Bunnie, the original hacker of the first Xbox, was brought on as council by Microsoft to help improve security for the Xbox 360. You can see the results if you ever get deep into the security models of the two.
I'm not so sure I'd want to take a job having just made my new chain of command look like incompetent idiots, they'd probably find a way to repay the favor. They'd just make him to sign a bunch of long-term NDAs and fire him 6 months later. If this guy had much experience in the workplace he'd know that development like this usually happens when an organization has systematically driven out the detail-oriented security-minded people. They tend to be on the low end of the "net reduction in buglist items per salary dollar" scale.
On the other hand, there are any number of independent security assessment/pen testing firms that would love to have this guy's skills. He might even end up working on consoles. That's probably the way he should approach it.
Didn't this happen with their last round of consoles, and didn't they hire the people that did this last time around? I recall something about this from that case with the guy who was chipping in CA a few weeks ago.
As I understand it, all that was required was for them to use the same random number /twice/. Let's say you're Sony and you sign a patch, release it, realise there is a minor fix, and release within 2hours... maybe in your rush you failed to regenerate the random seed?
Or, my initial thoughts, someone inside Sony did this maliciously?
Homebrew first and foremost, and reclaiming back the ability to run Linux on the consoles (and run it on the PS3 Slim as well). It's possible to pirate games with this knowledge, but from my understanding a lot of the Blu-ray security has not been broken at this point in time so these keys are by no means all you need to get up and start ripping those discs.
[+] [-] ronnier|15 years ago|reply
I would take the mans word and hire him. I'd even through Apple into his list, he did after all release jailbreaks for the iPhone too.
[+] [-] sliverstorm|15 years ago|reply
[+] [-] marshray|15 years ago|reply
On the other hand, there are any number of independent security assessment/pen testing firms that would love to have this guy's skills. He might even end up working on consoles. That's probably the way he should approach it.
[+] [-] boredguy8|15 years ago|reply
Though talk about a comeback... This is a much better online "hire me" than the ones that were popular on HN several months ago.
[+] [-] geoffw8|15 years ago|reply
[+] [-] Omega191|15 years ago|reply
[+] [-] burgerbrain|15 years ago|reply
[+] [-] ronnier|15 years ago|reply
[+] [-] fuxx0r|15 years ago|reply
[deleted]
[+] [-] sybreon|15 years ago|reply
[+] [-] Swannie|15 years ago|reply
As I understand it, all that was required was for them to use the same random number /twice/. Let's say you're Sony and you sign a patch, release it, realise there is a minor fix, and release within 2hours... maybe in your rush you failed to regenerate the random seed?
Or, my initial thoughts, someone inside Sony did this maliciously?
[+] [-] JonnieCache|15 years ago|reply
(Bonus points if you get the reference: https://secure.wikimedia.org/wikipedia/en/wiki/Feynman_point)
[+] [-] nkassis|15 years ago|reply
[+] [-] cantbecool|15 years ago|reply
[+] [-] st3fan|15 years ago|reply
[+] [-] jtdowney|15 years ago|reply
Part 2 - http://www.youtube.com/watch?v=ovy2kPFOu0E
Part 3 - http://www.youtube.com/watch?v=Y23LUiBRcOg
That talk was at the 2010 Chaos Communication Congress which just concluded a few days ago.
[+] [-] tompagenet2|15 years ago|reply
http://www.eurogamer.net/articles/digitalfoundry-ps3-securit...
[+] [-] jpablo|15 years ago|reply
[+] [-] iloveponies|15 years ago|reply
[+] [-] YetAnotherDvlpr|15 years ago|reply