Slashdot Mirror

← Back to Stories (view on slashdot.org)

Xbox Hypervisor Security Protection Hacked

Posted by samzenpus on from the they're-in dept.

ACTRAiSER writes "A recent Post on Bugtraq claims the hack of the Xbox 360 Security Protection Hypervisor. It includes sample code as well." From Bugtraq "We have discovered a vulnerability in the Xbox 360 hypervisor that allows privilege escalation into hypervisor mode. Together with a method to inject data into non-privileged memory areas, this vulnerability allows an attacker with physical access to an Xbox 360 to run arbitrary code such as alternative operating systems with full privileges and full hardware access."

2 of 232 comments (clear)

  1. Re:That's Because... by Kalriath · · Score: 5, Informative

    Does MS force updates for things like this? Yes. As soon as your XB360 attempts to connect to Live (which even without you paying, it will do if you signed up for it) it will demand you update or it will disconnect you (which with Live-connected dashboard accounts signs you out of your local XB360 profile too)
    --
    For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
  2. Re:Attacker?? by karmatic · · Score: 5, Informative

    Quoth the parent: See my comment here.

    You might think you own it, but SUPRISE, you are licensing it.

    The fact you keep repeating the same wrong information doesn't make it any less wrong.

    Adobe made that same claim you are making. It didn't go over well in court. It didn't go over too well for Microsoft either (Microsoft Corp. v. DAK Indus). Novell tried that argument, and got shot down too (Novell, Inc. v. CPU Distrib., Inc., 2000 ).

    "...the Ninth Circuit held that the economic realities of the agreement indicated that it was a sale, not a license to use."

    "... Like Adobe, CPU argued that it purchased the software from an authorized source, and was entitled to resell it under the first sale doctrine. Novell claimed that it did not sell software but merely licensed it to distribution partners. The court held that these transactions constituted sales and not a license, and therefore that the first sale doctrine applied. 2000 U.S. Dist. Lexis 9975 at *18."

    "...The Court finds that the circumstances surrounding the transaction strongly suggests that the transaction is in fact a sale rather than a license. For example, the purchaser commonly obtains a single copy of the software, with documentation, for a single price, which the purchaser pays at the time of the transaction, and which constitutes the entire payment for the "license." The license runs for an indefinite term without provisions for renewal. In light of these indicia, many courts and commentators conclude that a "shrinkwrap license" transaction is a sale of goods rather than a license."

    "...Ownership of a copy should be determined based on the actual character, rather than the label, of the transaction by which the user obtained possession. Merely labeling a transaction as a lease or license does not control. If a transaction involves a single payment giving the buyer an unlimited period in which it has a right to possession, the transaction is a sale."

    "Raymond Nimmer, The Law of Computer Technology 1.18[1] p. 1-103 (1992). The Court agrees that a single payment for a perpetual transfer of possession is, in reality, a sale of personal proper and therefore transfers ownership of that property, the copy of the software. "

    So, at least in the US, a one-time payment for a perpetual use of software is a SALE, regardless of what you call it, and rightfully so. They can't change that with a EULA any more than a car dealership could claim you had a one-time lease payment, with a lifetime use period and the right to transfer the lease for free (thus avoiding legal regulations with regards to sale of vehicles). Any reasonable court would rule that such was a sale, not a lease. What you call it doesn't matter.