Sony, you disgust me!
It disgusts me whenever I think about the manner in which Geohot is be prosecuted by Sony. Unfortunately, there are number of journalists (with absolutely no concept of vulnerability research or security for that matter) determined to portray George as a criminal that hacked the PS3 only so that pirated games could be played on the games console.
This is no doubt because either these “journalists” (and/or the organisations that they represent) are laying in bed with Sony, or there will be negative impact if they sided with George.
(But let me drop some knowledge on the matter…)
I’ve never owned a games console but at the beginning of last year (February/March), I decided to get hold of one of the old-school fat PS3 consoles specifically so that I could do some cell-chip programming. For some reason, I decided against purchasing the device.
A few days later, I received the news that Sony was disabling the OtherOS feature that had been shipped on all fat PS3 consoles. Furthermore, Sony left PS3 owners with a bit of a dillema: either update and play games on your PS3; or don’t update, use OtherOS and have your gaming functionality severely limited. Of course, Sony stated that this change was because the OtherOS functionality was being abused and could be used to compromise the security of the console.
The news from Sony left many furious, and led to a number of groups attempting to bypass this restriction. “We” paid for OtherOS functionality, so it can’t be taken away from us. Moreover, “we” shouldn’t be expected to choose between gaming or OtherOS. Once geohot joined the fight, the hackers knew things were gonna get interesting. And Boi! Did they?!?
Fast forward and, in true geohot style, exploits were created for the PS3 along with how-to videos. Once Sony realised this, they starting throwing their toys (and lawyers) out of the cot.
Geohot’s intention was to restore OtherOS functionality to the PS3 fat, and possibly PS3 slim. He cannot be held responsible if others were going to abuse the functionality.
Furthermore, if you (Sony and other Corps) want to ensure that your devices don’t get hacked or games get pirated, then implement proper security controls. If you take shortcuts, then you will eventually be found out.
Also, if you are going to be hacked … then wouldn’t you want to be hacked by a publically-known security researcher who will properly disclose all identified issues? Or would corporates prefer to be hacked by anonymous groups that will sell the information as 0-day to others groups?
It is also interesting to note that Geohot is being prosecuted by the same company that distributed malware to unsuspecting customers.
This entire episode reminds me of an incident that occured last year when some people suggested that vulnerability researchers be labelled as “narcissistic vulnerability pimps”. A good friend, singe, commented on the incident here.
It would appear that these days, no-one cares about the manner you disclose a vulnerability … it simply comes down to the pride of corporates.
Sony! While I own a number of your products and I would like to purchase more of them, I refuse to! Not after the way you have dealt with this situation! Sony, you disgust me!
Oh, one more thing…
46 DC EA D3 17 FE 45 D8 09 23 EB 97 E4 95 64 10 D4 CD B2 C2
erk: C0 CE FE 84 C2 27 F7 5B D0 7A 7E B8 46 50 9F 93 B2 38 E7 70 DA CB 9F F4 A3 88 F8 12 48 2B E2 1B
riv: 47 EE 74 54 E4 77 4C C9 B8 96 0C 7B 59 F4 C1 4D
pub: C2 D4 AA F3 19 35 50 19 AF 99 D4 4E 2B 58 CA 29 25 2C 89 12 3D 11 D6 21 8F 40 B1 38 CA B2 9B 71 01 F3 AE B7 2A 97 50 19
R: 80 6E 07 8F A1 52 97 90 CE 1A AE 02 BA DD 6F AA A6 AF 74 17
n: E1 3A 7E BC 3A CC EB 1C B5 6C C8 60 FC AB DB 6A 04 8C 55 E1
K: BA 90 55 91 68 61 B9 77 ED CB ED 92 00 50 92 F6 6C 7A 3D 8D
Da: C5 B2 BF A1 A4 13 DD 16 F2 6D 31 C0 F2 ED 47 20 DC FB 06 70