "epic" about the whole affair is how much effort Sony spent on this product, how long it took to become marginally profitable, how long Sony plans to keep this product alive, and yet how little leverage is required to undo these efforts. Feet of clay, etc.
All consoles do and will get hacked at some point. There's enough clever people out there with an interest in cracking cosnole security, just for the challenge and notoriety to make sure of that. The fact that its taken so long I'd actually consider quite a success in this day and age.
Actually, how the security system came apart is what makes it an "epic" failure. It did not withstand the attacks because of its resilient architecture: there is no resilience where it would have mattered. It withstood the attacks because of the security by obscurity principle. That is not a success because the barn door is wide open by now. As they say, attacks only get better over time, they never get worse.
All the PS3 devices Sony sold up until now are vulnerable to the kind of exploit that would hurt Sony's business: pirated games. And it may not take long for the exploit to get "better" in that the security of the Blu-Ray device could be compromised. Which would hurt Sony, too, since they pretty much control this technology and benefit from the byzantine technology licensing scheme.
The kind of security Sony's engineers tried to implement in the PS3 can only succeed in buying time before a successful security compromise will have a noticeable impact on the market which the device was created for. What is shocking about the security failure presented at 27C3 is both in how inadequate the security architecture of the platform actually is, and in how little time it actually bought Sony. They have barely succeeded at making the PS3 profitable, and the jury is still out on whether the Blu-Ray platform will ever be profitable before other technology succeeds in eclipsing it (e.g. online streaming).