Microsoft Aims for Hack-Proof 360

jondaw writes "The BBC is reporting that "Microsoft plans to make its next generation games console, the Xbox 360, as difficult as possible to hack...There are going to be levels of security in this box that the hacker community has never seen before...I'm sure sooner or later someone will work out how to circumvent security. But the way we have done the design doesn't mean that it will work on somebody else's machine.""

Re:Amount of work in design

[Red+Flayer]

Not claimed to be hackproof in TFA: "'I'm sure sooner or later someone will work out how to circumvent security. But the way we have done the design doesn't mean that it will work on somebody else's machine'[said Chris Satchell]"

So, they say that a hack may work on one machine, but not another? Article implies that this additional security is added through hardware design. What are they doing, putting a combination lock on the circuitry?

No matter what the new security is, I'm sure it'll me that much more rewarding for the person who first publishes the workaround.

MS has to be careful that the console isn't too easily modifiable, or else they'll get slapped with a lawsuit for enabling people to pirate copyrighted works...

Microsoft needs a history lesson

[DaFork]

Remember the Oracle 9i "Unbreakable" campaign?

A few months after Oracle 9i was released the hacker community has a dozen or so exploits.

Re:I think people underestimate the challenge

[kisrael]

You make a decent point.

It wasn't as tempting a target for hackers I guess, but Atari put some checksum encryption in the Atari 7800 that, in effect, stymied 3rd party/homebrew cart makers for YEARS. I think they finally got a handle on it, but still. Smart people are making the security, and while they have tremendous obstacles, they might not always bat .000 like people assume.

A more recent example...all those people who like homebrews so they have to be petrified of getting their PSP updated to > 1.5 whatever...

Re:I think people underestimate the challenge

[swillden]

DeCSS does not rely on extracting a key - it's an algorithmic attack on CSS itself.

Actually, to be precise, DeCSS is just a reverse-engineered implementation of the decryption algorithm, and must be provided with the correct key. libdvdcss, the open source library widely used to decrypt DVDs, includes not only another (improved) implementation of the decryption algorithm, but also an algorithm that performs a very efficient ciphertext-only attack on a CSS-encrypted DVD title.

DVDJon's original DVD work involved reverse engineering the encryption and decryption algorithms, and extracting a player key from the Zing software DVD player (the player key is used by "legitimate" players to recover the disk key, which is used to recover the title keys, which are used to decrypt the data). Only later was CSS cryptanalyzed and found to be so weak that it's actually more convenient to simply break the title encryption directly rather than ship a player key with libdvdcss.