GeoHot Sounds Off on Sony's PSN Debacle

 Pages 1 2 3 4 5 6 NEXT
 

GeoHot Sounds Off on Sony's PSN Debacle

image

Fresh out of a fierce legal battle with Sony, noted hacker George "GeoHot" Hotz has some words to say on the hardware giant's PS3 woes.

Though it may seem longer, it hasn't even been a month since George Hotz and Sony settled out of court in the PS3 jailbreak case. Given his less-than-pleasant history with the PS3 maker, Hotz had some thoughts on the PSN outage and breech, and posted them on his blog.

At the outset, Hotz emphatically denied any involvement with the PSN hack. "I'm not crazy, and would prefer to not have the FBI knocking on my door," he said, adding that he saw a clear distinction between hacking a device you owned and paid for and hacking someone else's database to steal the personal information of millions. "And, as a onetime victim of identity theft, I feel for everyone who's data has been stolen."

Nor does he fault the Sony engineers who designed the PS3 infrastructure, "the same way I do not fault the engineers who designed the BMG rootkit." Rather, said Hotz, the blame should be directed at the top, at Sony's executives who decided that the hacker community was their enemy, and who "laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts."

The meat of Hotz' post, however, is a giant discussion of how he feels Sony's arrogance and belief that it owns PS3s it sells to consumers is at the core of this attack. It is quoted in full below:

Now until more information is revealed on the technicals, I can only speculate, but I bet Sony's arrogance and misunderstanding of ownership put them in this position. Sony execs probably haughtily chuckled at the idea of threat modeling. Traditionally the trust boundary for a web service exists between the server and the client. But Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client(can't trust those pesky consumers), everything is good. Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server?

This arrogance undermines a basic security principle, never trust the client. It's the same reason MW2 was covered in cheaters, EA [sic - should be Activision?] even admitted to the mistake of trusting Sony's client. Sony needs to accept that they no longer own and control the PS3 when they sell it to you. Notice it's only PSN that gave away all your personal data, not Xbox Live when the 360 was hacked, not iTunes when the iPhone was jailbroken, and not GMail when Android was rooted. Because other companies aren't crazy.

Hotz finished his post with a message to whoever it was that cracked into Sony's system. While he acknowledged that the perpetrator was "clearly talented" and would either have "plenty of money (or a jail sentence and bankruptcy)" coming his or her way in the future, the hacker had forgotten Wheaton's Law: "Don't be a dick" by selling personal information.

That said, Hotz admitted that he would love to see a write-up of how the hacker breached the system. "[Lord] knows we'll never get that from Sony, noobs probably had the password set to '4' or something."

(GeoHotgotsued)

Permalink

Sony doesn't need to accept anything. It's their console, their rules. If they put in the TOS that they still technically own it and you sign it then it's theirs, unfortunately. I'm all for fighting little crusades but leave the people you're trying to "help" out of it. (to whomever is behind this)

Also, this geohotz guy is a little bitch. Yes, Sony totally intentionally gave away all of your person information. Who does he think he is?

It's like the gun store owner who sold the gun to a serial killer with no background check is laughing at the police for not stopping a crime with that gun.

Look at how shoddily he's dressed that room.
No sense of taste at all.

It's amazing how these people are all former victims of something themselves isn't it?

Their password was "1, 2, 3, 4, 5".

Which, funnily enough, is the same password for my luggage.

Sony made a mistake, the sooner they own up to it and look at what went wrong, the sooner they can win back the trust of their customers. Denying it and adopting an arrogant disposition of it wasn't us, it was them is not going to win them many favours. Though the hacker is certainly to blame, how many threads on forums are raging at them, and how many at Sony....

I'm actually wondering here, did they use hacked PS3's to steal the info (might have missed that post.)? If not, I'm not sure why Geohot's input is relevant.

LET THE FLAMES ENSUE!

Personally I think pretty much everything he said is right.

Even if I'm sure more or less everyone on this site will completely disagree with me.

Braedan:
I'm actually wondering here, did they use hacked PS3's to steal the info (might have missed that post.)? If not, I'm not sure why Geohot's input is relevant.

Well think of it this way.

The PSN has had no major problems for years. This code comes out for modding and hacking the PS3 and this happens.

The guy is at least partially responsible if not the entire reason why this could've happened through Sony's security.

Braedan:
I'm actually wondering here, did they use hacked PS3's to steal the info (might have missed that post.)? If not, I'm not sure why Geohot's input is relevant.

It isn't. Just someone who doesn't want to let their 15 minutes end and is desperately attempting to remain relevant.

Irridium:
Their password was "1, 2, 3, 4, 5".

Which, funnily enough, is the same password for my luggage.

wow I cant remember the last time I have seen a Spaceballz reference. Good one.

OT: I do not believe Sony owns my hardware however I do very much believe they own their network and has a right to keep that secure. I dont care if you mod your crap just keep it offline.

Awexsome:
It's like the gun store owner who sold the gun to a serial killer with no background check is laughing at the police for not stopping a crime with that gun.

Hotz hacked the PS3 not PSN.

Irridium:
Their password was "1, 2, 3, 4, 5".

Which, funnily enough, is the same password for my luggage.

damn you time-space continuum ninjas! I WILL GET YOU ONE DAY!

OT: Got nothing else really, Sony should of realized how much their customers information was and protected it better.

Considering this has all happened so quickly, you can't help but link them all.

Even if he didn't do it, its his behaviour that has quite possibly led to this whole thing by someone else acting on his behalf in retaliation to Sony.

I'm tired of these fuck-faces and their stupid little crusades against companies just because they're big, and I'm even more tired of the people that voice their support for them.

And that smug little prick's face is even more unbearable than Kotick's grin.

Awexsome:

Braedan:
I'm actually wondering here, did they use hacked PS3's to steal the info (might have missed that post.)? If not, I'm not sure why Geohot's input is relevant.

Well think of it this way.

The PSN has had no major problems for years. This code comes out for modding and hacking the PS3 and this happens.

The guy is at least partially responsible if not the entire reason why this could've happened through Sony's security.

That's not true. Unless they used hacked PS3's with his code, or it's (as some are saying, others are denying) Anon getting back at Sony, then he is in no way shape or form responsible for anything that has happened to PSN. People just seem to keep blaming him. He should have been forgotten by now.

I'm hoping he gets hit by a bus.

What? This guy has absolutely no reason to speak on this, and is only doing so because he knows Sony cant do anything about it. I seriously hope he gets hit by a bus and the 360 gets broken into too, just so that we can see the fallout from 360 users.

I can't remember the last time Sony did something benevolent for it's customers, yet all I see is praise and defensiveness on their behalf. What gives?

Awexsome:

Braedan:
I'm actually wondering here, did they use hacked PS3's to steal the info (might have missed that post.)? If not, I'm not sure why Geohot's input is relevant.

Well think of it this way.

The PSN has had no major problems for years. This code comes out for modding and hacking the PS3 and this happens.

The guy is at least partially responsible if not the entire reason why this could've happened through Sony's security.

Not really unless your willing to say that the maker of the tcp protocol is partially responsible for illegal downloading or that that car manufacturers are responsible for deaths while driving recklessly....

All things can be used illegally, and it's up to the end user whether you use it in that way or not.

Woodsey:
Considering this has all happened so quickly, you can't help but link them all.

Even if he didn't do it, its his behaviour that has quite possibly led to this whole thing by someone else acting on his behalf in retaliation to Sony.

I'm tired of these fuck-faces and their stupid little crusades against companies just because they're big, and I'm even more tired of the people that voice their support for them.

Thank you! I am so sick of this "Stick it to the Man!" and "Burn it all down!" crap and crusades to fight against companies. You don't like it? Go buy another console and shut up about it, we're trying to have gaming treated seriously and these little whiners and crusades do not help at all...

EmmerikXXII:
I can't remember the last time Sony did something benevolent for it's customers, yet all I see is praise and defensiveness on their behalf. What gives?

So what, companies have to do stuff out of the kindness of their heart on a regular basis so as to not have their product fucked with and their data stolen?

Bags159:
Sony doesn't need to accept anything. It's their console, their rules. If they put in the TOS that they still technically own it and you sign it then it's theirs, unfortunately. I'm all for fighting little crusades but leave the people you're trying to "help" out of it. (to whomever is behind this)

Also, this geohotz guy is a little bitch. Yes, Sony totally intentionally gave away all of your person information. Who does he think he is?

They also put in their Terms of Service that they are not liable for any consumer data loss. Meaning if PSN gets hacked, and your data gets stolen, they are not responsible for your data being stolen.

Which goes against laws in some nations, which require companies holding private information of its customers to keep it safe and secure.

So either Sony's EULA has more heft than national law, or its full of bullshit.

Just because you put something in writing, does not make it legal.

Awexsome:

Braedan:
I'm actually wondering here, did they use hacked PS3's to steal the info (might have missed that post.)? If not, I'm not sure why Geohot's input is relevant.

Well think of it this way.

The PSN has had no major problems for years. This code comes out for modding and hacking the PS3 and this happens.

The guy is at least partially responsible if not the entire reason why this could've happened through Sony's security.

Did you even read a damn thing in this article? Hotz said he had no idea how it would be possible to go about hacking the PSN. A local client hack and a database server hack couldn't be any more different. Even if the root key did make it easy for these hackers to do this job, that's again Sony's fault for believing that they were completely safe client-side. You always, always set up multiple layers of security. Especially when it's millions of peoples' personal and credit card information you're dealing with. It's like assigning one guy with a BB gun to guard fort Knox.

Sony's negligence was ultimately to blame here.

dalek sec:

Woodsey:
Considering this has all happened so quickly, you can't help but link them all.

Even if he didn't do it, its his behaviour that has quite possibly led to this whole thing by someone else acting on his behalf in retaliation to Sony.

I'm tired of these fuck-faces and their stupid little crusades against companies just because they're big, and I'm even more tired of the people that voice their support for them.

Thank you! I am so sick of this "Stick it to the Man!" and "Burn it all down!" crap and crusades to fight against companies. You don't like it? Go buy another console and shut up about it, we're trying to have gaming treated seriously and these little whiners and crusades do not help at all...

Except that we've already paid for our console, how is going and buying another going to get back what we paid for. Screw Sony, they brought this on themselfs by making them a target. It sucks that the customers have to pay the price though, and sony will pay the price of that when the ps4 comes around...dreamcast you say?

Please Hotz,

can't you just fuck off for like one or two weeks. I was just starting to enjoy the Escapist again now that not every page had links to news about you and your little crusade on it.

Every time I see a picture of Geohotz I want to kick a baby.

Irridium:
Their password was "1, 2, 3, 4, 5".

Which, funnily enough, is the same password for my luggage.

Change it now, before someone steals your pants!

Irridium:
Their password was "1, 2, 3, 4, 5".

Which, funnily enough, is the same password for my luggage.

You probably already know this, but: http://xkcd.com/221/
(Yes, I was pleased to see a reference to one of the good, old xkcd cartoons.)

OT: He's right about them being foolish to trust the client. That's what led to Blizzard deploying Warden for World of Warcraft, too.

LiquidGrape:
Look at how shoddily he's dressed that room.
No sense of taste at all.

I don't know. I prefer very little clutter in my room.

OT: A month has done very little to diminish my hatred for Geohotz.

kortin:
Every time I see a picture of Geohotz I want to kick a baby.

Quite.

Straying Bullet:

Awexsome:

Braedan:
I'm actually wondering here, did they use hacked PS3's to steal the info (might have missed that post.)? If not, I'm not sure why Geohot's input is relevant.

Well think of it this way.

The PSN has had no major problems for years. This code comes out for modding and hacking the PS3 and this happens.

The guy is at least partially responsible if not the entire reason why this could've happened through Sony's security.

See my previous post for your quotation for your horrible logic and reasoning.

O.k... so we've had no natural disasters for a while, this guy gets elected, same day, bang hurricane.

Honestly, logic like that can be dangerous, get it checked.

William Thompson:
If you flip you PS3 upside down and read the bottom it states that no one is allowed to mess with the software on the system unless they have permission. That fag needs to go and learn how to read. And I DON'T GIVE NO FUCK ABOUT MY GRAMMAR OR SPELLING SO FUCK OFF!!!!!!

and the law says that you have every right to mess with the software inside, publishing that info on the other hand is a bit more murky, but clearly by the tone of your post your a reasonable person who understands that right? I always love to see 1)People just resort to name calling because they have no argument 2)Place blame on "celebs" who are related to the situation but have no actual involvement in whats happening now. OH btw caps lock is cruise control for cool, use em' more, people will take you more seriously.

As much as he's ragging on Sony's web defense, this is probably the least arrogant tone to his words. Thank god he didn't see the need to post in rap form again.

 Pages 1 2 3 4 5 6 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here