Slashdot Mirror
X-Box Hackers Trying to Blackmail Microsoft?
wumarkus420 writes "According to this article from CNet News, an anonymous X-Box security research team is threatening Microsoft: either release a digitally-signed official Linux bootloader or face the release of a new exploit that supposedly works without a modchip. While I doubt Microsoft 'negotiates with terrorists,' this should still turn out to be a good I-told-you-so if the exploit is verified." Sounds like a good way to end up in jail.
"Reveal your trade secrets Gates, or we will set in motion a chain of events that will conclude with our incarcaration in a vile butt-slamming federal prison! We're warning you!"
They hate the competition.
These morons are just going to make the case for tougher enforcement and DRM.
It's not a war we want - because (and not to be trite) everyone will lose. Throw these criminals in jail and get on with it.
You know, c|net did a pretty good job of covering the story without the scare-mongering, sensationalistic crap that this poster did. People could read the article and draw their own conclusions, rather than shepherding the flock to the appropriate anti-X rhetoric opinion.
[
THis is, plain and simple, a bluff. If they had a way to do it, they'd release it; why wouldn't they? Who needs an official bootloader if you can boot Linux without a modchip?
It's a bluff to bully MS into allowing Linux on the Xbox. And it isn't going to work.
Does this legally qualify as blackmail? I can't think of any other laws that would apply here.
Umm, there's already an exploit that needs no mod (the 007 gamesave thingy).
.05% of people who buy xboxes to modify them for linux.
So big freakin deal? These guys sound like idiots.
Whatever they know will be found out by others anyways. I seriously doubt MS cares about the
Hell for every guy who buys an xbox only for linux, theres a hundred like me who'll buy a dozen games or so.
It's funny how much power nerds think they have. They have about as much pull as pee wee herman.
I don't need no instructions to know how to rock!!!!
I remember trying this back in the days of Windows 95. I said, "Microsoft, you either release Windows 95 for free, or I will give away a secret code, 111-1111111, which will render your 'key-code' security invalid and allow everyone to pirate your OS."
They didn't listen, so I released it.
Who do they think they are, Cobra?
I mean, gee... This sounds like some corny Saturday morning cartoon plot...
"reveal your secret or face my wrath!"
Now all we need is for them to declare that they have an army of fanatical zealots devoted to the cause of bringing their plan to frutation, i.e., Linux on the X-box...
oh, wait...
hmm...
This is my sig. Its pathetic.
yeah really professional guys,thanks for that
what happens when IT/CTO managers read antics like this ?, you think it furthers Linux adoption or sets it back ?, i know we would look rather stupid if this article came up at one of our board meetings,
G
Take gun, aim at foot, pull trigger. Repeat until death.
Are they going to start forming gangs? Are they going to walk into a local shop and threaten to fdisk their customer data unless they get their protection money?
Of course, Microsoft can fix the problem in upcoming Xboxes, which will happen if they do release the exploit.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Trying to twist Microsoft's arm into releasing an official Linux bootloader is definitely the wrong way to go. If people were able to convince MS that there was actually a market for that sort of thing then they might do it themselves, but that's doubtful. Nevertheless, trying to blackmail MS into doing it will only increase the already massive resentment MS suits feel towards the open source movement.
And quite frankly it doesn't make the Linux crown look very nice. Not that MS has very moral business practices; but there's no need to lower ourselves to their level.
This is left as an exercise for the reader.
Sounds like a good way to end up in jail.
True. However, if the story is true, then the blackmailers are quite technologically savvy. If they also have the willpower (e.g. not bragging about it), it could be next to impossible to trace.
And if I were rich, I wouldn't have to rob a bank.
So does the fact that I'm not rich justify my robbing a bank?
"Ask not what your country can do for you." --John F. Kennedy
Better question: why does anyone care??
You want to run Linux on a $200 device? Buy an e-Machine and shut the fuck up. Linux on the Xbox serves no purpose except for "huh huh, Linux on a Microsoft machine, huh huh huhuhuhuh, I'm a super l33t geex0r!"
Stuff like this is an embarrassment. I hope they get slapped silly with lawsuits.
There was even a /. story about it:
here
Big threat...the info is already out there.
"I demand MS give me a copy of WinXP signed by BILL GATES HIMSELF or I will REVEAL THAT THE SECRET DOS COMMAND TO LIST ALL FILES!"
-Ben
This is all an elaborate ploy by Microsoft to get everyone to buy an Xbox. They want you to believe that either A) Linux bootloader will be released, or B) 37337 exploit will be released. Don't fall for it!
Now, if you'll excuse me, I've got to fashion a tinfoil helmet to block the RFID chip the dentist put in my molar.
[PowerPoint] is a tool for capitalist presentation
Even if M$ , why would anyone believe whoever has this exploit wouldn't leak it anyway?
IF this exploit exists at all, it will either be leaked or duplicated by someone else.
1) Your analysis is based on bad assumptions so your result is way off. 2) You're a sick bastard for fucking a horse.
ENOUGH with the "MS loses money for every Xbox sold". So, if we the /. readers are to read you comment, then MS doesn't want to sell Xboxes? Ludicrous.
MS sells Xboxes at a loss so they can gain an upper hand over the rest of the Videogame market. They have much larger profit margins than the rest (Sony, Nintendo), so they can lower prices to such a level where the rest can't compete. Then they don't need to worry about lowering prices because they'll have beaten out the other consoles.
AND, for every Xbox bought MS loses less money. There fore they want more sold, not fewer.
The "Buy an Xbox and MS loses money" argument is stupid stupid stupid. MS wants you to buy and Xbox. They lose more money for every Xbox on the shelves than every one brought home.
Excuse me Sir. We have traditions straddling two millinea AND two centuries here.
Are you proposing that we stomp on the most sacred?
Eve Fairbanks says I drive a hybrid!LOL
Finally some good press for Linux!
http://use.perl.org
up, up, down, down, left, right, left, right, B, A, B, A, select, start! ;)
Snoozer.
C. After Microsoft refuses, and they release their exploits, and Microsoft inevitably accuses them of piracy, they can retort that they tried other avenues to run linux and were rebuffed and so this was their only option to enable a legitimate use of the XBox.
RTFA, please. The "hackers" would prefer a legally signed bootloader, since it would not have the side effect of allowing pirated games to run on the Xbox. That's why they aren't releasing their mods right away - they're giving M$ the chance to do the right thing. And actually, you can already boot linux without a modchip; see here for details.
no offense to you but.. ;)
only on slashdot would a post suggesting to actually read the article get a +5 insightful
oh snap, he called out your metaphor.
They're trying to force Microsoft to release a piece of software that turns the Xbox into a cheap PC that Microsoft sells at a significant loss. I'm sorry, but I don't see that as especially likely. The modification they propose still requires you to solder the mainboard of the Xbox, and to flash the BIOS. That's only moderately cheaper and easier than installing a modchiop, and a lot more prohibitive than popping a disc into the drive. Let's not also forget that flashing your BIOS in that fashion effectively bars you from playing Xbox Live, since it automatically scans the BIOS on load. Many mod chips, on the other hand, can be switched on and off making them a much more reasonable solution for many pirates.
Quite simply, Microsoft has not motivation to comply. How does the "research group" expect to keep their method from leaking? It will leak regardless. So Microsoft either makes an official linux bootloader for Xbox or not... Hmm.... tough choice.
I used to bulls-eye womp-rats in my pants
If you had *read* the article, you'd realize that if MS releases an official bootloader, this will *avoid* piracy. The group says they will release the exploit if MS refuses, and the exploit, which allows Linux to boot, ALSO allows for piracy, while an official boot loader wouldn't.
RTFA.
-- Having a Creationist Museum is like having an Atheist place of worship
Another PR victory for the Linux community.
Almost.
You're forgetting the obvious.
Each XBOX is a loss to Microsoft. Supply channels mean there aren't a lot of em on store shelves anyway.
Microsoft's greatest fear? A situation where someone buys an XBOX, and *no* games. Ever.
Let's pull a number out of my ass and say the MS needs someone to buy 2 games to "break even" on an XBOX sale. If you buy an XBOX, Mod it, run Linux and/or pirated games exclusively on it, then all you've done is cost them money. They've lost money on you.
If modding the XBOX becomes trivial, the chance that less games will be bought, and that the magic number of required games will *not* be exceeded for them to be profitable grows. THAT is the issue.
It's not "Microsoft doesn't want you to buy an XBOX", its "Microsoft doesn't want you to buy an XBOX and *nothing else*".
I would put these kids in jail first. I would push for terrorist charges. I would try to get one of those sentences where they are not allowed within 15 feet of a computer for like 15 years.
Then (just to piss them off) I would release Linux for the xBox just as they asked.
The icing on my cake? I would charge like $100 for it.
Alas, Bill isn't that entertaining.
He probably has better things to do with his life then screw with these two morons.
*Sigh*
Why is it that the first response of just about everyone is "who cares"? Are there really that few of you who just do things because they are challenging?
There are a fairly wide variety of reasons to want to do this. The single most interesting reason for me is the ability to play *any* media using this single console. DVDs, VCDs, CDs, Streamed content, networked files, internet radio, flash, movie trailers...Anything I can play using a standard PC, *plus* i already have it connected into my system to play "Halo", "Brute Force", "Outlaw Golf", and a whole host of other games. Also, I can play all my old favorites, using various emulators...pacman, galaga, rastan, etc, etc...
All of this in a console that I already own. Why the hell would I *not* want to do this? Particularly if all it takes is a one time investment of 10 minutes getting the $10 memory card setup. Crist, it's not even a *stretch* for me to make the choice.
You know what's even better? I worked on the filesystem code for the xbox-linux project early on, before the prizes were offered. I *still* got $4500 for that work. That paid for my time and all the consoles I'll want to buy for the next 10 years. Never has a paycheck been so gratifying.
So tell me how foolish I am, berate my hobby as pointless or shortsighted. Then you go buy an xbox *and* a pc, that's fine. I'll just sit back and laugh at you.
Actually, since they're asking for a signed bootloader, that would suggest that the X-Box uses cryptographic signatures to verify binaries. The whole point of that is that, while the bootloader binary itself could be copied and distributed freely, any modifications would immediately cause rejection, as the new binary wouldn't match its signature. For a modified bootloader, you'd need something like the exploit they're threatening to release, in order to circumvent the normal security checks.
SYDNEY--Four teenage boys were found clinging to life today, after being thrown through 98 windows in a normally quiet suburban Sydney.
"We don't know for sure who did it, but this looks like the work of the MSDS--the Microsoft Defenestration Squad," said a Syndey Police Department spokesperson
The boys alledgedly had developed an easy way to circumvent the anti-piracy controls on Microsoft's game console, the X-Box. Reportedly, they tried to blackmail Microsoft with the information to try get a version of the Linux operating system to run on the X-Box. Microsoft never reponded to their blackmail.
The MSDS is wanted in 56 countries for a wide range of crimes. Everything from extortion stemming from unreasonable licensing agreements, to the now familiar chucking-folks-out-the-windows routine used to discourage competitors.
Sydney hospital officials say that the boys are making a good recovery and will be released by the end of the next week.
It works in the movies!
So if they do release a signed bootloader, does Microsoft get the $100,000?
That was my first thought, freenet that baby let all those 15 users know how to mod thier x-box.
Or, in translated form, "how dare MS released a closed system!"
On what grounds does Microsoft NOT have the right to release a closed piece of hardware?? Why should they HAVE to support all the geeks that want the hardware but do NOT want to buy the software that basically finances the hardware??
Answer: they don't. They have every right to release a closed system. People talk about all the goodies that come in that $200 box. Those goodies are paid for by the game software purchases that are supposed to follow.
If a not-insignificant amount of Xboxes sell without any of those game purchases following, the price point would be hard to maintain.
But of course, none of that matters, because "MS is bad", "bomb Redmond", and other similar bullshit.
Extortion of money or something else of value from a person by the threat of exposing a criminal act or discreditable information.
"I assumed blithely that there were no elves out there in the darkness"
I hear you saying, "That's lame. You can't use regulate people's behavior to that level." I certainly agree. And eventually the big IP hoarders will figure this out. But in the meantime -- well, I was never any good at tennis.
I'm somewhat impressed the author of the article got the skinny on the 007 trick, but he missed the real point.
For non-Xbox nerds, it works like this.
The XBox has internal flash for the BIOS.
To enable flashing, all just need to jumper one point (referred to as the D0 point) to ground.
The 007 trick is an buffer exploit that allows you to boot linux, once you've got linux running, assuming you jumpered D0, you can reflash your internal BIOS with a hacked version (which ignores keys). You'll never play Xbox Live, but you can now play pirate DVDs and copy games to your hard drive.
With only the buffer exploit, it's at least a challenge, but if MS was to release a signed Linux distro, the process would be trivial. Jumper D0, boot MS-Xlinux, FTP to Xbox, upload bios burner app, pow. Hacked Xbox.
It's *extreamly* unlikely MS would ever do this. These guys can release easier solutions for buffer overflow related methods, but nothing can have as much potential for evil as a signed linux distro.
Denmark was the first country to adopt the EUCD (DMCA++). Here's a good EUCD status page. It has the same broad anti-circumvention tool proscriptions as the DMCA.
The real problem is not with the security checks per say. It is the loss of money that Microsoft will face. If they release a signed bootloader you could write games for the X-BOX without paying a fee to Big Bill.
You could put linux,SDL, and the game of your your own creation on a CD or DVD and Sell it to the masses with out paying MS a penny.
So what if some people steal your game. We all know some peope will do that anyway. Of course a Linux+usb keyboard/mouse/printer running Linux/Open Office/Mozilla could be the first "net applance" that really takes off. I wounder how long it would take Lindows before they offered a CD+Keyboard/mouse setup.
Oh this could be soo bad for Microsoft. They will never do it.
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
wow, so all eight people who run linux on their xbox can put their soldering irons away. And still get blacklisted off XBox Live anyway.
Microsoft must be quivering with fear, really and truly.
I've finally had it: until slashdot gets article moderation, I am not coming back.
If they really have a mod-less hack to allow unsigned code to boot on the xbox the correct thing to do is release it.
There is no way MS will allow Linux or any other OS to boot on xbox as that effectively makes the system open and then MS wouldn't make any money selling certificates.
Besides, MS will now play the terrorist card and you _know_ how well that plays in Washington.
So two guys make a discovery. They immediatly contact the company to whom it concerns who simply ignores them. After repeatedly trying to contact them directly and getting no answer, they go through a different channel. They contact a news company and tell them what happened: they made a discovery that the company will want to keep hidden, and are offering to keep it a secret if the company takes the matter into its own hands. If the company refuses to even acknowledge them, they are just going to go ahead and not keep it a secret anymore. They are being "nice". They could've just posted the code/directions on the internet, instead they are making great efforts to reduce the stress on Microsoft.
What does slashdot do? HEADLINE: LINUXLOSERS TRY TO BLACKMAIL MICROSOFT. With the subtitle "Great way to end up in jail."
Great way to get people to read the story, but totally dishonest.
-- "Man is born free, and everywhere he is in chains." Jean Jacques Rousseau
1) Release a boot loader, lose money on X-box, promote linux.
2) Don't release boot loader, be in the public's eye about not even securing a gaming system, lose more money because of xbox sales and stolen games, don't promote linux as much.
The rock and the hardplace. That's exactly where Bill is. Kinda feel sorrry for him.
Stop the Slashdot effect! Don't read the articles!
Perhaps MS could make money by *selling* such a bootloader..... ;-)
I wonder how many seconds they have hesitated:
- Release the Linux signed bootlader, see people running legally any software on the Xbox, including but not only pirated games, see the stock fall 5% after the press release and the ZDNet comments "MS switches to Linux for the XBox".
OR
- Not release the bootlader, hope the blackmailer is not bluffing (30% chances), see the exploit in the wild, put the guy in jail for DMCA violation (1), blackmail (2), copyright infringement (3), violation of trade secrets (4) and terrorism (5), deny that the hack works (Wall Street won't never hear of it this way), see it goes mainstream, lawyer-bomb any Linux distribution with an XBox version, suppress the exploit from next XBoxes or make it fry the box (6).
Yes, I'm sure they don't sleep anymore...
(1) Don't care if the blackmailers are not American. It did not protect Johanssen from Norway.
(2) Some say this is not strictly speaking blackmail. I wouldn't argue that with the lawyers who convinced the DOJ that MS was not a monopoly. Reason, law and justice lights before Microsoft.
(3) Again, see Johanssen
(4) MS technology is so complex that a single hacker can't have found the exploits without the source code, can he ? SCO would agree.
(5) Because these XBoxes could be used to build Beowulf superclusters to build atomic weapons!!!! In addition, the "terrorist" won't see a lawyer before long, which make the case easier for MS and saves legal costs.
(6) This will be in the EULA, page 856. If you complain, the hotline threatens to call the police (90% of the people will use the loader to pirate games anyway) but will settle if you buy another XBox.
Christophe (Don't hesitate to point out my spelling and grammar mistakes, I want to learn - Thanks).