Support NeoGAF

[test_account]

i dont believe this is the case to be honest, but i coudl be wrong

on the AU and UK ps sites you are forced to accept a TOS before downloading FW PUP files

Everytime i have installed firmware on my PS3, i must have accepted the EULA everytime. I updated my PS3 to 3.56 yesterday and i got prompted with the EULA then as well This is the PS3 EULA though, not the PSN EULA/ToS.

 

[Metalmurphy]

yes but hackers who could get into systems remotely if a rootkit/trojan is there do not.......

and before you say well what would be on your system. try psn login and passwords if people save the password.


once you have that you have psn access and credit card access. bingo

That's just nonsense speculation...

I don't have auto-updates on my PC, thanks - I get a full list of what's being updated and get to pick and choose from it. I generally take everything, but not if it looks likely to cause problems with work I'm doing at the moment (new versions of server software, for example). I'd have to enable auto-update explicitly if I wanted to use it, and it wouldn't be added arbitrarily as a hidden feature by my OS provider.

My OS provider also doesn't have a history of illegal rootkits and isn't suing anyone for hacking into their own computer, which makes things slightly different.

The only conclusion I've jumped to is that Rhindle's description of the firmware update was accurate. Everything else is perfectly logical from that point on.

So the problem here is that you don't trust Sony... why did you buy a PS3 then?

And AFAIK that "history" has nothing to do with gaining control of your hardware and snooping around your personal data. You guys are just jumping at anything you can for obvious reasons. And to top it off, think they can't really do that. They can. They did.

 

[jorma]

Talk about jumping into conclusions. Best if you shut down auto-updates on ur PC and AV/FW.

I fully support this move.


And for the record, they already have access to your personal data, it's on their PSN database...

Curious question: did you fully support the 2005 Sony rootkits as well?

 

[Choc]

ignorance is bliss isnt it metal

i dont pirate games nor do i homebrew, but sonys history in this area is already shit as it is

if they have installed an illegal rootkit, they will be in serious trouble, just like they were with the cds back in the day.

you just think we are all pirates whinging, well guess what i am not and i have never installed cfw

but i just had to allow sony to remote execute code

they can and maybe they did, but that doesn't make it legal. do some research on the cd rootkit history of sony before you want to shoot everyone down.

http://www.pchelpforum.com/security-watch/13201-sony-installs-drm-rootkits-users-machines.html

also look up what a rootkit is to understand why its a major security problem

 

[RyanDG]

i dont believe this is the case to be honest, but i coudl be wrong

on the AU and UK ps sites you are forced to accept a TOS before downloading FW PUP files

The TOS/EULA does pop up before the installation of the firmware.

 

[N.A]

*sigh* Don't we have other threads for discussing these things? Surely the banhammer or firmware update threads are more appropriate?

This thread is getting cluttered with people who don't have CFW or homebrew and have no intention of installing it. :-\

 

[squatingyeti]

If you buy a slim from Amazon, it is likely shipping with 3.41 or 3.42 as I've had several friends purchase them within the last few weeks and that's what they've all had.

 

[iapetus]

So the problem here is that you don't trust Sony... why did you buy a PS3 then?

Sony has done a lot to show it's untrustworthy since the PS3 came out. I've owned a number of other Sony products that haven't had these problems. PS2 didn't. PSX didn't. My various SE phones haven't. PSP didn't - there's been a constant back and forth with running homebrew on those and at some times I've had my PSP enabled for it and at other times not, but they've never done anything with their upgrades that has damaged my experience as a normal user of the system, taken away functionality, or introduced security holes into my network.

And AFAIK that "history" has nothing to do with gaining control of your hardware and snooping around your personal data.

While that wasn't the intention, it did open up security holes that were exploited for those purposes by other people. Very much like, for example, geohot's release of the PS3 keys, now you come to mention it. Hypocrisy much?

You guys are just jumping at anything you can for obvious reasons. And to top it off, think they can't really do that. They can. They did.

Yes, and I'm looking forward to seeing whether they get away with it.

And for the record, they already have access to your personal data, it's on their PSN database...

I have other personal data than what's on their PSN database. Sometimes I'm running work-related software behind my firewall, including server software. This is protected by the firewall, but Sony's code now breaches that firewall if I have my PS3 on.

 

[N.A]

If you buy a slim from Amazon, it is likely shipping with 3.41 or 3.42 as I've had several friends purchase them within the last few weeks and that's what they've all had.

It will definitely be on something less than 3.56 if you order within the next couple of weeks.

 

[test_account]

Yeah, i dont think that a dangerous to hacking/unauthorised access rootkit will be installed on the PS3 to be honest. That would surprise me, especially after the Sony BMG rootkit scandal regarding audio-CDs as someone mentioned earlier here. If such thing happeneds on the PS3, then i am against it. But if it is more of a simple program that is being executed remotely to only do some simpler checks for CFW or any stuff like that, then i dont really mind it.

 

[Metalmurphy]

Curious question: did you fully support the 2005 Sony rootkits as well?

No. I also don't see what one thing has to do with the other. Third party hardware that automatically installed software into another hardware (not owned by Sony), without an uninstaller (which is actually illegal), without any prompt.

This is Sony, updating their OWN hardware, which you have to manually start, so that it can autoprotect it self, to protect their own investment.

Sony has done a lot to show it's untrustworthy since the PS3 came out. I've owned a number of other Sony products that haven't had these problems. PS2 didn't. PSX didn't. My various SE phones haven't. PSP didn't - there's been a constant back and forth with running homebrew on those and at some times I've had my PSP enabled for it and at other times not, but they've never done anything with their upgrades that has damaged my experience as a normal user of the system, taken away functionality, or introduced security holes into my network.

That's what you say now, but Sony did update their PSP constantly to prevent homebrew, had they succeeded I'm sure you'd be changing your story.

While that wasn't the intention, it did open up security holes that were exploited for those purposes by other people. Very much like, for example, geohot's release of the PS3 keys, now you come to mention it. Hypocrisy much?

Hypocrisy? I never said I supported the action... Just that they're not related. And afaik they were never exploited. There were claims that they could be, but nothing came of it.

Yes, and I'm looking forward to seeing whether they get away with it.

I'm sure they will. It worked for DirectTV.

 

[kitch9]

i have read the psn tos

it covers that they will have things to protect the psn network not they will install shit remotely and leave a hack on your system to get in

my point is you can download 3.56 with these new 'features' and never read the tos before installing

that is a big problem for sony, a big problem if this goes legal


the last time sony installed a rootkit they almost got sued to oblivion. they were installing rootkits in windows registry with music cds put into a computer

appears they never learn from their mistakes and they have rootkitted again and they will again cop major backlash from security providers

if they have installed a trojan on ps3s, and your data is on that ps3, hackers can now gain it if they can hack it

and lets be honest if sony cant keep a system secure, what good are they at building a secure 'backdoor'

this could go big.

They don't "install shit." The PSN server can request that your machine runs a bit of small code to validate security of their network. This code can change and it does not get saved to your hdd, so its for this reason the hackers will struggle to spoof any responses.

I don't know WTF are you on about calling this check a rootkit? You could call the firmware a rootkit as it makes your machine run as the manufacturer intended.

You need to get over it, Sony have taken steps to secure their network using sensible methods. You may be entitled to install custom firmware on your PS3, but PSN is a seperate product and you certainly are not entitled to use that product if you run the risk of compromising its security which CFW certainly does.

Fact is legally you have no idea what you are talking about and you sound butthurt as Sony have taken something away from you which you are not entitled to.

Fucking "big" lol.

 

[RyanDG]

By the way, for those wondering where it is in the EULA that this sort of check is covered, it's here:

11. MAINTENANCE AND UPGRADES

From time to time, it may become necessary for SCEA to provide certain content to you to ensure that Sony Online Services and content offered through Sony Online Services, your PlayStation®3 computer entertainment system, the PSP® (PlayStation® Portable) system or other SCEA-authorized hardware is functioning properly in accordance with SCEA guidelines. Some content may be provided automatically without notice when you sign in. Such content may include automatic updates or upgrades which may change your current operating system, cause a loss of data or content or cause a loss of functionalities or utilities. Such upgrades or updates may be provided for system software for your PlayStation®3 computer entertainment system, the PSP® (PlayStation® Portable) system, or other SCEA-authorized hardware. Access or use to any system software is subject to terms and conditions of a separate end user license agreement found at http://www.us.playstation.com/termsofuse. You authorize SCEA to provide such content and agree that SCEA shall not be liable for any damages, loss of data or loss of functionalities arising from provision of such content or maintenance services. It is recommended that you regularly back up any archivable data located on the hard disk.

This has been part of the EULA/TOS agreement for a while now. And it fully covers what they are doing here. Which is different to the 2005 rootkit fiasco when there was no mention of what they were doing.

 

[Choc]

hey if its just a check when you hit psn, fine like Live, no issue

but lots of people investigating the firmware are saying otherwise and something is installed with 3.56

 

[Choc]

HEY kitch9 you tool

read my fucking post again

i dont install pirated softare and i dont install cfw

i am concerned however that they are installing shit with 3.56 that they should not be

if its a psn check on connection fine, if its installing something on teh hdd or os that sits dormant

that is not fine, that is fucking bullshit

 

[kitch9]

hey if its just a check when you hit psn, fine like Live, no issue

but lots of people investigating the firmware are saying otherwise and something is installed with 3.56

It is a check when you hit PSN, the 3.56 allows for more robust checks from the remote server.

Whats the problem?

 

[Raist]

hey if its just a check when you hit psn, fine like Live, no issue

but lots of people investigating the firmware are saying otherwise and something is installed with 3.56

"something" is installed with every single FW update. What's your point?

 

[Choc]

if its something like a root kit duh

stop taking shit out of context. people have legitimate concerns because SONY HAS DONE THIS BEFORE.

 

[Vagabundo]

"something" is installed with every single FW update. What's your point?

The point is they have installed a back door with 3.56 to run code on your system. Considering that their keys are in the wild this is a pretty funky thing to do from a security standpoint.

And their are privacy issues here as well. Having a clause in their EULA may not shield them.

It really all really depends on how they use this and on exactly how it is implemented.

 

[expy]

HEY kitch9 you tool

read my fucking post again

i dont install pirated softare and i dont install cfw

i am concerned however that they are installing shit with 3.56 that they should not be

if its a psn check on connection fine, if its installing something on teh hdd or os that sits dormant

that is not fine, that is fucking bullshit

Thy aren't installing anything, you are.

 

[Vagabundo]

Thy aren't installing anything, you are.

Are they letting me on with the previous version?

 

[iapetus]

That's what you say now, but Sony did update their PSP constantly to prevent homebrew, had they succeeded I'm sure you'd be changing your story.

If you're accusing me of lying, then do it outright.

Yes, they updated it constantly to prevent homebrew, and they also added functionality while doing this rather than removing it, and in a way that didn't damage the use experience or infringe on any other rights. I treated homebrew as a nice additional feature while it was available, and then willingly updated to official firmware to get the features it brought.

Hypocrisy? I never said I supported the action... Just that they're not related. And afaik they were never exploited. There were claims that they could be, but nothing came of it.

Hypocrisy on Sony's part, not yours. And according to Wikipedia and its referenced sources they were exploited - it's not like it wasn't a trivial thing to exploit, as all it required was renaming your dodgy code so that Sony's tools hid it from the user for you.

I'm sure they will. It worked for DirectTV.

In a case that targeted only people using the box illegally.

 

[Raist]

The point is they have installed a back door with 3.56 to run code on your system. Considering that their keys are in the wild this is a pretty funky thing to do from a security standpoint.

And their are privacy issues here as well. Having a clause in their EULA may not shield them.

It really all really depends on how they use this and on exactly how it is implemented.

Well it all depends on what the code is doing. As long as there's nothing more than security checks for the PSN I don't see any problem. Absolutely no one has any proof that it does anything else.

 

[-PXG-]

Reposting (third time since my posts keep on appearing at the bottom of the page )

Alright, I installed CFW with Kmeaw. Homebrew is installed on the XMB, but I'm getting error 80029519. What do I do? I'm on a original, 60 GB phat.

Thanks

 

[Choc]

as part of a mandatory update to 3.56 which at some stage in the future would stop me playing games on my system if i did not install it they are installing an operating system

yes i have requested the operating system to be installed but they are not providing full disclosure as to what is in this security update on their site it says

NEW -3.56 SECURITY UPDATE

now when you install a microsoft security update it tells you what the fuck it does to a windows PC and where you can expect edits

is it THAT hard to expect the same from sony when they install an update? Yes tehy dont want to give hackers the info, but at least say its just a check on PSN connection not an installed file like what we did with CDs in 2005.

Microsoft FWIW did update what the security update last week on Live did. It changed things so that COD Blackops couldnt be hacked and explaiend how

sony say, new firmware muts get to continue to play online without info.

Thats the problem this is a MANDATORY update. I want to play a game onlien i have to get it

if there is no rootkit installed i dont care, get rid of the pirates i say! if something is installed i want to know about it and have a right to know about it when it involves security of something connected to the internet

you guys need to go to security school and have obviously never done networking courses. otehrwise you would understnad your network is only as secure as its weakest link

1000s of networks worldwide could be currently being compromised every hour with this update.... IF the rumors are true.

 

[Vagabundo]

Well it all depends on what the code is doing. As long as there's nothing more than security checks for the PSN I don't see any problem. Absolutely no one has any proof that it does anything else.

The problem is that the new update allows them to run whatever code they want without warning. The code they run is downloaded and run at login. So who knows what it does.

And the problem is this leaves the backdoor open, because the keys are in the wild. A DNS poison attack could trick your PS3 into downloading and running code from something that's not PSN.

This is where my beef lies. It is slightly different with the xbox since the keys aren't in the wild.

EDIT Maybe we need a new thread for this: SOny PS3 Rootkit ¦OT¦

 

[N.A]

Reposting (third time since my posts keep on appearing at the bottom of the page )

Alright, I installed CFW with Kmeaw. Homebrew is installed on the XMB, but I'm getting error 80029519. What do I do? I'm on a original, 60 GB phat.

Thanks

Your using homebrew that is not signed.

If you downloaded it from http://www.pshomebrew.net tell me what you downloaded and I'll fix it. If you didn't everything on the wiki should be signed.

Edit: And sorry about the long response time. There seems to be some people in this thread cluttering it with stuff that's off-topic .

 

[kamorra]

Aren't there enough threads where you guys can express you disdain for homebrew?

 

[Inanna]

Are they letting me on with the previous version?

If you are on custom CFW, you shouldn't be even trying to get on PSN. I know most people say they want custom CFW for homebrew but the fact is that almost more than half of the people installing custom CFW are going to pirate games. Sony has no way of telling who is going to do shit like the recent MW2 hacks, it's best they keep custom CFW off of PSN.

 

[jorma]

No. I also don't see what one thing has to do with the other. Third party hardware that automatically installed software into another hardware (not owned by Sony), without an uninstaller (which is actually illegal), without any prompt.

This is Sony, updating their OWN hardware, which you have to manually start, so that it can autoprotect it self, to protect their own investment.

what the future? I thought it was MY hardware!

 

[3rdman]

This is Sony, updating their OWN hardware

Oh look, I don't really own my PS3...Thanks for setting me straight.

 

[N.A]

Aren't there enough threads where you guys can express you disdain for homebrew?

It's not even concerning homebrew at the moment :-\ It's about a feature in official firmware...

 

[Metalmurphy]

If you're accusing me of lying, then do it outright.

No, I'm accusing you of maybe being a bit hot headed with your comments in relation to what's happening just because it doesn't benefit you. (even though it will benefit others and Sony)

Yes, they updated it constantly to prevent homebrew, and they also added functionality while doing this rather than removing it, and in a way that didn't damage the use experience or infringe on any other rights. I treated homebrew as a nice additional feature while it was available, and then willingly updated to official firmware to get the features it brought.

If the exploit came from something that could have been removed you can bet they would have. Geohot spread the word about the OtherOS exploit, so Sony removed it. In the PSP case it was more of an reaction then pre-action so there wasn't really anything to remove.

In a case that targeted only people using the box illegally.

Which was still theirs (the owner) though. And isn't Satellite signal sent to everyone?

Hypocrisy on Sony's part, not yours. And according to Wikipedia and its referenced sources they were exploited - it's not like it wasn't a trivial thing to exploit, as all it required was renaming your dodgy code so that Sony's tools hid it from the user for you.

Got a url? The wikipedia entry i'm reading states nothing of the sort:
http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal

Oh look, I don't really own my PS3...Thanks for setting me straight.

You do, that's why you can press circle when you get the update prompt. You wanna know what you really don't own? Your PSN account.

 

[RyanDG]

And the problem is this leaves the backdoor open, because the keys are in the wild. A DNS poison attack could trick your PS3 into downloading and running code from something that's not PSN.

How would they do this without access to your system or network to begin with?

 

[MarkMclovin]

So does anyone know a list of playstation.net addresses I can put as a black list on my router?

 

[N.A]

So does anyone know a list of playstation.net addresses I can put as a black list on my router?

Your best just blocking the whole playstation.net domain. No-one on CFW is getting back on PSN anytime soon...

 

[Choc]

How would they do this without access to your system or network to begin with?

when you connect to PSN you open a port on your router or firewall

this port is used to connect to PSN

that port is then open. They can run a port scan find that port open check for ps3 with 3.56 (via the hack they write if they do....... if the rumros are true on rootkits......) and PROFIT


when something connects to the internet, it has to be allowed to and therefore let through a firewall. The ps3 bypasses the firewall. The hacker gets into the PS3 by doing the port scan and seeing that port is open

once in, they are in the network, and they can do things if they are smart enough. Once you are past the firewall its party time.

 

[-PXG-]

Your using homebrew that is not signed.

If you downloaded it from http://www.pshomebrew.net tell me what you downloaded and I'll fix it. If you didn't everything on the wiki should be signed.

Edit: And sorry about the long response time. There seems to be some people in this thread cluttering it with stuff that's off-topic .

I got mine from Brewology. I just wanted to mess around with Snesx9x and Genesis Plus. I will try the pshomebrew versions and see if they work.

Thanks.

 

[Vagabundo]

I posted another thread here for the Rootkit Issue

http://www.neogaf.com/forum/showthread.php?p=25659352#post25659352

 

[N.A]

I posted another thread here for the Rootkit Issue

http://www.neogaf.com/forum/showthread.php?p=25659352#post25659352

Thank you!

 

[LiquidMetal14]

perfect timing for me to block playstation.net from my router.

Guess I won't be seeing you online anymore on PS3 then lol

 

[-PXG-]

Yeah, it's working now. Got 'em from pshomebrew. Thanks a lot

 

[test_account]

Is there any known upcoming PS3 homebrew that seems interesting?

 

[N.A]

Is there any known upcoming PS3 homebrew that seems interesting?

Linux.
Dreamcast emulator.
Media players.

 

[N.A]

***Official Firmware 3.56 released. DO NOT update***



Recent Updates:
27/01: Mednafen 1-27-2011 released.
27/01: multiMAN 1.14.01 released. (Now stable)
26/01: Gaia Manager 2.06 released. (Now stable)
26/01: FBAnext r423 Custom released.
26/01: PS3 Game Updater 1.1 Released
23/01: Backup Compatibility List added. (see below for how to contribute)

Tutorials:
How to install Custom Firmware
How to install Homebrew
Backup Guide

If you would like to contribute to the Backup Compatibility List follow these instructions.

 

[-PXG-]

A PS2 backup manager would be amazing. That and somehow adding more controller support for PS2 games. I'd love to be able to play Thirdstrike with my TE Stick.

 

[test_account]

Linux.
Dreamcast emulator.
Media players.

Cool Is there any known progress on these projects? Aproximate time until they come out?

 

[GodfatherX]

My understanding is a ps2 back up manager would only work on phat ps3's as the emotion engine is hard for the ps3 to emulate

Now I have a very serious question, I haven't updated my ps3 in like 6 months, and since the latest ofw is at 3.56, is there any way to get 3.55 on my ps3 to set up cfw?

 

[-PXG-]

My understanding is a ps2 back up manager would only work on phat ps3's as the emotion engine is hard for the ps3 to emulate

Now I have a very serious question, I haven't updated my ps3 in like 6 months, and since the latest ofw is at 3.56, is there any way to get 3.55 on my ps3 to set up cfw?

Well yeah. But there is a considerably large base of people like me who have the older units. Being able to backup my PS2 games would be really nice.

 

[iapetus]

Got a url? The wikipedia entry i'm reading states nothing of the sort:
http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal

Except where it says:

The Sony rootkit is designed to hide any files, registry keys and processes whose name starts with the string $sys$, making it very easy for writers of worms and other malware to also hide their files by simply using the same name. Within weeks there were several trojans and worms taking advantage of this functionality in machines already compromised by the Sony rootkit.

Zing.