Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I happen to disagree with the commenter, but it doesn't sound kooky to me. Aside from the fact that the connection between the root keys and the PSN hack is a bit tenuous, it seems like a reasonable point.


It's disingenuous because the problem isn't that the root keys were released, but that Sony was singlehandedly trusting the security of all their customer information to the assumption that the client would never be compromised. It's bad (and even negligent) design, and while, yes, the root keys being released might have been a component of the break-in, if the system had been designed with the proper security principles in mind, then it wouldn't have been an issue at all.

To use an analogy, Sony's system seems to have been designed like a a car that starts with a push button, no key required. It's assumed that you'll never be able to start it without being the owner because you would have to open the door first. George, being the owner of one of these vehicles, figured out how to get into it without using his keys (in case he ever locked himself out), then people took that information and used it to steal these cars, because once you can open the driver door, there are no additional security checks (like an ignition lock) to prevent the car from being stolen.


but that Sony was singlehandedly trusting the security of all their customer information to the assumption that the client would never be compromised. It's bad (and even negligent) design

I agree with Geohot that Sony's mindset of security extending to the console is broken. But let's put it in perspective: for CC#s and passwords this is little different than an https website and customer-side browser. Sure, if you hack your console, you can set up a MitM and observe your own personal details.

It's possible that this helped to enable their backend breach but we don't know that yet.

There are very few designs in common use that can survive the compromise of an endpoint.


But compromise of one endpoint should not cause (or even help) compromise of the other endpoint, in this case at least not in the client->server direction (it's pretty obvious that you can compromise all PS3's at once if you take over control of whole PSN and that can be called an feature).


but it doesn't sound kooky to me

The idea that expecting a product you buy to have the features it was described by the seller as having is a "sense of entitlement" seems pretty kooky to me. We can't have a functioning market like that.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: