I found this file on wikileaks some time ago and was recently wondering about the status of being able to return PS3's back to dual boot ability. I know Geohat is working on stuff which apparently works but it's still a bit complicated for my knowledge. Does anyone know what these keys do?


code posted by admin out of stupidity, then deleted by admin out of fear from all might Sony with their punk-ass spies and Harvard law lackeys. Suck it Sony

No idea what those are.

Defo hex.

Global keys used to open or close root on the OS thereby allowing for an alternative OS to be installed. The keys are useless without a few other tools, but there will probably soon be a package out there to do this since the keys are out there.

geohot isnt workin on anything anymore PS3 wise.. period.. he got a gag order..

those keys r for signin programs... but r no longer valid with the updates..

http://forums.qj.net/ps3-hacks-exploits-homebrew/176097-otheros-project.html

looky there if your PS3 is JB'd


btw.. i would be very careful about postin that into around... sony is snooping..

geohot isnt workin on anything anymore PS3 wise.. period.. he got a gag order..

doesn't mean he's not still tinkering...just means he can't share it :whistler:

I heard today in one of Leo Laporte's podcast that Sony is investigating GEOhot for the breach in the PSN. He also mentioned that they are considering seeking legal action on anyone running a PS3 that is running a different OS. He also aluded to them forseeing the breach in the network and that was partially the reason they pulled the other OS option. They were trying to prevent the trouble they are having now. He said that an "inside source" said that the PSN will not be back up until late 2011 and maybe even early 2012.

Is it true that you can not even play new games now because they have to be "validated" before first run?

Note to Sony:

GIVE US ACCESS TO LINK OUR PS3 TO OUR STEAM ACCOUNTS! For those who bought PS3 Portal 2 (or, in my case, a friend who bought it), it's a real pain!


If you get it up enough for Steam transfers, I'll be happy. Just shut down the servers containing the private info.

Ah yeah, I said Geohot but I was thinking of gitbrew.org Evidently they have devised a working dual boot setup which allows for an actual linux OS to run vs the original design that gave you a sort of "boxed" alternative OS within the Sony gaming OS. It seems to be in pretty early stages though and the setup instructions might as well be written in Sanskrit. I'll have to wait a while for the McDonald's Drive-thru version to come out later.

btw.. i would be very careful about postin that into around... sony is snooping..

Oh snap, good point! These are proprietary corporate secrets aren't they? Yikes!

I will edit the first post, thanks

doesn't mean he's not still tinkering...just means he can't share it :whistler:

geohot is the kinda guy who wont touch it if he cant share it with the community... ive spoken to him personally on irc..

hes got a gag order stating he cant do anything with ANY sony product...
and hes also the guy who basically founded the sony boycott...
somehow i dont think he will be touching it again... period lol

http://www.geohot.com/
http://geohotgotsued.blogspot.com/

^for future info^

code posted by admin out of stupidity, then deleted by admin out of fear from all might Sony with their punk-ass spies and Harvard law lackeys. Suck it Sony


Nice. :up: This garbage is why I'll live with a PS2 and PC games from here out. As much as I'd love to be able to play GT5 ain't happening. At this point in time most of the other newer games I want are available on the 360 or PC. So if I have to have 2 systems why sony?

Nice. :up: This garbage is why I'll live with a PS2 and PC games from here out. As much as I'd love to be able to play GT5 ain't happening. At this point in time most of the other newer games I want are available on the 360 or PC. So if I have to have 2 systems why sony?


GT5 isnt even remotely worth it... forza is a better game hands down.. GT5 has more cars... but forza feels a million times better


i will stick with my jtagged 360... im just hopin someone will find a newer jtag method... problem is.. IMHO.. xbox hackers have become complacent... there is always a way to run unsigned code... we just need to find a new one...

He said that an "inside source" said that the PSN will not be back up until late 2011 and maybe even early 2012.


Haha...I hope everyone that caused this is happy with themselves. I'll bet several million PS3 owners would gladly kill geohot and his peers on the street for stirring the ****. The PS3 was fine the way it was...if you want to run linux, buy a f***ing PC. I honestly think that Sony, the pricks that they are, have the moral high-ground here...they were only trying to defend themselves from exactly this.:facepalm:

PC Gaming FTW!

PC Gaming FTW!

:stupid:

I knew it was a good decision to NOT buy a POS PS3 to begin with :whistler:

If Sony is pursuing people running Linux based on EULA, it'll get tossed out given the general political climate surrounding them.

If a person buys a piece of hardware, they own it. This is a legal precedent. If I choose not to subscribe to PSN but rather play offline or even use Linux on the machine, I am no longer bound by the EULA even.

Also, remember they pissed the US military off by crashing their PS3 supercomputers-there's a LOT of people interested in this in positions of power, and i think that they're going to exert some pressure.

Yes but since the PS3 uses a network connection to authorize new games there is a clause somewhere making it illegal to modify the firmware.

I agree that if you buy it you own it and have every right to modify it in any way you please. Sadly our government does not agree. Look at all the people who get dropped from the ATT and Verizon networks when they get caught jail breaking their iPhones. The same thing with Android root users. If Verizon catches you they cancel your service. I was told by a sprint repair tech that the same thing applies with them, root your android and get caught and they will cancel your service and charge you the early termination fee. Remember back when M$ was banning everyone who had a modded original PS from Xbox live? People who paid hundreds for their gold and platinum subs tried to get their money back but most were left with nothing.

Yes, but the cases were predicated on the terms of the EULA, which many judges are now calling non-binding for being intentionally abstruse and arbitrary. Without a clear delineation of your rights and expectations (as well as the concept that even though you own it, you don't "own" it) there is no legally defensible way to make many of these claims.

Also, notice I said do it off their network. I don't want to use a PS3 for piracy, I'd like to use it for a personal WCG monster to help cure many diseases (like F@H, but with more diseases than just cancer) but that really needs the linux client to shine. When buying one, rooting it, installing Linux and running BOINC on it will beat a pair or more of OCed i7s, then why should I NOT want to do so? I want your hardware, not your software. I don't want your network services. My PSP never gets firmware updates or gets DLC for games. I want your hardware, and I'll determine with software what I want it to do. And if Sony wants to act like that, I'll give someone else my dollar for their hardware, simple as that.

I'll give someone else my dollar for their hardware, simple as that.

This is exactly what you should do if you don't want what the product provides. Look how many people got screwed over a handful of people trying to get more for their money. There is already hardware that does exactly what they want, buy that instead. It's called a PC.

By the way, purchasing a product is the same as voting for that product. If you want Sony to stop their current practices, stop buying their game system! That's win-win for everyone.

mdust i would hope u read the links i put up.. especially the geohots blog...
this isnt geohots fault.. he opened up the system to homebrew...
what he exposed that made this hack possible.. is sony's negligence...
they never secured your data.. sony believed that thro obscurity they were unhackable..
no-one actually ever took the time to do so until geohot.. he is a pioneer of our generation..

the only entity you have to blame for all this nonsense is the mega corporation sony..
they hire more lawyers than they do security techs... there was no intent to rly work on the security of the PS3... just to drop a lawsuit the size of china on the first guy who touched it the wrong way.. why do you think their spokesperson left? ppl r jumping ship because they know how stupid its getting


like geohot clearly states in his blog... this is a chain of trust issue... there shoulda been a form of security between the ps3 and PSN.. there wasnt..

live wasnt robbed with a jtag.. and itunes wasnt robbed by a jailbreak.. nor google by rooted android devices... this is purely sonys negligence...

mdust i would hope u read the links i put up.. especially the geohots blog...
Yep, I've read them all.


this isnt geohots fault.. he opened up the system to homebrew...

Him claiming not to be at fault is ridiculous. He knew damn well what was going to happen. Please don't buy into his obvious BS.


what he exposed that made this hack possible.. is sony's negligence...

key words being 'what he exposed'


they never secured your data.. sony believed that thro obscurity they were unhackable..

Nothing is unhackable, there are only differing degrees of difficulty. The data was secure until Geohot and his pals cracked the security keys.


no-one actually ever took the time to do so until geohot.. he is a pioneer of our generation..

ahahahahahahahahahahahahahahaha! /gasp hahahahahahahhaahahahahahaha! ahhhhhh...oh are you serious?
wtf?


the only entity you have to blame for all this nonsense is the mega corporation sony..
Yeah! Down with corporations! They're all evil and do bad things! Also, everything has been just dandy since the Playstation 1...who was it that entered the scene when all this nonsense started?


they hire more lawyers than they do security techs... there was no intent to rly work on the security of the PS3... just to drop a lawsuit the size of china on the first guy who touched it the wrong way.. why do you think their spokesperson left? ppl r jumping ship because they know how stupid its getting

I'm sure you aren't exaggerating at all here. I'm also sure you have sources confirming all of this.


like geohot clearly states in his blog... this is a chain of trust issue... there shoulda been a form of security between the ps3 and PSN.. there wasnt..

Clearly, this source is a conflict of interest. Of course he's going to say there should have been more locked doors after he opened all the locked doors. If there had been then he wouldn't be responsible. He wanted the credit for hacking the PS3 until it went wrong and now he's passing the blame...


live wasnt robbed with a jtag.. and itunes wasnt robbed by a jailbreak.. nor google by rooted android devices... this is purely sonys negligence...
...and you fell for it. Sony definitely should have provided an infinite number of locked doors.:rolleyes:

I apologize for being as rude and sarcastic as I was, but sometimes I have to do it. It's nothing personal.

Regarding Sony and the PS3 discussion; I agree that the EULA can seem very obscene in their levels of control and you can thank Bill Gates for popularizing the concept of separating hardware from the 1's and 0's it produces. He did break some new ground in business practice and made himself a legend to geeks and tycoons alike. Good for him, any one of us would probably done the same if we realized the potential riches, I mean seriously, have you seen that house??

But as much as EULA's piss me off at times, I must remember that these "mega corporations" became so big and resourceful because we loved the product they built so much we all bought it. As soon as you come up with a good idea, the wolves gather to rip it away. Sometimes it is by hackers playing around and exposing their proprietary designs, sometimes it's entrepreneurs trying to piggyback their success, and often it's other corporations just trying to get a chunk of that shiny dime. The EULA while often absurd in it's language and perpetually frustrating to the creative consumers who don't graze like sheep and actually do want to pry off the restrictor plates of what they have. But in today's business world which is swimming with sharks, it has become almost necessary. Especially when it comes to things like computers and consoles. Keep in mind that the sales from the consoles is often unprofitable and sometimes they even sell them at a loss. The reason is that the business model they are using plans to get profits from the sale of software/games and advertising revenue because of us, the "captive audience". So when they have planned on making money only from the sales of software, the piece of plastic in your living room plays a pretty important role in making sure they can deliver it as well as present the ads they are getting paid to show us.

I love hackers for what they do, (at least the ones who like to figure things out and show everyone else, not crazy about the ones who empty bank accounts and snag IP/wifi to distribute kiddy porn). But I can understand why companies like Sony are very overbearing and protective of their control over the hardware. And besides, if enough people found ways to make the games play for free then the games become losses instead of profits and when that happens you will be stuck playing today's games from here on out until they can find a way to get control of it back. This is a business we are talking about, not show and tell.

Regarding Sony and the PS3 discussion; ... This is a business we are talking about, not show and tell.
[and everything in between]
Amen. I was thinking about how consoles are often sold at a loss earlier and also of the possibility of a warranty-less, unlocked version that costs more--so as to profit from the machine with no expectation of future game/accessory purchases. Unfortunately, they would probably cost more than a PC and the demand for such a unit would be extremely low in the first place. People just need to stop confusing consoles with PCs and we'll be all set!

Nothing is unhackable, there are only differing degrees of difficulty. The data was secure until Geohot and his pals cracked the security keys.
at one point it required shortin things out... now its just a flash.. obviously not that difficult

ahahahahahahahahahahahahahahaha! /gasp hahahahahahahhaahahahahahaha! ahhhhhh...oh are you serious?
absolutely yes his limera1n exploit is used today to jailbreak every iDevice other than the ipad2... which allows me to unlock my iPhone so i can use it with any company i wish for free.. most canadian companies dont even give u an option to unlock... and i dont like buying it from lil shop in the middel of the mall hallway for $35+


I'm sure you aren't exaggerating at all here. I'm also sure you have sources confirming all of this.
they had 5 lawyers against a kid aka geohot and they obviously had piss poor security for him to crack it soo quickly...
and sorry it was peter dille a "sony VP"

Clearly, this source is a conflict of interest. Of course he's going to say there should have been more locked doors after he opened all the locked doors. If there had been then he wouldn't be responsible. He wanted the credit for hacking the PS3 until it went wrong and now he's passing the blame...
i believe in the scene... i dont believe it was every his intentions to have piracy... and as for more locked doors... all the other did it for the legal reasons please read this
http://www.ps3hax.net/2011/05/psn-down-till-may-31st-anonymous-press-release/#more-8435

...and you fell for it. Sony definitely should have provided an infinite number of locked doors.:rolleyes:
like i said i believe in the scene... i do not condone piracy.. please refer to the "PCI SSC Data Security Standards Overview" portion

I apologize for being as rude and sarcastic as I was, but sometimes I have to do it. It's nothing personal.[/QUOTE]
while i always appreciate a counter opinion... its was a bit stingy... it aint the end of the world tho

if you want a good read i suggest u take look at this page... very insightful
http://www.eff.org/

Classic example of a company implementing poor security measures and getting bent out of shape when someone figures that out. If Sony made PC software and responded to someone breaking their security this way, Sony would be getting bent over the legal barrel right about now. The only difference is that there's not as much legal precedent on people hacking consoles, and Sony has enough clout to convince some people that for some reason consoles should be treated differently. Yes, they originally sold them at a loss (not anymore (http://www.pcworld.com/article/196214/sonys_playstation_3_turns_profitable.html)). But that was their own decision and should have no bearing on the legal use of the product, regardless of what they 'expect' you to do. If I made a car and sold it at a loss because I expected you to buy gas from a certain line of gas stations that give me a kickback, would you say I could sue anyone who bought my car and then bought gas from someone else? Of course not, that would be ridiculous. So why is it any different when we're talking about electronics?

And incidentally, yes, there are a certain number of "locked doors" (or, security measures, as we like to call them) that by law have to be implemented by any company in the US that handles credit card information. It's called PCI DSS. Give it a read sometime (http://en.wikipedia.org/wiki/PCI_DSS). Was Sony compliant at the time of the breach? I don't know, and I doubt we'll ever know in the current political climate. It does appear that the point of entry for the attack (the Apache server) was known out of date (http://news.cnet.com/8301-17852_3-20060335-71.html). Oh, and speaking of the attack, none of the PS3 hacks, regardless of who released them, were in any way responsible or contributory. The attackers gained access through a known vulnerable web server, and from there escalated access to a database server.

And on the subject of jailbreaking phones that someone mentioned a while ago, that's entirely legal now (in the US at least), and I would question the legality of a carrier dropping you because of it.

i believe in the scene... i dont believe it was every his intentions to have piracy... and as for more locked doors... all the other did it for the legal reasons please read this
http://www.ps3hax.net/2011/05/psn-do...ase/#more-8435
I didn't say that he intended to promote piracy, I said he knew his hack enabled black hats along with everyone else and he didn't care. Which is practically just as bad. As for the article, more than half of that was just blasting some random journalist named Joseph Menn. The only good point in the whole article was that the PSN was not PCI DSS compliant.

I was ignorant of PCI DSS specifically but I assumed something like that existed. I also assumed that there was some agency somewhere forcing compliance. I'm not trying to take any blame off Sony if they really were not compliant, they jacked up pretty good there and will pay for it I'm sure. But the fact that nobody checks these systems to make sure things are safe and rules are followed when handling sensitive information is a bit concerning. It makes me wonder about every other company that accepts credit cards and/or stores the numbers. CC companies need to get the ball rolling on such an organization since they are most at risk.


Classic example of a company implementing poor security measures and getting bent out of shape when someone figures that out. If Sony made PC software and responded to someone breaking their security this way, Sony would be getting bent over the legal barrel right about now. The only difference is that there's not as much legal precedent on people hacking consoles, and Sony has enough clout to convince some people that for some reason consoles should be treated differently.

As it turns out, it does look like Sony f'ed up in the security department. However, just about every software EULA prevents a user from 'changing, modifying, tweaking, copying (other than for backup purposes), rewriting' etc. So I think Sony would actually have had an easier time if it were just a piece of software. Hell, maybe even the PS3 EULA prevented this, but Geohot claimed to have never read it.



Yes, they originally sold them at a loss (not anymore (http://www.pcworld.com/article/196214/sonys_playstation_3_turns_profitable.html)). But that was their own decision and should have no bearing on the legal use of the product, regardless of what they 'expect' you to do.

When the only other uses are against the EULA, then yes, it's fair for them to assume that a user will be buying profitable products and accessories and it's acceptable in their business model to sell the console at a loss to stay competitive and drive sales. Before you argue that they shouldn't be allowed to tell you what you can and can't do with your device, it's a gaming console, first and foremost. There needs to be measures in place to prevent unfair manipulation and hacking in the games. This is exactly the measures that Geohot broke down. This is also exactly why I was thinking about companies offering unlocked 'black edition' consoles that simply cannot connect to the console network, but all other functions are enabled. It would be more expensive though, just like an unlocked CPU. You get what you pay for.


If I made a car and sold it at a loss because I expected you to buy gas from a certain line of gas stations that give me a kickback, would you say I could sue anyone who bought my car and then bought gas from someone else? Of course not, that would be ridiculous. So why is it any different when we're talking about electronics?

If the car was designed to run on that specific gas and you modified the car to run on whatever you wanted despite the EULA saying you can't do that, then yes. You may not like EULAs but that doesn't mean you are excluded from them. If you don't agree then don't use the product, take it back and get a refund. It's not ridiculous, and it's not different.


And incidentally, yes, there are a certain number of "locked doors" (or, security measures, as we like to call them) that by law have to be implemented by any company in the US that handles credit card information. It's called PCI DSS. Give it a read sometime (http://en.wikipedia.org/wiki/PCI_DSS). Was Sony compliant at the time of the breach? I don't know, and I doubt we'll ever know in the current political climate. It does appear that the point of entry for the attack (the Apache server) was known out of date (http://news.cnet.com/8301-17852_3-20060335-71.html). Oh, and speaking of the attack, none of the PS3 hacks, regardless of who released them, were in any way responsible or contributory. The attackers gained access through a known vulnerable web server, and from there escalated access to a database server.

I did give it a read. See my claim of partial-ignorance above. We all learn something new every day. (http://dictionary.reference.com/browse/analogy)
This article you linked to is speculation on speculation. (http://news.cnet.com/8301-17852_3-20060335-71.html) It does not confirm a single point. I'm not even sure why it was written.:? But I assume that legit sources have confirmed exactly how the attacks were performed though I've only been able to find similar junk sources that neither confirm nor deny anything. I hear the Department of Homeland Security are investigating as well, so that should be an interesting report to read.

Also, I didn't mean to say that Geohot was responsible for the stolen data. I've even said in other posts that it was too early to say for sure. I got mixed up and was wrong. However, he is responsible for the PSN being down:

[Original Story]: Playstation Network users have been left in the dark for days now, and Sony has acknowledged that the shutdown has everything to do with hackers. However, they've made no mention of who's to blame or what the hacking hoped to accomplish. Web group Anonymous previously announced intentions to attack PSN, but are denying involvement with this incident. Today, a user on Reddit claims to have knowledge of the specifics.

User chesh420 says he's a moderator at PSX-Scene.com, and the shutdown can be traced to a custom firmware that allowed users to validate fake credit card numbers on what PSN deemed to be a secure network. Here's the entirety of his post (all spelling in context):

Ok, I've seen a bunch of speculation of why people think PSN is down, and I thought I should just post what the community knows in comparison to what Sony is telling everyone. The truth is, there was a new CFW (custom firmware) released known as Rebug (link omitted). It essentially turns a retail console into a dev console (not fully, but gives you a lot of the same options that usually dev's only have access to). Anyway, this new CFW was quickly figured out to give CFW users access to the PSN network again via the dev networks. With a little manipulation of the URL's through a proxy server you could get your hacked console back online. Not that big of a deal, right? Well, it also turns out that some people over at NGU found out that you could provide fake CC# info and the authenticity of the information was never checked as you were on Sony's private developer PSN network (essentially a network that Sony trusted). What happened next was extreme piracy of PSN content. Sony realizing the issue here shut down the network. Now, before you go freaking out about the latest information posted about Kotaku, no ones personal information was accessible via this hack. Not to say they couldn't get it, but no one is admitting to it being available. Anyway, that's the real reason for the PSN downtime. Sony is now rebuilding all of it's PSN servers to be more secure and (hopefully) make sure the CFW users cannot get online anymore.

It would take something major for Sony to shut down the entirety of their network, and a custom firmware that allowed for rampant pirating is obviously reason for concern. Take this with a grain of salt, as we have no way of verifying whether this Reddit user has an inside track or not. We've reached out to Sony for comment and will let you know if we hear anything.
http://www.gameinformer.com/b/news/archive/2011/04/26/did-sony-shut-down-psn-to-combat-piracy.aspx

Did Geohot know that things like this would be possible with his hack? Yes, there's no way he didn't. And did he care? Obviously not. Enabling criminal activity is a crime. Like I've said in other threads, the risks outweighed the benefits...it just wasn't worth it.

Did Geohot know that things like this would be possible with his hack? Yes, there's no way he didn't. And did he care? Obviously not. Enabling criminal activity is a crime. Like I've said in other threads, the risks outweighed the benefits...it just wasn't worth it.

And like I've said before, I don't think this view of this situation is legally valid. Given what I know is legal and not legally considered "enabling criminal activity" from my experience in the computer security industry, this seems like another case of "it's different because we're Sony". To clarify, if George Hotz had done exactly the same thing to, say, the Windows 7 activation authentication system, it would have gone more along these lines:

Hotz: Hey everyone, I found this poorly coded authentication system that relies utterly on these static authentication keys right here.
Microsoft: Oh crap, who the f*** coded that? Right, we'll fix that now, thanks.

Oh, or hey, what about when a guy going by 'muslix64' published the first AACS encryption key (key for unencrypting BD and HDDVD discs). That went something like this:

muslix64: Hey everyone, I found this key.
internet: Awesome!
AACS LA*: You did what!? *starts sending out DMCA takedown notices to anyone publishing the key*
some websites publishing the key: Wait, what? Umm...ok, I don't really want to get sued...
internet: WTF? Put those keys back up there!
a few sites that had taken down the key: Hmm, ok, back up it goes, let's see what happens now.
AACS LA: What!? You did what!? We're gonna sue you all!
AACS LA lawyer: *whispers to AACS LA*
AACS LA: ...really? We can't copyright a number? ...well f***... Umm, ok, we're just gonna change the key then. Carry on, internet.
internet: Hahahaha, you changed it, eh? You mean to this?
AACS LA: ..damn it..

*AACS LA (The Advanced Access Content System Licensing Administrator) is a group of companies that developed and maintains AACS. The companies that founded the group are; IBM, Intel, Microsoft, Panasonic, Sony, Toshiba, Disney, and Warner Brothers.

Basically, the AACS LA discovered that they had no legal ground to stand on to go after the people who had found the keys or the people who were distributing them.

Or, my favorite example of creating something that can be used in illegal ways not constituting "promoting illegal activity"; malware. It is perfectly legal for me to find vulnerabilities to exploit, write software to exploit those vulnerabilities, write delivery packages for that software, install it on any system that either I own or I have the permission of the owner, and so on. It is even legal for me to publish everything surrounding it (the real problem Sony has with Hotz). The only time it becomes illegal is if someone runs that malware package on a computer that they do not have permission from the owner to run it on. It doesn't matter that they might only have to download it from my website and run it; I have zero legal liability.

I bought it. It's mine. I can do whatever I want to it. Oh, wait...

And like I've said before, I don't think this view of this situation is legally valid. Given what I know is legal and not legally considered "enabling criminal activity" from my experience in the computer security industry, this seems like another case of "it's different because we're Sony".
There was security that prevented potentially legal use (although against the EULA) and illegal use on the PS3. Geohot defeated it knowing that this allowed both the good and the bad. Knowing that a crime will be committed based on your actions is the definition of an accessory. He doesn't have to have anything to do with the actual crime to be guilty of this. He just has to know that it will eventually happen...which he did.

Whether or not there is a law that spells out exactly each case is all that matters when judging right from wrong? Were murder or burglary OK before the laws were written to criminalize them? US common law is simply precedent established on a case by case basis. I don't believe there is precedent for hacking the security devices and firmware of a game console, so Sony had every right to proceed with this in court. But since they settled, there won't be precedent anytime in the foreseeable future.

I feel exactly how this guy feels and I tend to get just as upset:
http://www.youtube.com/watch?v=mPMmsEtZAxQ


I bought it. It's mine. I can do whatever I want to it. Oh, wait...I sincerely agree to the point where it begins to affect other people. That's where the line is crossed.

There was security that prevented potentially legal use (although against the EULA) and illegal use on the PS3. Geohot defeated it knowing that this allowed both the good and the bad.

Like crowbar manufacturers? Bong shops?

Like crowbar manufacturers? Bong shops?

Touché with the crowbar manufacturer. But bong shops don't defeat security nor facilitate any crime. Also, neither affects millions of people.

I'm talking about the facilitation of crime in general; handing out information that gives people access to features they already own is hardly on a par with giving a gun to a murderer, or unlocking a house so it can be robbed; it's just providing something that could potentially used for an illegal act.

If bump keys aren't illegal, how is this? http://en.wikipedia.org/wiki/Lock_bumping

I'm talking about the facilitation of crime in general; handing out information that gives people access to features they already own is hardly on a par with giving a gun to a murderer, or unlocking a house so it can be robbed; it's just providing something that could potentially used for an illegal act.

The murder and burglary were extreme examples of unacceptable (hopefully) actions in civilized society. No other similarities were intended as they are highly contrasting with geohots scenario. That said, unlocking a house so it can be robbed is a precise analogy for what he did.


If bump keys aren't illegal, how is this? http://en.wikipedia.org/wiki/Lock_bumping

Bump keys are illegal in many states here (as is possessing other burglary tools e.g. lock picks, slim jims for cars, etc...most professionals still use the tools anyway despite not being exempted from the law), and probably would be illegal in all states and many more countries if they were brought to the attention of lawmakers. Laws don't simply pop into existence. At some point there needs to be legislation or a court case concerning the matter...one that doesn't settle out of court even!

The murder and burglary were extreme examples of unacceptable (hopefully) actions in civilized society. No other similarities were intended as they are highly contrasting with geohots scenario. That said, unlocking a house so it can be robbed is a precise analogy for what he did.
Gotta really disagree about that. A house is a single 'object'. Geohot doesn't crack your PS3, he gave instructions how. If he's not directly taking action, that's covered under his constitutional rights, surely?


Bump keys are illegal in many states here (as is possessing other burglary tools e.g. lock picks, slim jims for cars, etc...most professionals still use the tools anyway despite not being exempted from the law), and probably would be illegal in all states and many more countries if they were brought to the attention of lawmakers. Laws don't simply pop into existence. At some point there needs to be legislation or a court case concerning the matter...one that doesn't settle out of court even!
While I agree with you on that, court cases are considered the 'last option' for damages. For example, if you refuse a settlement and then the court awards smaller damages than the settlement option, you can find yourself paying court fees/the other side's legal costs.

Oh and I did the research, in the vast majority of the USA, lock picks are legal - however, carrying them in the public will likely see you arrested for 'going equipped'. It's all about context - I'd be arrested for carrying my kitchen knives in public, but it's legal for me to buy, sell and own them.

Gotta really disagree about that. A house is a single 'object'. Geohot doesn't crack your PS3, he gave instructions how. If he's not directly taking action, that's covered under his constitutional rights, surely?

While I agree with you on that, court cases are considered the 'last option' for damages. For example, if you refuse a settlement and then the court awards smaller damages than the settlement option, you can find yourself paying court fees/the other side's legal costs.

OK, not a precise analogy. Each PS3 console is part of a larger network though. That network would be the house. Prior to geohots hack, that network was locked up tight. He unlocked the door for otherOS, custom firmware, etc. and, in addition, abuse by malicious idiots who never otherwise would have been able to do their malicious-idiot-things. Unfortunately, but not surprisingly, they struck hard enough to cause the PSN to be taken down for an extended period of time. Like I said before, he doesn't have to participate in the crime itself in any way to be an accessory. All he has to do is make available the opportunity for criminal activity...which, unarguably, he did. The malicious idiots are the principal, geohot is an accessory.
There are a lot of gray areas in the coverage of freedom of speech and press here. Divulging proprietary information is one of those gray areas and usually is not covered by either.
And yes, a court case should be the last course of action if only for the sake of the court systems. They are always expensive for both sides, and more often than not, the winner is whoever has the deeper pockets. But if everyone keeps settling out of court then no precedent is ever established and people keep squabbling over the same issues again and again and again. Sometimes you just have to take one for the team to settle it once and for all.

OK, not a precise analogy. Each PS3 console is part of a larger network though. That network would be the house. Prior to geohots hack, that network was locked up tight. He unlocked the door for otherOS, custom firmware, etc. and, in addition, abuse by malicious idiots who never otherwise would have been able to do their malicious-idiot-things. Unfortunately, but not surprisingly, they struck hard enough to cause the PSN to be taken down for an extended period of time. Like I said before, he doesn't have to participate in the crime itself in any way to be an accessory. All he has to do is make available the opportunity for criminal activity...which, unarguably, he did. The malicious idiots are the principal, geohot is an accessory.

Again, the crowbar analogy holds. The 'generalised accessory' falls flat when you look at publishing. A good example of this can be found in the birth of legal porn in the USA in the 1970s - because performers were paid, there was an attempt to prosecute them using prostitution laws, and as such it was inferred that anyone watching porn, by indirectly funding them, was a john... Needless to say, that sort of interpretation of the law was considered unlawful, and I'm confident the same would be found here.


There are a lot of gray areas in the coverage of freedom of speech and press here. Divulging proprietary information is one of those gray areas and usually is not covered by either.

But if I own a car, and I publish information I've gathered by pulling it apart with my hands, that's somehow okay?


And yes, a court case should be the last course of action if only for the sake of the court systems. They are always expensive for both sides, and more often than not, the winner is whoever has the deeper pockets. But if everyone keeps settling out of court then no precedent is ever established and people keep squabbling over the same issues again and again and again. Sometimes you just have to take one for the team to settle it once and for all.
Well, I think the answer here is judicial review - the law can be clarified without a case going through the courts

I don't believe there is precedent for hacking the security devices and firmware of a game console, so Sony had every right to proceed with this in court.
True, there is no precedent (to my knowledge) of console hacking to date, but there are many similar precedents and laws. For example, the law amended back in July that specifically legalized the jailbreaking of cellphones, and the laws and precedents surrounding computer software hacking.


I sincerely agree to the point where it begins to affect other people. That's where the line is crossed.
That is a fine line you're playing with there, and where it falls pretty much the basis of our entire legal system; balancing the rights of the individual against the rights of the community.


Bump keys are illegal in many states here (as is possessing other burglary tools e.g. lock picks, slim jims for cars, etc...most professionals still use the tools anyway despite not being exempted from the law), and probably would be illegal in all states and many more countries if they were brought to the attention of lawmakers.
Ok, two points (though in the opposite order that you presented them):
1) Licensed locksmiths are exempted from those laws in most if not all states because they a) are registered and b) require the use of those tools in the completion of their legal job.
2) Locksmith tools (lock picks, bump keys, etc) are not illegal in most states. In most states that I have researched, possession in and of itself does not constitute a crime. Criminal use or intent must be proven in order for possession to be a crime. There are a few states (Nevada, for example) that create a circuitous argument that then possession constitutes proof of criminal intent, but they are the exception, not the rule. For more specific information for any particular state or country, this thread is a great resource:
http://www.lockpicking101.com/viewtopic.php?t=2850


Well, I think the answer here is judicial review - the law can be clarified without a case going through the courts
Agreed. That's, honestly, my biggest frustration with this whole situation. Nothing was decided. No precedent was set. To me, that speaks of one of two situations:
1) Hotz just got sick of the BS, and since he had already stated that he would be boycotting Sony products and that was what they wanted in settlement anyway, he decided to move on with his life.
2) Sony knew they didn't have any legal ground to stand on, and wanted a way out.

Which it was, we'll never know. The benefits of running Linux on the PS3 have always been unfettered access to the Cell processor. However, with recent advances in GPGPU technology, that is becoming less and less useful and less and less cost-effective. So, tbh, I doubt we'll see another case with the PS3 get this far again just because there are easier and cheaper ways to accomplish the goals that would have been achieved that don't involve tangling with a manufacturer who thinks they can control what you do with a product that you have already purchased.

Again, the crowbar analogy holds. The 'generalised accessory' falls flat when you look at publishing. A good example of this can be found in the birth of legal porn in the USA in the 1970s - because performers were paid, there was an attempt to prosecute them using prostitution laws, and as such it was inferred that anyone watching porn, by indirectly funding them, was a john... Needless to say, that sort of interpretation of the law was considered unlawful, and I'm confident the same would be found here.
I'm not sure how circumventing security and providing that information to law-abiding PS3 owners and potential criminals with indifference is generalization. Likewise, I'm not sure how/why you are well informed on US prostitution laws (:D) but nobody is being generalized in a manner similar to your example. Geohot opened the locked door, the hacker committed the crime, and sony happens to own the PSN that was hacked using geohots security breach.

But if I own a car, and I publish information I've gathered by pulling it apart with my hands, that's somehow okay?Cars are generally constructed of off-the-shelf and custom parts, most of which were not manufactured by the company that designed/assembled the car. They are also generally not proprietary. However, if you took apart a proprietary security system in the car, figured out how to bypass it, made that info available to criminals who use it to steal cars...that would be a similar scenario. You would be an accessory to the theft. Freedom of speech/press may or may not be a valid defense depending on a lot of factors.


Well, I think the answer here is judicial review - the law can be clarified without a case going through the courts Judicial review (in the US) only determines whether or not something is unconstitutional. They also don't bother with small-time cases like this. They tend to concern themselves with such things as the validity of a law that potentially affects the outcome of current cases. Also, I'm not sure that they ever create new laws based on their decisions. So, we're stuck with nothing. Both sides will continue to disagree perpetually.



That is a fine line you're playing with there, and where it falls pretty much the basis of our entire legal system; balancing the rights of the individual against the rights of the community.

Act like an idiot in your home: no consequences. Act like an idiot in public: disturbing the peace or disorderly conduct, arrested.
Black out drunk in your home: no (legal) consequences. Black out drunk in public: public intoxication, arrested.
Driving like a maniac on your property: no (legal) consequences. Driving like a maniac on public roads: reckless driving, huge ticket, possible loss of license.
Somehow manage to beat yourself up: no consequences. Beat someone else up: assault, arrested.

Most laws are in place to protect the community from the individual. All of the rights of the individual terminate when they intersect with the rights of anyone else. For example, if someone came to your home to preach their agenda and you make it known that you do not want to hear it, their freedom of speech ends until they leave your property. They have no right to force you to hear what they want to say. This also applies to some degree in public places.
If your actions negatively impact millions of innocent people, the legality of said actions should be questioned. Due to the negative impact being the loss of access to the PSN, nobody is going to take it seriously...



Ok, two points (though in the opposite order that you presented them):
1) Licensed locksmiths are exempted from those laws in most if not all states because they a) are registered and b) require the use of those tools in the completion of their legal job.
2) Locksmith tools (lock picks, bump keys, etc) are not illegal in most states. In most states that I have researched, possession in and of itself does not constitute a crime. Criminal use or intent must be proven in order for possession to be a crime. There are a few states (Nevada, for example) that create a circuitous argument that then possession constitutes proof of criminal intent, but they are the exception, not the rule. For more specific information for any particular state or country, this thread is a great resource:
http://www.lockpicking101.com/viewtopic.php?t=2850

As far as I know, nobody is exempted from the law due to their profession with the exception of certain government employees and even then only under certain conditions. But you are right about burglary tools not being illegal in most states. The list of state burglary laws I had found omitted several clauses, often the one saying 'intent to commit a crime' is a necessary condition in addition to possession. I found a better, hopefully more complete list here (http://www.uer.ca/forum_showthread.asp?fid=1&threadid=39479). I checked it against half a dozen versions posted on official state sites and they seem to be word-for-word accurate and complete. Though I have had a slim jim personally confiscated from me when I was trying to unlock my own car. Perhaps it was a city law/ordinance?

As far as I know, nobody is exempted from the law due to their profession with the exception of certain government employees and even then only under certain conditions.
In the few states that have a circuitous or outright ban on such tools, usually there's a proviso in the law that states that they apply except in the case of a licensed, professional, locksmith in the course of performing their legal duties. I believe this is the case in California. That being said, since most states require a criminal intent for it to be illegal and by definition a locksmith performing their legal duties would not fall under 'criminal intent' since they have the permission of the owner, I imagine it's not a legal scenario that comes up all that often.


Though I have had a slim jim personally confiscated from me when I was trying to unlock my own car. Perhaps it was a city law/ordinance?
Probably, yeah. Since local laws supersede state and federal laws when they are more restrictive, that is very likely the case. I haven't looked into many cities, but I know it's a similar situation with weapons laws.

I'm not sure how circumventing security and providing that information to law-abiding PS3 owners and potential criminals with indifference is generalization. Likewise, I'm not sure how/why you are well informed on US prostitution laws (:D) but nobody is being generalized in a manner similar to your example. Geohot opened the locked door, the hacker committed the crime, and sony happens to own the PSN that was hacked using geohots security breach.

Access to what? A device he already owns.


Cars are generally constructed of off-the-shelf and custom parts, most of which were not manufactured by the company that designed/assembled the car. They are also generally not proprietary. However, if you took apart a proprietary security system in the car, figured out how to bypass it, made that info available to criminals who use it to steal cars...that would be a similar scenario. You would be an accessory to the theft. Freedom of speech/press may or may not be a valid defense depending on a lot of factors.
Access to devices people already own... Where is the theft? It's a potential, unproven intervening act - there are plenty of reasons you would want to do it. It's a generalised argument because all he's doing is explaining how to get system level access to a device you already own.


Judicial review (in the US) only determines whether or not something is unconstitutional. They also don't bother with small-time cases like this. They tend to concern themselves with such things as the validity of a law that potentially affects the outcome of current cases. Also, I'm not sure that they ever create new laws based on their decisions. So, we're stuck with nothing. Both sides will continue to disagree perpetually.

In my view, this argument is clearly a constitutional issue. Is a gun shop an accessory to a murder? Is a telephone manufacturer an accessory to a terrorist attack organised over a phone?

An 'accessory' implies a particular participant, not a generalised one. One thing that's incredibly important in this case is the fact that his exploit was the ability to use the device for a purpose other than what it was intended. It was not deisgned to circumvent copyright laws.


Most laws are in place to protect the community from the individual. All of the rights of the individual terminate when they intersect with the rights of anyone else. For example, if someone came to your home to preach their agenda and you make it known that you do not want to hear it, their freedom of speech ends until they leave your property. They have no right to force you to hear what they want to say. This also applies to some degree in public places.
If your actions negatively impact millions of innocent people, the legality of said actions should be questioned. Due to the negative impact being the loss of access to the PSN, nobody is going to take it seriously...

The entire purpose of the constitution is to protect the rights of the individual!

How is the shutting down of the PSN relevant?


As far as I know, nobody is exempted from the law due to their profession with the exception of certain government employees and even then only under certain conditions.

Different exemptions for different professions in general. For example, as a systems admin, the DPA (data protection act) in the UK allowed me to view all private records in a social services database, because I had to see records to fix them, while social workers had access restricted only to appropriate cases. Vets can cut open animals with knives, while I ... I would be severely prosecuted...

Maybe an example will make me clearer:

The US constitution allows individual freedoms, in a very strong and specific way. It allows people to publish and say whatever they want, up to and including books like this. (http://www.google.co.uk/search?q=anarchists+cookbook&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-GB:official&client=firefox-a)

Now, if it's legal to publish bomb-making books (he's not an accessory because he's not giving bomb-making advice to an individual...), how does a 21 year old american publishing information simply on how to get system level access to a gaming console end up looking down the barrel of a multi-million dollar lawsuit?

Vets can cut open animals with knives, while I ... I would be severely prosecuted...
And surgeons can cut open people with knives...but crazy sh** always happens whenever I try that. :whistler:

(disclaimer: kidding; I've never done that..just in case someone took that the wrong way..)


Now, if it's legal to publish bomb-making books (he's not an accessory because he's not giving bomb-making advice to an individual...), how does a 21 year old american publishing information simply on how to get system level access to a gaming console end up looking down the barrel of a multi-million dollar lawsuit?
/\ That exactly. It's legal for me to tear apart and publish vulnerabilities and exploits for computer software. It's legal for me to tear apart and publish vulnerabilities and exploits for mobile phone software and firmware. It's legal for me to tear apart and publish vulnerabilities in locks and other physical security systems. Hell, that's how the security industry works. We figured out a long time ago that developing security solutions in secret doesn't work. The strongest, most robust, most trusted security systems, both software and hardware (ie, locks, etc), are either open source or have detailed designs and schematics published by the manufacturer. Quite a few security companies even set bounties on their own products...as do quite a few computer software companies.

I'd also like to point out that both of the other seventh generation gaming consoles have had similar system-level-access hacks, but neither Microsoft nor Nintendo (for all their lawsuit-happy habits) reacted anywhere near this level of ridiculousness. Heck, Microsoft even hired one of the most prolific hardware hackers from those communities (Johnny Lee). The biggest (technical) problem that caused Sony to flip out so hard is that they use the same authentication keys for everything. Seriously...everything...game validation, system updates, PSN authentication, firmware checks, payment processing....everything. That's like using the same username and password everywhere online...or using the same key for your house, car, place of business, and safety deposit box. It's just really bad policy, regardless of how secure you think your system is, and it's why the fallout has been so bad. You break one component and suddenly the entire PS3/PSN infrastructure is an open book.

There's a security concept known as 'defense in depth (http://en.wikipedia.org/wiki/Defense_in_depth)'. Basically, it starts from the assumption that no one point of defense is perfect, and never can be. So instead of relying entirely on one point of defense, multiple layers are set at strategic points. Anyone who has played Risk knows that if you gather all your troops at the perimeter, it may be a very strong defense, but once it falls at any point (and it inevitably will), your entire territory is left defenseless. It's the same thing in real life in any security situation. In the case of the PS3, they put all their defense hanging on this one key. And when that one key was compromised, their entire infrastructure was defenseless. The sad thing is that this could have been very easily avoided if they had just followed standard security practices and separated roles. One key for firmware checks, one key for system updates, one key for game authentication, etc. Even just sticking with the one authentication system wouldn't bee so bad as long as it was a proven strong one. Most of the internet would go down if an easily exploitable vulnerability in RSA were discovered, but since it's a proven secure and reliable authentication method, it's deemed an acceptable risk. So too with Sony. If their authentication system is a proven secure and reliable system, using one authentication system is an acceptable risk....using the same key to unlock every door is not. It's like fitting 9-pin, dual-side, high security locks to every door in a college dorm....and then giving every student a grandmaster key.

Access to what? A device he already owns.

Access to devices people already own... Where is the theft? It's a potential, unproven intervening act - there are plenty of reasons you would want to do it. It's a generalised argument because all he's doing is explaining how to get system level access to a device you already own.

Picking a lock to gain unlawful access to a building is illegal. Having one person pick the lock and a different person enter the building is somehow not? That's why we have defined the principal, accessory, etc. Hacking security on an electronic device so someone else could do the dirty work is not different. It does not matter if it was geohots intention or not. Sonys incompetence does not somehow make it OK either.


An 'accessory' implies a particular participant, not a generalised one. One thing that's incredibly important in this case is the fact that his exploit was the ability to use the device for a purpose other than what it was intended. It was not deisgned to circumvent copyright laws.
Geohot circumvented the security that prevented a lot of different things, one being copyright violation via piracy. He showed others how to circumvent the security as well. It would not have been a problem if the PSN was not involved. Hack your standalone device all you want.


The entire purpose of the constitution is to protect the rights of the individual!

How is the shutting down of the PSN relevant?

No. The constitution protects 'the people' from the government by distributing power amongst 3 separate entities. Most laws (having nothing whatsoever to do with the constitution) also protect 'the people' from the acts of a few/single unruly people.
How is the shutting down of the PSN relevant? Through the actions of geohot and other hackers, crimes were committed which unjustly forced the shutdown of the network while inconveniencing millions of innocent people and likely causing a huge loss of revenue for hundreds of companies involved with the PSN. I stated that the legality of said actions should be questioned.


Different exemptions for different professions in general. For example, as a systems admin, the DPA (data protection act) in the UK allowed me to view all private records in a social services database, because I had to see records to fix them, while social workers had access restricted only to appropriate cases. Vets can cut open animals with knives, while I ... I would be severely prosecuted...
I doubt if there are laws that prevent you from performing a legitimate operation on your dog. If you are mutilating your dog for some sick pleasure, then yes, you would be severely prosecuted. Likewise, if you somehow know enough to save someones life, through say an emergency tracheotomy, and you perform it flawlessly, there is no law against it. If you start randomly slashing with a knife...you'll be incarcerated for sure. You can't advertise or charge money for your services without a medical license though.

The US constitution allows individual freedoms, in a very strong and specific way. It allows people to publish and say whatever they want, up to and including books like this.

Now, if it's legal to publish bomb-making books (he's not an accessory because he's not giving bomb-making advice to an individual...), how does a 21 year old american publishing information simply on how to get system level access to a gaming console end up looking down the barrel of a multi-million dollar lawsuit?
Have you read the Anarchist Cookbook? I have. It's a joke. The author clearly had no idea what he was talking about. He's just 'some guy' and not an actual authority on any subject. Trying any of the 'projects' puts the reader and anyone stupid enough to be standing in the immediate area in danger, and nobody else. Therefore, it's not in one of the 'gray areas' I mentioned before. Publishing a book or document containing proprietary security codes is, however, in a gray area. You won't find any officially published articles concerning the specifics of hacking any device or software, you won't find any articles saying 'put the bomb here in x or y building', nor will you find 'stab the target here, here, and here to confirm the kill'. Publication in any specificity of illegal acts or even questionably legal acts is itself questionably legal. It's one type of gray area that our first amendment often does not cover...that's where the various conspiracy charges stem from. Federal law does not require the crime to be committed for conspiracy charges to be pressed (thoughtcrime anyone?), however, many states do require the plan to be at least partially implemented. We can't say or publish ANYTHING we want. I cannot imagine the ensuing chaos if we actually could...

I'd also like to point out that both of the other seventh generation gaming consoles have had similar system-level-access hacks, but neither Microsoft nor Nintendo (for all their lawsuit-happy habits) reacted anywhere near this level of ridiculousness. Heck, Microsoft even hired one of the most prolific hardware hackers from those communities (Johnny Lee). The biggest (technical) problem that caused Sony to flip out so hard is that they use the same authentication keys for everything. Seriously...everything...game validation, system updates, PSN authentication, firmware checks, payment processing....everything. That's like using the same username and password everywhere online...or using the same key for your house, car, place of business, and safety deposit box. It's just really bad policy, regardless of how secure you think your system is, and it's why the fallout has been so bad. You break one component and suddenly the entire PS3/PSN infrastructure is an open book.Yeah, Sony f-ed up thoroughly and are partially at fault due to incompetence, but that doesn't exonerate geohot or the hackers that took advantage of his hack. Sony tried to get the exploitation taken down through the threat of legal action. Geohot was a smart-ass punk and impolitely refused. I'm not really sure what Sony did that was so ridiculous other than to try and get the court to decide who was right. The only ridiculousness that I see is that after all of this, no conclusion was reached.

Picking a lock to gain unlawful access to a building is illegal. Having one person pick the lock and a different person enter the building is somehow not? That's why we have defined the principal, accessory, etc. Hacking security on an electronic device so someone else could do the dirty work is not different. It does not matter if it was geohots intention or not. Sonys incompetence does not somehow make it OK either.

How any analogy in relation to doors to someone else's property makes sense to giving people access to electronics they already own is beyond me!


Geohot circumvented the security that prevented a lot of different things, one being copyright violation via piracy. He showed others how to circumvent the security as well. It would not have been a problem if the PSN was not involved. Hack your standalone device all you want.

System level access? I'm really not seeing this...


No. The constitution protects 'the people' from the government by distributing power amongst 3 separate entities. Most laws (having nothing whatsoever to do with the constitution) also protect 'the people' from the acts of a few/single unruly people.

And the bill of rights? The first amendment? The second? The third......?


How is the shutting down of the PSN relevant? Through the actions of geohot and other hackers, crimes were committed which unjustly forced the shutdown of the network while inconveniencing millions of innocent people and likely causing a huge loss of revenue for hundreds of companies involved with the PSN. I stated that the legality of said actions should be questioned.
There is absolutely NO chain of causation here. This is what should be classified under law as an 'intervening act' - he did not hack the PSN and is no way responsible.


I doubt if there are laws that prevent you from performing a legitimate operation on your dog. If you are mutilating your dog for some sick pleasure, then yes, you would be severely prosecuted. Likewise, if you somehow know enough to save someones life, through say an emergency tracheotomy, and you perform it flawlessly, there is no law against it. If you start randomly slashing with a knife...you'll be incarcerated for sure. You can't advertise or charge money for your services without a medical license though.
There are definitely laws, I'd be dumped straight onto the police for animal cruelty.

In terms of the emergency surgery, I can only inform you in terms of UK law. An operation is legally an assault, and one can not legally consent to an assault occasioning harm (i.e. the cut, ignoring the positive effect) except in specific circumstances. One of these is surgery. This is how a surgeon is legally protected. However, one can only consent to this if performed by a legally qualified practitioner.

An emergency tracheotomy would almost certainly be covered under self-defence laws - laws that apply to defending others, including in this case, the patient.


Have you read the Anarchist Cookbook? I have. It's a joke. The author clearly had no idea what he was talking about...

It provides many functional instructions for making bombs. Plenty of teenagers lost hands because of the book. It's worth reading about the history of the book and the author's story, it's interesting how he tried to ban his own book..


Publishing a book or document containing proprietary security codes is, however, in a gray area. You won't find any officially published articles concerning the specifics of hacking any device or software, you won't find any articles saying 'put the bomb here in x or y building', nor will you find 'stab the target here, here, and here to confirm the kill'.

a) there are plenty of books like that
b) he didn't suggest people steal. he didn't suggest people do anything illegal. He released codes that had the theoretical potential to be used maliciously.


Publication in any specificity of illegal acts or even questionably legal acts is itself questionably legal. It's one type of gray area that our first amendment often does not cover...that's where the various conspiracy charges stem from. Federal law does not require the crime to be committed for conspiracy charges to be pressed (thoughtcrime anyone?), however, many states do require the plan to be at least partially implemented. We can't say or publish ANYTHING we want. I cannot imagine the ensuing chaos if we actually could...

"To break into that house, smash the door glass, reach in, turn the lock" - This instruction is not illegal. It's not even questionably legal. It's completely legal.

Giving thost instructions to a man in a hoodie outside a house at 3am is quite probably a crime. It's all about the context, much like exactly where I'm carrying my crowbar, knife or whatever.


Yeah, Sony f-ed up thoroughly and are partially at fault due to incompetence, but that doesn't exonerate geohot or the hackers that took advantage of his hack. Sony tried to get the exploitation taken down through the threat of legal action. Geohot was a smart-ass punk and impolitely refused. I'm not really sure what Sony did that was so ridiculous other than to try and get the court to decide who was right. The only ridiculousness that I see is that after all of this, no conclusion was reached.
Court cases deal with unresolvable disputes. This clearly wasn't one.

Geohot circumvented the security that prevented a lot of different things, one being copyright violation via piracy. He showed others how to circumvent the security as well. It would not have been a problem if the PSN was not involved. Hack your standalone device all you want.
First off, I have yet to see any line of causation demonstrated between Hotz's hack and the PSN downtime. To my understanding, the PSN attack was (as I stated a couple pages back) the result of an attack on an internal Sony database server that was accessed after attackers gained access to Sony's internal network through a poorly maintained webserver.

Second, the main thing that Sony was taking issue with was Hotz publishing his findings. The only tools that he released were specifically designed to hack standalone devices to run alternate firmware that allowed a different OS to be run on the device. As far as I can tell, that fits firmly within the realm of "Hack your standalone device all you want."


Publishing a book or document containing proprietary security codes is, however, in a gray area. You won't find any officially published articles concerning the specifics of hacking any device or software, you won't find any articles saying 'put the bomb here in x or y building', nor will you find 'stab the target here, here, and here to confirm the kill'. Publication in any specificity of illegal acts or even questionably legal acts is itself questionably legal. It's one type of gray area that our first amendment often does not cover...that's where the various conspiracy charges stem from. Federal law does not require the crime to be committed for conspiracy charges to be pressed (thoughtcrime anyone?), however, many states do require the plan to be at least partially implemented. We can't say or publish ANYTHING we want. I cannot imagine the ensuing chaos if we actually could...
Hmmm, what about this?
http://www.amazon.com/Hacking-Xbox-Introduction-Reverse-Engineering/dp/B002YX0EN4/ref=sr_1_1?ie=UTF8&qid=1305602854&sr=8-1
ooh, or this?
http://www.amazon.com/Game-Console-Hacking-PlayStation-Nintendo/dp/1931836310/ref=sr_1_3?ie=UTF8&qid=1305602854&sr=8-3
Or any of these?
http://www.amazon.com/Reversing-Secrets-Engineering-Eldad-Eilam/dp/0764574817/ref=sr_1_4?ie=UTF8&qid=1305602854&sr=8-4
http://www.amazon.com/Hacking-Xbox-Introduction-Reverse-Engineering/dp/B004IYKWV6/ref=sr_1_8?ie=UTF8&qid=1305602854&sr=8-8
http://www.amazon.com/Hacking-PSP-Customizations-SonyPlayStationPortable-ExtremeTech/dp/0470104511/ref=sr_1_10?ie=UTF8&qid=1305602854&sr=8-10
http://www.amazon.com/Game-Console-Hacking-Warranty-ebook/dp/B001V7U7AE/ref=sr_1_11?ie=UTF8&qid=1305602854&sr=8-11
http://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921/ref=sr_1_3?ie=UTF8&qid=1305602978&sr=8-3
http://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033/ref=sr_1_6?ie=UTF8&qid=1305602978&sr=8-6
http://www.amazon.com/Rootkit-Arsenal-Escape-Evasion-Corners/dp/1598220616/ref=sr_1_7?ie=UTF8&qid=1305602978&sr=8-7
http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_10?ie=UTF8&qid=1305602978&sr=8-10
http://www.amazon.com/Sockets-Shellcode-Porting-Coding-Professionals/dp/1597490059/ref=sr_1_12?ie=UTF8&qid=1305602978&sr=8-12
http://www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/ref=sr_1_1?ie=UTF8&qid=1305603032&sr=8-1
http://www.amazon.com/Guide-Kernel-Exploitation-Attacking-Core/dp/1597494860/ref=sr_1_3?ie=UTF8&qid=1305603032&sr=8-3
http://www.amazon.com/Writing-Security-Tools-Exploits-Foster/dp/1597499978/ref=sr_1_10?ie=UTF8&qid=1305603032&sr=8-10
http://www.amazon.com/Buffer-Overflow-Attacks-Exploit-Prevent/dp/1932266674/ref=sr_1_13?ie=UTF8&qid=1305603032&sr=8-13
http://www.amazon.com/Web-Application-Hackers-Handbook-Discovering/dp/0470170778/ref=pd_rhf_shvl_2
http://www.amazon.com/Windows%C2%AE-Internals-Including-Windows-Developer/dp/0735625301/ref=pd_rhf_shvl_4
http://www.amazon.com/Rootkits-Subverting-Windows-Greg-Hoglund/dp/0321294319/ref=pd_rhf_shvl_5
http://www.amazon.com/Penetration-Testers-Open-Source-Toolkit/dp/1597492132/ref=pd_rhf_shvl_12
I can do this all day, dude. :P


Or, since you mentioned physical attack techniques, how about these?
http://www.amazon.com/Balisong-Lethal-Filipino-Knife-Fighting/dp/0873643542/ref=sr_1_1?s=books&ie=UTF8&qid=1305603394&sr=1-1
http://www.amazon.com/Street-Lethal-Unarmed-Urban-Combat/dp/0873645170/ref=sr_1_2?s=books&ie=UTF8&qid=1305603394&sr=1-2
http://www.amazon.com/Your-Body-Ultimate-Lethal-Weapon/dp/0873644387/ref=sr_1_3?s=books&ie=UTF8&qid=1305603394&sr=1-3
http://www.amazon.com/Krav-Maga-Essential-Method---Self-Defense/dp/0312331770/ref=sr_1_3?s=books&ie=UTF8&qid=1305603793&sr=1-3
http://www.amazon.com/Taekwondo-Master-Sung-Chul-Whang/dp/0767902149/ref=sr_1_1?s=books&ie=UTF8&qid=1305603891&sr=1-1
http://www.amazon.com/Karate-Complete-Kata-Hirokazu-Kanazawa/dp/4770030908/ref=sr_1_3?s=books&ie=UTF8&qid=1305603899&sr=1-3
Or, hell, this.
http://www.amazon.com/Atlas-Human-Anatomy-Student-Consult/dp/1416059512/ref=sr_1_1?s=books&ie=UTF8&qid=1305603475&sr=1-1
What about the millions of martial arts dojos around the world? Did you think none of them taught any information or techniques that could be lethal?

The simple truth of the matter is that this kind of information is not hard to come by and is published all the time by very reputable individuals and companies. Censorship of information in the US is a very serious matter and it takes a lot to get any information banned from the public knowledge.


Sony tried to get the exploitation taken down through the threat of legal action. Geohot was a smart-ass punk and impolitely refused.
Let's be honest here...that information was never going away even if he had complied. As we always like to say, once you put something on the internet, it never goes away. :P ...besides, if I had been in his position I wouldn't have taken it down either, just on principle. People in general do not respond to dubious legal threats from giant corporations in ways that benefit those corporations....especially the type of people who tend to get into hardware hacking. :P

This is a prime example of why we need a "heated, not flaming debates" section.......

tldr

Personally, I really liked his rap song...

Bizarrely, in his rap, he makes a point. If it is such a security issue - why is he facing a civil suit, not a criminal one?

If it is such a security issue - why is he facing a civil suit, not a criminal one?

Because a) I doubt he broke any laws, but more importantly, b) in the US, criminal cases have to be proven "beyond the shadow of a doubt", whereas civil cases just have to have a "preponderance of evidence". Upshot of that is that it's a lot harder to successfully prosecute a criminal case than a civil case. Also, I might be wrong about this, but I don't think criminal cases can be brought by individual 'persons' (which, thanks to weird wording in some law or another, includes corporations).

Because a) I doubt he broke any laws, but more importantly, b) in the US, criminal cases have to be proven "beyond the shadow of a doubt", whereas civil cases just have to have a "preponderance of evidence". Upshot of that is that it's a lot harder to successfully prosecute a criminal case than a civil case. Also, I might be wrong about this, but I don't think criminal cases can be brought by individual 'persons' (which, thanks to weird wording in some law or another, includes corporations).

It was a rhetorical question :hurt:. What I'm saying is, if he's an accessory to someone committing a crime, that would make him a criminal. That isn't the case here. As such, what we're probably looking at is a tort case: Sony needs to prove damages to make a monetary claim; else all they could request is an injunction. Due to the closed nature of the settlement, we'll never know...

The different levels of evidence are the same under UK law. Under rare circumstances in the UK, criminal cases can be brought by private individuals, but large companies who are aggrieved will push for a criminal case to be made - often successfully, because they have a lot of money invested in lawyers who can make the right noise

look...PSN being down has little to **** all to do with geohot.. period...GEOHOT was never actually bothered in regards to this hack.. NOR... did he create an avenue for which it to hapen
mdust... ur lookin at this as a morality conflict it seems... for the greater good perhaps.. (speculation)
geohot exposed sony's lazy piss poor security... someone else noted this... and made use of it... nowhere in this hack was a PS3 involved...

i WILL jailbreak my phone.. for tweaks not piracy.. i WILL jtag my 360 for homebrew and such... and u bet ur ass if i get my hands on my own PS3 the first thing i will be doing to it will be jailbreaking it aswell..

this man is a pioneer... u may not agree with it now.... but we r moving into to a whole new age of this world... ppl will be beggin for ppl like him to free us from the world of the corporations and the bureaucrat

hackers have saved us from DRM.... and many many others things these gluttonous companies have thrown our way just to limit our enjoyment to their terms...

nobody here would have the balls to **** on martin luther king JR....
so does geohot need some sorta parade to get proper recognition?

Just a little food for thought.. but you do realize that without these "gluttonous" corporations, their investors, and their business models you wouldn't have a phone to jailbreak, a 360 to jtag, or the ability to get a PS3 to jailbreak?

As for a parade for geohot.. I have a hard time putting him in the same arena as MLK Jr. I don't see jailbreaking a device even remotely as a "human right".

they create a product and expect us not to alter them in any way? i am quite happy they make them for us... but to let them control what we do with the items we have bought?
not cool.. and perhaps i exaggerated... but geohot is still a person who is standing up for our rights as consumers to use our products to their fullest...


i will bet if they spent the money they do on the security to lock us out on actual upgrades and tweaks... we wouldnt need to jailbreak our devices :P

I completely forgot about this discussion. I honestly can't believe how far this has gone. Oh well...:whistler:


How any analogy in relation to doors to someone else's property makes sense to giving people access to electronics they already own is beyond me!

System level access? I'm really not seeing this...
The geohot hack didn't just give access to hidden bits of their purchased and owned console, it gave them access to hidden bits of the PSN and allows custom firmware and software to run both on the console and on the network. I would assume Sony has this patched by now, but if not, it's created a major weak point that destabilizes the product for ALL users. Also, PS3 owners own the hardware...but not the firmware or PSN...Sony owns the network, thus, hacking it is analogous to breaking and entering.


And the bill of rights? The first amendment? The second? The third......?

"To break into that house, smash the door glass, reach in, turn the lock" - This instruction is not illegal. It's not even questionably legal. It's completely legal.

Giving thost instructions to a man in a hoodie outside a house at 3am is quite probably a crime. It's all about the context, much like exactly where I'm carrying my crowbar, knife or whatever.

The first amendment...the second and third are completely irrelevant. The following are not covered by the first amendment: defamation, causing panic, fighting words, incitement to crime, sedition, and obscenity.

...the Supreme Court held that “advocacy of the use of
force or of law violation” is protected unless “such advocacy is directed to inciting or producing imminent lawless action and is likely to incite or produce such action.
http://www.fas.org/sgp/crs/misc/95-815.pdf
That helps make x88x's case with all the links he posted above. However, it WAS likely to produce imminent, lawless actions such as piracy (geohot admitted this himself before Sony forced him to take down his site)...which it did as a side effect. So geohots publication of his hack would not be recognized as protected free speech/press by the supreme court.


There is absolutely NO chain of causation here. This is what should be classified under law as an 'intervening act' - he did not hack the PSN and is no way responsible.
The chain of causation is not broken due to geohot foreseeing the piracy and malicious use. In a link that LiTHiUM0XiD3 posted elsewhere, and that I was suspected of not reading, geohot admitted that he knew there would be piracy and that 'bad things could happen as a result of the hack'. I can't find the link (as if it mattered since it's been taken down) but here (http://geohot.com/)is where it used to be.


Court cases deal with unresolvable disputes. This clearly wasn't one.
I guess not...Sony vs George Hotz was a civil case anyway...not criminal.



First off, I have yet to see any line of causation demonstrated between Hotz's hack and the PSN downtime. To my understanding, the PSN attack was (as I stated a couple pages back) the result of an attack on an internal Sony database server that was accessed after attackers gained access to Sony's internal network through a poorly maintained webserver.

It appears to be only one of the many rumors as Sony has confirmed no other reason for the downtime than an 'external intrusion'. Though I can't believe a piracy issue would take a month to fix like I can't believe it takes a month to update and secure an outdated Apache server. Something more malicious than piracy and stolen data must have happened.


Second, the main thing that Sony was taking issue with was Hotz publishing his findings. The only tools that he released were specifically designed to hack standalone devices to run alternate firmware that allowed a different OS to be run on the device. As far as I can tell, that fits firmly within the realm of "Hack your standalone device all you want."
My response:

After last week's cracking of the PS3's master key, it was only a matter of time before the first full pirated game booted up on PS3. And... it has. Castlevania: Lords of Shadow has been shown running off a hard drive, with the PS3 convinced it's a PSN game. GeoHot, the hacker responsible for publishing the key online, may well be 'totally against piracy', but the pirates in question are gleefully touting 'GeoHot's custom firmware' as their springboard. D'oh.
http://www.gamesradar.com/ps3/playstation-3/news/ps3-piracy-it-begins-first-hacked-game-shown-running-on-unmodded-ps3/a-2011011012032459003/g-20060314115917309058

Custom firmware allows for unsigned software to be run as well as modded games, etc. This means the PS3 multiplayer experience will be a lot more like the 360: rampant hacking and cheating.


I can do this all day, dude.

It appears you can.


What about the millions of martial arts dojos around the world? Did you think none of them taught any information or techniques that could be lethal?

The simple truth of the matter is that this kind of information is not hard to come by and is published all the time by very reputable individuals and companies. Censorship of information in the US is a very serious matter and it takes a lot to get any information banned from the public knowledge.

I was confused and wrong again...which happens a lot.:whistler: That information is legal unless it's shown that the content is likely to incite or promote lawless action. See above about first amendment.


Let's be honest here...that information was never going away even if he had complied. As we always like to say, once you put something on the internet, it never goes away. ...besides, if I had been in his position I wouldn't have taken it down either, just on principle. People in general do not respond to dubious legal threats from giant corporations in ways that benefit those corporations....especially the type of people who tend to get into hardware hacking.

I have no doubt that the information was mirrored minutes after it was posted, if not before...which is all the more reason he could have taken it down as requested to avoid this whole mess. I'm pretty sure he wanted this all to happen and would not be surprised to find out he's busy exploiting his fame.


look...PSN being down has little to **** all to do with geohot.. period...GEOHOT was never actually bothered in regards to this hack.. NOR... did he create an avenue for which it to hapen
mdust... ur lookin at this as a morality conflict it seems... for the greater good perhaps.. (speculation)
geohot exposed sony's lazy piss poor security... someone else noted this... and made use of it... nowhere in this hack was a PS3 involved...
Since only Sony and the hacker(s) responsible know precisely what was meant by 'external intrusion' it's kind of hard to say who is and is not responsible. If Sony is referring to the custom firmware allowing devkit access, then yes, geohot is partially to blame. If the outdated Apache server (which was not part of the PSN) is to blame for the PSN downtime, then geohot may or may not still be to blame. If something else was also hacked and damaged, we still can't say...neither you or I know for sure. Since I hate the guy and you worship him, let's both disqualify ourselves from jury duty, huh?


i WILL jailbreak my phone.. for tweaks not piracy.. i WILL jtag my 360 for homebrew and such... and u bet ur ass if i get my hands on my own PS3 the first thing i will be doing to it will be jailbreaking it aswell..
Go for it! Just don't contribute to the network hacks, piracy, cheating, etc. I don't care what anyone does to their property as long as they aren't doing stupid, greedy, short-sighted, immature things that negatively affect other people that paid the same amount of money as you to use their product in peace.


this man is a pioneer... u may not agree with it now.... but we r moving into to a whole new age of this world... ppl will be beggin for ppl like him to free us from the world of the corporations and the bureaucrat

hackers have saved us from DRM.... and many many others things these gluttonous companies have thrown our way just to limit our enjoyment to their terms...

nobody here would have the balls to **** on martin luther king JR....
so does geohot need some sorta parade to get proper recognition?
uhhh....

but geohot is still a person who is standing up for our rights as consumers to use our products to their fullest...
Your fearless leader settled out of court and agreed to never even look at another Sony product as long as he lives... He didn't stand up for much at all except maybe to exploit circumstances on the public dime to obtain celebrity status. Sounds kind of shady.


Just a little food for thought.. but you do realize that without these "gluttonous" corporations, their investors, and their business models you wouldn't have a phone to jailbreak, a 360 to jtag, or the ability to get a PS3 to jailbreak? I'm not sure how people support these companies with their hard earned dollars but hate them so much. It's a major hypocrisy rampant throughout the world. Anarchy is trendy I guess.

EDiT: Damn, I just TL;DR'd myself. Is there a longest post in TBCS history award?

Sigquote yourself (with all other quotes, and you will ALWAYS win :P

I completely forgot about this discussion. I honestly can't believe how far this has gone. Oh well...:whistler:

The geohot hack didn't just give access to hidden bits of their purchased and owned console, it gave them access to hidden bits of the PSN and allows custom firmware and software to run both on the console and on the network. I would assume Sony has this patched by now, but if not, it's created a major weak point that destabilizes the product for ALL users. Also, PS3 owners own the hardware...but not the firmware or PSN...Sony owns the network, thus, hacking it is analogous to breaking and entering.

Yes, to people who access it. He wasn't doing that, just giving information relevant to how


The first amendment...the second and third are completely irrelevant. The following are not covered by the first amendment: defamation, causing panic, fighting words, incitement to crime, sedition, and obscenity.

You missed my point. Much of your constitution is based around individual rights, something you denied. And what he did isn't ANY of those things you have listed - though I agree that list presents and interesting discussion in itself about what 'free speech' actually is.


That helps make x88x's case with all the links he posted above. However, it WAS likely to produce imminent, lawless actions such as piracy (geohot admitted this himself before Sony forced him to take down his site)...which it did as a side effect. So geohots publication of his hack would not be recognized as protected free speech/press by the supreme court.

I think this is all a massive stretch.


The chain of causation is not broken due to geohot foreseeing the piracy and malicious use. In a link that LiTHiUM0XiD3 posted elsewhere, and that I was suspected of not reading, geohot admitted that he knew there would be piracy and that 'bad things could happen as a result of the hack'. I can't find the link (as if it mattered since it's been taken down) but here (http://geohot.com/)is where it used to be.
Sorry, this indicates a poor understanding of causation under law. For an unlawful act to take place, someone needs to hack into the network. This act of hacking is a clear-cut intervening act, and moreover something Geohot never claimed to do, have done, or support.

In conclusion, in my opinion, Sony could take him to court and request a legal injunction on the publication of this material until they were able to patch the network. In addition, this request could ONLY extend to PSN-related issues.

I don't believe they should be able to request damages, since his actions were not unlawful. This should have been Geohot's response in the first place.

Like x88x's exhaustive list, I can buy countless books on bomb-making, lock-picking, poisoning, hacking, hacking individual operating systems... I don't see this as any different - many locks have proprietary designs.

I can sell crowbars with impunity, KNOWING that some will be used illegally. Same with guns (in the US). Lingenfelter will sell and fit a supercharger kit to your corvette, knowing it can hit 200mph and you don't have a racing permit. In each case; breaking and entering, using the crowbar; shooting someone, with my gun; speeding, in my Corvette - there is an intervening act. My actions. I believe in regulation to restrict people buying things like guns, bomb-making materials, even selling knives to children, but doing something that might potentially open the door for illegal action isn't illegal - moreover, without a chain of causation or a high level of knowledge, it's unlikely to even be unlawful.

I think it's Sony's legal right to protect their network, but not their consoles - consoles YOU own. What does this boil down to? As with all things PS3, Blu-ray. The PS3 was sold at a loss to get blu-ray drives into peoples' homes, and doing so they won the format war. However, this leaves Sony with a huge headache. How do they stem the tide on a product losing them billions?

With licensed products. Games, Blu-rays, accessories. If they lose that, they're screwed.

I don't like any product ecosystem economically reliant on you having to buy extra stuff to pay back the manufacturer. I don't own an iphone or a games console. I've never owned a Polaroid camera. I own something and want to use it however I want. Stop it accessing your network? Fine by me!

However, it WAS likely to produce imminent, lawless actions such as piracy (geohot admitted this himself before Sony forced him to take down his site)...which it did as a side effect. So geohots publication of his hack would not be recognized as protected free speech/press by the supreme court.

[..]

The chain of causation is not broken due to geohot foreseeing the piracy and malicious use. In a link that LiTHiUM0XiD3 posted elsewhere, and that I was suspected of not reading, geohot admitted that he knew there would be piracy and that 'bad things could happen as a result of the hack'.
Like dr.walrus said, I think you're misinterpreting what constitutes legal causation. By that logic, Bram Cohen (inventor of the BitTorrent protocol, for those who don't know; linky (http://en.wikipedia.org/wiki/Bram_Cohen)) should be prosecuted for every piracy case where files were transferred using torrents.


Go for it! Just don't contribute to the network hacks, piracy, cheating, etc. I don't care what anyone does to their property as long as they aren't doing stupid, greedy, short-sighted, immature things that negatively affect other people that paid the same amount of money as you to use their product in peace.
You keep saying this, but in the case of the PS3 the two are mutually inclusive. Because they chose to use the same authentication key for everything, hacking an individual console involves the exact same information (ie, that key) as hacking the network.


I'm not sure how people support these companies with their hard earned dollars but hate them so much. It's a major hypocrisy rampant throughout the world. Anarchy is trendy I guess.
I can't speak for anyone else, but I'm pretty sure I've never purchased anything made by Sony. ;)

I can't speak for anyone else, but I'm pretty sure I've never purchased anything made by Sony. ;)

I have also never been employed by Sony or their subsiduaries.

Like dr.walrus said, I think you're misinterpreting what constitutes legal causation. By that logic, Bram Cohen (inventor of the BitTorrent protocol, for those who don't know; linky (http://en.wikipedia.org/wiki/Bram_Cohen)) should be prosecuted for every piracy case where files were transferred using torrents.
I'm not a lawyer and have no law background so it's entirely likely. I've read about Bram Cohen and bit torrent previously and I see your points.


You keep saying this, but in the case of the PS3 the two are mutually inclusive. Because they chose to use the same authentication key for everything, hacking an individual console involves the exact same information (ie, that key) as hacking the network.
Then Sony needs to announce that unlocked consoles with custom firmware will be banned permanently from the PSN and after an appropriate time enforce that rule. The hacked consoles must be quarantined to guarantee stability and fairness while preventing piracy and malicious use.


I can't speak for anyone else, but I'm pretty sure I've never purchased anything made by Sony. ;)
I have a pair of Sony studio monitors somewhere and owned a PS2 for a while. I currently have no plans to buy any Sony products but if they had a great product that I wanted, I'd certainly purchase it.

I have also never been employed by Sony or their subsiduaries. :think:

:think:

We all gotta eat! The other half of my wage bill was paid by Ericsson, if you can put 2 + 2 together...

Then Sony needs to announce that unlocked consoles with custom firmware will be banned permanently from the PSN and after an appropriate time enforce that rule. The hacked consoles must be quarantined to guarantee stability and fairness while preventing piracy and malicious use.
I completely agree. That's basically what Microsoft does with hacked 360's. Though, I think a dynamic system would be better. IE, instead of banning the MAC from the network forever like Microsoft does, have the PSN login process do a checksum on the kernel or something, and if it detects any changes, don't allow a login. This would allow people to, say, dual-boot their PS3 (or whatever you would call the equivalent with two different firmwares) and get the best of both worlds or re-image their PS3 to a stock firmware and sell it.

I completely agree. That's basically what Microsoft does with hacked 360's.

Thirded - omg really do we all agree to something?

What I really feel is that Sony (or other similar parties) could potentially be granted a temporary injunction on the publishing of such findings related ONLY to the online portion of such hacks - but I don't feel that any financial damages should be on the cards, and that's a point of law, not fact.

Can we all agree on that too? :whistler:

Thirded - omg really do we all agree to something?
Haha, I was a bit surprised as well. There is common ground at the core. :D


What I really feel is that Sony (or other similar parties) could potentially be granted a temporary injunction on the publishing of such findings related ONLY to the online portion of such hacks - but I don't feel that any financial damages should be on the cards, and that's a point of law, not fact.

Can we all agree on that too? :whistler:
What I think would have been a good course of action would be something similar to what is sort of the generally accepted 'code of conduct' among information security professionals for dealing with major breaches in a company's security (in this case, the PSN authentication to keep out cheaters/pirates/etc). You contact the company, tell them what you found, point out the security implications, and (ideally) select a mutually agreed upon time period to allow the company to fix the problem before releasing the information to the public. I say ideally because not infrequently the company will either ignore the notice and the researcher(s) just releases the information on whatever date they said in their initial contact, or the company tries to get an injunction against the researcher(s) ever releasing the information...something that to my knowledge has never actually been held up in court. A prime example of this was when the MBTA tried to put a gag order on some MIT students who had broken their fare card system. The students contacted the MBTA, told them what they had found, and when they would be releasing it (both as an academic paper and as a presentation at the Defcon security conference). The MBTA responded by trying to get a gag order on the students that would keep them from ever publishing what they had found. Fortunately, the case was thrown out in the Boston Federal District Court (http://www.wired.com/threatlevel/2008/08/federal-judge-t/). :D

...this is of course assuming that the online portions could be separated from the offline portions...which it damn well better be now...you listening Sony?...bah, who am I kidding, they probably just changed the key and are still using the same one for everything :facepalm: ...though that major a change would justify the month-long downtime...maybe they did actually fix it right...I'm not too hopeful, but maybe. :P