Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Concerns When Consoles Go Online?

Posted by michael on from the never-had-these-problems-with-atari dept.

VonGuard writes "I've written an article for Security Focus about the security concerns that having an Xbox or Playstation 2 on your network might raise. The article, entitled Welcome to the Jungle was an interesting experience to write. I really think that Sony will end up having some trouble from their stance on third party security design, while Microsoft might end up smelling like roses. Too bad MS shipped the Nimda virus with their Korean version of .Net Visual Studio."

8 of 211 comments (clear)

  1. Xbox Closed network? Here's one that is open: by redbeard_ak · · Score: 2, Interesting

    http://web.mit.edu/bunnie/www/proj/anatak/xboxmod. html

    There's an Xbox mod. How long before kiddies start buying mod kits that have holes (as if there aren't holes not yet found.) Another poster asked how often consoles will be online while not playing games... why couldn't a trojan take up bandwidth while a game was being played? And with broadband, they'll likely be left on. No, the internet is a dangerous place and you don't have to be named Gibson (www.grc.com) to be paranoid.

    --
    . This sig unintentionally left blank. I meant to put something here, but I'm busy.
  2. MS's "Disney Land" approach by Y-Crate · · Score: 5, Interesting

    Microsoft decided some time ago that the best way to create a good online gaming experience for a console is to maintain a console's three biggest advantages over PC gaming.

    No Cheating
    No Viruses
    And no Cheating

    Cheating in online games has reached such epidemic porportions on the PC that many have given up on it completely. Others just slug it out and learn to deal with it.

    Microsoft wants to offer 3rd party mods and the like to its customers. Since they get a cut of every game sold for the Xbox, it makes sense for them to freely distribute mods that increase the value of the games and the console. But they want to check to make sure the mods aren't buggy, virus infected peices of shit that are going to screw up a few million Xboxes.

    They want to take all the mods, pour over them, check them for cheats and viruses then let you d/l them. All the while monitor for cheats in use.

    If they can do it, more power to them.

    If not, the Xbox is in trouble.

    I give them 50/50 odds.

    I'm sure a lot of people are like "OMG, Microsoft, evil, evil evil! They can't do anything right!"

    Well, they are evil (so are Nintendo and Sony in their own ways) and they do screw up more than they succeed. But they do have divisions which score a win on a regular basis.

    The Macintosh Business Division was created when it became clear that teaching some Windows guys the Mac's APIs and sitting them down to port Word or something was a complete disaster. A small team of people who Knew What They Were Doing sat down and without interference from the rest of the company, were allowed to do their own thing.

    The result? The versions of Office, IE, Outlook and other Microsoft apps are lightyears ahead of their Windows counterparts. They pick up the latest APIs and exploit them before anyone else. Their products tend to be stable, well-thought out and actually useable.

    How has the community reacted? The MBU averages 1 Billion+ dollars in revenue every year.

    Could the X-Box division do the same thing? Yes

    Is it too early to tell? Yes

    Does it look promising? Yes

    They've already made a number of good decisions with the Xbox. Excluding the bizzarely unreliable store models, they are stable and reliable machines that can be left on for ages. The hard drive didn't bring patches for games, but only free expansion discs, personal game soundtracks and the end of memory card hell. The money I've saved in memory cards has nearly paid for games I own.

    The breakaway cables have saved me about half a dozen destroyed Xboxes.

    The DVD kit saved me when an out of warranty DVD player turned to crap.

    The Xbox has some issues, but it doesn't have the "too many hands in the pie" problem that Windows and the PC versions of IE, Outlook and Office do that lead to bloat, instability and security problems.

    They can make it work. It's their call wether they do or not

  3. Lack of software updates by naejulak · · Score: 2, Interesting

    Just about ALL games that combat online cheating have to do so through online updates. With these consoles still largely running off their read only media, attacks on them are likely to last longer than with their PC counterparts. I'll stick to my PC games, thank you very much.

  4. Military grade security... by Anonymous Coward · · Score: 2, Interesting

    You know, it almost seems that Micro$oft might be coining yet another totally ambigous term to be used by the all-knowing press when discribing 'computer things'.

    It reminds me of the wonderul unit of measurment we have come to know as the 'Library of Congress' that renders such wonderfully discriptive stories such as:

    HEADLINE - 1000000GB Ethernet spec being reviewed!
    Transfers 4324231124 LoC's per / second!

    Or maybe the use of number of songs an MP3 player can hold....(instead of MB of storage)

    Just makes me want to find out exactally what this 'military grade security'. Just remember, they didn't bother specifying which military. If their idea of militrary involves a bunch of monkeys, then it might not be so good...

    Yes, I know its off topic but I couldn't help myslef...

  5. Re:An interesting article by blowdart · · Score: 3, Interesting

    Except they already have.

    For example xbconnect (Gamespy have another one), and there's even a Linux version somewhere.

    Basically people have produced a tunneling application that fakes the local LAN facility for multiplayer games and pushes it over the net. Nothing nasty happening yet (well, expect getting my ass kicked in Halo by 9 year old kids, but that's depressing, not nasty)

  6. Microsoft is the worst at allowing cheating... by will_die · · Score: 2, Interesting

    lets take the track record for Asheron's Call, currently microsofts highest premium on-line game. If you are looking for an example of MMORPG where massive cheating and hacking is allowed this is it. While developed by an outside company, which created a great game, Microsoft controls the rules and Code of Conduct. Microsoft could careless about the cheating and does minimum amount of taking care of people who just play to cause problems for other people. Thing is thier is no reason to believe that microsoft will change with the X-Box network. Based on microsoft's current track record thier is no way I would purchase an x-box for on-line gaming and believe that microsoft will take care of the security, hacking, and just plain trouble making people.

  7. Relevance by _Sprocket_ · · Score: 4, Interesting



    Too bad MS shipped the Nimda virus with their Korean version of .Net Visual Studio


    Come on. This really looks childish. That's an irrelevant story. Just let the facts speak for themselves or you lose credibility.


    Yea. It looks childish. But that doesn't mean the event has no relevance here. Let's look at this a bit deeper.


    Data integrity is often one of the goals of an organization's infosec posture. This is more than simply ensuring the data is not improperly accessed and is available. It is also ensuring the data has not been altered without authorization.

    In this case, Microsoft's data being offered to its customer had its integrity violated. Malicious code made its way in to an external distribution; not obscure code but a well known virus. Now, Microsoft is not the only one to suffer the embarrassment of distributing a virus. But it does highlight a breakdown in Microsoft's internal infosec practices. And that comes at a very inopportune time for Microsoft.


    So the question would then be - how does this apply to the security of the XBox? Microsoft has a long history of troubles not only with security, but an almost arrogantly blatant disregard for security practices and concepts. This has eventually backfired on Microsoft and they have been faced with a growing PR issue. The answer to this situation has been Trusted Computing - a bottom-up change in Microsoft where everyone has been trained in infosec concepts and practices. If Trusted Computing pans out, Microsoft's security woes are behind them.


    The cynical in the infosec / IT industry have already noted that they've heard this song before. Microsoft's PR and Marketing departments constantly promise security - especially after incidents that focus on MS products. Furthermore, experienced infosec workers know that addressing infosec issues often requires a complete change in methodology and outlook. And this translates in to changing Corporate culture. Microsoft may be nimble, but this change may be too demanding for even Microsoft to accomplish.


    The relevance of Nimda appearing on a Microsoft software release is the question of whether this incident was a simple embarrassment or an indication of a continued lack of understanding for infosec issues within the Microsoft culture. And that certainly has a bearing on the question of Microsoft's concepts of information security and the XBox.

  8. Self marketing? by Anonymous Coward · · Score: 1, Interesting

    Although the article itself might not be bad, it is quite surprising that the author posts it himself on /. If all the /. readers were posting everything we publish on the web, the /. staff would be quite overwhelmed by the amount of self-advertising posts.

    But, of course, this does not question the interest of the article.