By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - Sony Discussion - Sony says sorry for other os take down

Kasz216 on 09 April 2010
jneul said:
huh I am chilled, lol, I am backing up Sony here they said sorry and explained it is for the greater good, I thought it would be better if a sony fan posted this instead of just a random person, lol

So all it takes is for someone to claim something "is for the greater good" and your fine with it.  Nevermind Sony said it was for security reasons only.

They've never once actually mentioned piracy to my knowledge.  So, how is this for the greater good for removing it because of security issues... that the majority won't ever expierence because they won't even use it?

Not to mention... security problems with Linux on the cell?  Is there even a MORE obscure thing to design a security exploit for?  If they don't bother with Apple why would they bother with this?



Around the Network
fordy on 09 April 2010
joeorc said:
jneul said:
joeorc said:
fordy said:
joeorc said:
fordy said:
jneul said:
fordy said:
jneul said:
fordy said:
jneul said:
fordy said:
jneul said:
fordy said:
jneul said:
great now people are going to claim $100 just for the fun of it, way to jump on the bandwagon, I really hope Sony sue George Hotz and he get's the bill for tall of this, honestly it is the least he deserves, after his delusional thoughts on how nothing bad would come from his lame move

George Hotz made the executive decision to no longer support OtherOS? That's news to me...

 

Seriously though, Sony could have put the effort into maintaining the feature against hacking but they just planned not to go any further with it.

 

Do you think the owner of a house has any chance of suing a burglar if they left their front door wide open?

bad comparison, sony did not leave the door open, George Hotz had to use a special technique just to hack the PS3 in linux, just to remind you unlike the other consoles it has taken 3 years to get this far.

Yes, but unlike the reciprocation from other systems supporting Operating Systems, they don't go as far to cut out an entire feature.

 

Imagine if Microsoft decided to one day say "Well, we figured the weakest point for people hacking our OS lies in them connecting t the internet, so Windows will no longer suport the TCP/IP protocol". Wouldn't that annoy just a few people, at least?

oh dear you see that's where your argument fails, windows is not the most secure operating system, I thought people knew this, just switch to linux for a while you get no(or a litlle amount) security or virus issues, linux is much better at protecting your pc, you see there are other companies out there which are better than microsoft at making software believe it or not.

Linux is open source. As far as I know, there are no executive decisions involved there.

Yes, Linux is more secure and such, so what does that have to do with the argument? If the same flaw was found for Linux, atempts would be made to FIX THE PROBLEM, not remove the feature altogether.

This is clearly just a cost-cutting measure by Sony, since they no longer wish to spend the money in maintaining the integirty of the feature against hackers.

this is not a cost-cutting measure, sony could not have made changes like that by themselves as they was not responsible for making the flavour of linux availabe to the ps3.

you really should read up on the technique he used, i would love to know how you would have combatted this, and the same to anyone else who thinks sony could have done so much better in such a small amount of time, the ps3 is a very powerful piece of hardware I do not blame them for removing the other os feature.

So the PS3 is such a powerful piece of hardware, but one little hack attempt brings the system to it's knees? Does that make ANY sense at all?

Listen, for every compromise made on ANY system, there is always a way in software terms to prevent it. That being said, no system is entirely unhackable either, so that doesn't mean features shold be removed.

What would I do? Let's see. As far as I remember, his hacking attempt involved accessing outside parts of protected memory. If that's the case, then a Virtual Environment would have alleviated the problem. If that is compromised as well? Then it is the fault of the VE and not the hardware, and since the VE is firmware, and maintained by Sony, it could easily be upated in firmware for future attempts.

There is no "Special technique" used by the hackers for this sort of thing. It's the same techniques used anywhere else, exploiting the limits of a binary system from an infinite world. But there will always be a workaround for this type of thing.

clicking on report now, you see because you know you are wrong, it is not the ps3 at fault the only way he could hack it is because of linux, even though it is more secure than windows, you can keep on trolling, honestly you are not impressing anyone.

I am dead serious here. Read up on Virtualisation. The operating system in the Virtual environment never talks directly to the hardware, which is the point of compromise. If Linux was running on, say, a PowerPC Virtual Environent, the VE would be responsible for any compromise attempts made towards the hardware and stop it before it's made.

You may call it trolling, I call it keeping to the facts.

the way in was the use of a board shocker!

he could not have done it anyother way without mod chiping the board. So no! many people tryed it just by software alone and for 3 year's they failed. there is more way's but all require opening up the PS3 and using custom hardware to do it. and I know of another way and it involves another PCB board hooked upto the PS3 but the fact that was not the only thing it also required software and that was also Linux.

That's a completely different story then, since the hardware itself was comproised, but in that case, you'd find that no part of the system would be safe then. Even if OtherOS was removed, the system could still be breached through hardware, and always would be. It's a sad fact, but that's the way it goes. Hence, why servers are often physically locked up from the outside world.

and that's how he got into the security. but by removing the Linux access through the PS3 it does help to prevent hacking of not just password's but other data as well. No linux through the PS3 HELP'S in reduction of those said encrytion hack attempt's.

for example:

Nick Breese

through a single PS3 was able to get his PS3 to do quite a few thing's one of which:

The strength of cryptography implementations is usually based on its cracking time -- how long it would take for someone to sit down and crack it, says Breese. His discovery has demonstrated that the capability of cracking encryption algorithms has multiplied by 100.

Within PS3, in Breese's case running Linux, there are six SPU (Synergistic Processing Unit) processor cores. Each core is able to do four calculations -- so across all of the cores it is possible to do 24 calculations at the same time, he says. The simplistic design of the processor architecture also helped increase the speed, he says.

Breese was looking for a way to optimize processing to make MD5 calculations go very quickly, he says. MD5 (Message-Digest algorithm 5) is one of the most used cryptographic hash functions. The PS3 managed to conduct over 1.4 billion MD5 calculations a second, he says.

that's just one PS3!

EVEN TO USE

Salt Cryptography may not be enough

I love you lol, don't worry Im a girl lol, I'm so rubbish at explaining these things, lol

for those that still don't think its a threat:

here you go 2007:

PCI

December 11, 2007

Hashing Credit Card Numbers: Revisited Again

I recently had to revisit the estimates I provided in our white paper on brute forcing credit card hashes since new techniques were published that can speed the brute forcing up by at least a factor of 5 using off-the-shelf video cards.  Well, a month later I am having to revise the estimates again.  Nick Breese of New Zealand has published a paper at Kiwicon on using a PlayStation 3 to crack hashes.  His estimates are about 1.4 billion hashes per second for MD5Our proof of concept code running at about 2 million hashes per second seems kind of slow now.  Probably at least 2 billion hashes per second is feasible in the near future with readily available hardware and source code.

Storing credit cards using a simple single pass of a hash algorithm, even when salted, is fool-hardy.  It is just too easy to brute force the credit card numbers if the hashes are compromised.  Based on the potential value of the card numbers, there is more than enough financial incentive to buy a $500 PlayStation 3 and develop a little code.

When hashing credit card number, the hashing must be carefully designed to protect against brute forcing by using strongest available cryptographic hash functions, large salt values, and multiple iterations.
http://www.integrigy.com/oracle-security-blog/topics/PCI

Are you seriously implying that the breach of PS3 security is a threat to the global economy, and therefore, humanity itself? Was this the same kind of source that said the PS2 was capable of launching missiles?

Intel have recently released the Gulftown architecture of CPUs. Those are six core, but Hyperthreading allows 12 simultaneous calculations per second. So how would a dual Gulftown differ from the PS3?

If hackers were that intent anyways, they could always buy a PS3, and physically swap out the boot ROM on the system. Then they have a Cell CPU at their disposal.



Kasz216 on 09 April 2010
jneul said:
_mevildan said:
I see a lot of people saying they support the decision and it was useless feature anyway and they don't use it blah blah.


This is wonderful thinking if you don't use it. But have some empathy for those who liked the feature.

My brother and I used it. We are software developers and having linux on there was an awesome way to have fun programming for the cell. Yeah you get emulators, but this was the real deal, programming on the metal. And seeing as though we brought our PS3 knowing about this we were pretty excited. We have been working on a software project for years that we have been keen to get working 100% on the cell as well. Well those dreams are gone now.

But wait, thank the heavens, there is a "choice" there, keep OS and never get any other games or play online again. How fair and thoughtful. Having invested in about 35 games so far and lot's of trophies on my profile I guess I have to "choose" to install the update and kiss linux goodbye.

Oh and I have a "real" PC too, doesn't mean that the other OS feature wasn't useful to me for other purposes. We are pretty pissed off, but I guess (as Sony is hoping) we will get over it. I couldn't even look at my PS3 recently quite honestly.

To be honest, yes I feel sorry for you both, but like I said, just look at the bigger picture there are 33m + ps3 users out there, most of us do not use linux, I used to use it on my fat ps3, but got over it when I chose to get a ps3 slim instead, unfortunately you will have to choose between online games or programming, as normal single player games are still avaiilable no matter what you choose.

Yes... the bigger picture of inconviencing a small group of people for no actual advantage to anybody.

What?



fordy on 09 April 2010
joeorc said:
fordy said:
joeorc said:
fordy said:
joeorc said:
fordy said:
jneul said:
fordy said:
jneul said:
fordy said:
jneul said:
fordy said:
jneul said:
fordy said:
jneul said:
great now people are going to claim $100 just for the fun of it, way to jump on the bandwagon, I really hope Sony sue George Hotz and he get's the bill for tall of this, honestly it is the least he deserves, after his delusional thoughts on how nothing bad would come from his lame move

George Hotz made the executive decision to no longer support OtherOS? That's news to me...

 

Seriously though, Sony could have put the effort into maintaining the feature against hacking but they just planned not to go any further with it.

 

Do you think the owner of a house has any chance of suing a burglar if they left their front door wide open?

bad comparison, sony did not leave the door open, George Hotz had to use a special technique just to hack the PS3 in linux, just to remind you unlike the other consoles it has taken 3 years to get this far.

Yes, but unlike the reciprocation from other systems supporting Operating Systems, they don't go as far to cut out an entire feature.

 

Imagine if Microsoft decided to one day say "Well, we figured the weakest point for people hacking our OS lies in them connecting t the internet, so Windows will no longer suport the TCP/IP protocol". Wouldn't that annoy just a few people, at least?

oh dear you see that's where your argument fails, windows is not the most secure operating system, I thought people knew this, just switch to linux for a while you get no(or a litlle amount) security or virus issues, linux is much better at protecting your pc, you see there are other companies out there which are better than microsoft at making software believe it or not.

Linux is open source. As far as I know, there are no executive decisions involved there.

Yes, Linux is more secure and such, so what does that have to do with the argument? If the same flaw was found for Linux, atempts would be made to FIX THE PROBLEM, not remove the feature altogether.

This is clearly just a cost-cutting measure by Sony, since they no longer wish to spend the money in maintaining the integirty of the feature against hackers.

this is not a cost-cutting measure, sony could not have made changes like that by themselves as they was not responsible for making the flavour of linux availabe to the ps3.

you really should read up on the technique he used, i would love to know how you would have combatted this, and the same to anyone else who thinks sony could have done so much better in such a small amount of time, the ps3 is a very powerful piece of hardware I do not blame them for removing the other os feature.

So the PS3 is such a powerful piece of hardware, but one little hack attempt brings the system to it's knees? Does that make ANY sense at all?

Listen, for every compromise made on ANY system, there is always a way in software terms to prevent it. That being said, no system is entirely unhackable either, so that doesn't mean features shold be removed.

What would I do? Let's see. As far as I remember, his hacking attempt involved accessing outside parts of protected memory. If that's the case, then a Virtual Environment would have alleviated the problem. If that is compromised as well? Then it is the fault of the VE and not the hardware, and since the VE is firmware, and maintained by Sony, it could easily be upated in firmware for future attempts.

There is no "Special technique" used by the hackers for this sort of thing. It's the same techniques used anywhere else, exploiting the limits of a binary system from an infinite world. But there will always be a workaround for this type of thing.

clicking on report now, you see because you know you are wrong, it is not the ps3 at fault the only way he could hack it is because of linux, even though it is more secure than windows, you can keep on trolling, honestly you are not impressing anyone.

I am dead serious here. Read up on Virtualisation. The operating system in the Virtual environment never talks directly to the hardware, which is the point of compromise. If Linux was running on, say, a PowerPC Virtual Environent, the VE would be responsible for any compromise attempts made towards the hardware and stop it before it's made.

You may call it trolling, I call it keeping to the facts.

the way in was the use of a board shocker!

he could not have done it anyother way without mod chiping the board. So no! many people tryed it just by software alone and for 3 year's they failed. there is more way's but all require opening up the PS3 and using custom hardware to do it. and I know of another way and it involves another PCB board hooked upto the PS3 but the fact that was not the only thing it also required software and that was also Linux.

That's a completely different story then, since the hardware itself was comproised, but in that case, you'd find that no part of the system would be safe then. Even if OtherOS was removed, the system could still be breached through hardware, and always would be. It's a sad fact, but that's the way it goes. Hence, why servers are often physically locked up from the outside world.

and that's how he got into the security. but by removing the Linux access through the PS3 it does help to prevent hacking of not just password's but other data as well. No linux through the PS3 HELP'S in reduction of those said encrytion hack attempt's.

for example:

Nick Breese

through a single PS3 was able to get his PS3 to do quite a few thing's one of which:

The strength of cryptography implementations is usually based on its cracking time -- how long it would take for someone to sit down and crack it, says Breese. His discovery has demonstrated that the capability of cracking encryption algorithms has multiplied by 100.

Within PS3, in Breese's case running Linux, there are six SPU (Synergistic Processing Unit) processor cores. Each core is able to do four calculations -- so across all of the cores it is possible to do 24 calculations at the same time, he says. The simplistic design of the processor architecture also helped increase the speed, he says.

Breese was looking for a way to optimize processing to make MD5 calculations go very quickly, he says. MD5 (Message-Digest algorithm 5) is one of the most used cryptographic hash functions. The PS3 managed to conduct over 1.4 billion MD5 calculations a second, he says.

that's just one PS3!

EVEN TO USE

Salt Cryptography may not be enough

Okay, we're getting a little off track here. I am aware of what the PS3 is capable of.

From what I can gather, the software side still required a full encompassment of the entire PS3's system memory. a breach could have then been made by routing the controlling CPU's protectd mode flag and accessed memory outside of it's operating environment.

Now, let me tell you why a VE would also fix this:

Addresses in the VE are exclusive only to the environment itself. The only part that knows how to map VE addresses to real memory is the OS that Sony uses to drive the PS3 itself, and even then, it is usually a single chunk in memory.

In order to breach memory outside of the VE by using hardware breaches and software within the VE, a hardware hack would need to be made in order to change the pointing address to the memory space used by the VE. This would also change the pointing address to the Linux OS itself, and effectively halt the Linux dist installed on the VE. Within the VE, it would merely be seen as a massive corruption of memory. It would give no chance for any custom software to do it's stuff before the VE halts.

no you cannot access the SPE's protected flag even by hardware because you have no access to it from outside the spe, even a physical hack would not allow you to get that information, geohot is running his exploit in an Virtual enviroment already. that's how it's within the PS3

In that case, it is the fault of the VE. The VE should be limited to it's own range of memory only, and any successful attempts at circumventing that should be dealt with by updating the VE security, not by removing the entire feature altogether.



Kasz216 on 09 April 2010
sjhillsa said:
jneul said:
dsister44 said:
jneul said:

To be honest, yes I feel sorry for you both, but like I said, just look at the bigger picture there are 33m + ps3 users out there, most of us do not use linux, I used to use it on my fat ps3, but got over it when I chose to get a ps3 slim instead, unfortunately you will have to choose between online games or programming, as normal single player games are still avaiilable no matter what you choose.

No, they aren't.

lol you don't need PSN to play on single player games, and trophies will stay updated but only on your local ps3, so backing up of trophies will not be supported

 

Yes you do need PSN for single player, try playing VC without the v1.20 patch?  Folklore v1.01 Patch.. Just Cause 2 needed a v1.01 patch when it was released.  My main complaint is VC, as without the patch the game is not as fun to play.  The patch cleared up some important issues with VC.

 

Then again,  I support Sony on this particular issue.  Microsoft and Nintendo would react in the same way if they knew piracy could be prevented.  Well done to the pirate, who through bragging lost a feature for the PS3.

 

Uh... you shouldn't be supporting Sony on this.  You should be comdeming Microsoft and Nintendo if they did the same thing.

It's very silly to do otherwise.



Around the Network
jneul on 09 April 2010
Kasz216 said:
jneul said:
huh I am chilled, lol, I am backing up Sony here they said sorry and explained it is for the greater good, I thought it would be better if a sony fan posted this instead of just a random person, lol

So all it takes is for someone to claim something "is for the greater good" and your fine with it.  Nevermind Sony said it was for security reasons only.

They've never once actually mentioned piracy to my knowledge.  So, how is this for the greater good for removing it because of security issues... that the majority won't ever expierence because they won't even use it?

Not to mention... security problems with Linux on the cell?  Is there even a MORE obscure thing to design a security exploit for?  If they don't bother with Apple why would they bother with this?

Unfortuantely I know so much more about this than you think, GeoHotz went to alot of trouble just to get this far, after thinking about it really it would not surprise me how much futher hackers would be willing to go, do not under-estimate them.

I do not just believe Sony, I know alot of things, unfortunately, I am a programmer I can program in c#, c++, Java, Visual Basic and Assembly language, I could develop some nasty applications if I put my mind to it, but I am not like that.

I used to think it was pointless just to go as far as he did, honestly, he has recked this for every ps linux user out ther, blame him not Sony



it's the future of handheld

PS VITA = LIFE

The official Vita thread http://gamrconnect.vgchartz.com/thread.php?id=130023&page=1

Kasz216 on 09 April 2010
jneul said:
Kasz216 said:
jneul said:
huh I am chilled, lol, I am backing up Sony here they said sorry and explained it is for the greater good, I thought it would be better if a sony fan posted this instead of just a random person, lol

So all it takes is for someone to claim something "is for the greater good" and your fine with it.  Nevermind Sony said it was for security reasons only.

They've never once actually mentioned piracy to my knowledge.  So, how is this for the greater good for removing it because of security issues... that the majority won't ever expierence because they won't even use it?

Not to mention... security problems with Linux on the cell?  Is there even a MORE obscure thing to design a security exploit for?  If they don't bother with Apple why would they bother with this?

Unfortuantely I know so much more about this than you think, GeoHotz went to alot of trouble just to get this far, after thinking about it really it would not surprise me how much futher hackers would be willing to go, do not under-estimate them

I do not just believe Sony, I know alot of things, unfortunately, I am a programmer I can program in c#, c++, Java, Visual Basic and Assembly language, I could develop some nasty applications if I put my mind to it, but I am not like that.

Believe sony... about what?  Once again, this security issue doesn't effect ANYBODY who doesn't have other OS installed?  Yes?

So... uh... what's your greater good? 

Stopping the phat PS3's from pirating?  That's not the greater good... that's Sony having left a door wide open that they should of known would of been a probelm when they were designing it.  Period.

They didn't they put it in.  I feel sorry for Sony, but it's wrong of them to remove a feature they sold the product with.



Hephaestos on 09 April 2010

slapping customers in the face then say "oops sorry, but i did it on purpose" is in no way an appology...



OoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoOoO

fordy on 09 April 2010
jneul said:
Kasz216 said:
jneul said:
huh I am chilled, lol, I am backing up Sony here they said sorry and explained it is for the greater good, I thought it would be better if a sony fan posted this instead of just a random person, lol

So all it takes is for someone to claim something "is for the greater good" and your fine with it.  Nevermind Sony said it was for security reasons only.

They've never once actually mentioned piracy to my knowledge.  So, how is this for the greater good for removing it because of security issues... that the majority won't ever expierence because they won't even use it?

Not to mention... security problems with Linux on the cell?  Is there even a MORE obscure thing to design a security exploit for?  If they don't bother with Apple why would they bother with this?

Unfortuantely I know so much more about this than you think, GeoHotz went to alot of trouble just to get this far, after thinking about it really it would not surprise me how much futher hackers would be willing to go, do not under-estimate them.

I do not just believe Sony, I know alot of things, unfortunately, I am a programmer I can program in c#, c++, Java, Visual Basic and Assembly language, I could develop some nasty applications if I put my mind to it, but I am not like that.

I used to think it was pointless just to go as far as he did, honestly, he has recked this for every ps linux user out ther, blame him not Sony

If you're working in the software industry, then you should know that we do not bow down to comproises made by hackers. That's the easy way out.

We beat them at their own game. That is all that cyber security comes down to. Back-and-forthing between hacker and developer.



greenmedic88 on 09 April 2010
Kasz216 said:

It was in the best intrests of the majority to remove a feature the majority never used and therefore were never at risk of anything... by screwing over a minority of people who used this and who are the only people effected.

Yeah... ok Sony.

People who think Sony doing this is a positve need a major reality check.

Hell this isn't even going to slow down piracy, if anything it will probably lead to a piracy solution quicker because Sony decided to anatagonize people who use Linux on the PS3... aka hackers... and also basically threw down a gauntlet to a bunch of other people.

Hardly matters.

First, there are no PS3s being produced that run Linux.

Second, the vast majority of owners who have an older PS3 will simply update the firmware with no regard for the loss of Linux as they, like the vast majority of PS3 owners, had no intention of ever installing Linux.

Add to these the older PS3s that are no longer working.

Ultimately, you're left with a shrinking number of consoles that are capable of having a hardware hack installed on an older console that can run Linux.

Net result: it makes a slightly larger niche market for old PS3s among the small community of users determined to play pirated games.

When found, this solution does nothing for the vast majority of PS3 owners who don't have an older PS3, aren't running Linux, don't have the hardware modifications made to their console and of course the simplest part of playing pirated games: don't have a PC with a BD burner and a stack of BD media.

You're left with a pretty insignificant number of potential pirates who have to leap through quite a few hoops just to play pirated games.

So someone gets a working solution to play pirated games on a software and hardware hacked PS3. Congrats. Really; congrats. It will have taken almost four years. The only benefit for the general public wlll be the inevitable Youtube videos displaying the achievement since it won't help all but a tiny niche of people who are very dedicated to playing pirated games.

SCE isn't concerned with this tiny niche of people that will go through more trouble than it's worth simply because they can.

They're concerned with general piracy among regular consumers who wouldn't have to do anything more than pay their local hardware hacker $50 to install a mod chip and supply them with $10 burned games.