Support NeoGAF

[Zoe]

It doesn't mean they have* the ability to collect that information.

My point is nobody's combed through the firmware line by line. Just because a switch hasn't (or maybe it has) been flipped doesn't mean that it's not in there.

 

[Rhindle]

Do you use an anti virus on your pc?

Firewall?

Adware scanner?

E-mail provider?

Steam?

Punkbuster?

I can go on, but in order for those guys to provide the service you paid for they have to look at your shit in detail to keep it secure.

I'd much rather Sony actively looked for and banned hackers who are causing nothing but problems for legit paying customers in some games than did nothing.

Last I checked, all of these are services the user decides whether and when to install, whether and when to run, and whether and when to limit or interrupt.

That's hardly the same thing as mandatorily turning over control of your machine to a third party on bootup, with no knowledge or control as to what that third party may do with it.

 

[kitch9]

No I don't. Ubuntu user here (2 computers, 2 laptops). I do have steam in a walled garden on a gaming PC with no private data on it at all.

I'm a legit paying customer and I want to be informed about what they are doing on MY machine. I don't want to have to find out from a bunch of hackers on IRC thanks.

Your paranoia astounds me...

You run Ubuntu with no internet contacting programs installed?

 

[kitch9]

Last I checked, all of these are services the user decides whether and when to install, whether and when to run, and whether and when to limit or interrupt.

That's hardly the same thing as mandatorily turning over control of your machine to a third party on bootup, with no knowledge or control as to what that third party may do with it.

Jesus where's all the fud come from?

You sign into Psn, the Psn server asks your ps3 to prove its legit by probably running code that performs hash checks on random files they know the hackers have been manipulating and once passed you are let on. What the hell to people keep on their ps3's that's so important apart from music and video files? If you were smart they would be backed up anyway.

 

[marathonfool]

Yeah...I think this is why the hackers never spent much effort trying to keep JTAG'ed 360s on Live. You can see the end game already - Sony has a bunch of challenges waiting, they issue one new one, a bunch of people get banned (say the hackers can instantly detect that the challenge has changed, because the hacked firmware will report that the challenge they just got is unknown, whether they are immediately banned or not)...they work on getting a new hacked firmware out that counters the new challenge, and as soon as the post on PS3Scene or whatever comes out that there is a new firmware available, update now...boom, Sony pushes the button and changes the challenge on the PSN servers immediately after the hacked firmware is posted, and everyone is back to square one. Since the hackers are always forced to react, it's pretty much pointless to try to keep it updated.

It's why MS gave up when they were trying to get MSN Messenger to sign onto AIM.

Appreciate you explaining these things. I've learned quite a bit from your posts. Helps me understand what Sony is trying to do.

 

[FLEABttn]

Intrusive. Do not want. Very disappointed in Sony. My system is legit, leave me alone.

It's completely transparent to the end user and likely less invasive than any sort of anti-cheater system on the PC.

You are being left alone. To say otherwise is disingenuous.

 

[SonOfABeep]

Hanging onto OFW 3.55 until a game requires it that I want.

Don't see that happening until ICO/SotC collection, maybe.

Had homebrew but i wasn't using my ps3 any more than before that (which is to say, like once every few months) so I figured might as well leave it where I have options.

PSN might as well not exist to me. Zero friends on my list, don't play any games online.

 

[kamorra]

Jesus where's all the fud come from?

You sign into Psn, the Psn server asks your ps3 to prove its legit by probably running code that performs hash checks on random files they know the hackers have been manipulating and once passed you are let on. What the hell to people keep on their ps3's that's so important apart from music and video files? If you were smart they would be backed up anyway.

You don't have to sign in. You don't even need a PSN account. This check runs as soon as you start your PS3. Then there is also the little fact that it can execute code without you knowing it. That's not nice and the reason why we use anti virus software on our computers. If you were smart you checked your facts before calling others out.

 

[Zoe]

You don't have to sign in. You don't even need a PSN account. This check runs as soon as you start your PS3. Then there is also the little fact that it can execute code without you knowing it. That's not nice and the reason why we use anti virus software on our computers. If you were smart you checked your facts before calling others out.

Maybe you should check your facts. In the IRC log, Math says it happens upon PSN login. The other "phone home" stuff upon boot has ALWAYS been there.

 

[test_account]

You just have to assume they learned from their mistakes. And this is a whole lot more complicated than the CD rootkit. But is this a rootkit now? Or is it FUD at this point?

True, i dont think that this potentially rootkit (if that is the right word to use) is anything like the CD rootkit stuff, because as you say, i think that they have learned from that mistake.

it would be possible if someone had an open wifi with their own special routing and someone else connected their PS3 to leech off the person's Wifi...or if someone pulled off a DNS cache poisoning attack and had all their ducks in a row and people connected to the PSN using the comprimised DNS entries...

technically possible, but realistically.. never gonna happen.

Ah ok, i see, that seems quite unlikely indeed.

 

[kamorra]

Maybe you should check your facts. In the IRC log, Math says it happens upon PSN login. The other "phone home" stuff upon boot has ALWAYS been there.

In the moment you power up your PS3 it contacts the server regardless if you have a account or not and again when you login on PSN. The ability to execute code is the new thing here.

 

[Zoe]

In the moment you power up your PS3 it contacts the server regardless if you have a account or not and again when you login on PSN. The ability to execute code is the new thing here.

That is still FUD. There is no way of knowing whether the two have any relation whatsoever.

 

[NinjaCodah]

It's not a rootkit. It's just a better way to verify the integrity of your PS3 when you log on to their PSN servers. That same code they're sending could very well be placed in an official firmware update, but then it would make it easy for hackers to work around it. This is the equivalent of a quick firmware update, but without the hassle and too fast for hackers to respond to it. It's not like they're stealing all your porn or anything, it's only meant to keep hacked PS3's off PSN. I'm all for it.

If you want to code stuff for the ps3 or run homebrew, and go on PSN and play the most recent games, just do as I did: buy a second PS3.

 

[DrXym]

It was entirely predictable they would get around to this. Basically if you connect a modded firmware to PSN you're fucked or will be shortly. This and the size of isos probably means the level of piracy is going to be contained - present but not endemic.

 

[Zeal]

OH DAMN YOU SONY FOR RUNNING YOUR CODE ON YOUR CONSOLE!
>8(

i hate posts like this. they are neither witty or contributive.

 

[Ploid 3.0]

It seems the main issue people have with this system check is that it kinda makes them choose over PSN or homebrew. Get another system, or a PC for homebrew. Sony always had access to what you did on your ps3 before this firmware. What games you played, and what you bought. Hackers felt like they had to delete files before they logged onto PSN, and they developed something to do it automatically so everyone here was aware that sony already checked their system. So it can't be that surprising, keep the ps3 offline.

Install new firmware from new games and the PS3 won't be able to send your social security number to sony.

As for the fear that hackers will take over Sony and PSN to steal your ID's just remove the information from your PS3 and don't log on when it's on the news that sony lost control of PSN to hackers.

 

[kamorra]

That is still FUD. There is no way of knowing whether the two have any relation whatsoever.

Uh, what? Maybe you should check the IRC channel where the quote is from. I'm not interested in discussing just for the sake of discussing. I'm done here.

 

[Zoe]

Uh, what? Maybe you should check the IRC channel where the quote is from. I'm not interested in discussing just for the sake of discussing. I'm done here.

How about you (or someone else) share that information then? Not everybody has the means to get onto IRC 24/7.

I suppose that's just too much trouble though.

 

[Ploid 3.0]

How about you (or someone else) share that information then? Not everybody has the means to get onto IRC 24/7.

I suppose that's just too much trouble though.

I remember this argument tactic. Kinda effective, lawyers should use it. It might only work on message boards though.

 

[3rdman]

I just noticed that Sony sent takedown notices to other hackers...LOL. Does Sony really think that acting like Don Quixote will stop the hacker's windmills?

 

[Zoe]

I just noticed that Sony sent takedown notices to other hackers...LOL. Does Sony really think that acting like Don Quixote will stop the hacker's windmills?

It's not like it takes much effort. Just get an unpaid legal intern to browse the web for a day.

 

[gblues]

I posted this a few weeks ago:

http://www.neogaf.com/forum/showpost.php?p=25281625&postcount=4607

Personally I wouldn't count on them getting this working...maybe it's possible but I don't think the community would spend that much time on it.

(Additionally I expect Sony will just keep you from signing onto PSN, but if the hackers really make an effort to defeat this check, then I would expect Sony to start issuing console bans if they think the machine has been tampered with.)

Maybe. I don't think they could feasibly do blocking based on excessive time because network latency would trigger too may false positives. And if it was possible to boot the VM prior to the PSN sign-in, the performance difference would probably be indistinguishable from lag. But, I don't have a PS3 so I'm not familiar with the particulars of signing into PSN.

 

[scoobs]

I'll never understand console hackers.. ur just asking to get ur $300+ investment taken away.. just play the way its meant to be played lol

 

[3rdman]

I'll never understand console hackers.. ur just asking to get ur $300+ investment taken away.. just play the way its meant to be played lol

You've never owned an XBOX with XBMC.

 

[Ploid 3.0]

You've never owned an XBOX with XBMC.

Is it better than a HTPC?

 

[Clear]

Am I the only one getting really worn down by this endless "Sony are equal parts evil and stupid" mentality?

If you have serious misgivings just sell your PS3's and go buy one of their competitors products instead. Its really that simple.

The PS3 is an entertainment device, its not irreplaceable or by any stretch of the imagination a neccessity for anyone. In a word, its an *OPTION*, one which you aren't even contractually locked into exercising for a fixed term.

Newsflash: You aren't being oppressed by the big bad. Sony have one interest in all of this and that is to sell you their products. Part of that sales process is maintaining a quality of service they feel comfortable with by controlling that (platform and network) environment. Hacker actions threaten that control, and so OBVIOUSLY they are going to take steps to remedy the situation. What do you expect them to do, pretend nothing's changed and just roll over on a product line they've invested billions of dollars in?

As I wrote before, Geohot and Failoverflow's actions didn't occur in a vacuum, the repercussions were bound to be felt by ALL PS3/PSN irrespective of their stance on the legality/justification of their goals. This is just the beginning of the "cat and mouse" phase.

Last thing, before someone plays the "corporate ball-licker" card:
If you genuinely care about "consumer rights", here's a radical thought: Exercise your one immutable right as a consumer and don't do business with a company who's policies and practices you disagree with.

The only way you are going to effect change upon a business offering a non-essential service is by rescinding your custom, because I guarantee you all the rage and hand-wringing in the world aint going to do jack. And truthfully it shouldn't, because if you lack the commitment to "walk the walk" it critically undermines the whole premise of your complaint.

 

[kitch9]

You don't have to sign in. You don't even need a PSN account. This check runs as soon as you start your PS3. Then there is also the little fact that it can execute code without you knowing it. That's not nice and the reason why we use anti virus software on our computers. If you were smart you checked your facts before calling others out.

Another in the fud brigade.....

 

[kitch9]

Am I the only one getting really worn down by this endless "Sony are equal parts evil and stupid" mentality?

If you have serious misgivings just sell your PS3's and go buy one of their competitors products instead. Its really that simple.

The PS3 is an entertainment device, its not irreplaceable or by any stretch of the imagination a neccessity for anyone. In a word, its an *OPTION*, one which you aren't even contractually locked into exercising for a fixed term.

Newsflash: You aren't being oppressed by the big bad. Sony have one interest in all of this and that is to sell you their products. Part of that sales process is maintaining a quality of service they feel comfortable with by controlling that (platform and network) environment. Hacker actions threaten that control, and so OBVIOUSLY they are going to take steps to remedy the situation. What do you expect them to do, pretend nothing's changed and just roll over on a product line they've invested billions of dollars in?

As I wrote before, Geohot and Failoverflow's actions didn't occur in a vacuum, the repercussions were bound to be felt by ALL PS3/PSN irrespective of their stance on the legality/justification of their goals. This is just the beginning of the "cat and mouse" phase.

Last thing, before someone plays the "corporate ball-licker" card:
If you genuinely care about "consumer rights", here's a radical thought: Exercise your one immutable right as a consumer and don't do business with a company who's policies and practices you disagree with.

The only way you are going to effect change upon a business offering a non-essential service is by rescinding your custom, because I guarantee you all the rage and hand-wringing in the world aint going to do jack. And truthfully it shouldn't, because if you lack the commitment to "walk the walk" it critically undermines the whole premise of your complaint.

A-fucking-men dude.

 

[Rich!]

Is it better than a HTPC?

Considering a lot of people run XMBC on their HTPCs, including myself, I'd have to give you a resounding YES.

 

[Zoe]

Considering a lot of people run XMBC on their HTPCs, including myself, I'd have to give you a resounding YES.

But XBMC on an HTPC can do full HD.

 

[Ploid 3.0]

Considering a lot of people run XMBC on their HTPCs, including myself, I'd have to give you a resounding YES.

The Xbox's XBMC is what I meant. So, HTPC has XMBC, interesting.

A-fucking-men dude.

All of their friends are on PS3, they can't just sell it, because they don't agree with it's spying or need to install new firmwares with newer games, and move on.

 

[Jobiensis]

Last thing, before someone plays the "corporate ball-licker" card:
If you genuinely care about "consumer rights", here's a radical thought: Exercise your one immutable right as a consumer and don't do business with a company who's policies and practices you disagree with.

Heh, a lot of consumers have taken this approach.

This is a pretty brain-dead argument, so consumer rights now can be boiled down to if you don't like it don't buy it? Caveat emptor is all that is necessary now?

I don't quite understand the outrage, it certainly could be next to impossible to exploit if implemented correctly. Then again they still are using http for PSN.

 

[Violater]

Drop the Ban nuke from space on them all I say.
I don't give a crap what they want to do with their own machine, but when they start shitting up in my online games then fuck em.

 

[Rhindle]

Am I the only one getting really worn down by this endless "Sony are equal parts evil and stupid" mentality?

If you have serious misgivings just sell your PS3's and go buy one of their competitors products instead. Its really that simple.

The PS3 is an entertainment device, its not irreplaceable or by any stretch of the imagination a neccessity for anyone. In a word, its an *OPTION*, one which you aren't even contractually locked into exercising for a fixed term.

Newsflash: You aren't being oppressed by the big bad. Sony have one interest in all of this and that is to sell you their products. Part of that sales process is maintaining a quality of service they feel comfortable with by controlling that (platform and network) environment. Hacker actions threaten that control, and so OBVIOUSLY they are going to take steps to remedy the situation. What do you expect them to do, pretend nothing's changed and just roll over on a product line they've invested billions of dollars in?

As I wrote before, Geohot and Failoverflow's actions didn't occur in a vacuum, the repercussions were bound to be felt by ALL PS3/PSN irrespective of their stance on the legality/justification of their goals. This is just the beginning of the "cat and mouse" phase.

Last thing, before someone plays the "corporate ball-licker" card:
If you genuinely care about "consumer rights", here's a radical thought: Exercise your one immutable right as a consumer and don't do business with a company who's policies and practices you disagree with.

The only way you are going to effect change upon a business offering a non-essential service is by rescinding your custom, because I guarantee you all the rage and hand-wringing in the world aint going to do jack. And truthfully it shouldn't, because if you lack the commitment to "walk the walk" it critically undermines the whole premise of your complaint.

It's kind of hard to just elect to not "do business with a company who's policies and practices you disagree with" after you've spent $300-$600 on their hardware and multiples of that on their software.

Besides, I don't see why the choice should be between walking away and silently submitting to whatever is dished out to you.

 

[Despera]

It seems the main issue people have with this system check is that it kinda makes them choose over PSN or homebrew. Get another system, or a PC for homebrew. Sony always had access to what you did on your ps3 before this firmware. What games you played, and what you bought. Hackers felt like they had to delete files before they logged onto PSN, and they developed something to do it automatically so everyone here was aware that sony already checked their system. So it can't be that surprising, keep the ps3 offline.

Install new firmware from new games and the PS3 won't be able to send your social security number to sony.

As for the fear that hackers will take over Sony and PSN to steal your ID's just remove the information from your PS3 and don't log on when it's on the news that sony lost control of PSN to hackers.

What happens if I swallow both pills?

I'll have to disagree with you, though. What we're (allegedly) facing at the moment is the fact that Sony can, at any time, install an executable on your system, and run it whenever they please. They can make that file today and upload it to your system.

And then make another one which does other shit we don't know about tomorrow.

That's different than having a fixed set of data being uploaded every time you sign in.

All our base are belong to Sony now, and there's nothing we can do about it.

 

[Cruzader]

This is great news.

Quick check on system files and anyone with foreign file structures should get swift ban on PSN.

 

[Ploid 3.0]

All our base are belong to Sony now, and there's nothing we can do about it.

Sony showed what they're willing to do to protect their service, and try to stop the ugly side of homebrew. It's best to make it up in your mind to cut ties and move on to something else if you can't deal with whats happening. If you're willing to deal with it the issue isn't as big of a problem for you.

Moving on is hard though.
http://i.imgur.com/YngLR.jpg

No CFW or XMBC (I think) on it, but they don't install executable files on it (right?). It's safe for now.

 

[marathonfool]

Sony showed what they're willing to do to protect their service, and try to stop the ugly side of homebrew. It's best to make it up in your mind to cut ties and move on to something else if you can't deal with whats happening. If you're willing to deal with it the issue isn't as big of a problem for you.

Moving on is hard though.
http://i.imgur.com/YngLR.jpg

No CFW or XMBC (I think) on it, but they don't install executable files on it (right?). It's safe for now.

From my understanding, Microsoft has been using the same remote challenges Sony has just now instituted for years.

 

[Zoe]

No CFW or XMBC (I think) on it, but they don't install executable files on it (right?). It's safe for now.

Apparently not to catch JTAG users.

 

[Dragon]

Gee, I hope Sony doesn't get root on my PS3.

sudo su - root
rm -rf /

Take that Sony! .... er wait!! I take it back.

 

[Dr Frasier Crane]

Am I the only one getting really worn down by this endless "Sony are equal parts evil and stupid" mentality?

If you have serious misgivings just sell your PS3's and go buy one of their competitors products instead. Its really that simple.

The PS3 is an entertainment device, its not irreplaceable or by any stretch of the imagination a neccessity for anyone. In a word, its an *OPTION*, one which you aren't even contractually locked into exercising for a fixed term.

Newsflash: You aren't being oppressed by the big bad. Sony have one interest in all of this and that is to sell you their products. Part of that sales process is maintaining a quality of service they feel comfortable with by controlling that (platform and network) environment. Hacker actions threaten that control, and so OBVIOUSLY they are going to take steps to remedy the situation. What do you expect them to do, pretend nothing's changed and just roll over on a product line they've invested billions of dollars in?

As I wrote before, Geohot and Failoverflow's actions didn't occur in a vacuum, the repercussions were bound to be felt by ALL PS3/PSN irrespective of their stance on the legality/justification of their goals. This is just the beginning of the "cat and mouse" phase.

Last thing, before someone plays the "corporate ball-licker" card:
If you genuinely care about "consumer rights", here's a radical thought: Exercise your one immutable right as a consumer and don't do business with a company who's policies and practices you disagree with.

The only way you are going to effect change upon a business offering a non-essential service is by rescinding your custom, because I guarantee you all the rage and hand-wringing in the world aint going to do jack. And truthfully it shouldn't, because if you lack the commitment to "walk the walk" it critically undermines the whole premise of your complaint.

Post of Kings!

Seriously, though people need to stop the gnashing of teeth. If you don't like it, go!

 

[Emitan]

sudo su - root
rm -rf /

Take that Sony! .... er wait!! I take it back.

I wonder what this does. I'm gonna type this into the terminal and hit enter. Hmm...nothing's happe

 

[Brannon]

We knew you well sai!

 

[Dragon]

I wonder what this does. I'm gonna type this into the terminal and hit enter. Hmm...nothing's happe

Bahaha.

 

[Emitan]

Bahaha.

A little known fact of that command is that it submits whatever you were typing to GAF before formatting everything.

 

[Lindsay]

So between this and the HDD bug thingy I'm guessing I shouldn't bother to waste time with this update since another'll be out soon o.o?

 

[Dragon]

A little known fact of that command is that it submits whatever you were typing to GAF before formatting everything.

Not before it goes out and pings Sony to make sure everything is okay with the system first!

 

[Tmac]

From the description it isnt similar to the rootkit at all. The comparison just sounds like an attempt to make Sony looks a vilain because they are doing what they are suposed to do.

 

[MoonsaultSlayer]

You wannabe hacker types are hilarious. All this fighting and e-peen stroking over running linux and roms on ANOTHER system "just because".... Hahaha.

Edit: oh yeah.. and the abiltity to boot up "back-ups" because the disc drive is too loud. Evil Sony for not allowing that feature from the get go.

 

[Gokurakumaru]

i hate posts like this. they are neither witty or contributive.

I thought it was both witty and pertinent. Everybody making a big deal out of this "security hole" seems to have missed the point that your PS3 can't run malicious code from some hacker without you downloading it first. Your PS3 can't accidentally download code from a location other than PSN because of SSL. And an unhacked machine will detect any kind of spoofing as a man in the middle attack.

This security underpins the entire Internet. You don't fret about losing all your money every time you do online banking, do you? Don't hack your PS3 and no harm can come from it being able to execute code on startup.