Hacker News new | comments | show | ask | jobs | submit login
Sony’s Precarious PlayStation 3 (extendedsubset.com)
49 points by ericflo 2013 days ago | hide | past | web | 20 comments | favorite

I wonder if Sony every anticipated that the PSN would be THIS big a honeypot?

My PS3 is going in a DMZ, right now.

? I'm curious, because I'm not following you. At least in simple home-networking terminology, wouldn't that be nearly equivalent to putting your device outside your firewall? You put a device that doesn't play well with your NAT into a DMZ, losing the passive security of the NAT in exchange for getting the device to work.

In "simple home-networking terminology," you're correct. Most consumer-grade routers misuse the "DMZ" term and aren't capable of creating a "real" DMZ, but if I had to guess, the author isn't using a typical consumer-grade router or network.

For anyone curious about what a "real" DMZ is:

A DMZ doesn't always mean "wide open". It means that you create a separate network with a hard break between the DMZ network and your "trusted" network. You can, and should, firewall your DMZ network at the internet facing side as well. The stack looks something like this:



Wikipedia actually has some good information that is understandable to anyone who can interpret basic networking diagrams.


Thst's right. It's still firewalled from the Internet, but now also firewalled from the rest of my LAN.

Interesting speculation, but this likely isn't what happened.

As others have pointed out, for a MiTM/ddos attack, the ps3 isn't a better target than anything else out there. In fact, given the amount of ps3s, it makes more sense to go after windows update and get what is likely an order of magnitude more infected windows machines.

Even if I had a ps3 (which I don't, while I wanted one about 6 months ago, the geohot incident has dissuaded me from touching new sony equipment), I wouldn't be worried.

One very important difference between PS3 and WU is that, in the PS3 case, the signing keys for firmware updates are actually known, as I understand it.

oh. right. that would make all the difference, wouldn't it?

Well, it certainly solves half of the problem!

I don't understand the whole botnet fluff. Hackers would first have to create a custom signed image that runs a MiTM attack. Next, they would need to magically break into the Sony update servers and pull a switcheroo without anyone noticing. Wouldn't it be easier to "simply" break into the Microsoft/Google/Apple/etc. update servers and slip in a fake update?

Arguably, there's utility in the fact that the ps3s are all the same hardware, and need only one patch.

Of course, the Xbox is also, but the point made in the article was that the PS3 botnet would be quite a lot stronger than a 360 botnet.

Hacking microsoft/google/apple/etc would lead to having to use software on a botnet comprised of a wide range of hardware...

So on what applications does that tradeoff of utility against the difficulty of hacking Sony make sense?

Maybe a PS3 botnet would be more powerful, but does it matter? The article itself pointed out two problems (MiTM and DDOS) which would be equally efficient on PS3 or 360. Forget Xbox 360 altogether, if we can break into an update server wouldn't Windows Update be the better target? 350M Windows 7 licenses alone, talk about a botnet. Having different hardware doesn't make a difference.

Edit: I realize none of this this easy, I'm just trying to play devils advocate regarding the glossed over "If they then compromised the PSN update servers...".

Try a reply to both watty and retric, which is, if someone wanted a botnet, the case is that they went after Sony, which indicates that Sony had a vulnerability. Of course, everyone has vulnerabilities, but the coincidence is likely that this is one that both existed, and the hackers knew about. Sorry that my best answer to the inherent question is 'coincidence'.

That's supposing that someone wanted a botnet..and we're all supposing they had a great deal of planning. I'd expect such an event to hinge on a great deal of chance..

The PS3 may be slightly more powerful than the Xbox 360, but what is important is the number of them connected to the internet which seems to be much higher in the Xbox camp.

In my mind, there are a couple of distinguishing factors that would make the PSN target a good choice above others. Although I'm not convinced the purpose of the attack is to execute MiTM, DDoS, or spamnet attacks.

* The recent publication of the PS3 private key and shitstorm surrounding Geoh0t debate gives good cover.

* Sony appears to be a weaker than average target, or is at least receiving a lot of attention from the cracking community, resulting in a lot of usable information for orchestrating an attack.

* The PS3 is known for its ability to act as a distributed computing power house, making it attractive to anyone whose purposes require a large amount of processing power.

Given the recent increase in sophistication of malware and the attacks against Comodo, I'm not sure it's wise to write off this attack as such a simplistic plot as a MiTM attack or simple spam network. In a crypto cracking role, the PS3 is a very powerful tool. This could be a single step toward a greater goal involving the breakage of another target.

Very interesting read. I'm really looking forward to this whole thing being resolved and it actually being revealed who did what and what their intentions were. The prospect of a significant proportion of Playstations being bricked from a malicious firmware update is kinda scary / impressive.

TL;DR. PSN is down because Sony is afraid that now that their update servers are running backdoors or trojans.

This is very misleading. The article speculates, primarily for the authors amusement, that this may be the case:

"Surely everyone has heard the basics by now, and I don’t have any new information to add, but my hobby is putting 2 and 2 together and imagining worst-case scenarios."

Interesting speculation.

yeah I realise it's all speculation and it's most likely nothing more than someone poking around in places they shouldn't. Speculation is fun sometimes though, as long as we don't venture into the realm of scaremongering.

I am still incorporating it into my Cory Doctorow fan fiction, "Little Sister".

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact