GeoHot Sounds Off on Sony's PSN Debacle

John Funk

U.N. Owen Was Him?
Dec 20, 2005
20,364
0
0
GeoHot Sounds Off on Sony's PSN Debacle

Fresh out of a fierce legal battle with Sony, noted hacker George "GeoHot" Hotz has some words to say on the hardware giant's PS3 woes.

Though it may seem longer, it hasn't even been a month since George Hotz and Sony posted them on his blog [http://www.escapistmagazine.com/news/view/109150-GeoHot-and-Sony-Settle-PS3-Jailbreak-Case].

At the outset, Hotz emphatically denied any involvement with the PSN hack. "I'm not crazy, and would prefer to not have the FBI knocking on my door," he said, adding that he saw a clear distinction between hacking a device you owned and paid for and hacking someone else's database to steal the personal information of millions. "And, as a onetime victim of identity theft, I feel for everyone who's data has been stolen."

Nor does he fault the Sony engineers who designed the PS3 infrastructure, "the same way I do not fault the engineers who designed the BMG rootkit." Rather, said Hotz, the blame should be directed at the top, at Sony's executives who decided that the hacker community was their enemy, and who "laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts."

The meat of Hotz' post, however, is a giant discussion of how he feels Sony's arrogance and belief that it owns PS3s it sells to consumers is at the core of this attack. It is quoted in full below:

[blockquote]Now until more information is revealed on the technicals, I can only speculate, but I bet Sony's arrogance and misunderstanding of ownership put them in this position. Sony execs probably haughtily chuckled at the idea of threat modeling. Traditionally the trust boundary for a web service exists between the server and the client. But Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client(can't trust those pesky consumers), everything is good. Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server?

This arrogance undermines a basic security principle, never trust the client. It's the same reason MW2 was covered in cheaters, EA [sic - should be Activision?] even admitted to the mistake of trusting Sony's client. Sony needs to accept that they no longer own and control the PS3 when they sell it to you. Notice it's only PSN that gave away all your personal data, not Xbox Live when the 360 was hacked, not iTunes when the iPhone was jailbroken, and not GMail when Android was rooted. Because other companies aren't crazy.[/blockquote]

Hotz finished his post with a message to whoever it was that cracked into Sony's system. While he acknowledged that the perpetrator was "clearly talented" and would either have "plenty of money (or a jail sentence and bankruptcy)" coming his or her way in the future, the hacker had forgotten Wheaton's Law [http://twitter.com/#!/wilw/status/5966220832]: "Don't be a dick" by selling personal information.

That said, Hotz admitted that he would love to see a write-up of how the hacker breached the system. "[Lord] knows we'll never get that from Sony, noobs probably had the password set to '4' or something."

(GeoHotgotsued [http://geohotgotsued.blogspot.com/2011/04/recent-news.html])

Permalink
 

Bags159

New member
Mar 11, 2011
1,250
0
0
Sony doesn't need to accept anything. It's their console, their rules. If they put in the TOS that they still technically own it and you sign it then it's theirs, unfortunately. I'm all for fighting little crusades but leave the people you're trying to "help" out of it. (to whomever is behind this)

Also, this geohotz guy is a little *****. Yes, Sony totally intentionally gave away all of your person information. Who does he think he is?
 

Awexsome

Were it so easy
Mar 25, 2009
1,549
0
0
It's like the gun store owner who sold the gun to a serial killer with no background check is laughing at the police for not stopping a crime with that gun.
 

Pearwood

New member
Mar 24, 2010
1,929
0
0
It's amazing how these people are all former victims of something themselves isn't it?
 
Apr 28, 2008
14,634
0
0
Their password was "1, 2, 3, 4, 5".

Which, funnily enough, is the same password for my luggage.
 

Sabinfrost

New member
Mar 2, 2011
174
0
0
Sony made a mistake, the sooner they own up to it and look at what went wrong, the sooner they can win back the trust of their customers. Denying it and adopting an arrogant disposition of it wasn't us, it was them is not going to win them many favours. Though the hacker is certainly to blame, how many threads on forums are raging at them, and how many at Sony....
 

Braedan

New member
Sep 14, 2010
697
0
0
I'm actually wondering here, did they use hacked PS3's to steal the info (might have missed that post.)? If not, I'm not sure why Geohot's input is relevant.
 

Awexsome

Were it so easy
Mar 25, 2009
1,549
0
0
Braedan said:
I'm actually wondering here, did they use hacked PS3's to steal the info (might have missed that post.)? If not, I'm not sure why Geohot's input is relevant.
Well think of it this way.

The PSN has had no major problems for years. This code comes out for modding and hacking the PS3 and this happens.

The guy is at least partially responsible if not the entire reason why this could've happened through Sony's security.
 

Veloxe

New member
Oct 5, 2010
491
0
0
Braedan said:
I'm actually wondering here, did they use hacked PS3's to steal the info (might have missed that post.)? If not, I'm not sure why Geohot's input is relevant.
It isn't. Just someone who doesn't want to let their 15 minutes end and is desperately attempting to remain relevant.
 

robert022614

meeeoooow
Dec 1, 2009
369
0
0
Irridium said:
Their password was "1, 2, 3, 4, 5".

Which, funnily enough, is the same password for my luggage.

wow I cant remember the last time I have seen a Spaceballz reference. Good one.

OT: I do not believe Sony owns my hardware however I do very much believe they own their network and has a right to keep that secure. I dont care if you mod your crap just keep it offline.
 

Woodsey

New member
Aug 9, 2009
14,553
0
0
Considering this has all happened so quickly, you can't help but link them all.

Even if he didn't do it, its his behaviour that has quite possibly led to this whole thing by someone else acting on his behalf in retaliation to Sony.

I'm tired of these fuck-faces and their stupid little crusades against companies just because they're big, and I'm even more tired of the people that voice their support for them.

And that smug little prick's face is even more unbearable than Kotick's grin.
 

Braedan

New member
Sep 14, 2010
697
0
0
Awexsome said:
Braedan said:
I'm actually wondering here, did they use hacked PS3's to steal the info (might have missed that post.)? If not, I'm not sure why Geohot's input is relevant.
Well think of it this way.

The PSN has had no major problems for years. This code comes out for modding and hacking the PS3 and this happens.

The guy is at least partially responsible if not the entire reason why this could've happened through Sony's security.
That's not true. Unless they used hacked PS3's with his code, or it's (as some are saying, others are denying) Anon getting back at Sony, then he is in no way shape or form responsible for anything that has happened to PSN. People just seem to keep blaming him. He should have been forgotten by now.
 

emeraldrafael

New member
Jul 17, 2010
8,589
0
0
I'm hoping he gets hit by a bus.

What? This guy has absolutely no reason to speak on this, and is only doing so because he knows Sony cant do anything about it. I seriously hope he gets hit by a bus and the 360 gets broken into too, just so that we can see the fallout from 360 users.
 

EmmerikXXII

New member
Nov 11, 2009
62
0
0
I can't remember the last time Sony did something benevolent for it's customers, yet all I see is praise and defensiveness on their behalf. What gives?
 

Richard Allen

New member
Mar 16, 2010
175
0
0
Awexsome said:
Braedan said:
I'm actually wondering here, did they use hacked PS3's to steal the info (might have missed that post.)? If not, I'm not sure why Geohot's input is relevant.
Well think of it this way.

The PSN has had no major problems for years. This code comes out for modding and hacking the PS3 and this happens.

The guy is at least partially responsible if not the entire reason why this could've happened through Sony's security.
Not really unless your willing to say that the maker of the tcp protocol is partially responsible for illegal downloading or that that car manufacturers are responsible for deaths while driving recklessly....

All things can be used illegally, and it's up to the end user whether you use it in that way or not.
 

dalek sec

Leader of the Cult of Skaro
Jul 20, 2008
10,237
0
0
Woodsey said:
Considering this has all happened so quickly, you can't help but link them all.

Even if he didn't do it, its his behaviour that has quite possibly led to this whole thing by someone else acting on his behalf in retaliation to Sony.

I'm tired of these fuck-faces and their stupid little crusades against companies just because they're big, and I'm even more tired of the people that voice their support for them.
Thank you! I am so sick of this "Stick it to the Man!" and "Burn it all down!" crap and crusades to fight against companies. You don't like it? Go buy another console and shut up about it, we're trying to have gaming treated seriously and these little whiners and crusades do not help at all...