Slashdot Mirror


User: DrXym

DrXym's activity in the archive.

Stories
0
Comments
9,024
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 9,024

  1. Re:not taking reasonable care on Sony Sued For PlayStation Network Data Breach · · Score: 1

    if something goes wrong with their products, don't go public with it, don't acknowledge it, don't even think about it, and maybe it will go away!

    By way of mitigation you might expect them to first assess what the damage was before coming out with a statement. It may have been annoying that they didn't come out and say straight off what was at risk but it's likely they didn't know themselves. The way I understand it was they detected an intrusion and spent the better part of a week figuring out how far the intruder got and what may have been exposed.

    I think it would be in Sony's interests to set the record straight. It's not hard to find people screeching they didn't hash their passwords or encrypt the credit card info and a bunch of BS extrapolations which are all made in the absence of evidence. A technical summary might shut these voices down or at least focus on what Sony did or did not do right and serve as a good post mortem for other companies.

    I also think as someone who has worked in an financial investments company that securing systems is not as easy as anyone here thinks. I doubt there are many systems in the world which are not vulnerable to intrusion. Indeed most companies anticipates it could happen. All code is security reviewed and run through tools like Fortify for the usual vectors like SQL injection attacks. Devs don't administer the production servers or have access to live data. Production servers have different keys to qa & dev. Independent teams manage single sign on. Independent teams do penetration testing. User facing web servers exist in a DMZ and have no direct access to databases. Firewalls separate web servers from web services from datbases. All comms are encrypted with 2 way ssl where appropriate. And so on. Defence in depth in other words. Even so it is no guarantee that a determined attacker, perhaps with inside knowledge couldn't break through and do some damage or steal sensitive info.

  2. Re:Unencrypted = Stupid on 77 Million Accounts Stolen From Playstation Network · · Score: 1

    It amazes me that a company as large and established as Sony would make such a boneheaded move as storing sensitive information in plaintext. Passwords and answers to secret questions should always be hashed. Credit card information and other sensitive information should be encrypted (preferably AES-256 or stronger).

    First AES is an encryption algorithm so it has little relevance for storing passwords which require a hashing algorithm. The answer to the security question could be hashed but it's questionable to what purpose it would serve. And for all you know data was hashed, salted, used a secure hashing algoritm and all the rest. But if someone stole the entire db and knew the salting algorithm they could still eventually crack the values. Or perhaps they hashed but didn't salt, or maybe some of the db was hashed only but more recent accounts were stronger. Things in life are never straightforward. As such you want to practice defence in depth. Implement two databases - an account database and a login database. Both dbs are separate from each other so that if one is compromised it does not affect the other. In front you that you have webservices that munge the data to various web servers. In front of that is a firewall. In front of that are the outward facing consumers of the webservices and in front of that is another firewall. All inward traffic would be protected with 2-way SSL and all outward traffic with 1-way SSL. Maybe we'll discover Sony was completely slapdash about it all and made some naive security mistakes. Or perhaps they ran a pretty tight ship but were subject to a sophisticated attack, even some social engineering. Or perhaps one of their ops guys used their superadmin rights to lift a backup of the entire db. I would have more sympathy with the latter explanations than the former. I'm still pretty pissed though. Fortunately the debacles with Kotaku and other forums meant I've already gone through a round of strengthening passwords, ensuring that more security sensitive sites like banks / payment services do not share pwds with online stores which do not share pwds with forums / throwaways. But it's still a pain in the ass to do again and possibly cancel my credit card too.

  3. Re:Why is it being removed in the first place? on Sony Should Pay For OtherOS Removal, Says Finnish Board · · Score: 1
    So you say. But, can you prove it?

    I don't have to "prove" it, it's obvious from the statements made by Nintendo and Sony, e.g. Peter Dille calls the rampant piracy sickening. It's obvious just from looking at the torrent sites. You will also note his comments about the effect piracy has on 3rd parties. Simply put no one will sink millions on a premium game if it cannot be profitable due to the amount of sales lost due to piracy. Instead the platform turns into shovelware hell with perhaps a few 1st party titles dotted around. So users suffer from not experiencing premium games because the money isn't there to justify making them.

    How? If hardly anyone uses OtherOS (or has the technical expertise to enable the hacks), then how could they possibly 'lose' significant portions of potential profit?

    If Other OS became a means to root the PS3, then it would not be long before custom Linux isos appeared whose express purpose was to install, root the box and install CFW. It wouldn't be a case of people using Other OS for it's legitimate purpose before this happened, but how many would be using it afterwards as a means to root the box.

    Yet there's rampant 'piracy' because of it? Taking things away and tricking customers is 'okay' as long as there's only a few of them?

    I suggest you furnish yourself with a clue concerning what the threat meant. Simply put it meant the PS3 being totally opened up to custom firmware, piracy and everything implied by that. Sony would have to be out of their minds to permit that and hence the course of action they chose.

  4. Re:Why is it being removed in the first place? on Sony Should Pay For OtherOS Removal, Says Finnish Board · · Score: 1

    rampant piracy

    Was there even any proof that such a thing existed? And even if so, how is removing an advertised feature from all systems a good solution? Is hurting your customers 'okay' just because only a few of them would use it? They should have better secured their system. Since they didn't, they should deal with it.

    Rampant piracy exists on the DS and PSP and the Wii isn't looking good either. It's not a stretch to see the PS3 becoming just like the PSP with custom firmware facilitating piracy and legitimate sales taking a dive. Sony would lose hundreds of millions of dollars. It would harm end users too since if the money isn't there to make premium games, they won't be made at all. 3rd parties would desert the platform and it would be left to die a protracted death with a drought of premium titles and sea of shovelware.

    As for they should have better secured their system, well yeah, but now they are in this situation you think they should stand back and do nothing? Security should be in depth and adaptable. Fact is they had options and they took them. In this instance they could have kept Other OS, a feature used by a miniscule number of users, and cast their platform to the four winds of piracy, or they could remove Other OS. It's a no brainer.

  5. Re:Fuck Geohot on Sony Rebuilding PlayStation Network Security After Attack · · Score: 1
    what does Apple do to jailbreakers? nothing.

    Jailbreaking is distinctly different from circumventing a copy / rights protection mechanism. But of course Apple DID object to it and cited the DMCA amongst other laws. They failed because their case wasn't strong enough.

    what does MS do to non commercial pirates? nothing. (except for the genuine advantage check)

    People have extrapolated that because MS privately prefers pirates to be using their desktop OS than a rival's somehow it applies to consoles or other matters. It doesn't. Indeed they took down cryptome.org using the DMCA. Used it as the basis to bring criminal charges against modchip importers. And even used it to shut down a popular "homebrew" modding site JTAG hacks. In other words MS has been as active in stamping on modders / homebrew as Sony ever was.

    And of course Nintendo is as active at prosecuting hackers / cart importers.

    People seem to think that Sony is acting out of turn here when it isn't. It's actions are precisely in keeping with other console manufacturers, stamping on the hackers / importers and banning end users who mod. Colour me surprised. If you buy a closed system where copy protection / DRM is implicit to the model you can expect the full weight of the platform holder to come down on anyone who threatens that model. And in most jurisdictions they'll have the law on their side.

  6. Colorization on Why People Should Stop Being Duped By the 3D Scam · · Score: 1
    I don't have an issue with movies shot in 3D, i.e. most CG movies, or the odd live action movie which is genuinely in 3D. What I strongly object to are all these shitty converted movies where they take a 2D image, create a primitive scene depth model and vacuum form the two to create a glorified diorama. And then they charge a premium for it.

    I regard these converted movies as the modern age equivalent of colorization, bastardizing the movie for the sake of a buck and utterly redundant.

    As far as home cinema systems are concerned, I've yet to see one I would regard as worth buying for its 3D. I've noticed ghosting in LCD and plasma demos and the glasses cost a fortune. I expect however that 3D will appear in most midrange sets before long because it's an incremental feature that most modern SoCs support so why not toss it in.

  7. Re:Why is it being removed in the first place? on Sony Should Pay For OtherOS Removal, Says Finnish Board · · Score: 1

    Don't buy a device with a EULA if you don't want to be subject to what the provider chooses to add or remove. Aside from that, it was a no-brainer from Sony's POV what to do when Other OS became an attack vector. They inconvenienced a small number of people (which I doubt includes most of the people howling about it now) and saved their platform from endemic piracy and potentially hundreds of millions of dollars of lost revenue. Hardly a difficult choice to make.

  8. Re:Why is it being removed in the first place? on Sony Should Pay For OtherOS Removal, Says Finnish Board · · Score: 1

    I guess that depends if you or Sony have proof you used the feature in the first place. Certainly it wouldn't be something that any slim owner would be entitled to compensation for because it never shipped on the slim.

  9. Re:Why is it being removed in the first place? on Sony Should Pay For OtherOS Removal, Says Finnish Board · · Score: 2

    You assume there was a way of fixing it. And what they did was a reasonable response as far as they were concerned. It stopped their platform being opened up to rampant piracy which is overwhelmingly more important to them than pissing off a miniscule number of people using Other OS.

  10. Re:Why is it being removed in the first place? on Sony Should Pay For OtherOS Removal, Says Finnish Board · · Score: 1, Troll

    No, Geohot demonstrated a viable attack on the hypervisor. A contemporary report of which is here. Sony had no choice but to shut OtherOS down before the attack was refined into an ISO that people could download, burn & install on the PS3 to root the thing completely.

  11. Re:Why is it being removed in the first place? on Sony Should Pay For OtherOS Removal, Says Finnish Board · · Score: 1

    Yes it had everything to do with custom firmware and hacking. Other OS became an viable attack vector. Sony was obviously not going to put their entire platform at risk for the sake of the minimal number of people who bothered running Other OS. I find it laughable all the uproar about a feature that I suspect very few people complaining now even bothered to use when it was available.

  12. Re:Why is it being removed in the first place? on Sony Should Pay For OtherOS Removal, Says Finnish Board · · Score: 3, Informative

    I've been looking around a bit, but I haven't been able to find a good explanation to why Sony is removing the feature in the first place.

    Does it allow hacking the console? Does it cost too much to maintain? Anyone knows?

    It became an attack vector to break the hypervisor and gain control of the box. Other OS was entirely absent from the slim models, probably as a cost saving measure.

  13. Calling all thieves on Minnesota School Issues iPad 2 To Every Student · · Score: 1

    Easy iPad 2s to be had at Heritage Middle School. Seriously what a fucking stupid idea.

  14. Re:Is there a story here? on Leaked Activision Memos Compare CoD, Guitar Hero · · Score: 1

    Sure there are millions of songs and many of them are "good" but the ones with the most mainstream appeal have been released already. Those are the songs that people recognize and make them want to buy the game and play along to. The problem with Guitar Hero especially is it's mined out the mainstream and gone off pursuing a hardcore market which doesn't exist to the extent they hoped. Hence the poor sales, hence the reason the series got axed. Rock Band is a little more mainstream but still in danger of suffering the same fate. The reality is that most of the songs that would sell these games are done already.

  15. Re:Not Dead on Arrival on RIM BlackBerry PlayBook: Unfinished, Unusable · · Score: 1

    Classic case of hubris and " love to hate " syndrome . It has got a good CPU , Support Flash , QNX run on Dalvik VM so there is always a plan B of supporting . Android Apps . I think for version 1 this is a decent device and i have used the pre released unit . Multitasking is good enough and by any count it is better than Xoom . in a world filled with Android and Apple Fan boys its hard to measure anything on a standalone basis .

    The problem with supporting Android APIs is if BlackBerry does that, what is the point of using their native APIs again? It reminds me of OS/2 supporting Windows apps. Yes it seemed like a great idea at the time but in the end it meant less native apps which certainly didn't help matters in the long term.

    Of course their Android layer might stink on ice. I haven't looked at it's implementation but it's not hard to envisage how it might have limitations, e.g. faking out hardware, poor performance, lack of services, lack of support for 3D or whatever.

  16. Well done Nokia on Microsoft and Nokia Finally Sign Definitive Agreement · · Score: 5, Funny

    Your decision to partner with Microsoft is as sage and wise as allowing your balls to be shaved by a mental patient.

  17. Re:Is there a story here? on Leaked Activision Memos Compare CoD, Guitar Hero · · Score: 1

    Guitar Hero had a single, limited idea. There is just only so far that you can push the genre before getting ridiculous. The attempts to add things like a story mode to music games always fails, and since they offer additional songs as DLC then there is very little reason to upgrade to the next game.

    The biggest limiter with GH (and Rock Band) is there are only so many good songs and bands. Once you exhaust the good songs and bands you really don't have anywhere else to go. Yeah they might tweak the game mechanics or toss in a story / quest mode, maybe throw out a "pro" controller, but basically at that point the game is up. And all the time the content providers get more greedy and demand more and more money for licensing their songs.

    I expect almost by definition that COD has a better future. That said, I think it's as stuck in its own rut as Guitar Hero ever was. The game AI is laughably poor and it's just a glorified corridor shooter with lots of triggers, scripts and effects to distract you. Such things would be forgivable when the franchise launched but the core game is looking increasingly mouldy these days. It's also clear that the franchise is just a conveyor belt with DLC and monetization becoming more insidious with each subsequent release. So I wouldn't shed a tear if COD died or lost its crown to a more modern shooter.

  18. Re:Nook Color vs. Kindle on Amazon To Let Libraries Lend Kindle Books · · Score: 1

    For free books there are probably dozens of typeset versions floating around. I doubt you can say the quality depends on the format or the source you get them from. Generally speaking though if you want free books Project Gutenberg is the place to grab them. The Australian Project Gutenberg actually has more recent books such as most of George Orwell's books because went out of copyright faster there.

  19. Re:"notable" SD slot? on Asus EeePad Transformer Gets a Thumbs-Up · · Score: 2

    It's $29, and works with any camera. That's not expensive, nor is it hobbled to any but a small niche of geeks.

    A USB SD card reader that reads SD/SDHC cards costs a dollar. Of course if you wanted to go with a brand name such as Sandisk for your reader that would set you back a whopping three dollars.

    So Apple's dongle enjoys a mere 10 times more expensive that an equivalent reader that plugs into a USB port. And yes it is hobbled since SD cards work in a variety of roles, and in a variety of applications not just for pictures and not just in blessed apps e.g. transferring files like documents, videos & music between devices.

    There is no point trying to defend this practice, it's deliberately done to fleece and limit users, no other reason.

  20. Re:"notable" SD slot? on Asus EeePad Transformer Gets a Thumbs-Up · · Score: 1

    Considering 95% of all tablets in the wild (meaning the iPad) have no SD Card, having a card reader in a tablet is still somewhat of a novelty. How Apple gets away with that kind of thing I'll never know.

    It's an add-on for those that want one.

    It's an expensive, hobbled add-on.

  21. Re:"notable" SD slot? on Asus EeePad Transformer Gets a Thumbs-Up · · Score: 1
    I think the clue was where you said you bought a 64GB iPad. Considering there is a whopping $100 premium between the 64GB vs 32GB model and an even more laughable $100 premium between the 16GB and 32GB models the reasons for an SD card slot are immediately obvious.

    A 32GB SDHC card can be had for $40+ so you save yourself money right there. Oh and if you did want to swap photos off a camera you save money by not having to buy some expensive dongle Apple for the purpose.

  22. Re:"notable" SD slot? on Asus EeePad Transformer Gets a Thumbs-Up · · Score: 1

    For purposes of balance it must be pointed out that the transformer has a proprietary connector to attach to its keyboard and to charge it should really have been PDMI. But at least the tablet as a selection of non-proprietary ports. So someone can attach the device to a TV, or a mass storage device, or an SD card without paying an ASUS tax for the privilege.

  23. Re:Better hurry before the horse leaves the barn on Amazon To Let Libraries Lend Kindle Books · · Score: 1

    I should clarify I'm talking about DRM stripping books that someone has purchased outright not books received on loan from a library.

  24. Re:Better hurry before the horse leaves the barn on Amazon To Let Libraries Lend Kindle Books · · Score: 1

    Sorry, what you've proposed is at best unethical and at worst illegal. I'll pass.

    It's ethical to manipulate content that you own into any format that you wish. The question is whether you "own" an ebook and unfortunately the answer is no you don't. You own a licence to view the ebook and therefore obtaining unauthorized access to the book (e.g. for the purposes of stripping the DRM) is probably a violation of whatever local anti-circumvention laws exist in your jurisdiction, be they DMCA or something else.

    Personally I think the definition stinks and it's not helped by the fact that ebooks cost virtually the same as a regular book but with none of the rights of ownership. So I pay Amazon $10 or $15 for a "book" that I cannot sell, loan, destroy or otherwise do what I like with. So while it may be illegal to format shift I think morally / ethically it is defensible fair use. They sell an ebook like a book so it's reasonable for someone to regard it like personal property to some extent. Obviously someone who then shoves said book on IRC or P2P and distributes it others loses even that defense.

  25. Re:Nook Color vs. Kindle on Amazon To Let Libraries Lend Kindle Books · · Score: 1

    Yes B&N have plans for an App Store but they don't seem very advanced. I applied for their program 2 weeks ago and heard nothing back yet. If they try to charge a fee to enter as Amazon do then I hope they fail. Amazon charges $100 to be on their app store which is ludicrous even if they waive it for the first year. I suspect they're only doing it to keep free app / open source scum away their app store, and ensure only profitable / popular pay apps appear there.