Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Escapist logo header image

GeoHot Sounds Off on Sony’s PSN Debacle

This article is over 13 years old and may contain outdated information
image

Fresh out of a fierce legal battle with Sony, noted hacker George “GeoHot” Hotz has some words to say on the hardware giant’s PS3 woes.

Though it may seem longer, it hasn’t even been a month since George Hotz and Sony settled out of court in the PS3 jailbreak case. Given his less-than-pleasant history with the PS3 maker, Hotz had some thoughts on the PSN outage and breech, and posted them on his blog.

At the outset, Hotz emphatically denied any involvement with the PSN hack. “I’m not crazy, and would prefer to not have the FBI knocking on my door,” he said, adding that he saw a clear distinction between hacking a device you owned and paid for and hacking someone else’s database to steal the personal information of millions. “And, as a onetime victim of identity theft, I feel for everyone who’s data has been stolen.”

Nor does he fault the Sony engineers who designed the PS3 infrastructure, “the same way I do not fault the engineers who designed the BMG rootkit.” Rather, said Hotz, the blame should be directed at the top, at Sony’s executives who decided that the hacker community was their enemy, and who “laughed at the idea of people penetrating the fortress that once was Sony, whined incessantly about piracy, and kept hiring more lawyers when they really needed to hire good security experts.”

The meat of Hotz’ post, however, is a giant discussion of how he feels Sony’s arrogance and belief that it owns PS3s it sells to consumers is at the core of this attack. It is quoted in full below:

Now until more information is revealed on the technicals, I can only speculate, but I bet Sony’s arrogance and misunderstanding of ownership put them in this position. Sony execs probably haughtily chuckled at the idea of threat modeling. Traditionally the trust boundary for a web service exists between the server and the client. But Sony believes they own the client too, so if they just put a trust boundary between the consumer and the client(can’t trust those pesky consumers), everything is good. Since everyone knows the PS3 is unhackable, why waste money adding pointless security between the client and the server?

This arrogance undermines a basic security principle, never trust the client. It’s the same reason MW2 was covered in cheaters, EA [sic – should be Activision?] even admitted to the mistake of trusting Sony’s client. Sony needs to accept that they no longer own and control the PS3 when they sell it to you. Notice it’s only PSN that gave away all your personal data, not Xbox Live when the 360 was hacked, not iTunes when the iPhone was jailbroken, and not GMail when Android was rooted. Because other companies aren’t crazy.

Hotz finished his post with a message to whoever it was that cracked into Sony’s system. While he acknowledged that the perpetrator was “clearly talented” and would either have “plenty of money (or a jail sentence and bankruptcy)” coming his or her way in the future, the hacker had forgotten Wheaton’s Law: “Don’t be a dick” by selling personal information.

That said, Hotz admitted that he would love to see a write-up of how the hacker breached the system. “[Lord] knows we’ll never get that from Sony, noobs probably had the password set to ‘4’ or something.”

(GeoHotgotsued)

Recommended Videos

The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission.Ā Learn more about our Affiliate Policy