The Hacker Who Found the Secrets of the Next Xbox and PlayStation

← Back to Stories (view on slashdot.org)

The Hacker Who Found the Secrets of the Next Xbox and PlayStation

Posted by Soulskill on Sunday February 24, 2013 @06:36AM from the uncovering-final-console-generation dept.

An anonymous reader writes "Stephen Totilo at Kotaku has a long article detailing the exploits of an Australian hacker who calls himself SuperDaE. He managed to break into networks at Microsoft, Sony, and Epic Games, from which he retrieved information about the PS4 and next-gen Xbox 'Durango' (which turned out to be correct), and he even secured developer hardware for Durango itself. He uncovered security holes at Epic, but notified the company rather than exploiting them. He claims to have done the same with Microsoft. He hasn't done any damage or facilitated piracy with the access he's had, but simply breaching the security of those companies was enough to get the U.S. FBI to convince Australian authorities to raid his house and confiscate his belongings. In an age where many tech-related 'sources' are just empty claims, a lot of this guy's information has checked out. The article describes both SuperDaE's activities and a journalist's efforts to verify his claims."

118 of 214 comments (clear)

Min score:

Reason:

Sort:

Sort of interesting, but... by Frosty+Piss · 2013-02-24 06:36 · Score: 5, Insightful

In an age where many tech-related 'sources' are just empty claims, a lot of this guy's information has checked out.
And he still broke into other people's networks without permission. But I suppose that's OK here since the private info that he released was of interest to Slashdotters and was "accurate"? It was OK because the victims where Microsoft and Sony? Or, shall we see another case of the famous Slashdot Double Standard?

--
If you want news from today, you have to come back tomorrow.
1. Re:Sort of interesting, but... by Mitreya · 2013-02-24 06:44 · Score: 5, Interesting
  
  And he still broke into other people's networks without permission. But I suppose that's OK here since the private info that he released was of interest to Slashdotters and was "accurate"?
  It may be ok to a degree for the cases where he broke in and then notified the company of a breach (without doing any damage or requesting a payment)
  Companies should be required by law not to pursue anyone who notified them of security holes in good faith. Instead they choose to harass such people, scaring them off and making MY data less secure.
2. Re:Sort of interesting, but... by Frosty+Piss · 2013-02-24 06:53 · Score: 5, Insightful
  
  It may be ok to a degree for the cases where he broke in and then notified the company of a breach...
  Hi, I broke into your house and ran may fingers through your dainty underthings and fondled your tooth brush.
  Don't you think you should buy a better lock and maybe an alarm system?
  Don't bother thanking me, it's what I do...
  
  --
  If you want news from today, you have to come back tomorrow.
3. Re:Sort of interesting, but... by K.+S.+Kyosuke · 2013-02-24 07:02 · Score: 1
  
  And he still broke into other people's networks without permission.
  That's really scary. And that's just a rather neutral individual. Imagine what would happen if large institutions with agenda like FBI or CIA started doing the same thing! Oh, wait...
  
  --
  Ezekiel 23:20
4. Re:Sort of interesting, but... by daremonai · 2013-02-24 07:06 · Score: 4, Funny
  
  Hi, I broke into your house and ran [my] fingers through your dainty underthings
  Then you've been punished enough already.
5. Re:Sort of interesting, but... by Mashiki · 2013-02-24 07:07 · Score: 1
  
  If you broke into my house to stop someone from stealing my things and in turn ran your fingers through my dainty things while in the progress of stopping the commission of a crime, well we have something completely different right? In turn, someone who finds a security hole and not profiting, and disclosing privately that the issue exists should be lauded. Those that do disclose shouldn't be.
  
  --
  Om, nomnomnom...
6. Re:Sort of interesting, but... by Anonymous Coward · 2013-02-24 07:11 · Score: 1
  
  In an age where many tech-related 'sources' are just empty claims, a lot of this guy's information has checked out.
  And he still broke into other people's networks without permission. But I suppose that's OK here since the private info that he released was of interest to Slashdotters and was "accurate"? It was OK because the victims where Microsoft and Sony? Or, shall we see another case of the famous Slashdot Double Standard?
  Generally I'm in favour of being cautious about rewarding tossers who release malware on the net, hack and wreck systems, or in some other way wreak merry havoc and then expect fat job offers. They should not be rewarded but rather should be put in fuck-you-in-the-ass jail. But In this case I'd be wiling to compromise. If that guy really did no damage, and If I was MS, I'd compensate him for the damages done by the FBI and the Aussie cops, make him a job offer and put him to work in my security department doing destructive security testing. The CIA used to hire safe-breakers, burglars forgers and con artists to teach their agents trade-craft and probably still does so why not do something similar as long as you are not rewarding people for being complete assholes?
7. Re:Sort of interesting, but... by Mitreya · 2013-02-24 07:13 · Score: 1
  
  Hi, I broke into your house and ran may fingers through your dainty underthings and fondled your tooth brush.
  Don't you think you should buy a better lock and maybe an alarm system?
  While creepy (particularly the toothbrush fondling part :), it is still preferable to waiting for an even less scrupulous person to break into your house
  I see it more as "Hi, I was passing by the street and pushing on everyone's door (for fun, it is what I do). Your door had opened when I pushed it -- you may want to fix your lock".
  This may be a tad creepy, but these people are not the problem. The ones who would quietly use this information are the problem.
8. Re:Sort of interesting, but... by Frosty+Piss · 2013-02-24 07:16 · Score: 1
  
  Your scenario has little or nothing to do with the story. This guy broke into some networks and reviled business information to the public.
  
  --
  If you want news from today, you have to come back tomorrow.
9. Re:Sort of interesting, but... by cultiv8 · 2013-02-24 07:24 · Score: 1
  
  another case of the famous Slashdot Double Standard?
  Citation please. ;)
  
  --
  sysadmins and parents of newborns get the same amount of sleep.
10. Re:Sort of interesting, but... by Anonymous Coward · 2013-02-24 07:24 · Score: 2, Insightful
  
  If I'm in charge of millions of people's credit card information, THANKS! You're better than dealing with hackers who would rather take that credit card information, sell it on the black market and have to deal with legal charges for failure to properly secure financial information!
11. Re:Sort of interesting, but... by xstonedogx · 2013-02-24 07:28 · Score: 1, Insightful
  
  If you truly believe such behavior is merely "a tad creepy" and that it isn't a problem, seek professional help. I'm serious. What this guy did to these networks is way less of a problem than your disturbing analogy.
  The last time I saw someone "helpfully" checking doors in my neighborhood I called the cops. There is never a good reason to test the security of a stranger's house, or even a friend's house, unless they want you to do so. If you really care, write a damn pamphlet about home security and hand it out or mail it.
  Getting back to the network... You only have the word of someone unscrupulous that they didn't commit further unscrupulous activities.
12. Re:Sort of interesting, but... by Stan92057 · 2013-02-24 07:33 · Score: 1
  
  What agenda is that ? Oh wait the catch criminals its there job.
  
  --
  Jack of all trades,master of none
13. Re:Sort of interesting, but... by Runaway1956 · 2013-02-24 07:40 · Score: 4, Insightful
  
  Less secure than what, exactly?
  Let's use a real world analogy. I have my house locked up tight. My neighbor says that I have cruddy, worthless locks on my door. He proceeds to show me how easy it is to break into my own house. He suggests that I invest in the same type of locks that he uses.
  So, what should I do? Call the law, and have the neighbor locked up for showing me that my security is shit?
  Or, should I purchase and install the locks that he has shown me to be effective?
  In actuality, the neighbor has helped me to be MORE secure, not less secure.
  Derp, derp, derp.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
14. Re:Sort of interesting, but... by Runaway1956 · 2013-02-24 07:42 · Score: 2
  
  I also revile business information. Revilers Unite!
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
15. Re:Sort of interesting, but... by Luckyo · 2013-02-24 07:46 · Score: 5, Insightful
  
  Depends. Did he ask for your permission beforehand? If he did and you gave him OK, that's fine.
  If he didn't, he's committing a crime for obvious reasons. Else this would become a perfect excuse to burglars who didn't manage to steal YET. "But I was just showing the residents how weak their lock was!".
16. Re:Sort of interesting, but... by Cali+Thalen · 2013-02-24 07:47 · Score: 1
  
  I suspect that any network admins worth their pay would be able to tell 1) if the exploit / entry method the guy was talking about was true, and 2) what he did when he got in there. If not, they have bigger problems.
  I sympathize with the views here, on both sides. Yes, this guy did something wrong, and at least in some cases seems to have been genuinely grey (if not white) hat about it. But if a system as a flaw big enough, how do you want the company to find out about it, this guy or Anonymous/Lulzsec?
  Honestly, he's in a no-win situation, and he put himself there, so it's hard to feel too sorry. But I'd hope that there would be a way for people like this to constructively use their skills, since there seems to be no end of backdoors and holes that need to be fixed. Aside from companies understanding the situation, you're taking your freedom into your own hand when you poke around like this.
  
  --
  Chaos, panic, disorder...my work here is done.
17. Re:Sort of interesting, but... by Mitreya · 2013-02-24 07:50 · Score: 1
  
  The last time I saw someone "helpfully" checking doors in my neighborhood I called the cops. There is never a good reason to test the security of a stranger's house, or even a friend's house, unless they want you to do so.
  I am not saying that I would encourage such behavior. But once a problem is found, I'd prefer to be notified about it (and I want the companies in question to be notified about it). There has to be a mechanism to allow this.
  
  Getting back to the network... You only have the word of someone unscrupulous that they didn't commit further unscrupulous activities.
  If they are not requesting anything in exchange then they are not benefiting from notifying you about the breach. You, however, DO benefit from being notified of a security breach.
  I also assume you do not take their word for it and perhaps verify that they haven't done anything untoward on your system.
18. Re:Sort of interesting, but... by Ogive17 · 2013-02-24 07:54 · Score: 4, Insightful
  
  He also told you ahead of time.
  
  Let's say you came home and your neighbor was sitting on your couch watching tv while drinking one of your beers. Then he says "your locks suck, you should try the ones I use".
  
  How would you like that?
  
  Derp, derp, derp.
  
  --
  "Action without philosophy is a lethal weapon; philosophy without action is worthless."
19. Re:Sort of interesting, but... by Truekaiser · 2013-02-24 08:10 · Score: 2
  
  Actually you got it half right. Right now it's okay for Companies and the government to look into your life and control it in a way he did to them, getting all your private information to make sure you're not a 'terrorist'* or to sell that information to others. It's though a high crime to do it to companies, even if they had the digital equivalent of an in plain sight open and unlocked second story window.
  *exact definition of the word will be determined by the political climate, but will always be scapegoats for real problems.
20. Re:Sort of interesting, but... by Anonymous Coward · 2013-02-24 08:11 · Score: 1
  
  He wasn't just some gray-hat poking around people's networks and offering security consulting. He leaked proprietary info to the press, and fraudulently acquired an xbox dev kit in order to resell it on ebay.
21. Re:Sort of interesting, but... by spire3661 · 2013-02-24 08:13 · Score: 1
  
  NO. Simply put, dont break into other people's networks, regardless of intent. It is never ok to trespass in the name of self-righteousness. Also, its not YOUR data, it is data about you.
  
  --
  Good-bye
22. Re:Sort of interesting, but... by spire3661 · 2013-02-24 08:17 · Score: 1
  
  You have a strange perspective. IF someone random person is going around pen-testing the neighborhood, im going to have him arrested. THe problem is self-appointed idiots like this who thinks its ok to pen-test shit that does not belong to them.
  
  --
  Good-bye
23. Re:Sort of interesting, but... by Runaway1956 · 2013-02-24 08:20 · Score: 1
  
  You're describing one of my shipmates, not my neighbors.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
24. Re:Sort of interesting, but... by Ardyvee · 2013-02-24 08:20 · Score: 2
  
  The real issue here is why we, as a society, couldn't put his skills to good, lawful use. (There is also unlawful good, but I won't go there, since what matters is the lawfulness) He seems like somebody with the skills. Why isn't he working for a security firm? Why isn't he making software more secure through lawful methods?
  To follow the physical lock analogy, instead of him going around your neighborhood checking locks/doors, why wasn't he a locksmith? A locksmith should be able to obtain access through any/most locks. He should also be able to tell the flaws of each lock and help build a more secure lock. Thus, why wasn't this guy working as a security specialist? It seems to me that not only did he fail in finding a good, lawful use to his skills, but we as a society failed to point him to those areas.
  So yes, he's probably going to get a harsh sentence. According to law, he deserves it. Instead of simply saying "it's illegal, so he gets punished", let's go a bit further: how can we turn the next guy like him that seem like a grey hat into a full fledged white hat? There is a reason ethics exist, and we use them.
  
  --
  I don't care if I'm wrong. I only care about everyone obtaining something from the discussion.
25. Re:Sort of interesting, but... by tlambert · 2013-02-24 08:27 · Score: 1
  
  Your scenario has little or nothing to do with the story. This guy broke into some networks and reviled business information to the public.
  Uh... where exactly did he criticize business information in an abusive or angrily insulting manner?
26. Re:Sort of interesting, but... by Cassini2 · 2013-02-24 08:35 · Score: 2
  
  Actually, it is like having a house on a busy street with the door standing open, only you don't know it. Would you rather:
  a) Your neighbour pop in, check if you are still alive, and remind you to close the door?
  b) or just wander in and out like everyone else does on the street.
  The problem isn't that people are breaking into your house. It's that people are breaking into your house, sleeping over, and you don't know it.
  Physical property has definite levels of trespass. Walking through an open door is not trespassing in many jurisdictions. Things are way more nebulous on-line. If I can pull data from your webserver without a password, where was the closed door exactly? (People have been charged with pulling open-access data from a webserver, and it really shouldn't have been as easy as knowing which web page to call up.)
27. Re:Sort of interesting, but... by Maxx169 · 2013-02-24 08:59 · Score: 1
  
  I prefer chaotic neutral, personally.
28. Re:Sort of interesting, but... by Anonymous Coward · 2013-02-24 09:28 · Score: 1
  
  Because the world isn't black and white. Because laws are made by fallible humans. And because sometimes the ends justify the means.
29. Re:Sort of interesting, but... by Joe_Dragon · 2013-02-24 09:30 · Score: 1
  
  Why isn't he working for a security firm?
  what is doing is kind of in the trade school / hands on area and HR does not like them even when people who to them know more then people in college.
30. Re:Sort of interesting, but... by Bert64 · 2013-02-24 09:34 · Score: 1
  
  They harass such people because they acted in good faith and informed them.
  Malicious hackers will try to be stealthy, so they will NEVER invite dialog with their victims unless it's for purposes of extortion, and they will generally go to extreme lengths to disguise their identities, keep access to whatever systems they breached and use them to gain further access if possible.
  Someone who tries to help them by identifying a hole and helping to fix it makes themselves an easy target. Someone who is stealthy, doesn't enter into dialog and is probably located in a far away country is very difficult to prosecute if you can even find them at all.
  Of course this guy may be on questionable legal ground, but the fact is vulnerabilities were there... Is it not preferable that someone like this found them, rather than someone more malicious?
  So don't do it. Don't run the risk, instead leave any exploitable holes for real malicious criminals to find.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
31. Re:Sort of interesting, but... by sycodon · 2013-02-24 09:35 · Score: 2
  
  The ends rarely justifies the means.
  And while the world isn't black and white, we have processes that are set up to mitigate that fact.
  Viewing the breaking into a system, and then notifying the owners, as some kind altruistic act is at best misguided and more likely a sorry excuse for illegal behavior.
  
  --
  When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
32. Re:Sort of interesting, but... by Bert64 · 2013-02-24 09:38 · Score: 4, Insightful
  
  The closest analogy is the spirit of the law vs the letter of the law...
  Hackers generally obey the letter of the law, that is they are only making a computer do what it was programmed to do. Wether that programming was intentional, or the result of a bug comes down to the spirit in which the program was written.
  A similar scenario is the law... There are many loopholes (ie bugs) in the law which allow people to legally perform acts which were never intended by the people who wrote those laws.
  So why then is it legal for a lawyer to exploit loopholes in the law, but not legal for a hacker to exploit loopholes in program code?
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
33. Re:Sort of interesting, but... by Bert64 · 2013-02-24 09:41 · Score: 1
  
  Well, if the police see someone stealing your television it's likely they too would gain access to your house in order to arrest the thief.
  Also it's unlikely a stranger would need to do any additional damage to "break" in, they could gain entry via the same means as the original thief.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
34. Re:Sort of interesting, but... by rastoboy29 · 2013-02-24 09:49 · Score: 1
  
  What double standard? Good technicians are encouraged to explore the network. Or do we just want to let the Chinese develop good security knowledge? He didn't destroy anything, that's the point. What is wrong with you?
  
  --
  expandfairuse.org
35. Re:Sort of interesting, but... by Bert64 · 2013-02-24 09:49 · Score: 2
  
  The problem in many countries, is that while this guy has skills he may not necessarily have the paperwork to prove his skills.
  As such, companies simply won't hire him, and will never give him the chance to prove what skills he has.
  Also, if he gets convicted he will have a criminal record, which will be yet another reason why companies won't hire him.
  So the end result is that once all the dust settles, his only way of earning a living will be to use his skills for illegal purposes. And if he goes to jail, he will meet all manner of people who can introduce him to organised crime gangs who may want his services.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
36. Re:Sort of interesting, but... by stevew · 2013-02-24 09:55 · Score: 1
  
  No - simply no. He broke in to a private network without permission That is equivalent to "Entering" of a Breaking and Entering charge in the US in a brick/mortar situation. There is not ethical difference between the two. What he did with his ill-gotten gains aren't relevant to the discussion. That is the same thing as killing someone today, then joining Amnesty International the next day?!?
  
  --
  Have you compiled your kernel today??
37. Re:Sort of interesting, but... by VGPowerlord · 2013-02-24 10:31 · Score: 1
  
  Actually, it is like having a house on a busy street with the door standing open, only you don't know it. Would you rather:
  a) Your neighbour pop in, check if you are still alive, and remind you to close the door?
  b) or just wander in and out like everyone else does on the street.
  Well, we could make this a bit more like the actual scenario.
  Actually, it's like having a house at the end of a largely unused alley with the door standing open, only you don't know it. Would you rather:
  a) A random person pops in, make copies of all your private mail and computer files, then maybe tells you about it.
  b) You take the chance that someone randomly finds your open door.
  
  --
  GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
38. Re:Sort of interesting, but... by Luckyo · 2013-02-24 10:34 · Score: 1
  
  It is not. Draw a legal comparison:
  Is it okay to lockpick all company office locks, evade security cameras using various hiding techniques, crack the safe combination using a high tech listening device with a lot of trade secrets, take photographs as evidence and then mail all of the evidence of break-in? Because that is exactly what you're doing, but through computers and networks instead of doors and corridors.
  Many people use "but it's okay for my to pick my neighbour's lock just to show him that it's weak" comparison. First of all, it's not. Second, company is NOT your neighbour. The only way to test its defences legally is to ASK PERMISSION BEFORE TESTING AND GET APPROVAL, just like a locksmith testing the above scenario would need to to be legal. Otherwise you're committing a crime. There is no grey ground here.
39. Re:Sort of interesting, but... by TapeCutter · 2013-02-24 10:42 · Score: 4, Interesting
  
  Why do they feel the need for a battering ram to serve a warrant on a kid stealing plans for a toy? Why did they take his credit and bank cards and leave him without access to his own accounts? What he did was wrong but it does not warrant a jackboot response from the authorities.
  
  --
  And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
40. Re:Sort of interesting, but... by Anonymous Coward · 2013-02-24 10:45 · Score: 1
  
  Load of bull from you. I have been working on some VERY important piece of corporate security for a multi-billion dollar revenue corporation, which is also related to the general security of the country it operates in. It was just the "money" side of business, though. No background checks whatsoever. At least no official ones. I could have sneaked in something which would have opened the entire money palace of a dozens-of-billions enterprise. Even worse, I might have been able to compromise security of some relevant people, because their details were processed in the enterprise.
  Actually, I did this kind of thing TWICE and the biggest effort on the side of authorities was that one guy talked of "hole in the wall with a machine gun behind in TelAviv airport" to scare me a little into not doing fishy stuff. My ID card and corporate employment was sufficient to get access to crown jewels, though.
  In another function they did a secret background check on me with some interesting results, as it transpired A DECADE later. So maybe they do this all the time and just don't tell too many people. So they can also be "flexible" in their judgement. "He was a bad guy ten years ago, but we turned him. No problem".
  So, this guy will never get a legit job because he did some micro-crime ? Hilarious. In some countries you have former "terrorists"/"terror supporters" become presidents or ministers. Just check Brazil for starters.
  Guy needs to let some time go past and do open-source projects without anything fishy. Then land a highly paid job in banking, insurance IT or the like. He will only be stopped by his own smelly T-shirt or something like that.
41. Re:Sort of interesting, but... by Max+Littlemore · 2013-02-24 10:58 · Score: 3, Insightful
  
  That's my concern in this. Seizing his bank access seems punitive to me and he hasn't been found guilty of anything. The alleged offenses don't even seem to warrant that action.
  I really hope his legal team can set some kind of precedent to keep a tighter leash on prosecution agencies.
  
  --
  I don't therefore I'm not.
42. Re:Sort of interesting, but... by c0lo · 2013-02-24 11:37 · Score: 1
  
  Or, shall we see another case of the famous Slashdot Double Standard?
  Why not, is it forbidden? I'm looking to Washington DC and I don't see a Single Standard, even if US may benefit from having one (e.g. consider the Constitution, how many "standard" interpretation it does have?).
  
  --
  Questions raise, answers kill. Raise questions to stay alive.
43. Re:Sort of interesting, but... by rtb61 · 2013-02-24 12:22 · Score: 1
  
  You are a shit head. A direct personal invasion is not the same as an internet hack of a business account. One relates to escalation which can result in bodily harm and death and the other of course is largely meaningless. M$ in this case has used it's corporate US power to escalate this beyond all reason, to a risky how invasion with some douche FBI agent threatening a minor with extradition (zip, zero, nil, nul chance, just some douche being true dick). How was the hack possible, obviously some truly piss poor security by M$.
  Now consider this was a family home and M$ and the FBI led an attack against the whole family and their technology (there you go a direct personal attack, where the attack is the punsihment the US government via the FBI intended) which they knew in majority would have nothing to do with the poorly secured information M$ lost. I am sick of psycho idiots and the pathetic mod cheerleaders comparing internet hacks to direct personal attacks. Especially where it is blatant that the direct personal attack and collective punishment against the whole family, occurred as a result of some pumped up fuckwits at M$.
  
  --
  Chaos - everything, everywhere, everywhen
44. Re:Sort of interesting, but... by Dogtanian · 2013-02-24 12:35 · Score: 1
  
  But those are really crappy analogies
  Er, you must be new here. Stupid analogies are the lifeblood of Slashdot arguments. :-)
  
  --
  "Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
45. Re:Sort of interesting, but... by bogie · 2013-02-24 14:24 · Score: 2
  
  "It should be up to the courts to decide whether this deserves just a slap on the wrist. Until that time, it should be treated seriously."
  No, he should be treated innocent UNTIL proven guilty in a court. That mean bail unless he is a flight risk or danger to the public at large. Also it does not mean freezing his bank accounts.
  
  --
  If you wanna get rich, you know that payback is a bitch
46. Re:Sort of interesting, but... by Mashiki · 2013-02-24 14:49 · Score: 2
  
  Why do people cling to the perception that committing a clearly illegal act is somehow/sometimes justified for some reason?
  Short answer? Sometimes a single person committing a single illegal act, and 'saving face' for someone else. Is better in the long run than an issue existing and 300 people using the same breach a few months down the road. There are reasonable expectation in case law at least in my country on such things. Both in things relating to physical property, and to computer crime.
  
  --
  Om, nomnomnom...
47. Re:Sort of interesting, but... by Gadget_Guy · 2013-02-24 15:21 · Score: 1
  
  No, he should be treated innocent UNTIL proven guilty in a court. That mean bail unless he is a flight risk or danger to the public at large. Also it does not mean freezing his bank accounts.
  You might think that it means freezing bank accounts is not allowed, but the law does not agree. Considering that he was apparently in cahoots with at least one other person overseas, they really don't want to allow him to transfer any proceeds of crime offshore.
48. Re:Sort of interesting, but... by kelemvor4 · 2013-02-24 15:32 · Score: 1
  
  What double standard? Good technicians are encouraged to explore the network. Or do we just want to let the Chinese develop good security knowledge? He didn't destroy anything, that's the point. What is wrong with you?
  
  Good technicians who are employed to explore a network are encouraged to do it. That's about as far as it goes in reality.
49. Re:Sort of interesting, but... by shentino · 2013-02-24 16:52 · Score: 1
  
  Civil forfeiture is wonderful isn't it?
50. Re:Sort of interesting, but... by shentino · 2013-02-24 16:55 · Score: 2
  
  Trespassing online is whatever a big corporation with an army of lawyers says it is.
51. Re:Sort of interesting, but... by wallsg · 2013-02-24 18:27 · Score: 1
  
  The closest analogy is the spirit of the law vs the letter of the law...
  Hackers generally obey the letter of the law, that is they are only making a computer do what it was programmed to do. Wether that programming was intentional, or the result of a bug comes down to the spirit in which the program was written.
  A similar scenario is the law... There are many loopholes (ie bugs) in the law which allow people to legally perform acts which were never intended by the people who wrote those laws.
  No, the hacker isn't obeying either the spirit or the letter of a law that prohibits unauthorized access to a computer system or network. He's exploiting weakness in systems to, at the very least trespass. If he breaks in, does no damage (and yes, copying business data to sell or release publicly is damage), and notifies the company then it's questionable that he should be prosecuted.
  Instead of your lawyer analogy though, a much better one is a burglar who, using the weaknesses inherent in a mechanical lock, picks said lock and then enters your house, makes copies of all of your credit cards and papers/data (and destroys them if he wants to be malicious), posts hidden cameras throughout your house, and sabotages the lock on the back door or window so that he has easier access in the future.
52. Re:Sort of interesting, but... by wallsg · 2013-02-24 18:32 · Score: 1
  
  Well, we could make this a bit more like the actual scenario.
  Actually, it's like having a house at the end of a largely unused alley with the door standing open, only you don't know it. Would you rather:
  a) A random person pops in, make copies of all your private mail and computer files, then maybe tells you about it.
  b) You take the chance that someone randomly finds your open door.
  How about making it really realistic?
  You have a door on the house secured with a faulty lock. The lock looks like it's secure but if you know what you're doing it's trivial to open.
  BTW, I have told my neighbor about his open garage door after dark. I went to his front door and rang his door bell. I didn't go into his house through his garage.
53. Re:Sort of interesting, but... by Anonymous Coward · 2013-02-24 18:35 · Score: 1
  
  I don't think you understand the meaning of the word "analogy".
  If something is analogous to breaking the law, it is not necessarily illegal. It's just analogous to breaking the law.
54. Re:Sort of interesting, but... by TemperedAlchemist · 2013-02-24 19:08 · Score: 1
  
  So if I notice that the gate around an industrial complex has a security flaw, sneak in, sneak back out and tell you about it, then I should have my bank account seized and have my house raided?
55. Re:Sort of interesting, but... by DKlineburg · 2013-02-24 22:27 · Score: 1
  
  I am not saying that I would encourage such behavior. But once a problem is found, I'd prefer to be notified about it (and I want the companies in question to be notified about it). There has to be a mechanism to allow this.
  I think this stands out to me most. I have to agree that yeah, you are being dishonest for doing it. But telling someone should be ok. IF however, when your admin does his check finds you did steal the kitchen sink, it isn't as ok. I will say however, he only REALLY did that with epic, and only when drunk. He only talked to MSFT when they found him. There is a lot of things he did like leak specs would be doing what is wrong. So sadly, he did enough to deserve some of this. The degree is debatable IMHO.
  
  --
  Memory is deceptive because it is colored by today's events. - Albert Einstein
56. Re:Sort of interesting, but... by arnodf · 2013-02-25 01:26 · Score: 1
  
  That's more like the neighbour breaking into your house, standing there creepily in your bedroom, only to notify you that your locks suck.
  A better analogy would be if he was looking for you to return your drill he borrowed and tried the front door which was locked so he tries the back door which isn't locked and leaves a note to tell you he was looking for you, leaves the drill on the kitchen table and that the back door was unlocked.
57. Re:Sort of interesting, but... by Anonymous Coward · 2013-02-25 03:00 · Score: 1
  
  Just for fun, lets rework the GP story to fit the root story.
  I have my house locked up tight. My neighbor says that I have cruddy, worthless locks on my door. He demonstrated this by taping an advertisement for the type of lock he prefers to my left buttock while I slept last night. However, he didn't break anything and even locked the door again on his way out, so I should be thanking him.
58. Re: Sort of interesting, but... by Phasma+Felis · 2013-02-25 03:38 · Score: 1
  
  Did you also steal confidential documents in the process? You seem to be ignoring that little detail.
59. Re:Sort of interesting, but... by Gravatron · 2013-02-25 04:21 · Score: 1
  
  Keep in mind, he was trying to sell secrets and dev kits to the highest bidder it seems. Freezing his accounts could be a standard response to stopping ill gotten gains from being laundered once he was found out.
60. Re:Sort of interesting, but... by Eugriped3z · 2013-02-25 05:58 · Score: 1
  
  Just HOW is this INSIGHTFUL when it wasn't Slashdot that made the assessment being characterized as such?
61. Re:Sort of interesting, but... by IndustrialComplex · 2013-02-25 06:08 · Score: 1
  
  I suspect that any network admins worth their pay would be able to tell 1) if the exploit / entry method the guy was talking about was true, and 2) what he did when he got in there. If not, they have bigger problems.
  The problem is that it doesn't stop at 2)
  2. Verify what he did when he got there. If he tells you what he did, then yes, you should be able to check that.
  Now comes the fun part:
  3. Prove that he didn't do anything else. This isn't easy, in fact, you are trying to prove a negative. You assume that their systems are perfectly designed to log/alert/block/etc anything additional, and that this is possible for a network admin 'worth their pay'. Let me tell you, no network admin worth their pay should assume that this is possible.
  Why would you ever assume that you would be good enough to know that addition intrusion did not occur if you know for a fact that he was already capable of defeating your public-facing security?
  This is a problem because you cannot know for certain that he did only what he claimed he did, and thus you now have to incur a cost to verify to a sufficient level of confidence that further intrusion did not occur. That is not free, and should never be assumed on the word of someone who already violated your trust.
  
  --
  Out of modpoints but really liked a post? 1BDkF6TtmmeZ3yqXbz9yhdYVqRYnwFoXDj
62. Re: Sort of interesting, but... by cixtian · 2013-02-26 02:12 · Score: 1
  
  Yes!!! Breaking and entering is a crime and if the precident is that your accounts are seized then so be it.
63. Re: Sort of interesting, but... by cixtian · 2013-02-26 02:18 · Score: 1
  
  Difference is he didn't tell you and ask if he could show you, but instead you come home and are getting naught with the wife and he's sitting on your couch, eating popcorn. He committed a crime
64. Re: Sort of interesting, but... by Runaway1956 · 2013-02-26 03:11 · Score: 1
  
  That sumBITCH! I TOLD him to stay out of my popcorn!
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
65. Re:Sort of interesting, but... by rastoboy29 · 2013-03-03 10:56 · Score: 1
  
  Yes, and that may be why we end up on the ass end of history.
  
  --
  expandfairuse.org
Need to nip it in the bud by Anonymous Coward · 2013-02-24 06:39 · Score: 5, Funny

It starts out like this, a hacker looking for the latest games, then it leads to Global Thermonuclear War.
1. Re:Need to nip it in the bud by hcs_$reboot · 2013-02-24 12:12 · Score: 1
  
  Shall - we - play - a - game?
  
  --
  Slashdot, fix the reply notifications... You won't get away with it...
No damage? by l00sr · 2013-02-24 06:46 · Score: 1, Informative

There seems to be this common misconception that a network can be broken into without causing any damage. Tell that to the IT department that has to re-flash and re-image every damn machine on the network to make sure no backdoors were left behind.
1. Re:No damage? by Anonymous Coward · 2013-02-24 07:01 · Score: 1
  
  So, you're saying that IT shouldn't fix backdoors on their network as long as no one ever breaks in using them (that they know about)?
2. Re:No damage? by K.+S.+Kyosuke · 2013-02-24 07:09 · Score: 5, Insightful
  
  There seems to be this common misconception that a network can be broken into without causing any damage. Tell that to the IT department that has to re-flash and re-image every damn machine on the network to make sure no backdoors were left behind.
  There seems to be this common misconception that having to fix a network to remove holes and backdoors is somehow worse than having lived with it for some time without knowing it Not to mention the fact that your second sentence does not substantiate the first, also known as the non sequitur fallacy: not having caused any damage and being under suspicion for having caused some are two completely independent things.
  
  --
  Ezekiel 23:20
3. Re:No damage? by Jah-Wren+Ryel · 2013-02-24 07:12 · Score: 4, Insightful
  
  There seems to be this common misconception that a network can be broken into without causing any damage. Tell that to the IT department that has to re-flash and re-image every damn machine on the network to make sure no backdoors were left behind.
  Those actions and associated costs are not the result of having your network broken into. They are the result of being told your network is vulnerable - even if you have no knowledge that the network was actually broken into.
  
  --
  When information is power, privacy is freedom.
4. Re:No damage? by lkangaroo · 2013-02-24 07:24 · Score: 1
  
  Guess there is a difference between your definition of "damage" and the GP's. In a business setting, any time, effort, or money that you spent, and would not have to spend if there were no breach is considered "damage".
5. Re:No damage? by 93+Escort+Wagon · 2013-02-24 07:31 · Score: 1, Informative
  
  Having been through such a situation in the past - while the GP contained some hyperbole, I can tell you our guys spent a couple days checking and cleaning up after an intrusion. If you don't think there's a (necessary) significant investment of time that goes into dealing with an intrusion, you've likely never actually worked in IT.
  
  --
  #DeleteChrome
6. Re:No damage? by K.+S.+Kyosuke · 2013-02-24 08:05 · Score: 1
  
  Guess there is a difference between your definition of "damage" and the GP's. In a business setting, any time, effort, or money that you spent, and would not have to spend if there were no breach is considered "damage".
  And as long as you can make things up, any word can mean anything you want. So, to continue your line of reasoning: my dictionary tells me that "breach" can mean the same thing as "crack" or "fissure", and the hole was there before the guy got in there, so logically, they'd have to spend effort anyway.
  
  --
  Ezekiel 23:20
7. Re:No damage? by Namarrgon · 2013-02-24 08:07 · Score: 2
  
  Your front door lock is broken, but you didn't realise it. A passer-by tells you that is broken. Do you blame him for the "damage" to your wallet that comes from fixing it?
  Or how about this: You're understandably unhappy that he pushed your door open and poked his head in. He claims he didn't take anything (and given how he volunteered the information about your door, there's no reason to disbelieve him), but are you angry at him that you now feel the need to double-check everything you own, just in case he (or someone else) took something?
  
  --
  Why would anyone engrave "Elbereth"?
8. Re:No damage? by spire3661 · 2013-02-24 08:25 · Score: 1
  
  Its not ludicrous. We could and should be able to do it, but we dont design our networks to a handle that kind of thing. IMHO, every machine in the building should have a hot spare HDD ready to go and a full user profile stored on the network/backups. We dont have this functionality because its more important to slap a cheap vendor workstation on a desk then it is to build a a proper machine with extra hardware.
  
  --
  Good-bye
9. Re:No damage? by tlambert · 2013-02-24 08:41 · Score: 1
  
  Guess there is a difference between your definition of "damage" and the GP's.
  In a business setting, any time, effort, or money that you spent, and would not have to spend if there were no breach is considered "damage".
  Excuse me...
  Why is it that you think that a breach that is committed by someone who reports it to you and potentially faces repercussions for their having a Bushido-style sense of honor about things causes less damage than a breach committed by someone who then proceeds to profit from said breach without disclosing it to you, up to and including selling the details of how to repeat it to third parties?
  Do you somehow think that the people who open themselves up to the repercussions are smarter than the ones who keep quiet and face less risk?
  From your "business perspective", I'd call the people who kept their mouth shut "smarter". Why is it you think a "smarter" person would be unable to get into your system -- or hasn't already -- than one you would, by your own lights, class as "less smart"?
10. Re:No damage? by bwcbwc · 2013-02-24 08:47 · Score: 1
  
  No, you're conflating two different types of security vulnerabilities:
  1) The gap the guy originally used to get in, plus any other pre-existing vulns.
  2) the gaps the guy may have introduced into the network while he had access, via new malware, etc.
  The re-flashing and stuff mentioned on the GGP is primarily to mitigate #2.
  #1 is definitely not the guys fault, but any precautions required to mitigate #2 definitely are.
  And whether you agree with the law or not, breaking into secured networks is still illegal regardless of the harm. Even if you throw out the remediation costs, the argument that "no damage was done" isn't necessarily true: from a business POV, breaking into their corporate network and leaking game console specs ahead of announcement qualifies as industrial espionage. What if the leaked XBox specs inspired Sony to upgrade the CPU or the graphics on the PS4 to improve their performance? The leak takes away a competitive advantage that MS had due to their trade secrets.
  
  --
  We are the 198 proof..
11. Re:No damage? by Em+Adespoton · 2013-02-24 08:53 · Score: 1
  
  Its not ludicrous. We could and should be able to do it, but we dont design our networks to a handle that kind of thing. IMHO, every machine in the building should have a hot spare HDD ready to go and a full user profile stored on the network/backups. We dont have this functionality because its more important to slap a cheap vendor workstation on a desk then it is to build a a proper machine with extra hardware.
  The other problem is that you need to deal with when the intrusion was detected when dealing with cleanup and mitigation. If there was an undetected intrusion, followed by backups cycling, user profiles getting backed up to hot spares, etc. and THEN someone notices the intrusion... well, you have to first figure out when the intrusion took place and what systems were possibly touched -- after which you need to follow the cascade of tainted systems until you reach the end.
  There's nothing worse than losing a week of work to restore to a tainted snapshot -- other than maybe being unable to audit and verify whether you've cleaned everything up in the first place.
12. Re:No damage? by Xugumad · 2013-02-24 09:25 · Score: 1
  
  I do that for systems I maintain.
  I've nuked systems just for looking suspicious, despite not being able to prove someone cracked them (half the binaries in /bin stopped working, I figure that's fairly damn suspicious).
  Anyone who doesn't re-image a cracked system is unbelievably naive, and it will come back to bite them hard one day. Like hell am I going to take the word of someone who broke into my systems that they didn't leave a rootkit.
13. Re:No damage? by Xugumad · 2013-02-24 09:31 · Score: 1
  
  My network is vulnerable. I know this, because it exists.
  The question is how vulnerable.
  I run Linux, not OpenBSD, so there's a greater chance that I'll get a zero-day attack sprung on my network. However we make that compromise because it's considered reasonable.
  I run services we need, but each is a risk.
  There is no such thing as a secure network, there is only a secure-enough network.
14. Re:No damage? by bloodhawk · 2013-02-24 10:01 · Score: 1
  
  There seems to be this common misconception that a network can be broken into without causing any damage. Tell that to the IT department that has to re-flash and re-image every damn machine on the network to make sure no backdoors were left behind.
  Those actions and associated costs are not the result of having your network broken into. They are the result of being told your network is vulnerable - even if you have no knowledge that the network was actually broken into.
  That is not completely correct. Once you know your network has been broken into you can no longer trust any device that has potentially been intruded upon and more often then not a full rebuild is required, simply finding a vulnerability means you have to patch it not rebuild. There will always be vulnerabilities, maintaining and monitoring is key to that, however once a vulnerability is exploited the cost skyrockets.
15. Re:No damage? by thePowerOfGrayskull · 2013-02-24 10:31 · Score: 1
  
  A couple of weeks ago, one of our deployment SSH keys was compromised. After the hole was plugged, every employee had to re-key, re-upload keys, etc - even though we knew only one key was obtained .
  What kind of org do you work in where they don't take security importantly enough to do this?
16. Re:No damage? by Jah-Wren+Ryel · 2013-02-24 11:22 · Score: 1
  
  I'm pretty sure you missed the point. If you had a gap, you don't know who has been through it. If you only look for introduced malware when you know somebody has been through the gap, then you are only half-assing your security.
  
  --
  When information is power, privacy is freedom.
17. Re:No damage? by dissy · 2013-02-24 13:12 · Score: 1
  
  So what you're saying is, if you say to me in conversation you are running a server with such and such software, and I reply also in conversion that the latest version of software such and such is exploitable, then give you the URL to the security announcement... I now somehow owe you money despite not even knowing where your network is let alone haven't touched the thing? Simply because you need to check for backdoors and reimage potentially backdoored machines?
  I think you don't understand how this "fault" thing actually works.
18. Re:No damage? by kelemvor4 · 2013-02-24 15:39 · Score: 1
  
  Your front door lock is broken, but you didn't realise it. A passer-by tells you that is broken. Do you blame him for the "damage" to your wallet that comes from fixing it?
  Or how about this: You're understandably unhappy that he pushed your door open and poked his head in. He claims he didn't take anything (and given how he volunteered the information about your door, there's no reason to disbelieve him), but are you angry at him that you now feel the need to double-check everything you own, just in case he (or someone else) took something?
  If the lock was "broken" because he was able to devise a method to pick it necessitating that I replace the lock then YES. Imperfect security is reality everywhere all the time. If you think your systems are completely secure all it means is that you are mistaken.
19. Re:No damage? by Namarrgon · 2013-02-24 18:31 · Score: 1
  
  Your argument is that his actions opened their systems wider, than if he hadn't done anything? Is there any evidence of that being the case here?
  If that's not the case, then he still did them a favour by pointing out a hole in their security. Sure there may be others, but now they know about this one. The responsible action would be to close the hole (and thank him), but they could always ignore it and do nothing; they'd be no worse off.
  
  --
  Why would anyone engrave "Elbereth"?
20. Re:No damage? by kelemvor4 · 2013-02-25 02:50 · Score: 1
  
  Your argument is that his actions opened their systems wider, than if he hadn't done anything? Is there any evidence of that being the case here?
  If that's not the case, then he still did them a favor by pointing out a hole in their security. Sure there may be others, but now they know about this one. The responsible action would be to close the hole (and thank him), but they could always ignore it and do nothing; they'd be no worse off.
  No, my point is that a system that is not perfectly secure is not an invitation for anyone who wants to access the system. Just as you will go to jail if I leave my front door closed but unlocked and you walk in and rifle through my wife's underwear drawer. Maybe you take a photo of it, while you're there but leave the actual items. Unlocked (or insecure in computers) does not equate to do whatever you want. If the company had no security other than a telnet uid/pwd, he still isn't allowed to crack that and access the server. This guy broke into a computer system and should be punished for it. If he wanted to do some white hat hacking, he should have obtained consent before he accessed the systems. Really, I don't think there's even any gray area here. He accessed systems without first obtaining permission. The security of those systems is not relevant.
21. Re:No damage? by Eugriped3z · 2013-02-25 06:12 · Score: 1
  
  There seems to be this common misconception that a network can be broken into without causing any damage. Tell that to the IT department that has to re-flash and re-image every damn machine on the network to make sure no backdoors were left behind.
  There seems to be this common misconception that having to fix a network to remove holes and backdoors is somehow worse than having lived with it for some time without knowing it Not to mention the fact that your second sentence does not substantiate the first, also known as the non sequitur fallacy: not having caused any damage and being under suspicion for having caused some are two completely independent things.
  It IS sort of funny to think that re-imaging an insecure system in order to bring it back to it's former state of brokenness constitutes repair or implies that damage was done. Perhaps the perpetrator should should have been tracked down and awarded a consulting fee or offered a job.
22. Re:No damage? by Namarrgon · 2013-02-25 13:40 · Score: 1
  
  Pretty hard line to take on a guy who was a) a kid, b) merely curious, not malicious, c) did no damage, and d) did them (and their customers) a favour by alerting them to a security hole that could be maliciously exploited by the next hacker to drop by.
  Some companies (e.g. Epic) actually appreciated the heads-up, and sent him a signed poster in thanks. Your position that he be punished instead, while defensible under a strict interpretation of the law, looks more like a dick move to me. I'd expect a judge would be rather more nuanced.
  
  --
  Why would anyone engrave "Elbereth"?
Durango hasn't been revealed by Anonymous Coward · 2013-02-24 06:49 · Score: 1, Insightful

> he retrieved information about the PS4 and next-gen Xbox 'Durango' (which turned out to be correct)
"Durango" hasn't been revealed yet. How do we know his info is correct?
1. Re:Durango hasn't been revealed by Sir_Sri · 2013-02-24 08:00 · Score: 1
  
  They might mean he had info on early development kits, a lot of that info has leaked out (there are after all lots of companies that have said kits).
  Early development kits aren't final hardware though, so they don't mean much to consumers or people on the outside.
Chinese Army by the+eric+conspiracy · 2013-02-24 06:52 · Score: 4, Insightful

Ugh.
If some surfer dude from Oz can do this imagine what the Chinese Army and the TLAs have gotten into.
I don't know is this is good or bad, Mutually Assured Destruction can be a good thing, as well as can be the dissemination of information.
However it sure should give people pause when they put a server online. Or make their bank accounts available on the web.
It might be a case of not if but when.
1. Re:Chinese Army by the+eric+conspiracy · 2013-02-24 08:52 · Score: 1
  
  > Go China! At this point, they're our best hope of saving the world from the Americans.
  Be careful what you wish for. You might get it.
2. Re:Chinese Army by Lumpy · 2013-02-24 09:53 · Score: 1
  
  You are late for your labor camp job comrade... Please send video of you being beaten by your neighbor to the Ministers email address by 3am or you will be punished by the overseers.
  
  --
  Do not look at laser with remaining good eye.
Re:But officer, I just broke in! by Osgeld · 2013-02-24 07:19 · Score: 1

yes, breaking in and taking information
people would oppose someone breaking into their house and stealing all their financial documents, but its apparently harmless to break in and commit industrial espionage
who cares by Vince6791 · 2013-02-24 07:28 · Score: 2

So, it's okay for the u.s government and even corporations to spy on our communications(facebook, phone calls, chats), emails, and whatever we upload to the cloud without a court warrant but when somebody does it to a corporation or government it's time for the feudal u.s system to go bat shit crazy on his/her ass. If u.s does not follow the constitution why should we, remember by the people for the people. Hah, who cares it's a feudal system. People just stop hacking it's not worth losing your life over.
1. Re:who cares by bwcbwc · 2013-02-24 08:50 · Score: 1
  
  No it's not OK for the government to do that. But just because the government screws you over doesn't mean you can go screwing over 3rd parties. The problem isn't that the law against cracking networks is necessarily bad (although I'll agree it's not perfect and overreaches), it's that the government and corporations aren't held to the same standard as individuals, which is a completely separate issue.
  
  --
  We are the 198 proof..
Its funny... by Anonymous Coward · 2013-02-24 07:37 · Score: 1

Because no one seems to be blaming the companies like usual, no one is blindly angry for no reason and no one seems pissed off. Why? Because he stole information that users here find interesting.
I mean he did the same thing that hackers have done to companies before and you people lined up to spout the same comments and blame the companies for being hacked many many many times but now all the sudden you change your tune simply because he wasnt trying to steal personal information about you. He commited the same crime. Its like saying someone who breaks in your home to steal your wallet is bad, but if he breaks in and steals nothing then youre perfectly fine with it.
Re:You don't get it. by dreamchaser · 2013-02-24 07:39 · Score: 1, Redundant

He broke the law, if his story is true, plain and simple. You're the one with twisted perspective on it. He had no right to access their networks or proprietary information. I hope they don't go TOO hard on him as he did seem to have relatively benign intentions, but he hacked into systems without permission. The companies in question did not contract him to do penetration testing or an overall security assessment.
It is called the Geohot effect by argee · 2013-02-24 07:47 · Score: 1

You would think that after Geohot showed the way (not!), that people would leave
Sony alone to wither on the vine.
Friends don't let friends buy Sony Products.
1. Re:It is called the Geohot effect by spire3661 · 2013-02-24 08:31 · Score: 1
  
  You mean the guy that completely capitulated, tucked his tail between his legs and ran? Yeah Geohot sure showed the way........
  
  --
  Good-bye
2. Re:It is called the Geohot effect by westlake · 2013-02-24 10:50 · Score: 1
  
  You would think that after Geohot showed the way (not!), that people would leave Sony alone to wither on the vine.
  
  At any odds you would care to name, I would bet that 99.8% of users upgraded their PS3 firmware (currently at rev. 4.31) without giving a second's thought to Geohot or Linux on the console.
3. Re:It is called the Geohot effect by Gravatron · 2013-02-25 04:40 · Score: 1
  
  No one cared about linux on the ps3 outside a few small circles, so no one really cared about losing it. Hard to sympathize with a cause no one honestly cares about.
Re:You don't get it. by Sir_Sri · 2013-02-24 07:55 · Score: 1

You realize there are firms that sell that sort of security right? And academic programs on how to do so etc.
There are legit was to enter the business he simply chose a different route.
Really? by Anonymous Coward · 2013-02-24 07:57 · Score: 2, Insightful

Summary: Kid breaks in networks of corporate entities, accesses trade secrets, purchases development hardware using fraudulent information, brags about it on the internet and then cries about being "ruined".
There is nothing "ethical" about any of this kid's shenanigans. He cried about them taking his toys away, and doesn't even realize he's going to pound-me-in-the-ass prison yet.
Moral of the story: Common sense eludes hacker.
Shall we Play a Game? by RiscIt · 2013-02-24 08:00 · Score: 1

Haven't we seen this movie before?
if you have to cheat... by glitch23 · 2013-02-24 08:34 · Score: 1

to gather information to 'one-up' your competition or to make yourself look good to your friends then you aren't very good. And in this case, breaking the law by breaking into companies is cheating.

--
this nation, under God, shall have a new birth of freedom. -- Lincoln, Gettysburg Address
banking fraud can get you time in a FPMITA by Joe_Dragon · 2013-02-24 09:03 · Score: 1

banking fraud can get you time in a FPMITA and he did it on the International level.
default passwords + open IP is a big issue. by Joe_Dragon · 2013-02-24 09:10 · Score: 1

default passwords + open IP is a big issue and you don't even need to be a be good hack to pull that off.
Seriously? by Seumas · 2013-02-24 09:19 · Score: 1

Slashdot is linking to Kotaku content? Why not just link directly to blogspam (which, frankly, would be better quality than the link-bait drivel on Kotaku)?
at least have whistleblower protection and eula by Joe_Dragon · 2013-02-24 09:23 · Score: 1

at least have whistleblower protection and other stuff like company who use eula's to make you at fault for bugs or even website typo's that let you get pass security with out even trying to hack.
whistleblower protection is needed to cover stuff like what happened to Stephen Heller and others like him.
http://en.wikipedia.org/wiki/Premier_Election_Solutions
infiltrated or used some ones log on and password by Joe_Dragon · 2013-02-24 09:32 · Score: 1

infiltrated or used some ones log on and password that maybe been in a other system that did not have millions sent on security
In the USA..... by Lumpy · 2013-02-24 09:51 · Score: 1

WE make sure that no good deed goes unpunished. no matter where you are in the world, do something good and we will find you and punish you.

--
Do not look at laser with remaining good eye.
Let me get this straight... by fullback · 2013-02-24 13:05 · Score: 1

Your computers and other electronic devices can be confiscated without warrants or your "permission" within 100 miles of the U.S. border without cause or suspicion because you have no right to privacy, and the contents of your phone can be examined by a police officer during a traffic stop, but their computers are private and protected by people with guns?
Right. Got it.
In the past, people would never have tolerated this. They'd have risen up against it and the evil bastards who propagated it.
Now, we're just weak little serfs in the new feudalism.
"He hasn't done any damage" by Memroid · 2013-02-24 14:05 · Score: 2

I would argue that he may have done a great deal of damage. Releasing plans for future products can tip off competitors. Information regarding future products can also result in a customer not purchasing what is currently available in anticipation for a future product. Both of these can mean millions of dollars in losses for a company.
Re:You don't get it. by DKlineburg · 2013-02-24 22:48 · Score: 1

I guess that is akin to saying a padlock only keeps honest people honest?

--
Memory is deceptive because it is colored by today's events. - Albert Einstein