? I'm curious, because I'm not following you. At least in simple home-networking terminology, wouldn't that be nearly equivalent to putting your device outside your firewall? You put a device that doesn't play well with your NAT into a DMZ, losing the passive security of the NAT in exchange for getting the device to work.
Interesting speculation, but this likely isn't what happened.
As others have pointed out, for a MiTM/ddos attack, the ps3 isn't a better target than anything else out there. In fact, given the amount of ps3s, it makes more sense to go after windows update and get what is likely an order of magnitude more infected windows machines.
Even if I had a ps3 (which I don't, while I wanted one about 6 months ago, the geohot incident has dissuaded me from touching new sony equipment), I wouldn't be worried.
One very important difference between PS3 and WU is that, in the PS3 case, the signing keys for firmware updates are actually known, as I understand it.
I don't understand the whole botnet fluff. Hackers would first have to create a custom signed image that runs a MiTM attack. Next, they would need to magically break into the Sony update servers and pull a switcheroo without anyone noticing. Wouldn't it be easier to "simply" break into the Microsoft/Google/Apple/etc. update servers and slip in a fake update?
In my mind, there are a couple of distinguishing factors that would make the PSN target a good choice above others. Although I'm not convinced the purpose of the attack is to execute MiTM, DDoS, or spamnet attacks.
* The recent publication of the PS3 private key and shitstorm surrounding Geoh0t debate gives good cover.
* Sony appears to be a weaker than average target, or is at least receiving a lot of attention from the cracking community, resulting in a lot of usable information for orchestrating an attack.
* The PS3 is known for its ability to act as a distributed computing power house, making it attractive to anyone whose purposes require a large amount of processing power.
Given the recent increase in sophistication of malware and the attacks against Comodo, I'm not sure it's wise to write off this attack as such a simplistic plot as a MiTM attack or simple spam network. In a crypto cracking role, the PS3 is a very powerful tool. This could be a single step toward a greater goal involving the breakage of another target.
Very interesting read. I'm really looking forward to this whole thing being resolved and it actually being revealed who did what and what their intentions were. The prospect of a significant proportion of Playstations being bricked from a malicious firmware update is kinda scary / impressive.
This is very misleading. The article speculates, primarily for the authors amusement, that this may be the case:
"Surely everyone has heard the basics by now, and I don’t have any new information to add, but my hobby is putting 2 and 2 together and imagining worst-case scenarios."
yeah I realise it's all speculation and it's most likely nothing more than someone poking around in places they shouldn't. Speculation is fun sometimes though, as long as we don't venture into the realm of scaremongering.
[+] [-] ra|15 years ago|reply
My PS3 is going in a DMZ, right now.
[+] [-] Splines|15 years ago|reply
[+] [-] younata|15 years ago|reply
As others have pointed out, for a MiTM/ddos attack, the ps3 isn't a better target than anything else out there. In fact, given the amount of ps3s, it makes more sense to go after windows update and get what is likely an order of magnitude more infected windows machines.
Even if I had a ps3 (which I don't, while I wanted one about 6 months ago, the geohot incident has dissuaded me from touching new sony equipment), I wouldn't be worried.
[+] [-] 0x0|15 years ago|reply
[+] [-] watty|15 years ago|reply
[+] [-] Unseelie|15 years ago|reply
Of course, the Xbox is also, but the point made in the article was that the PS3 botnet would be quite a lot stronger than a 360 botnet.
Hacking microsoft/google/apple/etc would lead to having to use software on a botnet comprised of a wide range of hardware...
So on what applications does that tradeoff of utility against the difficulty of hacking Sony make sense?
[+] [-] bradleyland|15 years ago|reply
* The recent publication of the PS3 private key and shitstorm surrounding Geoh0t debate gives good cover.
* Sony appears to be a weaker than average target, or is at least receiving a lot of attention from the cracking community, resulting in a lot of usable information for orchestrating an attack.
* The PS3 is known for its ability to act as a distributed computing power house, making it attractive to anyone whose purposes require a large amount of processing power.
Given the recent increase in sophistication of malware and the attacks against Comodo, I'm not sure it's wise to write off this attack as such a simplistic plot as a MiTM attack or simple spam network. In a crypto cracking role, the PS3 is a very powerful tool. This could be a single step toward a greater goal involving the breakage of another target.
[+] [-] joeconway|15 years ago|reply
[+] [-] palewery|15 years ago|reply
[+] [-] JonnieCache|15 years ago|reply
"Surely everyone has heard the basics by now, and I don’t have any new information to add, but my hobby is putting 2 and 2 together and imagining worst-case scenarios."
[+] [-] chopsueyar|15 years ago|reply
[+] [-] joeconway|15 years ago|reply