GeoHot Sounds Off on Sony's PSN Debacle

Recommended Videos

Outcast107

New member
Mar 20, 2009
1,965
0
0
harvz said:
im noticing that all the sony fanboys (and they are fanboys here, i dont think im going over the top) are constantly defending sony.

lets see, the 360 was hacked and piracy ensued, no problems here aside from the priates getting a free ride but their mostly banned for live anyway so honest people get a better gaming experience.

the ps3 was hacked, piracy ensued just like the 360 and thats where the similarity ends. sony sues hacker for hacking something he payed money for (I dont care what the agreement says, you should own anything you buy, he could have rented the console but he bought it), other hackers get angry including ones that are much more vicious, other hackers attack PSN, other hackers steal information (encrypted or not, its only a matter of time), sonys flawed system gets its ass kicked and sony is it the deep end because of this.

and after all this, the PSN being down, the card information possibly being taken, the fact that you cant modify what you, the consumer, payed a large sum of money for and will continue to do so, you defend sony with "its in their agreement".

all i know is im going to start developing a console with horrible 3rd party support, stiff people in the ToS and maybe ill have people praise me for it too...
You know if this happen to anyone else everyone would be up in arms. But not sony. They can do no wrong. (LOL yeah right.)
 

odd function

New member
Jul 11, 2010
26
0
0
RollForInitiative said:
Labcoat Samurai said:
You're not wrong exactly. But security wouldn't be necessary *at all* if there wasn't some fuckwit willing to steal your personal data. How would you feel about a bank that didn't lock its vault and left a window open every night? If they were robbed and the contents of your safety deposit box were taken, would you reserve all of your ire for the thieves, or would there be a bit left over for the bank you trusted to keep your possessions safe?
You are absolutely correct and I wouldn't argue otherwise. If I knew that my bank had done that, I would be furious. The difference between that theoretical situation and the situation with Sony is that I don't know the specifics of how the data was compromised. If they told me it was because they left an incredibly simple, unlocked door for someone to wander through and steal my info, I'd be out for blood.

Let's change the situation a hair, shall we? Let's say my money is stolen from the bank because an extremely clever individual circumnavigated all of their security systems, broke into the vault with some sophisticated machinery, and made off with my money. Precision, timing, the works. It's a lot harder for me to be furious with the bank at that point because they tried to protect my money. They really did. Somebody else just...found a way through all of their efforts. They say "there's always someone better." Sadly, that person is out to get you sometimes.

I can't help but feel that this is a more likely analogy for what happened with Sony which is why I find it difficult to lay all of the blame at their feet. I'm more inclined to be angry with the thief, accordingly.

I think people are blaming Sony as pointedly as their because Sony has a name and face to point the finger at. Do you suppose the sentiment would change if they suddenly put forward the name of the culprit for all of us to see?

Well, here's hoping we get to see the answer to that one firsthand. =)
Unfortunately we know for certain that your alternate scenario is represented here. Your personal data (possibly including your password) was stored as plain text. Your password was stored in their database (instead of a hash, salted or not). These two pieces of info by themselves mean that Sony failed Security 101.
 

Twilight_guy

Sight, Sound, and Mind
Nov 24, 2008
7,131
0
0
GeoHot calling someone arrogant... "kettle you are so black, its not even funny".

Actually I don't think its fair to say the problem is the executives. I don't think any executive is going to willing let there system fall apart for any reason and I know that no matter how high you build your wall some douche will find a way to hack it and will do so just to be a dick. No matter how diligent you may be, no security is perfect.
 

The Sane

New member
Apr 2, 2010
76
0
0
Anyone can post their thoughts and feelings on an issue, the fact the Hotz has recently been in 'close contact' with Sony means he will naturally have a stronger opinion on the matter and that people looking for news stories will naturally look at him. You can hate him for his opinions, but getting pissy at him for being an attention seeker is stupid, blame the people who reposts it as news not him.
 

Arachon

New member
Jun 23, 2008
1,519
0
0
TheRealCJ said:
Granted, but serious or not, hackers are all the same, in it for the challenge. Sony attracted all-comers like a red flag to a bull
Just... No... There are serious criminal organisations out there that only employ hackers as a way to rip people off, in the form of phising attacks, identity theft, fraud etc. You should not equate these people with your average "hobby hacker", who subscribes to the hacker mindset of doing it for the challenge.
 

Ultimatecalibur

New member
Sep 26, 2010
21
0
0
odd function said:
Unfortunately we know for certain that your alternate scenario is represented here. Your personal data (possibly including your password) was stored as plain text. Your password was stored in their database (instead of a hash, salted or not). These two pieces of info by themselves mean that Sony failed Security 101.
I know people are saying that this stuff was saved as plain text, but where is this "fact" coming from? Sony, a reliable second party (i.e. a major news organization), a gaming news site, or was it rumor from a thread on 4chan?
 

Ultimatecalibur

New member
Sep 26, 2010
21
0
0
Arachon said:
TheRealCJ said:
Granted, but serious or not, hackers are all the same, in it for the challenge. Sony attracted all-comers like a red flag to a bull
Just... No... There are serious criminal organisations out there that only employ hackers as a way to rip people off, in the form of phising attacks, identity theft, fraud etc. You should not equate these people with your average "hobby hacker", who subscribes to the hacker mindset of doing it for the challenge.
Everyone makes a big deal about "White Hat" and "Black Hat" hackers, but don't realize that you should divide hackers into more diverse groups.
 

googleback

New member
Apr 15, 2009
515
0
0
That's probably the first time that i've agreed with that little tosser.
Sony was wrong to act so arrogantly but they definitely didn't deserve this. and neither did the people who's info was stolen. but an example has been made because sony failed to do anything about it. I get the feeling that wont happen again, especially if theres any truth to this "will cost them 24 billion" story.
 

Traun

New member
Jan 31, 2009
657
0
0
Ultimatecalibur said:
Arachon said:
TheRealCJ said:
Granted, but serious or not, hackers are all the same, in it for the challenge. Sony attracted all-comers like a red flag to a bull
Just... No... There are serious criminal organisations out there that only employ hackers as a way to rip people off, in the form of phising attacks, identity theft, fraud etc. You should not equate these people with your average "hobby hacker", who subscribes to the hacker mindset of doing it for the challenge.
Everyone makes a big deal about "White Hat" and "Black Hat" hackers, but don't realize that you should divide hackers into more diverse groups.
Not for the layman. White hat = good hacker, black hat = bad hacker. Those doing it for the challenge aren't affecting no-one's life, so no one cares. Anyway, god bless white hats.
 

TheRealCJ

New member
Mar 28, 2009
1,830
0
0
William Thompson said:
If you flip you PS3 upside down and read the bottom it states that no one is allowed to mess with the software on the system unless they have permission. That fag needs to go and learn how to read. And I DON'T GIVE NO FUCK ABOUT MY GRAMMAR OR SPELLING SO FUCK OFF!!!!!!
Chill out there big fella.

You seem to be determined to defend your beloved faceless corporation at all costs.
 

Hogbinladen

New member
Mar 25, 2010
48
0
0
odd function said:
Unfortunately we know for certain that your alternate scenario is represented here. Your personal data (possibly including your password) was stored as plain text. Your password was stored in their database (instead of a hash, salted or not). These two pieces of info by themselves mean that Sony failed Security 101.
For certain eh? I heard it was a rumour, but that was a while ago and I haven't searched for it yet. If you have a source I'd love to read it.
 

Woodsey

New member
Aug 9, 2009
14,548
0
0
pokepuke said:
Woodsey said:
Even if that's true, its still their product. You own one, yes, but if you poking your dick in it gives you the chance to steal games and cause them to lose money that is rightfully theirs, then they have every right to glue up the points of entry.
The goal was to put back features Sony had removed. He didn't make a game loader, and neither did any of the hackers at the conference showing how hacked the PS3 had been so far. Others have been trying to do that, but why didn't Sony try to prevent such a scenario? You can keep trying to beat up those strawmen, though.

Also I like how you suggest that "stealing games" means Sony will "lose money that is rightfully theirs". Yep, that line totally makes sense when the reality might be a copied game and a person that simply won't decide to purchase an item.
Yes, because as we all know, if pirates couldn't pirate, they would simply never play games.
 

Dastardly

Imaginary Friend
Apr 19, 2010
2,420
0
0
John Funk said:
GeoHot Sounds Off on Sony's PSN Debacle
That's right, folks. GeoHot is now championing strict DRM.

"Never trust the client," he says. Meaning a company should never trust that its console is secure. That means all of the security has to be handled on the company's end, which means removing trust (and thus freedom) from users.

Now, of course, GeoHot only thinks he's talking about securing personal data, not understanding the full ramifications of the idea he's pushing. Seems part for the course for the adorably-ignorant li'l nipper.
 

Treblaine

New member
Jul 25, 2008
8,682
0
0
EmmerikXXII said:
I can't remember the last time Sony did something benevolent for it's customers, yet all I see is praise and defensiveness on their behalf. What gives?
They never charged for multiplayer to spite every analyst in the business screaming at them that they should like XBL does.

But that's more benign than benevolent.

Unfortunately publicly owned companies like Sony (and Microsoft) do not have benevolence as an option as greedy gaggles of shareholders flip their shit whenever they see companies "giving stuff away for free", say shit like "I'm not investing in a charity" and can wipe MILLIONS of actual money off Sony by selling stocks drastically.

Thankfully privately owned companies like Valve can do what they damn well like and can have amazing sales like ALL WEEK 80% off ARMA II! And as a result the company is more valuable per-employee than Apple Computers.

In conclusion: fuck public company ownership. It just leads to tragedy of the commons as instead of the company actually being run by the smart people who built it up, it's effectively ruled by the will of risk-averse and money-motivated speculators.

 

beema

New member
Aug 19, 2009
944
0
0
He could have stated it in a more intelligent, less-juvenile manner, but I mostly agree with what he said.

This part
Notice it's only PSN that gave away all your personal data, not Xbox Live when the 360 was hacked, not iTunes when the iPhone was jailbroken, and not GMail when Android was rooted.
is an excellent point, especially.


I still want to punch him in the face every time I see that stupid picture of him though.

So am I understanding this right:
Sony had no security for PSN beyond the security that is on a Playstation unit?
If that's true it's completely appalling and Sony deserves to go out of business for it.
But that can't be right... can it?
 

odd function

New member
Jul 11, 2010
26
0
0
Ultimatecalibur said:
odd function said:
Unfortunately we know for certain that your alternate scenario is represented here. Your personal data (possibly including your password) was stored as plain text. Your password was stored in their database (instead of a hash, salted or not). These two pieces of info by themselves mean that Sony failed Security 101.
I know people are saying that this stuff was saved as plain text, but where is this "fact" coming from? Sony, a reliable second party (i.e. a major news organization), a gaming news site, or was it rumor from a thread on 4chan?
This is coming from Sony themselves.
http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/

Q: Was my personal data encrypted?
A: All of the data was protected, and access was restricted both physically and through the perimeter and security of the network. The entire credit card table was encrypted and we have no evidence that credit card data was taken. The personal data table, which is a separate data set, was not encrypted, but was, of course, behind a very sophisticated security system that was breached in a malicious attack.
 

Treblaine

New member
Jul 25, 2008
8,682
0
0
Dastardly said:
John Funk said:
GeoHot Sounds Off on Sony's PSN Debacle
That's right, folks. GeoHot is now championing strict DRM.

"Never trust the client," he says. Meaning a company should never trust that its console is secure. That means all of the security has to be handled on the company's end, which means removing trust (and thus freedom) from users.

Now, of course, GeoHot only thinks he's talking about securing personal data, not understanding the full ramifications of the idea he's pushing. Seems part for the course for the adorably-ignorant li'l nipper.
That is NOT what he meant!

DRM is Client side control! That is Client-to-customer security, what he explicitly OPPOSES!

You are misunderstanding and misquoting with "never trust the client" as he said that because client side would be CONTROLLED BY THE CUSTOMER! Either :
-the companies make the client DRM free (a desktop PC), or
-the customer will MAKE it free of DRM (PS3/iPhone jailbreak).

Geo-hotz is saying quite reasonably that if you have bought and own a device like a games console then you can do anything you like with it and more than that Sony should assume that they will.

It is NOT DRM (as we know it) for a company to control access WITHIN their network, DRM is hated because it reduces the hogties the capability of the hardware we physically own. Geo-hotz is lambasting Sony for trying to protect their network WITH DRM on the client-side!

Networks NEED to be protected because the customer cannot be trusted, any troll can buy a client, and Geo-hotz is not in any way saying DRM is a way to nullify that distrust. The networks are actually best protected on the server side because:
-active security: anyone who tries to crack the network will have live technicians to counter it, jail-breaking a PS3 is easy as you can work away at it in secret for days. PSN was so compromised because once PS3 were cracked the PSN had so little internal security the only defence was switching it off!
-Centralised: trying to crack a proper server-side-security network is so hard as there is only one point to attack, it won't go unnoticed. All the millions of PS3 consoles out there, impossible to plug all those holes
-controlled: a server side network security can be far more organised because the company ACTUALLY OWNS the security mechanism, they can have servers in effective hunting and gate-keeping roles. Every PS3's built in security has to stand alone and play by a dumb rule-book
-Live: a server-side-secure network can have security code updates every day, every hour, every second even! A PS3 has ONE code and unless the customer actively keeps the PS3 plugged to the network it can section it off and beat the code out of it.

Please. You know nothing about what DRm actually is.