"The more excitable elements of the gamer community as well as tech blogs and gaming sites cried foul over the move"
All over some random IRC chatter. Truely pathetic and shambolic reporting. Hang your heads in shame.
Suggestions that Sony has added a rootkit with the latest firmware update to its PS3 console have been denounced as bunkum by a leading gaming security expert. Rumours began flying on the interwebs earlier this week that the official 3.56 firmware upgrade for Sony's consoles gave the consumer electronics giant the ability to …
A games console you can't play online? No thanks i'll buy games....
In other news (as clearly with all the Xbox Live sponsorship recently, they are prevented from reporting it), PS3 has now claimed 2nd place in the number of active consoles. Xbox is now flat last, despite launching 18months earlier...
3. Don't buy anything branded Sony. Not a console, not a PC, not a television, not a CD, not a battery, nothing.
4. Let Sony know you are boycotting everything Sony, and why.
I will buy nothing with the Sony brand on it for the rest of my life.
If you aren't completely outraged by Sony, just imagine that you'd bought (say) a Ferrari. Imagine that three years after you bought it, when you took it in to be serviced, Ferrari "upgraded" it so it couldn't be driven outside the UK, nor on any road not authorized by Ferrari. Imagine that a smart guy told you how to get around this artificial restriction. Imagine Ferrari then retalliated by suing him, and anyone else who passed on this know-how.
Couldn't happen? Think they'd get sued into the ground? Think they'd never sell another car?
This is what Sony did to the people who used to run Linux on their Playstation (and they seem to have gotten away with it)
WTF I haven't heard a more stupid analogy in my life.
A car is nothing like a Games console, You do not buy a car and buy additions to run on that car from the manufacturer solely, however making illegal modification or alterations will vinvalidate warranties or get yourself in trouble with the law.
A games munfacturers business is selling games, therefore a platform is created (ie the console you buy) and they licence games for that platform. its a business model, one which you agreed to when you bought that platform, when people start tinkering with it so that the business model changes, making the platform holder change security and o/s capabilities to prevent piracy, I can quite rightly see why Sony are P**sed . stop making silly comparisons. anyone can do that for any circumstance , does not mean its the same thing
Sony sold a console that could play games AND run Linux. It was a great combination for anyone who enjoyed games AND programming somewhat exotic computer hardware.
Subsequently, they issued an upgrade, after which you could no longer run LInux. Anything you'd invested in Playstation Linux - money, time, enjoyment - was destroyed. If you chose not to install the upgrade, you' were locked out of the latest games instead.
In other words they retrospectively took away something that had been a major part of the deal when you first purchased. I think the car analogy is *exactly* right.
As for the speed limiter that automagically turns off at registered racetracks, that's really cool. Just as long as the speed limiter was known to be there at the time you bought the car (presumably required by law).
and why did they take out the Linux O/S ?? because as already state people were tinkering with it , leave it alone and enjoy it as it was .
Car analogy makes no sense. it has very little after sales purchases apart from fuel, services.
but Like I said if you mod your car outside of the manufactuer's original design it may be taken of the road. doesn't mean you cant enjoy it on your own on private (ie ps3 would be taken of the net you can enjoy it offline) thats the only relevant analogy
I didn't agree to anything, my console was gift. How will anyone uphold these terms & conditions? What if the console belongs to a 6 year old child? Will Sony and co sue them for breaching the T&C? Children cannot sign legal documents, and i certainly did not sign anything when I was gifted my PS3. You need to take a deep breath and contact reality.
PS. you can chip your car legally so long as you tell your insurance company. Don't let facts get in the way of your ranting.
A few things that need correction in the article
1: A way to run unsigned code wasn't found, a way to SIGN the code was found. That means home brew software can now be signed as if sony add approved it.
2: People aren't worried about sony running unsigned code on the PS3, they are worried sony will run ANY code on the PS3 that they don't agree with. Sony can sign it's own code anyway.
Paris, cause she doesn't have a dongle either
1 there is NO WAY to run code that isn't approved by sony on the latest firmware, because although its been opened up it hasn't been cracked. so people worrying about malicious signed pretending-to-be-sony code is just as pointless as worrying about malicious unsigned creeped-out-of-the-gutter code.
so it goes back to being an issue of not getting on PSN for modders who can't update. nobody is going to somehow magically send your PS3 some dodgy code and make it blow up, signed, unsigned or co-signed which is what most of the crying and shouting seems to be about.
2 see above. i'd imagine the majority of people who arent modding don't care what sony runs on their console. do they know what the console has been doing / running the last six months or a year that they've had their console for? of course they don't, they haven't got a clue other than it comes on when they press the power button.
but some guy says something on IRC and suddenly its an issue? makes perfect sense.
First, use the known issue to generate your own code, signed by Sony.
Then, execute a DNS attack to change the domain that the PS3 looks for to point to your own server.
Finally, when the PS3 'phones home', it reaches your server. 'Update' it with your code. For bonus points, after you subvert the PS3, redirect the traffic to the correct server, or to a suitably functional pirate server.
On a smaller scale, if you could compromise, say, a university dorm router, or any other piece of network backbone that serves a large number of PS3s, you could subvert those units when they called home.
Paris, because she subverts units.
Why would people worry more about running a firmware update from Sony that includes enhancements to it's security system that protects their transactions on PSN instead of a hacked firmware that has been modified by who knows who to do who knows what? You have zero recourse against Mr anonymous haxxor and his latest custom firware, but you definitely have recourse against Sony if they violate your consumer rights.
I'm beginning to think people are lemmings. They'll blindly trust some hacker so they can play video games, but won't trust an organizations who's own self interests prevent them from doing anything to harm consumers.
If I as an OS maker determine that my OS's security has been compromised, I will take action to plug that game and prevent further compromise. As the developer and owner of the OS that is not just my right, it's my responsibility. I have a duty of care to make sure that my system remains secure for the protection of my customers. Enhancing the security of an OS to prevent hacking, or detect hacking is by no stretch of the imagination adding a root kit.
Now, for anyone who cares to read, please read this. The CellBE is designed from the ground up to support something called the Secure Processing Vault (SPV). The SPV starts before *anything* else on the system runs. It runs independently of the hypervisor and any OS running on the system. This has been in the Ps3 since before day 1. The code in the SPV is specifically designed to watch the system to detect intrusion. The design of the cell CPU actually assumes that the OS and/or hypervisor would be compromised The concept of the SPV is not to prevent such hacking, but to expose it, to make it evident that the system is compromised.
The only thing that Sony has done with this firmware update, apart from rain on the parade of those wishing to continue stealing games, is beef up the system's ability to detect and expose tampering. this allows PSN to detect consoles that have been hacked. For Sony to live up to it's side of the implicit contract with PSN users, Sony has to do what it can to ensure that hacked consoles do not access PSN.
Really, all this hand wringing and wailing about a rootkit is little more than a temper tantrum. How many people throw a fit if a Cell phone company demands that cellphone handsets that attach to it's network meet it's minimum requirements, such as official firmware? You are attaching a device to a proprietary network, The network operator has every right to demand such compliance. On the PS3 if you seriously fear having your Ps3 made more secure in order to continue using PSN, then you have the option of not installing the latest firmware, and foregoing PSN. In life, there are consequences to actions. Deal with them.
Just sniff what IP addresses your PS3 is 'phoning home' to then configure your firewall to block them and only them.
SONY are really peeing off a lot of people. I know from my gaming Son that there has been a lot of resentment simmering just below the surface ever since they blocked people from installing Linux.
Now it is coming to the surface.
Now where's the 'Black Pig'?
didn't tell you that Sony removed Linux because it was being used to hack the system...
Everything stems from GeoHots original hypervisor attacks from within OtherOS(Linux).,
Sony didn't remove OtherOS, the idiots that tried to use to to hack forced Sony into removing it. Tell your immature son to wake up and smell the coffee.
"didn't tell you that Sony removed Linux because it was being used to hack the system..."
It should not be Sony's business if someone tries to modify a piece of equipment, which Sony says it has *sold* to him (FYI "sold" implies a transfer of title. "Sold" is different from "lent" or "given").
"Sony didn't remove OtherOS, the idiots that tried to use to to hack forced Sony into removing it. Tell your immature son to wake up and smell the coffee."
Your logic is confused. What you're saying is equivalent to "he didn't beat up his wife, his stupid wife forced him to beat her up - tell her she should shut up and not ever complain about him being drunk/watching football/not taking shower/whatever".
I understand your fear that Daddy Sony will come and take your console away if he thinks someone is being naughty - but never fear, ultimately, he won't.
And the license includes terms that explicitly forbid the modification of it.
You own the hardware, not the software. If GeoHots had merely fried the motherboard on a dozen PS3s just to fritz the hypervisor, Sony would have done nothing, but since he demonstrated an ability to modify the hypervisor code in memory, Sony had little choice but to act.
This is not about hardware modifications, this is about software, and software is governed by the terms of it's license.
I'm not clear what Boyd is saying. He first seems to be saying there's no rootkit at all and it's the same update code that's always been there, and then he says there's something in there that's a last ditch attempt at blocking hacks. I think at best this is semantics, it's not necessarily a rootkit, but it apparently something has been added that gives Sony the ability to do things to your PS3 if they decide it's running a custom firmware. What they plan to do with this utility could do with clarifying.
The general argument I've seen lately is that consoles are closed systems and you shouldn't be modding them in the first place. But frankly there will always be people who want to explore the possibilities of their hardware, and not necessarily for piracy (and at this point someone usually chips in that's it's mostly for piracy and implies that should void all other reasons).
Sony need to be careful here, if they screw up and zap some PS3s that weren't modded or weren't being used for piracy they could end up with a bit of a PR disaster, with irate mothers complaining that Sony broke little Johnnie's PS3 on TV.
Or worse, given Sony's security track record, a hastily written root kit might have some sort of flaw open to abuse that lets some malicious sod wipe every internet connected PS3 in the world. I think Sony would be wishing for the days when just their batteries exploded if that happened!
boyd has talked a lot about this on twitter, and i think semantics do play a part here, along with the heaped confusion of what people are talking about - not helped by the hysterical reporting which went from "is there a rootkit" to "console ships with rootkit" in the space of a few days. he seems to be saying the main thing that people are shouting about..."why should sony be able to do things to my console"....has always been in the T&Cs, but IF this is a new addition to the consoles functionality it shouldn't be compared to the 2005 rootkits whether related directly to those sections in the T&Cs or some other aspect of monitoring / changing the system.
all sony seem to be doing is trying to keep the PSN free of modding, which seems fair enough to me and a task made more difficult by all the system exploration going on.
seeing people shriek about "ps3 viruses" and botnets based on some IRC chatter that isn't even confirmed is laughable...and the person who first mentioned this in IRC has even said he was misinterpreted.
"I said on irc that I saw small hints of possible remote execution code in 3.56, not the code itself, people should stop miss-interpreting." "I am tired of seeing sentences I write on irc being somewhat modified and then newsed all over way out of proportion..."
Course, unless his IRC chat was heavily modified he said "3.56 pretty much has a built in psn rootkit" and i'm not sure how else anyone could take that - seems like he's now backpedalling.
"The general argument I've seen lately is that consoles are closed systems and you shouldn't be modding them in the first place."
This just doesn't fly.
If the shop tells me they *sell* the thing to me and I put it in my house it is not a closed system anymore. It is MY piece of hardware and I can do whatever I want with it.
If you want it to remain yours then lease it to me and ask me to sign a contract, nicely.
Sorry, I am not saying you as in Si 1 "you", but as a hypothetical manufacturer "you", who is trying to put that argument forward.
I think Sony is smart enough to realize that anything electronic can be hacked- sooner or later. So making it tamper proof is potentially an impossible dream. However, making the system tamper evident is far easier, and means that modders can mod away, but Sony can ban their console from PSN is the tampering is detected.
The changes here are not about running remote software to do some nefarious thing. The code n the SPV has always actively checked to detect system compromise. Sony has simply beefed that capability up and made it possible to initiate the SPV remotely in case it has been disabled (which can be done by a custom firmware by simply bouncing the SPE running the SPV code out of isolation mode). That allows the SPV to continue it's role and to respond to appropriately encoded instructions to check the system and return it's status to PSN. Making the console tamper evident, not tamper proof.
Just because it's been in the T&C's for 5 years does not mean Sony have actually been doing all of those checks?
It may have been a "Belt & Braces" move by the Legal department at the time, to give them room to create a "back door" at a future point without having to publish a "Revised/Updated" T&C.
If I buy a car, I am allowed to make whatever modifications I want to it.
Sometimes, these modifications mean that the government will no longer allow my car on the public road (ie, makes the car "illegal") but I can still use it on private roads/tracks. Sometimes, a modified car is used to commit a felony. This makes those who use the car to commit the felony a felon - *not* the people who did the modification.
In other words, I can do what I want to my car so long as I do not use it to commit a felony/crime. The fact that the car *can* be used to commit a felony is irrelevant. (how many people get killed in car-related accident? Doesn't that mean that anyone who buys a car is a murderer-waiting-to-happen?)
But if I buy a console/computer/tablet/phone...?
you can do what you want with your console, the update is optional. You only need to apply the update if you wish to connection to PSN.
From your example, you will only need to worry about the modding you did to your car once you decide to take on the road. As long as you keep your car off the road, you can mod it as much as you want. The same apply to your console.
"Sometimes, these modifications mean that the government will no longer allow my car on the public road (ie, makes the car "illegal") but I can still use it on private roads/tracks."
Following on from that analogy even tracks have regulations and if your car does not fit inside the regulations (psn T&C) then you are not allowed to compete/practice with cars that do fit the regulations (unjailbroken consoles)
I'm sure that there was a report about this yesterday here at ElReg. I'm pretty sure I posted comments that almost exactly matched the comments of this leading security dood. I'm by no means an expert on this kind of thing, but a small amount of RESEARCH would have lead your 'journalists' to the same information.
sony has to protect the integrity of their hardware. Anyone remember the dreamcast by sega
? The same thing will happen if Sony allows hacking to continue yeah people may say "its my device we should be able to do what we like with it" if Sony allowed hackers to root the console and play copied/backed up games developers will stop making games for the console (as the amount of copied games would outweigh the legitimate ones plus cheating in games would be rife) As mentioned before if you want to maintain a rooted console don't connect it to the internet.
Talk about missing the point. Claiming its all OK because sony buried the 'right' to do this in a ream of T&Cs that nobody reads or accepts is a view only a lawyer could love.
Is he OK will sony sawing off his left leg because they buried the right to "remove external customer entities" in section 14, subsection 23-1, paragraph 7, point c ?
Anything that's tried to be imposed post purchase is invalid, and that includes the totality of the sony b*llsh*t. The only T&Cs that are in place are MINE, imposed by ME, when I paid MY money. The sooner the lawyers are forced to accept this, at gunpoint if necessary, the better the world will be.
sony need to accept that the PS3 is a device owned by the person paying the money, that they can do what they want with it, and attempts to impose locks on that right are subject to punishment of those concerned - with two bricks if necessary.
Dont think you got the gist here, the hardware is yours, do with it what you will, however using it on sony's network outside the T&C , ie hacking or piracy etc is the whole point, if you want to mod YOUR equipment then do so just expect it to be taken of the network.or road as analogy seems to be in this forum.
.. I'll tell you that mine have been phoning home for years. This is not a new thing, even if I don't sign in to PSN it will still check for game update when I run a game, it will ask me if I want to connect to the internet when I run a blu-ray movie.
if my internet is off, I will get a notification about a DNS look-up failure as soon as I power it up, even without me trying to sign in to PSN.
if you use a wired network, then the only way to stop it from using the internet is to disconnect the wire (there is no icon to do this). If you are using a wireless network (like me) then you just have to turn off the wireless network from the PSN.
this is not news, nor is it a part of the current update. As a PS3 owner, I've seen my PS3 do it for years.
I told you so :-)
Now do you believe me?
Actually, the biggest potential disaster would be if said malicious software set the HDDLOCK command with a random key, then charged a fee to unlock it.
Would you pay to get your gamesaves, personal data etc back? I think not.
(memo to self:- check his car for um, foreign devices under the petrol tank!)
AC, because he is out of work and REALLY doesen't want to get blacklisted...
(also where is the flaming battery icon El Reg?)
"I'm still waiting for someone to explain how this 'PS3 rootkit' could be used to run unsigned malicious code on a non-jailbroken box,"
Nobody is worried about unsigned malicious code - it the *signed* (i.e. SONY's own) malicious code which is a problem.
And any code that a manufacturer wants to run surreptitiously on a user's machine is malicious by definition.
cut and paste time:
"1 there is NO WAY to run code that isn't approved by sony on the latest firmware, because although its been opened up it hasn't been cracked. so people worrying about malicious signed pretending-to-be-sony code is just as pointless as worrying about malicious unsigned creeped-out-of-the-gutter code.
so it goes back to being an issue of not getting on PSN for modders who can't update. nobody is going to somehow magically send your PS3 some dodgy code and make it blow up, signed, unsigned or co-signed which is what most of the crying and shouting seems to be about.
2 see above. i'd imagine the majority of people who arent modding don't care what sony runs on their console. do they know what the console has been doing / running the last six months or a year that they've had their console for? of course they don't, they haven't got a clue other than it comes on when they press the power button."
what on earth do you think sony are going to do to your console or data? what information do you have stored on the console that is so terrifying to you? as far as i can remember, everything like payment information & personal details are stored on the playstation network, NOT the console - so what is the problem if you're not modding?
has everyone just suddenly woken up from a deep sleep and realised "holy cow, we have no idea how these consoles sitting in our front room the last 5 years work"?
Spelling it out time:
S O N Y ' s c o d e r u n o n m y c o n s o l e w i t h o u t m y a p p r o v a l i s m a l i c i o u s b y d e f i n i t i o n
You really can't be serious saying that I should not care what a networked piece of equipment in my house is doing?
"what on earth do you think sony are going to do to your console or data?"
Well, they can stop the console from playing a specific game, for example - remember 1984 on Kindle? Or kill your console altogether, if they want to for some concocted "intellectual property" violation.
You seem to be saying there is nothing wrong with Sony doing such thing but I believe you are gravely mistaken.
"You really can't be serious saying that I should not care what a networked piece of equipment in my house is doing?"
Unless you're hacking your console to bits with mod tools, please explain what ANYBODY who isnt a modder knows what the inner workings of their console is doing. as evidenced by the reaction to this, people seem to think consoles work with magic pixie dust.
if you care so much, pop it open, see for yourself then stay offline if you disagree or buy something else. the constant modding & cracking leaves sony little choice at this point.
"what on earth do you think sony are going to do to your console or data?"
"Well, they can stop the console from playing a specific game, for example - remember 1984 on Kindle? Or kill your console altogether, if they want to for some concocted "intellectual property" violation."
Wait, this is getting silly now. consoles in the current gen have ALWAYS been able to out and out ban a username from a specific game, or indeed ban the console forever if evidence of cheating and / or piracy has been found. ps3, xbox, have done this for YEARS. 1984 and kindle has absolutely no relevance at all to someone having their console banned if they trip enough checks and flags for cheating.
and if you don't want to be pulled for "IP violation", the solution is simple: DON'T GO ONLINE WITH A MODDED BOX.
other than preventing your online access I'm struggling to see what danger there is to your data - most (or all) of which is stored on the PSN, outside of your console and effectively outside of your control if someone happens to hack your PSN account while you're tucked up in bed.
and as mentioned elsewhere, the person who first started this on IRC has now said he didn't claim there was a rootkit, just that he'd seen "some evidence" of remote activity.
still don't see the big deal.
If you read carefully you will finally realise (I hope) that I don't talk about breaking the network rules etc but about manufacturer interfering with hardware in a way that affects its offline functions.
Like revoking device or content keys which will stop your PS3 from playing at all or from accepting specific discs (which you may have bought legally, but which the rights holder decided he does not want you to use anymore).
I know BD specs (AACS actually) provides for these things anyway - that's why I'll never pay for anything BD, but that code execution function makes it easier for Sony to enforce that crap and to extend it to things not covered by AACS.
You may say that it's within Sony's rights but that is the whole bloody point you people seem incapable of understanding - it may well be within their rights (because of corruption or incompetence or negligence of lawmakers) but it should not be.
You know, UK Contract law is a fascinating beast. You may have heard of something called "Unfair imposition of extended terms." Some people call it the "Shrink Wrap License Issue".
You see, the problem is, you don't get to see the Contract/EULA/T&C's before you've purchased the goods, which means the vendor is attempting to apply contractual terms on you AFTER the fact and without pre-sale agreement.
Under UK Law, thats pretty much a no-no. Same goes for most of the EU. In the US, I believe, its totally fair.
Also, any variance to the 'contract' between you and a service provider to which you have not formally agreed (even if they've put in a clause that says they may vary the terms without notice etc.) renders the agreement null and void.
Odd thing is, this greyness in contract law as regards EULA/T&Cs has only ever been challenged in Scotland and remains unchallenged elsewhere in the UK.
However, the T&C's relate tothe consoles online use and your asked to accept it to proceed,
The whole thing about modding a consumer electronic is not in question, as sticking new bits of coloured plastic or new HDD's is a form of Modding, however modding the o/s to use on the pre agree T&C's online allowing you to either pirate or negate unfair advantages over other users is where the T&C's come in to force and can terminate your use of a service , not the product (hardware) the hardware can still used offline and the other unofficial sign code can be used just not on the network.
theres two products here, the hardware which is yours and the network which isn't .
If your going online with a Jailbroken PS3 you deserve to have your console bricked. First rule of jailbreaking is not to go online with the thing. Unfortunatly all these kids who dont really know what their doing and have jailbroken their consoles just for the sake of it are in for one hell of a shock when the thing wont switch on any more.
when Sony released the Slim version of the PS3 and said that it won't have the Other OS feature, my first thought was to get a 2nd fat version in case the one I have dies.
when Sony released an update that removed the Other OS feature from the fat version of the PS3, I thought that both of those consoles shouldn't connect to PSN again, and it was about time to get the Slim version for my gaming sessions (I was already planning of getting the Slim version because of the HD size, the update have speedup that decision).
now my question, for those who did value the Other OS option so highly, why didn't you get a 2nd console to preserve that option? the console price have dropped significantly when the Slim version came out, so why didn't you try to protect you development console?
if you do hold something so dearly, why didn't you spend few quids to protect it instead of crying about it later?
P.S. I am one of those people who have multiple PCs, I don't mess with my gaming/work PC, but the experimenting PC is always ready to be replace at the drop of a hat. The same apply to my consoles.
This argument is ultra boring now. Most of you seem to be AGAINST Sony blocking their system from modification?? Do you not realise that most hackers are using their systems to ruin the online gameplay for those who just want to play a normal game? I had to quit playing Modern Warfare because hackers totally ruined not just the game but all my stats as well. Are you saying that you're FOR hackers doing this?
I would only be in total agreement with this apparant majority IF hacking the system didn't affect the online gameplay of other players, unfortunately I've seem though what this hack has done and to be honest I haven't used my PS3 since.
Yes... Sony SELL you the system, therefore you should be allowed to do whatever, however I hope they also block you from PSN because I'm tired of some spotty little kid wrecking my games.
Get over it
"Do you not realise that most hackers are using their systems to ruin the online gameplay for those who just want to play a normal game?"
Incorrect, this is a very large false rumor that has been spreading around lately.
These cheaters have been cheating months before the PS3 was ever hacked. They use lagswitches and modified save files, it has absolutely nothing to do with the current round of PS3 hacks and everything to do with how pathetically bad the games were actually coded in terms of security.
Its Activision's fault, not Sony's, not the hackers. Cry to THEM that your online experience is ruined.
It is not unreasonable for Sony to include corrections to the flaws recently pointed out by the Chaos Computer Club in its newest firmware release.
However, it isn't unreasonable for people to expect that they can connect a PS3 to the Internet, and use it to browse the web, and so on, and not have it upgrade firmware unless they specifically request a firmware upgrade, or connect to a service, such as the PlayStation Network, that requires the latest version of the firmware.
Also, if Sony does fix the problems that might allow hackers to play pirated games, and so on, then they should also, while they're at it, restore the ability to run Linux on the machine.
You buy a PS3. You own the hardware. You can do what you like with it.
HOWEVER, you do NOT own the software. You have agreed to the licence terms which allow you to use it only in certain ways.
If you don't agree with those terms, you can take it back to your retailer within a reasonable period for a refund.
I'll say it again for the hard of thinking: You own the hardware, you do NOT own the software.
Grenade: my gift to those knobs who are making my favourite console less good by their meddling. Thank you very much.
I can run any software that I own, or own a license to run, on my hardware. If I run Linux on my hardware, I am allowed to connect to the Internet, provided that my ISP allows me to connect to the Internet. I'm allowed to run games on my Linux PS3, provided I have bought the license to run the game. I'm allowed to run my legal backup copy of said games as well.
I don't have any right to play online games on PSN using my Linux PS3. That's because of the TOS of PSN, and that is still slightly dodgy.
The Sony encryption keys were leaked awhile ago, anyone can sign anything, and it will run on a non-jailbroken box, how do you think people updated their firmware? Using Sonys OWN updater with a signed forged firmware.
“People will happily download homebrew from Basement Bob which could steal logins/credit card details, but code from the console maker is evil?”
The difference being, most home-brew is open source, Sony isn’t.
For a security 'expert' Chris Boyd is pretty uninformed.
I looked up this guy, guess what I found?
He seem to enjoy going on biased tirades, for example, he was blasting bittorrent while praising MS's own propitiatory P2P client over it.... he also got an MVP award from Microsoft, hmmm...
First of all, anyone here with a brain knows how useless and baseless a TOS or EULA is, the fact he is bringing this up is pathetic, I have seen better arguments on messageboards from teenagers. If you don't realize why a contract of adhesion presented after you paid for the product with no proof that you signed it whose terms can change at anytime without your knowledge and grants immunity to anything from the company who made the product are tossed out on court.... well, say "baaah" then.
Second, he basically confirmed that there IS a rootkit, so how has this "rumor" been "debunked" exactly?
Third, you do not need to be on PSN, which means no TOS, in order for this to effect you. The PS3 sends information about itself, but also information about EVERY DEVICE CONNECTED TO YOUR LAN, as well as some other data through some encrypted packets, every time its turned on with an internet connection, even if its not connecting to PSN. They can most certainly run any code they want without your consent even if you don't use PSN, and thus have not agreed to the TOS.
Fourth, the rootkit can be used to push an update without your consent, in some cases bricking the device if performed at a bad time, or any other such millions of code Sony runs whenever they feel like that can go wrong. Remember, according to federal law, which trumps a silly little EULA written in the back, of the manual, the PS3 system is YOUR property, not Sony's. Yet they are controlling it as if its theirs with this rootkit.
Finally, once it's inner workings are disassembled, and they will be, ANYONE can send a command through "the tubes" and wreck havoc, and SONY will be the one to blame for putting this backdoor in there on purpose in the first place.
I would not be surprised if Sony paid off this guy, he has shown to be arguing for the sake of whoever gives him recognition or money in the past. Seriously, his entire damn argument centers around "The TOS says they can do whatever they want" basically, somebody get this guy a lawyer to teach him how toothless that TOS really is. Technically according to the TOS, if my PS3 explodes and burns down my house due to a known defect Sony isn't responsible, you tell ME who do you think would win in such a lawsuit.
"he was blasting bittorrent while praising MS's own propitiatory P2P client over it.... he also got an MVP award from Microsoft, hmmm..."
aside from thinking a microsoft award would make him more inclined to bash a rival than defend it (or at least show some restraint before jumping on the "omg ps3 virus incoming" bandwagon), if youre gonna mention well known adware stories from the past couple of years at least do more than skim related articles then post incorrect information.
you must be refering to this http://www.pcmag.com/article2/0,2817,1829724,00.asp where john dvorak brought up the MS p2p system that had not been mentioned anywhere in relation to that story - nor did anyone "bash bittorrent", numerous researchers including boyd, pcpitsop and other sites highlighted potentially illegal content mixed up in supposedly legit adware bundles from some of the biggest adware companies of the day http://www.pcpitstop.com/spycheck/badtorrent.asp
dvoraks article was so silly that eweek called him out on it. http://www.eweek.com/c/a/Security/There-Is-No-Conspiracy-Against-BitTorrent/
to my knowledge, nobody involved in that research then or since ever mentioned avalanche besides dvorak. so no, nobody "bashed bittorent" and five minutes reading would have brought you to the same conclusion.
"First of all, anyone here with a brain knows how useless and baseless a TOS or EULA is"
EULAs go to court all the time, and many lawyers work with it all the time like these guys http://www.aftab.com/
whether you complain about a EULA afterwards or not the damage is done, and console provider / software creator has probably already done what they wanted to do, or has the power to do it unless you take some drastic action. after the fact is too late, agree and go into it or refuse and go elsewhere. if you're not aware of eula / ToS / contract law going into court on a regular basis, you should probably stop commenting on it right now.
"Second, he basically confirmed that there IS a rootkit, so how has this "rumor" been "debunked" exactly?"
most of the comments i can see from him here were lifted from informal discussions with others on twitter where the basis was IF this exists, then it probably isn't a big deal - but if it does, there's not much you can do about it but you're not going to end up with your console exploding. mashing unrelated comments from elsewhere out of context and combining with whatever he said to the register causes some confusion imho, but its not particularly hard to work out.
btw did you miss above that the matheiu guy who first mentioned this has now said he never claimed a rookit shipped? mass hysteria over NOTHING.
"Finally, once it's inner workings are disassembled, and they will be, ANYONE can send a command through "the tubes" and wreck havoc, and SONY will be the one to blame for putting this backdoor in there on purpose in the first place."
take a deep breath, then clearly highlight how someone will send "a command through the tubes" to do something malicious to my PS3. if you can't do this, you're pulling ideas out of the sky.
"I would not be surprised if Sony paid off this guy, he has shown to be arguing for the sake of whoever gives him recognition or money in the past. "
you're back to your incorrect assumptions about the bittorrent thing, aren't you? but i'll play ball:
1) he often complains about microsoft on his various blogs, and has been very vocal in the security shortcomings of both their console and their operating systems at conferences and elsewhere. it seems the "bias" extends to you picking and choosing what to highlight.
2) who has "given him money in the past"?
look, not everyone wants to hack the PS3 to run home-brew/pirated games/whatever... some, like me, though still have not done it yet, but thinking of it... wants to do this just so that we can bloody play our DVDs from other regions! yes, Sony, it seems, unlike every other manufacturer, still makes their players region coded that can't be made into all region! they suck to no limits and this PS3 is my last Sony buy for no other reason but that Sony seem to hate their customers! and when I say last Sony buy, this includes their crappy media, from CDs, movies, etc etc... there are too many music and movies in this world anyway, one less company that makes them would not result in much loss for me anyway...
1) obtain surplus moddable WiFi router
2) custom firmware the beast
3) add hacked DNS table that returns enough data to convince the PS3 it is on the Net
4) add internal rechargeable power supply and charger
4) Sell these on Greedbay without HDD as dual function Piratebox and PS3 un-evilness b0xen.
AC, because the MPAA will be after him as well as Sony.
Biting the hand that feeds IT © 1998–2022