http://www.eurogamer.net/articles/digit ... in-tatters

http://www.geohot.com/

http://www.reddit.com/r/programming/com ... key_found/

One random seed. *facepalm*
This is worse than our SpA security. :-P

Their very thorough and friendly presentation - these guys are quite awesome. ^^

_________________
War does not determine who is right - only who is left. - Bertrand Russell

It has always been worth getting a PS3 Lim!
Anyways, I can't be bothered to watch all these videos.
All I can say is, even if it has been hacked I can't be arsed to download those huge gamefiles from the net.
Plus the latest games Sony releases always make you require the latest firmware, so you can't play that game.
Shure it's just a matter of time until that is fixed, but who knows how long those steps take.
I don't even know if GT5 is playable on a modded system at the moment...
Most importantly, you won't be able to play online which is huge.
I for my part will continue buying games, because the games for the PS3 are awesome and deserve to be supported.

I might watch those videos later though, because they are probably very interesting and informative.

_________________
Ze Ãœbermensch

Dude - you don't get it. You really should watch the videos.

You WILL be able to play online - the discovered private key makes it possible to re-sign games as if they came straight from Sony. It CAN'T be fixed - not with a firmware update, not ever, not unless you want to make all previously released and signed games of the past 4 years unplayable - they could make a whitelist for all titles ever released up until then but hackers could just release their own whitelist to override it on an unpatched console. Whatever Sony tries to do with PS3 security now hackers can circumvent by simply overriding Sony's efforts by... posing as Sony and putting in their own stuff.
EVERYBODY in the world can sign things as Sony now and the results would be indistinguishable to the console. Sony's PRIVATE KEY was discovered. Private keys are the most preciously guarded possession wherever such signing is involved - most of the world's digital security relies on the fact that private keys are, well, kept private. ;-)

This isn't some kind of "hack" as for the Wii or XBox360 - it's the possibility to replicate the exact procedure Sony uses to sign their products. It's like giving a person a root/administrator account on your computer with NO possibility of changing the password - in fact it's EXACTLY the same.
The PS3 has hereby become the LEAST secure console of the trio. I'm not making stuff up here - it's a fact.

P.S. So, you wouldn't download 8 GB or so and instead opt for paying $60-$80? Which takes like half an hour or less on a decent connection? Moral issues aside - saying "I can't be arsed" is just stupid - give the $60 to charity instead if it's only a matter of you being lazy. ;-)

_________________
War does not determine who is right - only who is left. - Bertrand Russell

Oh yay endorse thiefery Lim!

I love my PS3 and I would never ever hack (or whatever you may call it) it. The only thing I would do is put it into a silent HTPC case. If 60 Dollar/Euro/Whatever are too pricey for you rent or lend a game, buy it for cheap in the UK, buy it second hand locally or dont fucking game it at all. Jesus.

Yes most games are too pricey and many games are crap. Just boycott them. Stealing someones work isn't the smartest move.

_________________

Alright, thanks for summing up the whole thing.
Guess I should have watched the videos first.
So I guess this is pretty huge then, we'll see how this will work out in future.
I just know I won't do any of this stuff, but I'm curious how it works, so I'll definitely check the videos later.

_________________
Ze Ãœbermensch

You don't need to hack anything - that's the best part. No one would even ever be able to tell your game isn't original. The thing that was "broken" isn't on the end-user's side.
All pirate groups in the world are re-signing their releases with the now public private key. Download, run. All it takes - your BluRay will be the same as if it came straight from a Sony endorsed factory. ;-)

Thievery aside - this isn't an issue of piracy, this is a HUGE security breach in Sony's system and actually one of the biggest security fuck-ups I can think of - it's a sign of someone's total idiocy. Using the SAME "random" number over and over again? This is just lulzy.

It's not about people being able to run pirated games - it's about EVERYBODY IN THE WORLD now being able to pretend to be Sony for PS3's purposes.

This is why, if you check Google news, every friggin' news outlet in the world is running the story at the moment while nobody would care if a hacker had released some new exploit or hacked firmware or whatever. This is huge, the BIGGEST failure in console security in history - not kidding.

Public/Private key pairs are used for all sorts of things - for signing bank transactions for example - if a bank's private key was leaked everybody could make transactions posing as the given bank. They are used for digital signatures. If someone's private key was leaked another person could sign documents as the first one.
The issue here being - in most other cases a new key pair would be generated and used henceforth - in the case of the PS3 no such thing can be done without fucking up all games ever released - any other solution will be pointless.
You don't need to do Jack shit with your PS3 - that's the funniest part.
No, why? You can now download any game you ever want and treat is as the demo - you like it, you buy it. Previously you had to rely on true demos. Actually this is pretty much the procedure I use for PC games - if something is worth paying for I pay for it.
Still, you don't get the SCOPE of the issue here. It's not about kiddies pirating games or hacking a console - it's about a company LOSING THEIR PRIVATE KEY without the possibility to generate a new key pair. If you ever had anything to do with cryptography at all you will realize what that means. ;-)
You can friggin' take a picture of your naked ass, sign it with this key and claim it was Sony and nobody would be any wiser. :-D

_________________
War does not determine who is right - only who is left. - Bertrand Russell

wow. i read through that reddit article, and it sounds like they're well and truly fucked. they can't change anything without the master key, and because it appears to be hardcoded they can't change the master key itsself. anyone in posession of said unchangeable key is gonna look indistinguishable from a legit customer, regardless of whatever new fancy security stuff they put in; any fancy security stuff still answers to the master key... so because anyone and everyone has the master key, if they can't change that, then the ps3 if boned for good.

this is actually some pretty big shit here... i'll watch those videos now, i guess

_________________
ュ~ちゃんgamer.jp Pinky: true genius
ュ~ちゃんgamer.jp Pinky: doesn't make sense
ュ~ちゃんgamer.jp Pinky: till you're senseless

Random question for people with knowledge on this stuff. Wouldn't it be better to use some sort of SSL certificates which can get re-issued in case security got breached? Or am I saying stupid stuff now?

The thing that makes me laugh about the entire thing is that this has all come from one feature being removed.

_________________

hilarious

_________________
a bird in a bird in a bird in a bird in a bird in a pig

Don't dare taking away Linux from Linux nerds - they will fuck you up. ;-)

The thing is so easy and so retarded that it's a miracle it went unnoticed for 4 years.

All hacks and mods and whatnot that were ever devised always concentrated on exploiting some bug or hardware feature to run UNSIGNED software on a console - since naturally nobody could SIGN illegal software using the top-secret private key, the brute-forcing of which is the sole reason people are developing quantum computers for. And yet some lazy ass programmer, most likely, didn't bother adding one tiny line to the key generation code that would make all the generated public keys use a random seed. ROFL. I guess there will be some seppuku in order for some guys over at Sony - or at least Karōshi. ;-)

It's like for years you've been trying to forge DaVinci's paintings to fool everybody and all of the sudden Sony came along and said, hey, why don't you take DaVinci instead? =)

_________________
War does not determine who is right - only who is left. - Bertrand Russell

It's probably the main reason that governments are funding it, but it's definitely not the sole reason to develop them

_________________
a bird in a bird in a bird in a bird in a bird in a pig

It was supposed to be purposeful overexaggeration to illustrate the scope of the problem. ;-)

_________________
War does not determine who is right - only who is left. - Bertrand Russell

Think I'll buy a PS3 now.

Don't forget your bandwidth im some games (E.G god of war 3) do use the ps3 disc storage so the file for them is around 32Gb.
also this took the "hacking community" a god dam long time considering so i guess sony did a good job on the security.

_________________
:)
:(
:l

as long as sony supported OtherOS nobody cared

Didn't watch the videos, did you?

_________________

"Read article or watch video ---> comment" - Timeline of most people.

_________________
a bird in a bird in a bird in a bird in a bird in a pig

Ssshh Mini, I also posted without watching the videos!
Anyways, I think this news hasn't reached the big masses yet?
It's not that big of a fuss...yet.
Maybe you're just exaggerating on the problem Lim!
No really, I'm shure Sony will figure something out. They'll probably modify the hardware for future consoles et voilà.
Of course the older system can't be saved but that will limit the damage I guess.

On another note, those "hacker" guys deserve better jobs that sitting in a basement all day trying to breach CONSOLES security systems. They clearly have the potential for more ffs, do something with your life!

_________________
Ze Ãœbermensch

Some people just want to watch the World burn, Migu.

They will probably get employed to make console security better, or they will refuse job offers and keep surviving on pot noodles.

_________________
a bird in a bird in a bird in a bird in a bird in a pig

i think you all watch too many movies

like, from the back of a Volkswagen?

_________________
-"You've really worked out your banter, haven't you?"
-"No, not really. This is a different thing, it's spontaneous and it's called wit."

That won't work. Like I said - you can't do anything about the problem unless you want to lose backwards compatibility. The moment you retain backwards compatibility all efforts become useless since the hackers can pose as "old Sony game" with the key using ANY code whatsoever.

_________________
War does not determine who is right - only who is left. - Bertrand Russell

I've read somewhere doublecoding could work...Anyways, I don't have much knowledge about this so I don't really know.
We'll see how this will work in the future. As far as I know Sony has not made a statement yet (they did not even make a statement with the recent jailbreak stuff if I remember correctly) and I haven't read that much about it on other sites. Let's wait & see!

_________________
Ze Ãœbermensch

Personally, I wouldn't go through the effort of downloading a 30gb game anyway and I don't like gamepads. So that means that even this won't move me towards getting a PS3 or any console (my trusty n64/xbox/gamecube/gameboy collection will do me fine, although I never play any of them).

_________________
a bird in a bird in a bird in a bird in a bird in a pig

I don't see any issues downloading 30GB on our 120Mbit lines

And a 1+ TB HDD to keep the games somewhere costs about the same as ONE PS3 game, just for reference. =)

_________________
War does not determine who is right - only who is left. - Bertrand Russell

divide that by 40

At uni we have nice speeds but then we have a 5gb limit per 24 hours ;[

_________________
a bird in a bird in a bird in a bird in a bird in a pig