Xbox Hypervisor Security Protection Hacked 232
ACTRAiSER writes "A recent Post on Bugtraq claims the hack of the Xbox 360 Security Protection Hypervisor. It includes sample code as well."
From Bugtraq
"We have discovered a vulnerability in the Xbox 360 hypervisor that allows
privilege escalation into hypervisor mode. Together with a method to
inject data into non-privileged memory areas, this vulnerability allows
an attacker with physical access to an Xbox 360 to run arbitrary code
such as alternative operating systems with full privileges and full
hardware access."
Re:Sweet (Score:2, Informative)
The 360 is easily the most exciting console I've owned since the PSX, given all it can do. I don't even have cable hooked up to my 1080p TV - its basically just a monitor for my 360.
No, I guess this wasn't a very informative post... i mostly just wanted to give MS props for doing at least something right. You know; compliment before you criticize.
Re:That's Because... (Score:5, Informative)
From the article... (Score:5, Informative)
Re:Sweet (Score:3, Informative)
you have to pay extra for the HD dvd drive...
Re:Blue Pill time. (Score:2, Informative)
Re:Ironically, I might buy one now (Score:2, Informative)
You do realize that the 360 can act as a Media Center Extender for Windows XP Media Center 2005 and Vista, right? Also, the 360 can stream music and (with the Fall 06 patch) videos from any "compatible" UPnP media server (technically only Windows Media Connect and WMP11 are supported, but there are apps to do the same on OS X and Linux since all the MSFT apps are really doing is acting as a UPnP media server). Yes, there are codec limitations, but you can transcode on the fly easily enough if you have a powerful enough server.
It just seems weird to me that your killer app is media streaming, but you won't buy a 360 that does that out of the box (or close enough, with the Update). Similarly, if you wanted to develop homebrew games the 360 can already do that with XNA. It has some growing to do still, but expect big things from XNA in the coming months/years. Why would you wait until there's a hack to do that when you could build supported homebrew games already?
Re:Modchips? (Score:2, Informative)
Re:Attacker?? (Score:5, Informative)
You might think you own it, but SUPRISE, you are licensing it.
The fact you keep repeating the same wrong information doesn't make it any less wrong.
Adobe made that same claim you are making. It didn't go over well in court. [cryptome.org] It didn't go over too well for Microsoft either (Microsoft Corp. v. DAK Indus). Novell tried that argument, and got shot down too (Novell, Inc. v. CPU Distrib., Inc., 2000 ).
"...the Ninth Circuit held that the economic realities of the agreement indicated that it was a sale, not a license to use."
"... Like Adobe, CPU argued that it purchased the software from an authorized source, and was entitled to resell it under the first sale doctrine. Novell claimed that it did not sell software but merely licensed it to distribution partners. The court held that these transactions constituted sales and not a license, and therefore that the first sale doctrine applied. 2000 U.S. Dist. Lexis 9975 at *18."
"...The Court finds that the circumstances surrounding the transaction strongly suggests that the transaction is in fact a sale rather than a license. For example, the purchaser commonly obtains a single copy of the software, with documentation, for a single price, which the purchaser pays at the time of the transaction, and which constitutes the entire payment for the "license." The license runs for an indefinite term without provisions for renewal. In light of these indicia, many courts and commentators conclude that a "shrinkwrap license" transaction is a sale of goods rather than a license."
"...Ownership of a copy should be determined based on the actual character, rather than the label, of the transaction by which the user obtained possession. Merely labeling a transaction as a lease or license does not control. If a transaction involves a single payment giving the buyer an unlimited period in which it has a right to possession, the transaction is a sale."
"Raymond Nimmer, The Law of Computer Technology 1.18[1] p. 1-103 (1992). The Court agrees that a single payment for a perpetual transfer of possession is, in reality, a sale of personal proper and therefore transfers ownership of that property, the copy of the software. "
So, at least in the US, a one-time payment for a perpetual use of software is a SALE, regardless of what you call it, and rightfully so. They can't change that with a EULA any more than a car dealership could claim you had a one-time lease payment, with a lifetime use period and the right to transfer the lease for free (thus avoiding legal regulations with regards to sale of vehicles). Any reasonable court would rule that such was a sale, not a lease. What you call it doesn't matter.
Re:MacOSX (Score:1, Informative)
The G5 iMac, however, was EXACTLY that, shame Apple never put the dual-core G5 CPU in it (one of the main reasons why there was a performance boost when they went to the intel Core Duo).
Re:Blue Pill time. (Score:2, Informative)
Audio is transcoded automatically (Score:2, Informative)
Re:Attacker?? (Score:3, Informative)
Negative. Courts have already ruled this is OK. IIRC it was a case dealing with the Sega Genesis, which had to have a sega copyright notice in the ROM to play the game. They ruled that you could put that notice in there legally because it was required for interoperability.