Metalmurphy said:
Cool, thanks for the info.
Is this confirmed or are you just assuming it?
I'm assuming that the IRC log isn't a fabrication. It reads in a fairly valid manner, and leads to some fairly straightforward conclusions.
There are really two things to remember here:
1. If Sony revokes the pre-existing keys that they have, pre-existing software (like games on discs) won't run. Therefore they won't revoke those keys.
2. Any system on the internet is vulnerable.
What they've done here is added a vulnerability to the PS3 - one that a couple of guys on IRC can learn how to use.
I'm hoping that the new vulnerability uses a new private/public key combination to validate any code that it executes.
The theoretical doomsday scenario is that someone finds their way on to a PSN login server, uploads a little executable that bricks PS3s (all you really need to do is throw any old set of bits at the boot flash), and installs a script to use the remote execution functionality.
I'm not saying that it's trivial, but the script and the bricker can be prepared ahead of time, and eventually a sysadmin at Sony is going to slip up and some hacker will be on the inside. That is if one wasn't a year or three ago and left a rootkit.....