GeoHot Sounds Off on Sony's PSN Debacle

[Owyn_Merrilin]

If you flip you PS3 upside down and read the bottom it states that no one is allowed to mess with the software on the system unless they have permission. That fag needs to go and learn how to read. And I DON'T GIVE NO FUCK ABOUT MY GRAMMAR OR SPELLING SO FUCK OFF!!!!!!

the reason geo was a big deal is because that is of dubious legality... several countries has already taken sony to task on that and forced them to allow console modding, because it is the property of the buyer once he receives it, not the maker

To add to this, that particular clause actually translates as "if you take this system in for repairs anywhere other than a business licensed by Sony to do the repairs, your warranty is no longer valid, mainly because we don't want to pay for damage done by some idiot completely disconnected from us." It has nothing to do with modifying the console, which is almost impossible on the hardware end, aside from the occasional case mod.

 

[Imperioratorex Caprae]

Seriously, this guy loves to rag on a company he folded to without even much of a fight. Andy Warhol's zombie has now risen and is demanding payment for your 15 minutes of fame. Your brains.
One day, when you're in the internet-millionare's oldfolks home with the Chocolate Rain and NumaNuma guy, you'll look back on this and go "I wasted my life".

 

[Reed Spacer]

If I were Geohotz, I'd have pointed and laughed until I collapsed from lack of oxygen.

I laughed anyway, but if I were him, I'd have laughed even harder.

 

[Shamanic Rhythm]

It's kind of a shame that this may be the most intelligent and insightful comment he's ever made about Sony and their policies since the whole PS3 debacle began, and yet no one on this forum is apparently prepared to listen because he's been written off as a 'douchebag'.

 

[Labcoat Samurai]

Let's change the situation a hair, shall we? Let's say my money is stolen from the bank because an extremely clever individual circumnavigated all of their security systems, broke into the vault with some sophisticated machinery, and made off with my money. Precision, timing, the works. It's a lot harder for me to be furious with the bank at that point because they tried to protect my money. They really did. Somebody else just...found a way through all of their efforts. They say "there's always someone better." Sadly, that person is out to get you sometimes.

Yup. If Sony had very good or, at the least, industry standard security, I would not feel it appropriate to fault them for this.

I can't help but feel that this is a more likely analogy for what happened with Sony which is why I find it difficult to lay all of the blame at their feet.

Maybe.... There is reason to believe from their statement that they may not have stored their passwords as hashes, which is a bonehead move. Also, as Geohot said--and yes, this is speculation--their assumption that the PS3 hardware was a secure platform may very well have led them to not implement adequate client/server security, instead relying upon the PS3 system itself to prevent intrusion. Another article I read discussed a rumor (yes, just a rumor) that hackers had managed to spoof developer consoles, and PSN trusted the hacked PS3s that they were indeed developer consoles, giving them special privileges.

Much of this is hearsay, admittedly, but as Hotz pointed out, when all of those other hardware platforms (Xbox, iPhone, etc.) were hacked, what you did not see was a theft of user personal information. So while I will not say with confidence that my analogy was the correct one, I personally tend to find it more likely given the evidence I've seen so far.

There have been lawsuits brought against them already, alleging that they did not do enough to protect user data, so perhaps they will be forced to disclose their security practices as part of that lawsuit and we won't *have* to speculate anymore.

I think people are blaming Sony as pointedly as their because Sony has a name and face to point the finger at. Do you suppose the sentiment would change if they suddenly put forward the name of the culprit for all of us to see?

Culprit should go to jail. Absolutely. Sony should possibly be financially liable for some of this, but they committed no crime, and there is a difference in my mind, without a doubt.

Well, here's hoping we get to see the answer to that one firsthand. =)

I'll drink to that. Literally. I'm sitting here with a martini.

There, just drank to that

 

[Braedan]

I'm actually wondering here, did they use hacked PS3's to steal the info (might have missed that post.)? If not, I'm not sure why Geohot's input is relevant.

I seriously doubt that this debacle would've happened if Sony hadn't painted a big bullseye on their arses and stood around shouting "All hackers are fags lol!".

Look at the iPhone. Apple repeatedly breaks the ability to jailbreak the thing with every major update. I think the record is 12 hours to get a working jailbreak after a "security update". But Apple aren't really being dicks about it, so the jailbreakers are treating it like a cat/mouse game.

But Sony ARE being dicks about it by bringing out the lawyers, so the hackers are treating it like war.

I'm not saying the hackers are in the right. But this was an easily mitigateable circumstance.

Agreed, Sony might have focused a little attention at themselves with statements like that, but I'm guessing any tech company pressed for a comment would probably say "hackers are fags lol!" as well.
From my understanding Apple tried (and failed) to do the same thing with geohot that Sony did, so I'm not sure why there was so much attention paid to this, and not the Iphone case.

 

[Assassin Xaero]

Notice it's only PSN that gave away all your personal data

Can I punch him for saying that? PSN didn't give shit away, it was stolen. If I go rob a bank and take all their money, they didn't give it to me, I took it.

 

[nYuknYuknYuk]

I have to agree with Geohot's perspective on this. This appears to be entirely Sony's fault, they had this coming from the looks of it.

It would be like someone living in a gang area, saying "Fuck all gang members", then having their house burned down. It's still the gang's fault. And in Sony's case, they did nothing wrong. Hackers ARE shit. This whole fiasco is just another example.

 

[MrSnugglesworth]

I'm actually wondering here, did they use hacked PS3's to steal the info (might have missed that post.)? If not, I'm not sure why Geohot's input is relevant.

It isn't. Just someone who doesn't want to let their 15 minutes end and is desperately attempting to remain relevant.

Lolol, it was so irrelevant I clicked on the post and commented, giving it more publicity.


OT: I, personally, wanted to hear Geohotz opinion.

I agree.

Carry on.

 

[Mr. Gency]

Every time I see a picture of Geohotz I want to kick a baby.

Every time I see a picture of Geohotz, I want to kick a dog

 

[McMullen]

Sony doesn't need to accept anything. It's their console, their rules.

Legal constructs such as who owns what do not apply to the real world of security, which is what GeoHot was addressing. In much the same way that a lion would have no more qualms about eating a king or queen than it would about eating a peasant, security vulnerabilities, the hackers who exploit them, and the tools they use to do so SIMPLY DO NOT GIVE A DAMN what Sony says it owns or does not own.

GeoHot was, however, using semi-figurative language that may confuse those who are not paying attention, so to clarify, he meant that Sony can't easily control the client when he said that Sony doesn't own the client, which is why assuming that focusing on security between the user and client at the expense of security between the client and server is a bad idea. Sony can accept this and act accordingly or pretend it's not the case, but whatever they do has no effect on how true it is.

Not a defense or condemnation of either party, really, I don't care one way or the other about either Sony or GeoHot. This was just a reaction to how aggressively you missed the point, and how unaware you seem to be of the divide between physical or numerical reality and legal status.

 

[pokepuke]

Even if that's true, its still their product. You own one, yes, but if you poking your dick in it gives you the chance to steal games and cause them to lose money that is rightfully theirs, then they have every right to glue up the points of entry.

The goal was to put back features Sony had removed. He didn't make a game loader, and neither did any of the hackers at the conference showing how hacked the PS3 had been so far. Others have been trying to do that, but why didn't Sony try to prevent such a scenario? You can keep trying to beat up those strawmen, though.

Also I like how you suggest that "stealing games" means Sony will "lose money that is rightfully theirs". Yep, that line totally makes sense when the reality might be a copied game and a person that simply won't decide to purchase an item.

 

[Mr. Gency]

If you flip you PS3 upside down and read the bottom it states that no one is allowed to mess with the software on the system unless they have permission. That fag needs to go and learn how to read. And I DON'T GIVE NO FUCK ABOUT MY GRAMMAR OR SPELLING SO FUCK OFF!!!!!!

But grammar is the difference between "Helping your uncle, Jack, off a horse." and "Helping your uncle jack off a horse."

 

[Tax_Document]

Ugh, Hackers... Ruining everything because they're indestructible.

Until they go outside.

 

[tahrey]

I'm not sure how I feel about this Hotz fella...

...but I'm totally on board with his sentiments in this regard.

Sony's viewing of the customer almost as some kind of wild animal - or at least a vicious enemy - has been fucking me right off for many years, much as I've bought and wanted to really like their products.

But I would have got far more use out of my minidisc if uploading things to my PC I'd recorded using the mic jack didn't require hacking the software etc; my PSX would have remained unmodded if it wasn't locked down to not play foreign titles, even ones not released in my area; so on and so forth.

They sort of bring it upon themselves really, and it sounds like what happened is largely as he said. How, in all the hell, do you end up having your customer payment details database both unencrypted and visible to the outside world like that? By assuming that the whole setup between your product and your payment processing system is "internal" and entirely secure as an entity because of the supertight control excercised over it, so you don't need to waste time and money implementing the kind of basic data security measures that other institutions put in place as a matter of course.

Hell, I bought a pocket hard disk for £100 to use for work documents that's probably harder to hack than their stuff.

So when some clever person INEVITABLY broke their protection, trying to work around some of those unneccessarily supertight restrictions, and someone else used that break-in to run off compromising all sorts of stuff, there was no second level protection.

Not particularly surprised. It was the same with the PSX modchips, and the minidisc cracks. Once you got past or disabled that one first, and ultimately ludicrously simple lockout, the whole thing was completely open to mess with. Their security model is massively flawed and belongs to some kind of race of cyborg aliens, because the biggest thing it seems to ignore is the human factor; much as they hate it in their customers, they seem to ignore the possibility that anyone working within their veil of secrecy could be subject to the same flaws. Or that anyone exhibiting them could get in. So, when that happens, all hell breaks loose.

Oh well. Empires rise. Then crash and burn. Who's going to step up to fill the gap they leave?

 

[McMullen]

I'm hoping he gets hit by a bus.

What? This guy has absolutely no reason to speak on this, and is only doing so because he knows Sony cant do anything about it. I seriously hope he gets hit by a bus and the 360 gets broken into too, just so that we can see the fallout from 360 users.

Where did 360 users enter the discussion? It's not like none of us also have PSN accounts, you know. Also, curious that you wish harm on GeoHot for commenting on it, especially since he's probably far more familiar with Sony's security practices than most of us, and wish harm on 360 users for... what? Not being affected?

Did you ever consider that maybe such thoughts are better aimed at the person/people who actually stole our info? Why the hate for people who had nothing to do with your problems, or who are giving commentary based on their experience?

You're breaking Wheaton's Law, and breaking it hard.

 

[Double A]

Sony doesn't need to accept anything. It's their console, their rules. If they put in the TOS that they still technically own it and you sign it then it's theirs, unfortunately. I'm all for fighting little crusades but leave the people you're trying to "help" out of it. (to whomever is behind this)

Also, this geohotz guy is a little *****. Yes, Sony totally intentionally gave away all of your person information. Who does he think he is?

I really don't see how it's theirs. When you buy a computer, is it your computer or the manufacturer's? Consoles are very similar in principle, as you are buying a piece of hardware to play games on. Pirating is what's bad, not homebrewing.

 

[Snow Fire]

I have to agree with Geohot's perspective on this. This appears to be entirely Sony's fault, they had this coming from the looks of it.

It would be like someone living in a gang area, saying "Fuck all gang members", then having their house burned down. It's still the gang's fault. And in Sony's case, they did nothing wrong. Hackers ARE shit. This whole fiasco is just another example.

That analogy does not work at all in this context, from the current information, this could have all been avoided if Sony would have used better security methods. Hackers or no hackers, this is Sony's fault, they were trusted with safeguarding private information, and they failed quite epically.

 

[Vibhor]

I have to agree with Geohot's perspective on this. This appears to be entirely Sony's fault, they had this coming from the looks of it.

It would be like someone living in a gang area, saying "Fuck all gang members", then having their house burned down. It's still the gang's fault. And in Sony's case, they did nothing wrong. Hackers ARE shit. This whole fiasco is just another example.

That analogy does not work at all in this context, from the current information, this could have all been avoided if Sony would have used better security methods. Hackers or no hackers, this is Sony's fault, they were trusted with safeguarding private information, and they failed quite epically.

Its sony's fault that the hackers were skilled?
That is the most stupid thing I have heard since the news that it was the fault of the victim that she got raped.