Topic: PSN = Privacy? Security? Never!

[BlackNMild2k1]

I don't think anyone seriously thinks that the PS3 would have never been hacked if Sony hadn't taken OtherOS away, but taking it away the swatted the bees hive and took something that would have happened eventually and very quietly and anonymously in the shadiest places of the internet and made it a front page public matter.

You don't see Nintendo publicizing the hacks to the Wii or MS popularizing the techniques that are used to hack the 360. Sony's handling of this whole situation on the front page of tech blogs and magazines is where they have really made themselves look like fools because now everyone knows the PS3 is a glass house and all the windows are broken.

I can only laugh at everything that has taken place with the PS3 situation since OtherOS' removal and I'm sure that if Sony could go back to that boardroom meeting where that decision was made, they would have chose not to open Pandora's box and instead handle this situation in a much more quiet backroom NDA sort of way.

[Chozo Ghost]

I don't know if taking Other OS helped the hackers along, but one thing is certain and that is that taking Other OS sure as hell didn't slow them down any. So I don't get how people are still saying Sony was right to take it out. What good did taking it out do them? it was right after they removed it that this all started. At best, removing Other OS had absolutely no effect whatsoever, but more than likely its what spurred things along more rapidly.

[broodwars]

I don't know if taking Other OS helped the hackers along, but one thing is certain and that is that taking Other OS sure as hell didn't slow them down any. So I don't get how people are still saying Sony was right to take it out. What good did taking it out do them? it was right after they removed it that this all started. At best, removing Other OS had absolutely no effect whatsoever, but more than likely its what spurred things along more rapidly.

I think the hackers/pirates themselves are showing that Sony was right to remove Other OS.  Why did Sony remove Other OS?  Because people were using it to bypass the PS3's security, hack their console, and were heading towards piracy.  What happened relatively moments after Holtz released his hack that restored Other OS?  Massive piracy (we already have confirmed information that Killzone 3 has been widely pirated), hackers hacking PSN and exposing sensitive information, and now hackers practically blackmailing Sony with the threat of banning innocent consoles of their choosing.  Through their own actions, they have validated Sony's decision to remove Other OS.  All they had to do to remain in "the Right" is stick with their homebrew and perform minor hacks in service of using Linux through Other OS.  But no...they went and did everything that Sony said they would do if Other OS remained.

[Chozo Ghost]

As you said, it was the "hack that restored Other OS" that is the problem. It wasn't Other OS that was the problem, the problem was the hack that came after Sony removed it. If they never removed it that hack would not have appeared (or at least not as quickly as it did).

I think the majority of homebrewers (and even the pirates for that matter) may have just been content to do their business on Linux running on the PS3. You can run a lot of emulators and so on with Linux so yes the Other OS did allow for piracy on some level, but the hardware was gimped and it wasn't possible to pirate PS3 games or anything like that. But now its worse because now hackers have the full power of the system at their disposal, whereas before they could only pirate SNES games... but now they can pirate anything, and it was the removal of Other OS that caused this to occur.

[UncleBob]

There was no point to locking it. Other threads just sprang up in its place (like this one), and now as soon as Morari shows up and starts posting the **** is going to hit the fan just like it did before.

There were several reasons for locking that thread - and it remains locked because afterward, multiple users created posts that were modded that spun out of that thread.

And I'll say this right now, Morari was not the only monkey to be slinging poo in that thread - it's quite unfair to point all the fingers at him.  That's all I'm going to say publically on the subject and I recommend that everyone stop with the finger pointing.  If you see someone making an aggressive post, report it.  Even if the post is aimed at you, it's not an excuse to turn up the volume and attack back.

[MegaByte]

All they had to do to remain in "the Right" is stick with their homebrew and perform minor hacks in service of using Linux through Other OS.  But no...they went and did everything that Sony said they would do if Other OS remained.

This "they" that you speak of is made up of a number of different groups/individuals with very different motives.

[BranDonk Kong]

The removal of otherOS had nothing to do with piracy. The original exploit (that happened before otherOS was removed) had nothing to do with piracy. Hackers back then were trying to get passed the hypervisor so they could gain full RSX access under Linux, so that they could use the PS3 for the beast of a $400 machine that it was at the time. People in this thread are making (wrong) assumptions and just spewing crap with nothing to back it up. Also, this new information about PSN *has nothing to do with piracy* and has *nothing to do with jailbreaking your PS3* you don't even need a PS3 to achieve what these people have done. Stealing credit card numbers (there haven't been any accounts of this actually happening yet) is horribly wrong, and getting innocent users banned from PSN is horribly wrong too - BUT, the fact that this is (easily) possible NEEDS to be brought to everyone's attention, and Sony needs to take care of it. This wasn't done to be like "hey, look what we can do, we hacked into PSN and now we'll steal people's CC info," it was done to be like "hey, look how shitty Sony's network is, they want to treat their customers like ****, lets expose them for the crooks and idiots that they really are." Obviously Sony doesn't know **** about security, so if this information was not made public, then people would be getting ripped off left and right and there would be no explanation for how it was happening.

[Chozo Ghost]

All they had to do to remain in "the Right" is stick with their homebrew and perform minor hacks in service of using Linux through Other OS.  But no...they went and did everything that Sony said they would do if Other OS remained.

This "they" that you speak of is made up of a number of different groups/individuals with very different motives.

Exactly. Hackers aren't some unified organization. There are good hackers and bad ones, but they are all acting independently as individuals. The hacking of the PS3 may have been done with good intentions, but now that its out there its going to end up used for every sort of purpose. Unfortunately some of those purposes are going to be malicious.... but that doesn't mean that's what Hotz intended.

[KDR_11k]

This **** is just getting waaaaay out of control. I have literally LOL'd myself out of my damn chair and onto the floor.
Sony you are failing on so many levels right now it's just too funny to not laugh at. There are just no words......

So Sony is "failing on so many levels right now" because low-life scum hackers are showing their true colors as people unworthy of sympathy?      Sorry, but if the hackers ever had any justifiable ground to stand on, they shattered it when they announced that they could ban the consoles of innocent players (though they do need to have the console ID to do so).  Go ahead, hackers: keep it up!  Keep proving with your actions that Sony was completely justified in removing Other OS with your pirating and destroying the playing experience of people who just want to play their PS3s.

Hackers aren't homogeneous. Anyone can be a hacker, regardless of motivation. There's still a huge gap between, say, Failoverflow and Russian mafia goons. Spamming is a part of organized crime these days and it requires hackers to build up the botnets.

The fact is that hackers are a part of life on the internet and you have to make sure your systems are protected against them. Blaming this on Failoverflow is retarded, this is a man in the middle move that doesn't even require full system access. What prevented this until now was security through obscurity which any security expert would tell you is suicide. Sony generally seems to be awful at handling security, even their old rootkit caused massive security issues that third party hackers could exploit. Microsoft may have a bad track record when it comes to the PC but at least they built up enough experience to secure XBL against **** like this.

All of these problems could have been avoided with a proper security design in first place and that is the problem. When Windows gets a self replicating worm raping systems left and right we expect MS to take the blame for letting this happen, now it's Sony's turn at getting the blame for inadequate security and relying on things that are unreliable.

[BranDonk Kong]

Exactly. This is SONY's fault. No one else's.

[TJ Spyke]

Not true. While this is partly Sony's fault for not designing better security, a large part of the blame belongs to the people doing the hacking.

[broodwars]

Not true. While this is partly Sony's fault for not designing better security, a large part of the blame belongs to the people doing the hacking.

Yeah, seriously.  It's like blaming the locksmith company when a robber breaks down a door using one of its locks.  Sony should have built much stronger security all-around, but I get the feeling no amount of security would deter hackers like these with a God complex and little respect for the law.

[NWR_insanolord]

Not true. While this is partly Sony's fault for not designing better security, a large part of the blame belongs to the people doing the hacking.

Yeah, seriously.  It's like blaming the locksmith company when a robber breaks down a door using one of its locks.  Sony should have built much stronger security all-around, but I get the feeling no amount of security would deter hackers like these with a God complex and little respect for the law.

The fact that I've never heard of these things happening on Nintendo or Microsoft's platforms, despite the same community of hackers working on them, leads me to blame Sony. I am in no way letting the malicious hackers (a group that, as has been pointed out, does not include everyone involved) off the hook for what's happened overall, but this particular exploit is clearly all Sony's fault.

[Morari]

¿

[Chozo Ghost]

I think when they were designing the PS3 all of Sony's attention was focused on Blu-ray and everything else (such as security) took a back seat.

[Shaymin]

Or they were thinking about security threats in 2006 and not realizing that cracking crypto can go pretty far in 4 and a half years.

[BranDonk Kong]

With the amount of PSN upgrades that they've done, they've had ample time to get their **** in line. These people had no intention of even trying to get people's CCN's, they just happened to be right there in front of them, along with people's PSN IDs and passwords, unencrypted. Sony fucked up BIG time.

[that Baby guy]

I could have sworn I read some actual literature about this and the threat was much, much lower than most were making it out to be.  Essentially, PSN uses SSL, which is pretty secure, but not impossible to crack.  Your credit card # is sent unencrypted beyond whatever means is involved in SSL, but it's still protected by that.

If you are someone who has used homebrew on your PS3 to install custom firmware, however, there's a loophole one must use in order to buy from the PSN store, and that loophole, IIRC, either prevents the use of SSL to transfer your data, can be modified by whomever supplies the custom firmware to reroute where your information is being sent, or both.  In essence, yes, Sony does collect a lot of information about it's users using the PS3, but the security issues aren't such a big deal for non-homebrew users right now, aside from the fact that hackers have figured out how to ban a PS3, so long as they have the console's ID number.

At least, that's what a thread on NeoGAF was suggesting, which was what I read when some site reported the same information here, and someone responded saying the story didn't get the facts straight, and linked to the GAF thread, to which I no longer have a link.

[BranDonk Kong]

If there is a PS3 on a network, and you're on that same network, then you can get all the info you want. This was around before the PSN workaround that involves modified certificates, it just wasn't organized.

[KDR_11k]

Not true. While this is partly Sony's fault for not designing better security, a large part of the blame belongs to the people doing the hacking.

Yeah, seriously.  It's like blaming the locksmith company when a robber breaks down a door using one of its locks.  Sony should have built much stronger security all-around, but I get the feeling no amount of security would deter hackers like these with a God complex and little respect for the law.

You'd blame the locksmith company if they failed to include some industry standard practices and that was the reason the security failed.

I could have sworn I read some actual literature about this and the threat was much, much lower than most were making it out to be.  Essentially, PSN uses SSL, which is pretty secure, but not impossible to crack.  Your credit card # is sent unencrypted beyond whatever means is involved in SSL, but it's still protected by that.

Sounds to me like the SSL isn't doing certificate checking so anybody can pretend to be Sony's server.

[that Baby guy]

If there is a PS3 on a network, and you're on that same network, then you can get all the info you want. This was around before the PSN workaround that involves modified certificates, it just wasn't organized.

At this day and age, people using unsecured networks lack security in all sorts of internet related things.  This isn't a good issue to be worried about when you specifically relate it to PSN, as open networks are security risks for just about anything you might send or receive. If someone's breaking into a secured network, that's another matter, but presuming most people have influence or control over the networks they connect to, this isn't something worth making a big deal about.

[BranDonk Kong]

That's just one way of going about it though. That's not the only way that Sony fucked up with this.

[broodwars]

I've been warning my PS3-using friends/co-workers about this little war between hackers and Sony, and they've been pretty concerned about leaving their information up there for the time being.  I assume that Sony can fix this security hole with a firmware/netcode update?

[Nick DiMola]

I've been reading along with some of the debate here over this topic, as well as the overall case, and I decided it was worth writing about over at PixlBit. If anyone cares to read my full thoughts, the article is here.

Long story short, I support the hackers who unlocked the root key of the console, but I strongly disapprove of the ones who are exploiting PSN's weakness for evil. In my opinion, there's nothing inherently wrong with console hacking and it has led to some really fantastic homebrew applications. Piracy is a nasty side effect of console hacking, but I'm not sure there are a significant number of people actually engaging in console hacking, with an even smaller portion of them actually pirating games.

Sony has handled the entire situation quite poorly and surely the consumers will be the ones who are hurt by all of this in the long run.

[NWR_insanolord]

Long story short, I support the hackers who unlocked the root key of the console, but I strongly disapprove of the ones who are exploiting PSN's weakness for evil. In my opinion, there's nothing inherently wrong with console hacking and it has led to some really fantastic homebrew applications. Piracy is a nasty side effect of console hacking, but I'm not sure there are a significant number of people actually engaging in console hacking, with an even smaller portion of them actually pirating games.

Sony has handled the entire situation quite poorly and surely the consumers will be the ones who are hurt by all of this in the long run.

Every bit of this is right.