wth? Are you guessing he didn't have many games or do you have something to go on? (But of course some people are ony ever going to see to see this issue in a way that is negative to Geohot)

well seeing as how his main goal with the ps3s was to break through their security to run homebrew and pirated games, you have to see where my doubts are... but i guess now you're going to say

"but he said he would never support piracy!"

maybe he did and maybe he really stood by his words but i'm not gullible enough to believe everything that a guy trying to cover his actions will say... he even lied already during the case with sony ( saying that he had no knowledge of psn even though it was tagged on his youtube video )

anyway beyond that as you said he bought 5 ps3s that would total over a $500 loss...

my only point here is that to say that he benefitted sony as a customer is bogus and sadly is one of the things his supporters turn to when trying to justify his actions without even taking all factors into account 

Wow... just wow. I'm going to have a hard time replying to your posts without getting banned for flaming. But here goes.

You entire argument is based on a "fact" that you made up on the spot to make him look bad. For all we know he owned 50 PS3 games. Your argument is crap, and you know it. Even better it's the kind of argument that makes you feel good because there is no way to disprove it. 

And he didn't support piracy... his firmware specifically blocked playing of backups. It wasn't till his was hacked that playing backups was granted. 

Your calculations for how much he cost Sony is laughable too... Since you don't have any idea what kind of PS3s he owned. I'm sure he owned at least one Slim to test stuff out on. Which Sony profitted on, no? 

@bolded: link? 

"You entire argument is based on"

your argument isn't much better from my perspective as its based on his words

"For all we know he owned 50 PS3 games"

and for all we know he owned zero... i never said that he definitely had no games just that for me it seems he bought his ps3s primarily to hack for other purposes i may be wrong but thats my take on it ( which is why i said "where my doubts are" )

"Since you don't have any idea what kind of PS3s he owned"

his first exploit was based on a vulnerability in other os meaning that the ps3s he worked on to achieve it had to be fats and beyond that most of his hacking work on the ps3 predates the slim

but yes i suppose he may have owned a slim or 2 or none 

"Which Sony profitted on, no?"

lol do you think the profit sony makes on a slim is comparable to a $100 loss?

"But not everyone is convinced by the fix. "I would be very surprised if this fix isn't hacked fairly quickly," says Theresa Verity, a cryptologic technician, in the US Navy's Information Dominance Corps, who goes by the hacking name of Squidly1. "For the fix to really stand it has to invalidate all previous keys and that would make all previous content unplayable," she says."

Your first article has convinced me further that my stance is indeed the right one. Why? Because I would take the words of a cryptography expert over the words of a company looking to re-instill confidence in the developer community that their platform is indeed safe again.

The question lies whether new software requires a new master key issue. However, that still doesn't make the PS3 100% secure again, since old software requires the use of the old key, which is still broken.

"Because I would take the words of a cryptography expert over the words of a company"

the expert himself says that the hack was fixed

"I would be very surprised if this fix isn't hacked fairly quickly"

regardless of whether he thinks it will be hacked quickly or not ( the fix was done months ago so obviously not quickly ) the fact remains that he acknowledges that it was fixed...

which goes against what you've said

"Dude, the exploit is still there"

The sarcophaegus fix that they're mentioning secures new games that wish t use it. The fact of the matter is:

1. In order for those games to remain payable on old hardware, the old key must be present on disc.

2. In order to ensure all software on the shelf using the old key is still playabale, the system must still accept the old METLDR key with full access priviliges. Not doing so would destroy backward compatibility with such titles.

All that Sony has done is create the illusion that they have fixed an unfixable problem, and I don't blame them. If they outright admitted that there was nothing they could do, investor confidence in the system would plummet. Oh and look at that, they managed to get in someone who appears to be nonconfident with his statement ("at first glance...").

Sorry, I always see Sony more as a propoaganda machine than being the people who rewrite centuries of cryptography techniques to say they fixed a problem that all credible cryptography experts agree is unfixable. Do you really think that Sony came from having one of the most insecure, online gaming networks in April to suddenly make something so groundbreaking that it would rewrite cryptography forever......only to put it in their gaming system? Think logically, please.

well to be honest i don't understand the hardware and i'm not going to try to pretend to but as you yourself said the person you quoted is an expert in these matters and once more here is what they said :

"I would be very surprised if this fix isn't hacked fairly quickly"

and beyond that there's also the fact that it was generally accepted in the hacking community that this fixed worked for consoles that had up to date firmware...

if the fix wasn't effective they would have called denied the reports of the fix but they didn't... 

"I always see Sony more as a propoaganda machine than being the people who rewrite centuries of cryptography techniques to say they fixed a problem that all credible cryptography experts agree is unfixable."

and here lies the other point you aren't seeing, it wasn't to my knowledge announced by sony that the hack was fixed... guess who announced it?...

ah i'll tell you... the hackers

so far you can't provide any statements from experts, hackers etc to confirm what you're saying ( all you're doing is forming conclusions from your own knowledge on the issue and your understanding of the console ) and unless you're an expert on the ps3s design i'm more inclined to go with what the people who actually are, are saying

"ony appeared to agree, describing the damage caused by the hack as "irreparable" - a major argument in a lawsuit they filed against Hotz. Last week, Sony was granted permission by a court in California to access the visitor logs for Hotz's website, suggesting that its legal battle will not stop with Hotz himself.

But according to Alaoui, the new firmware, version 3.6 released earlier this week, appears to have patched the damage. "For now, it looks to me (at first glance) that the PS3 has been resecured, but it doesn't mean it can't be broken again from scratch," he said in a tweet.

 It is not entirely clear how Sony fixed the hack. PS3's security is based on layers of encryption, with one layer unlocking access to the next. Hotz's hack was so devastating because he was able to access the metldr root key which undermines this chain of trust by unlocking all layers. Sony's solution appears to side step this by simply not using metldr at all, opting instead for an entirely new security system. This too could eventually be hacked but it would involve starting from scratch, says Alaoui."

"Along with cloud saving for PSN Plus users, Sony has added some security goodies to 3.60. The first one being bypassing metldr for good. Metldr keys are now useless. Sony is now storing all the loaders necessary to run games and everything else inside of lv0. Lv0 now loads lv1ldr,lv2ldr, etc. Since lv0 has always been decrypted by the bootloader inside of the PS3 (not metldr), we cannot decrypt lv0. In order words, all keys are now useless. No more decrypting newer games or loaders. "

"As for those glaring security holes? Noted PS3 hacker Youness Alaoui (aka KaKaRoToKS) posits, "For now, it looks to me (at first glance) that the PS3 has been re-secured, but it doesn't mean it can't be broken again from scratch." DigitalFoundry explains that while Geohot's reveal of the "mtldr" key irrevocably broke the PS3's "chain of trust," Sony's solution effortlessly sidesteps this seemingly insurmountable breach: "According to Alaoui's quick analysis, Sony simply doesn't use mtldr any more, opting for a new security system that could possibly require a completely new exploit to be uncovered.""

People are getting seriously bogged down in moralistic arguments based on expectations they had about Sony's online service, while conveniently ignoring reality. I doubt very much what Sony did equates to creating a good PR image but they were entirely legally and morally justified to do it. The simple truth remains that when each customer signed the PSN EULA they agreed that Sony could change the terms of that usage at any time, for virtually any reason. If I buy a product and knowingly sign an agreement that allows the product's manufacturer to change the terms of its usage I have absolutely no basis, legal, moral, or otherwise to oppose those changes when they happen. For God sake, I knowingly signed an agreement that said they could make those changes.

The other OS "scandal" was just a bit of internet bluster caused by about three nerds. Everybody else clicked "I agree" and got on with enjoying their games. The level of actual caring about this issue by PS3 owners is perfectly synopsized in this photograph: http://i56.tinypic.com/2w5rmuo.jpg. Mountain out of molehill methinks.

Oh it was all written on the internet, so it must be true, right? Let's use a little logic here to explain WHY this "fix" is nothing more than another small step:

1. We cannot assume that all PS3s are updating from the internet. As like both companies, any game that requires updated firmware is transported on disc. Now, the key can be stored in two places. The first is in protected memory, where only the OS can access. The second is a type of segregated memory only accessible by hardware (not on the main bus, therefore non-accessible memory).

In case 1 (protected memory), Sony may look to rewrite the key  (or the process) in order to allow new software to run on old consoles. This is done by a rudimentary write process that is either NOT encrypted, or encrypted by a previous key (the one that is already broken), you cannot use a key's encryption to write itself, surely you can agree with that.

In case 2 (non-accessible memory), only the hardware has access to the key, and as such it's not able to be changed. Therefore, all current hardware is indeed permanently cracked. However, new hardware isn't, but ust at least acknowledge the old hardware's key in order to maintain a backward compatibility with old games with FULL hardware privileges (you cannot box the old game into a virtual machine. Not only do you run the risk of having the VM in memory that the game uses, you're also placing a load on the system that otherwise wouldn't have been there).

There's a rule to encrypted communication, and that is that someone who controls the hardware and doesn't want security doesn't have to have it. This is why client-side security will always ultimately fail.

I am more than willing to guess that Sony did not make major hardware architectural changes to the system between old and new hardware, so I'm willing to bet that the location of the new key is around the same (if not THE same) memory location. What Sony has done is cover a broken window with a sheet of paper, hoping that will tide over until the storm moves on (ie next generation comes).