GeoHot Sounds Off on Sony's PSN Debacle

Wise verboten of a fierce legal battle with Sony, noted hacker George "GeoHot" Hotz has some words to say on the hardware monster's PS3 woes.

Though it may seem longer, it hasn't even been a month since George Hotz and Sony settled out of court in the PS3 jailbreak case. Given his inferior-than-pleasurable history with the PS3 maker, Hotz had some thoughts on the PSN outage and rear of tube, and posted them on his blog.

At the outset, Hotz emphatically denied any involvement with the PSN hack. "I'm not crazy, and would opt to not have the FBI knocking on my door," he said, adding that helium saw a clear distinction between hacking a device you closely-held and paid for and hacking someone else's database to steal the personal information of millions. "And, as a past dupe of identity stealing, I feeling for everyone World Health Organization's data has been purloined."

Nor does helium mistake the Sony engineers who fashioned the PS3 infrastructure, "the Same way I bash non error the engineers who designed the BMG rootkit." Quite, said Hotz, the blame should be directed at the upper side, at Sony's executives who decided that the hacker community was their enemy, and who "laughed at the melodic theme of people incisive the fortress that once was Sony, whined continuously about buccaneering, and kept hiring more lawyers when they really needed to hire good security measures experts."

The meat of Hotz' send, however, is a giant give-and-take of how helium feels Sony's lordliness and belief that IT owns PS3s it sells to consumers is at the core of this attack. It is quoted fully below:

Now until more information is revealed on the technicals, I can only speculate, just I look Sony's lordliness and misapprehension of possession put them in this position. Sony execs in all likelihood haughtily chuckled at the mind of threat modeling. Traditionally the trust boundary for a web service exists between the host and the client. But Sony believes they ain the client also, so if they just put on a trust boundary between the consumer and the guest(tail't trust those disagreeable consumers), everything is near. Since everyone knows the PS3 is unhackable, why run off money adding unpointed security between the node and the server?

This arrogance undermines a basic security rationale, never trust the client. IT's the same reason MW2 was covered in cheaters, EA [set – should be Activision?] eventide admitted to the slip up of trusting Sony's client. Sony needs to accept that they no more have and control the PS3 when they sell it to you. Acknowledge it's only PSN that gave away all your personal data, non Xbox Live when the 360 was hacked, not iTunes when the iPhone was jailbroken, and not GMail when Mechanical man was rooted. Because other companies aren't crazy.

Hotz finished his post with a message to whoever it was that cracked into Sony's system. While he unquestionable that the perpetrator was "clearly talented" and would either get "plenty of money (or a jail sentence and bankruptcy)" coming his or her way in the future, the hacker had forgotten Wheaton's Law: "Preceptor't glucinium a hawkshaw" by marketing personal information.

That aforesaid, Hotz admitted that He would love to realize a write-up of how the hacker breached the system. "[Lord] knows we'll ne'er become that from Sony, noobs probably had the password put back to '4' or something."

(GeoHotgotsued)

https://www.escapistmagazine.com/geohot-sounds-off-on-sonys-psn-debacle/

Source: https://www.escapistmagazine.com/geohot-sounds-off-on-sonys-psn-debacle/

Share this post