Linked by Thom Holwerda on Wed 29th Dec 2010 22:38 UTC
Games The Playstation 3 has been cracked so hard even its momma felt the blow. "Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by breaking the PS3 loaders, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs."
Thread beginning with comment 455093
To read all comments associated with this story, please click here.
Comment by galvanash
by galvanash on Thu 30th Dec 2010 00:26 UTC
galvanash
Member since:
2006-01-25

Watched the whole presentation... Pretty impressive really, they managed to systematically dismantle virtually every layer of security. Sony appears to have screwed up quite a few of the deeper layers of security, choosing to rely almost solely on a few key mechanimsms apparently believing them to be impenetrable, but that ended up costing them...

Highly recommend watching all 3 parts of the presentation, they give a very thorough explanation of all the security layers and how each one was either defeated, proven ineffective, or worked around all the way to the point of them getting the signing keys.

Reply Score: 4

RE: Comment by galvanash
by yoshi314@gmail.com on Thu 30th Dec 2010 06:11 in reply to "Comment by galvanash"
yoshi314@gmail.com Member since:
2009-12-14

it's hard to believe that they would fail that badly.

i was watching in disbelief especially about that crypto part with constant "random" value.

i think that might put a big question mark over quality of many sony security technologies.

still i don't think it would all be possible without being to run linux on the device in the first place. it might take a few more months/years if it weren't for that - the outside layer of encryption seems very solid.

it's the inside design that really sucks.

Reply Parent Score: 2

RE[2]: Comment by galvanash
by flanque on Thu 30th Dec 2010 13:36 in reply to "RE: Comment by galvanash"
flanque Member since:
2005-12-15

This really comes back to something very simple. Security is only as strong as its weakest link.

Reply Parent Score: 2

RE[2]: Comment by galvanash
by somebody on Thu 30th Dec 2010 23:16 in reply to "RE: Comment by galvanash"
somebody Member since:
2005-07-07

it's hard to believe that they would fail that badly.

i was watching in disbelief especially about that crypto part with constant "random" value.


i kinda feel that one was forgotten dev error. most coders do constant for random when developing. takes one variable out and makes it easier to create working thing.

then again correct approach to this would be something like this

#if DEBUG
return(4);
#else
return(Random);
#endif

Reply Parent Score: 2