Wednesday, April 27, 2011

Karma

Things just keep getting better for Sony as of late. Now that a lot of talk on just how insecure the innards of the Playstation Network really was is making the rounds, Sony are copping it from all sides. Naturally, talk is just talk, and we don't really know if the information available to us is actually true or not. However, going by old hacker talk on various 'scene' sites when the PS3 was first jailbroken, I would be inclined to believe that at least SOME of the horrendous failure would actually be true.

Sony, if anything, most likely put all their eggs in one basket and never expected the PS3 to get compromised in the way that it was. Indeed, the Cell Broadband Engine architecture, on paper AND in practice, is arguably one of the most secure CPU designs to date. Pretty much any traditional attack vector commonly used to hack systems is blocked by the fact that none of the master root keys for decryption are in any form of software, but in hardware instead. This, if anything, made the PS3 near unhackable for the longest period of time. Even when GeoHot originally claimed he had hacked the PS3, what he really got was two shades of jack fuck all. He had managed to secure control to the hypervisor, and had the ability to execute unsigned code on the Cell's main PPC core. However... the PPC core, if you read IBM's document on how the Cell BE really works, is of little to no real value. Unless he could somehow capture the root key of secrecy that was embedded on the CPU die itself, the CPU cannot be snooped.

Sony believed in this security, and more than likely had one extra layer of protection: The layer of 'people are generally too lazy to give a fuck' when things get too difficult. Numerous people had tried and failed, and the general mentality is that if you cannot even compromise the outer workings of the console itself, you will be unable to obtain details on how the console talks to the network. Of course this isn't true, as anyone with half a mind who wanted to put a packet snooper on their network could have easily traced the comms going to and from the PS3. But, the illusion of an impregnable fortress wall was there. The illusion of 'well if the console itself is this hard to hack, then the network has to be secure too'.

Then there was most likely one other final bit of 'security' in place: Sony had not given anyone a reason to attack them. Indeed, out of the 3 main platforms available this generation, the PS3 is the most open of the lot. It was the only region free console for gaming, thus importers were happy... it had a facility for installig a 3rd party OS (OtherOS) which kept the homebrew people happy. Sony basically did the right thing by most everybody and gave ENOUGH to take away enough reasons for anyone to start poking at their walls.

So where did this all go wrong? Well, removing the OtherOS install option would be the first big mistake. After GeoHot had 'hacked the PS3', Sony's response was to remove a feature in the name of security. If anyone had any brains at all up at Sony HQ, they would have simply let it be. GeoHot got practically nothing, and it did not warrant a response at all. But, in the name of 'security', they go and remove a feature... Everyone knows that you just do not take features away, especially not when it was an ADVERTISED FEATURE of the product, which would have driven a large number of enthusiasts to buy the product in the first place. Not to mention the fucking US Air Force is one of such users.

Then to make things worse, despite the class action lawsuits levelled against them and the fact that you simply do not REMOVE AN ADVERTISED FEATURE, they begin to show their arrogance and god complex attitude and demand that the lawsuits be dismissed. Naturally, when you take things away that people used to have, things that a specific crowd bought the console for in the first place, they start to try to take back what they used to have. One would like to believe that if Sony had simply relented and given OtherOS back at this point, everything would be just fine today and their gaping security holes in the Playstation Network would have never come to light.

But, nope, just like any other god complexed multi-billion dollar company... They may disagree with your opinion, and they will defend to the death your right to have an opinion. Nevermind the fact that it is the people, the paying customers, that made them big. Apparently biting the hand that feeds is a case for good business practice and customer service. Sony doesn't return the OtherOS feature, and start playing dirty in court by dragging out the proceedings and using every last option they can to defend to the death the right to remove a feature that people previously paid for.

So what did they honestly think people were going to do? Roll over and take it? Now they had finally given people a reason to start poking at their security, even if just to take back what we previously had. From here, the rest really is academic... When you break into someone's house, you tend to find a lot more than just what you previously had... and basic human greed shines through and you tend to take a lot more than what you were entitled to, while generally throwing excuses to justify the crime. Indeed, there is enough blame on the hacker side as well in blowing open Sony's Epic Fail. I guess the new definition for random number is '4', right Sony?

But, regardless... things just go from bad to worse. Hackers finally compromise the PS3 using an unpatchable hole in Sony's PS3 operating system, and with the cat well and truly out of the bag, Sony would be left with only one realistic option to take. Which would be join Microsoft and Nintendo in accepting their console has been hacked, and join them in playing the cat and mouse game that has existed since time immemorial.

Or so we'd like to think anyway. But no, Sony is Sony... Sony is God, how dare you suggest otherwise?! Sony are infallible!... and pick up that can!

Instead of taking the realistic option, they go and try to put the cat back in the bag and start suing everyone left right and center. What did they honestly think this was going to do? I can understand the logic and reasoning behind trying to make an example out of someone. But there is a limit to fearmongering. You especially do not blatantly show the world that because you are big, huge and richer than God, that you are invincible and the legal system exists for your benefit, not for the little man. Us little people have known for a very long time that there is no JUSTICE system in the world. There is a LEGAL system, and that system is tempered by cold hard cash. But the last thing we need is to have that blatantly shoved in our faces.

So yeah, well done Sony *golfclap*... You have now given everyone, the people in general, a true reason to hate you. You have shown yourself as the typical stereotypical archetype of the 'big dirty evil corporation' that deserves to be taken down and you are giving a five-star performance on acting out that role. Now that you have finally given many people a reason to start punching back, don't be too surprised that your glass jaw starts shattering before too long.

All in all, you have failed beyond epic fail, and have only compounded that fail with more fail. Indeed, if I could submit a new definition for the word 'fail' to the Oxford dictionary, I would simply redirect it to 'Sony'. While many dislike the inconvenience of the Playstation Network being down, many, like me, are sitting back and enjoying watching the 'big dirty evil corporation' get what's coming to them. I don't give you my money on the PSN because I worship you Sony, I give you money for providing a service, and security. You have failed in providing both at this point. But I don't mind too much... I'm willing to give up that service, if it means I get to see the big dirty evil corporation get taken down a few notches.

That in itself, my friends, is priceless. Grab the popcorn and enjoy the fail while it lasts, as I'm sure for many, this will be the last Sony product and/or service that they will ever buy or subscribe to. I will not be buying the Playstation 4, or whatever your next gen console is going to be called in 2014. I'm sure many feel the same way.

1 comment: