The Hacker Who Found the Secrets of the Next Xbox and PlayStation 214
An anonymous reader writes "Stephen Totilo at Kotaku has a long article detailing the exploits of an Australian hacker who calls himself SuperDaE. He managed to break into networks at Microsoft, Sony, and Epic Games, from which he retrieved information about the PS4 and next-gen Xbox 'Durango' (which turned out to be correct), and he even secured developer hardware for Durango itself. He uncovered security holes at Epic, but notified the company rather than exploiting them. He claims to have done the same with Microsoft. He hasn't done any damage or facilitated piracy with the access he's had, but simply breaching the security of those companies was enough to get the U.S. FBI to convince Australian authorities to raid his house and confiscate his belongings. In an age where many tech-related 'sources' are just empty claims, a lot of this guy's information has checked out. The article describes both SuperDaE's activities and a journalist's efforts to verify his claims."
Sort of interesting, but... (Score:5, Insightful)
In an age where many tech-related 'sources' are just empty claims, a lot of this guy's information has checked out.
And he still broke into other people's networks without permission. But I suppose that's OK here since the private info that he released was of interest to Slashdotters and was "accurate"? It was OK because the victims where Microsoft and Sony? Or, shall we see another case of the famous Slashdot Double Standard?
Re:Sort of interesting, but... (Score:5, Interesting)
And he still broke into other people's networks without permission. But I suppose that's OK here since the private info that he released was of interest to Slashdotters and was "accurate"?
It may be ok to a degree for the cases where he broke in and then notified the company of a breach (without doing any damage or requesting a payment)
Companies should be required by law not to pursue anyone who notified them of security holes in good faith. Instead they choose to harass such people, scaring them off and making MY data less secure.
Re:Sort of interesting, but... (Score:5, Insightful)
It may be ok to a degree for the cases where he broke in and then notified the company of a breach...
Hi, I broke into your house and ran may fingers through your dainty underthings and fondled your tooth brush.
Don't you think you should buy a better lock and maybe an alarm system?
Don't bother thanking me, it's what I do...
Re:Sort of interesting, but... (Score:5, Funny)
Hi, I broke into your house and ran [my] fingers through your dainty underthings
Then you've been punished enough already.
Re: (Score:2)
If you broke into my house to stop someone from stealing my things and in turn ran your fingers through my dainty things while in the progress of stopping the commission of a crime, well we have something completely different right? In turn, someone who finds a security hole and not profiting, and disclosing privately that the issue exists should be lauded. Those that do disclose shouldn't be.
Re: (Score:2)
Your scenario has little or nothing to do with the story. This guy broke into some networks and reviled business information to the public.
Re: (Score:3)
I also revile business information. Revilers Unite!
Re: (Score:2)
Your scenario has little or nothing to do with the story. This guy broke into some networks and reviled business information to the public.
Uh... where exactly did he criticize business information in an abusive or angrily insulting manner?
Re: (Score:1)
Why do people cling to the perception that committing a clearly illegal act is somehow/sometimes justified for some reason?
Re: (Score:3)
Why do people cling to the perception that committing a clearly illegal act is somehow/sometimes justified for some reason?
Short answer? Sometimes a single person committing a single illegal act, and 'saving face' for someone else. Is better in the long run than an issue existing and 300 people using the same breach a few months down the road. There are reasonable expectation in case law at least in my country on such things. Both in things relating to physical property, and to computer crime.
Re: (Score:3)
The ends rarely justifies the means.
And while the world isn't black and white, we have processes that are set up to mitigate that fact.
Viewing the breaking into a system, and then notifying the owners, as some kind altruistic act is at best misguided and more likely a sorry excuse for illegal behavior.
Re: (Score:3)
Actually you got it half right. Right now it's okay for Companies and the government to look into your life and control it in a way he did to them, getting all your private information to make sure you're not a 'terrorist'* or to sell that information to others. It's though a high crime to do it to companies, even if they had the digital equivalent of an in plain sight open and unlocked second story window.
*exact definition of the word will be determined by the political climate, but will always be scapegoa
Re: (Score:2)
Well, if the police see someone stealing your television it's likely they too would gain access to your house in order to arrest the thief.
Also it's unlikely a stranger would need to do any additional damage to "break" in, they could gain entry via the same means as the original thief.
Re: (Score:2)
But those are really crappy analogies
Er, you must be new here. Stupid analogies are the lifeblood of Slashdot arguments. :-)
Re: (Score:2)
Hi, I broke into your house and ran may fingers through your dainty underthings and fondled your tooth brush.
Don't you think you should buy a better lock and maybe an alarm system?
While creepy (particularly the toothbrush fondling part :), it is still preferable to waiting for an even less scrupulous person to break into your house
I see it more as "Hi, I was passing by the street and pushing on everyone's door (for fun, it is what I do). Your door had opened when I pushed it -- you may want to fix your lock".
This may be a tad creepy, but these people are not the problem. The ones who would quietly use this information are the problem.
Re: (Score:2, Insightful)
If you truly believe such behavior is merely "a tad creepy" and that it isn't a problem, seek professional help. I'm serious. What this guy did to these networks is way less of a problem than your disturbing analogy.
The last time I saw someone "helpfully" checking doors in my neighborhood I called the cops. There is never a good reason to test the security of a stranger's house, or even a friend's house, unless they want you to do so. If you really care, write a damn pamphlet about home security and hand it
Re: (Score:2)
I suspect that any network admins worth their pay would be able to tell 1) if the exploit / entry method the guy was talking about was true, and 2) what he did when he got in there. If not, they have bigger problems.
I sympathize with the views here, on both sides. Yes, this guy did something wrong, and at least in some cases seems to have been genuinely grey (if not white) hat about it. But if a system as a flaw big enough, how do you want the company to find out about it, this guy or Anonymous/Lulzsec?
H
default passwords + open IP is a big issue. (Score:2)
default passwords + open IP is a big issue and you don't even need to be a be good hack to pull that off.
Re: (Score:2)
I suspect that any network admins worth their pay would be able to tell 1) if the exploit / entry method the guy was talking about was true, and 2) what he did when he got in there. If not, they have bigger problems.
The problem is that it doesn't stop at 2)
2. Verify what he did when he got there. If he tells you what he did, then yes, you should be able to check that.
Now comes the fun part:
3. Prove that he didn't do anything else. This isn't easy, in fact, you are trying to prove a negative. You assume that their systems are perfectly designed to log/alert/block/etc anything additional, and that this is possible for a network admin 'worth their pay'. Let me tell you, no network admin worth their pay should assume
Re: (Score:2)
The last time I saw someone "helpfully" checking doors in my neighborhood I called the cops. There is never a good reason to test the security of a stranger's house, or even a friend's house, unless they want you to do so.
I am not saying that I would encourage such behavior. But once a problem is found, I'd prefer to be notified about it (and I want the companies in question to be notified about it). There has to be a mechanism to allow this.
Getting back to the network... You only have the word of someone unscrupulous that they didn't commit further unscrupulous activities.
If they are not requesting anything in exchange then they are not benefiting from notifying you about the breach. You, however, DO benefit from being notified of a security breach.
I also assume you do not take their word for it and perhaps verify that they haven't done anything untoward
Re: (Score:2)
I am not saying that I would encourage such behavior. But once a problem is found, I'd prefer to be notified about it (and I want the companies in question to be notified about it). There has to be a mechanism to allow this.
I think this stands out to me most. I have to agree that yeah, you are being dishonest for doing it. But telling someone should be ok. IF however, when your admin does his check finds you did steal the kitchen sink, it isn't as ok. I will say however, he only REALLY did that with epic, and only when drunk. He only talked to MSFT when they found him. There is a lot of things he did like leak specs would be doing what is wrong. So sadly, he did enough to deserve some of this. The degree is debatable IMHO.
Re: (Score:2)
The real issue here is why we, as a society, couldn't put his skills to good, lawful use. (There is also unlawful good, but I won't go there, since what matters is the lawfulness) He seems like somebody with the skills. Why isn't he working for a security firm? Why isn't he making software more secure through lawful methods?
To follow the physical lock analogy, instead of him going around your neighborhood checking locks/doors, why wasn't he a locksmith? A locksmith should be able to obtain access through an
Re: (Score:2)
Why isn't he working for a security firm?
what is doing is kind of in the trade school / hands on area and HR does not like them even when people who to them know more then people in college.
Re: (Score:3)
The problem in many countries, is that while this guy has skills he may not necessarily have the paperwork to prove his skills.
As such, companies simply won't hire him, and will never give him the chance to prove what skills he has.
Also, if he gets convicted he will have a criminal record, which will be yet another reason why companies won't hire him.
So the end result is that once all the dust settles, his only way of earning a living will be to use his skills for illegal purposes. And if he goes to jail, h
Re: (Score:2)
Re: (Score:2, Insightful)
If I'm in charge of millions of people's credit card information, THANKS! You're better than dealing with hackers who would rather take that credit card information, sell it on the black market and have to deal with legal charges for failure to properly secure financial information!
Re: (Score:2)
You are a shit head. A direct personal invasion is not the same as an internet hack of a business account. One relates to escalation which can result in bodily harm and death and the other of course is largely meaningless. M$ in this case has used it's corporate US power to escalate this beyond all reason, to a risky how invasion with some douche FBI agent threatening a minor with extradition (zip, zero, nil, nul chance, just some douche being true dick). How was the hack possible, obviously some truly pis
Re: (Score:1)
Re: (Score:2)
at least have whistleblower protection and eula (Score:2)
at least have whistleblower protection and other stuff like company who use eula's to make you at fault for bugs or even website typo's that let you get pass security with out even trying to hack.
whistleblower protection is needed to cover stuff like what happened to Stephen Heller and others like him.
http://en.wikipedia.org/wiki/Premier_Election_Solutions [wikipedia.org]
Re: (Score:2)
They harass such people because they acted in good faith and informed them.
Malicious hackers will try to be stealthy, so they will NEVER invite dialog with their victims unless it's for purposes of extortion, and they will generally go to extreme lengths to disguise their identities, keep access to whatever systems they breached and use them to gain further access if possible.
Someone who tries to help them by identifying a hole and helping to fix it makes themselves an easy target. Someone who is stealthy,
Re: (Score:2)
No - simply no. He broke in to a private network without permission That is equivalent to "Entering" of a Breaking and Entering charge in the US in a brick/mortar situation. There is not ethical difference between the two. What he did with his ill-gotten gains aren't relevant to the discussion. That is the same thing as killing someone today, then joining Amnesty International the next day?!?
Re: (Score:2)
It is not. Draw a legal comparison:
Is it okay to lockpick all company office locks, evade security cameras using various hiding techniques, crack the safe combination using a high tech listening device with a lot of trade secrets, take photographs as evidence and then mail all of the evidence of break-in? Because that is exactly what you're doing, but through computers and networks instead of doors and corridors.
Many people use "but it's okay for my to pick my neighbour's lock just to show him that it's wea
Re:Sort of interesting, but... (Score:5, Insightful)
Less secure than what, exactly?
Let's use a real world analogy. I have my house locked up tight. My neighbor says that I have cruddy, worthless locks on my door. He proceeds to show me how easy it is to break into my own house. He suggests that I invest in the same type of locks that he uses.
So, what should I do? Call the law, and have the neighbor locked up for showing me that my security is shit?
Or, should I purchase and install the locks that he has shown me to be effective?
In actuality, the neighbor has helped me to be MORE secure, not less secure.
Derp, derp, derp.
Re:Sort of interesting, but... (Score:5, Insightful)
Depends. Did he ask for your permission beforehand? If he did and you gave him OK, that's fine.
If he didn't, he's committing a crime for obvious reasons. Else this would become a perfect excuse to burglars who didn't manage to steal YET. "But I was just showing the residents how weak their lock was!".
Re:Sort of interesting, but... (Score:5, Insightful)
Let's say you came home and your neighbor was sitting on your couch watching tv while drinking one of your beers. Then he says "your locks suck, you should try the ones I use".
How would you like that?
Derp, derp, derp.
Re: (Score:2)
You're describing one of my shipmates, not my neighbors.
Re: (Score:3)
Actually, it is like having a house on a busy street with the door standing open, only you don't know it. Would you rather:
a) Your neighbour pop in, check if you are still alive, and remind you to close the door?
b) or just wander in and out like everyone else does on the street.
The problem isn't that people are breaking into your house. It's that people are breaking into your house, sleeping over, and you don't know it.
Physical property has definite levels of trespass. Walking through an open door is
Re:Sort of interesting, but... (Score:5, Insightful)
The closest analogy is the spirit of the law vs the letter of the law...
Hackers generally obey the letter of the law, that is they are only making a computer do what it was programmed to do. Wether that programming was intentional, or the result of a bug comes down to the spirit in which the program was written.
A similar scenario is the law... There are many loopholes (ie bugs) in the law which allow people to legally perform acts which were never intended by the people who wrote those laws.
So why then is it legal for a lawyer to exploit loopholes in the law, but not legal for a hacker to exploit loopholes in program code?
Re: (Score:2)
Actually, it is like having a house on a busy street with the door standing open, only you don't know it. Would you rather:
a) Your neighbour pop in, check if you are still alive, and remind you to close the door?
b) or just wander in and out like everyone else does on the street.
Well, we could make this a bit more like the actual scenario.
Actually, it's like having a house at the end of a largely unused alley with the door standing open, only you don't know it. Would you rather:
a) A random person pops in, make copies of all your private mail and computer files, then maybe tells you about it.
b) You take the chance that someone randomly finds your open door.
Re: (Score:3)
Trespassing online is whatever a big corporation with an army of lawyers says it is.
Re: (Score:2)
That sumBITCH! I TOLD him to stay out of my popcorn!
Re: (Score:2)
And he still broke into other people's networks without permission.
That's really scary. And that's just a rather neutral individual. Imagine what would happen if large institutions with agenda like FBI or CIA started doing the same thing! Oh, wait...
Re: (Score:1)
Re: (Score:1)
In an age where many tech-related 'sources' are just empty claims, a lot of this guy's information has checked out.
And he still broke into other people's networks without permission. But I suppose that's OK here since the private info that he released was of interest to Slashdotters and was "accurate"? It was OK because the victims where Microsoft and Sony? Or, shall we see another case of the famous Slashdot Double Standard?
Generally I'm in favour of being cautious about rewarding tossers who release malware on the net, hack and wreck systems, or in some other way wreak merry havoc and then expect fat job offers. They should not be rewarded but rather should be put in fuck-you-in-the-ass jail. But In this case I'd be wiling to compromise. If that guy really did no damage, and If I was MS, I'd compensate him for the damages done by the FBI and the Aussie cops, make him a job offer and put him to work in my security department d
You don't get it. (Score:1)
I think that obtaining the info on the Xbox and the PS just served as a proof of his feat. He infiltrated the networks of two mega-corps that spend millions on security and employ hundreds of experts using his skills and knowledge. Maybe he didn't even care about the specs of the consoles. He just wanted the kind of information that would prove that he had actually gained access.
The one with the twisted perspective on the subject is you in this case. You completely ignore the black/gray/white-hat categoriza
Re: (Score:2, Redundant)
He broke the law, if his story is true, plain and simple. You're the one with twisted perspective on it. He had no right to access their networks or proprietary information. I hope they don't go TOO hard on him as he did seem to have relatively benign intentions, but he hacked into systems without permission. The companies in question did not contract him to do penetration testing or an overall security assessment.
Re: (Score:2)
You realize there are firms that sell that sort of security right? And academic programs on how to do so etc.
There are legit was to enter the business he simply chose a different route.
infiltrated or used some ones log on and password (Score:2)
infiltrated or used some ones log on and password that maybe been in a other system that did not have millions sent on security
Re: (Score:2)
another case of the famous Slashdot Double Standard?
Citation please. ;)
Re: (Score:2)
Or do we just want to let the Chinese develop good security knowledge?
He didn't destroy anything, that's the point.
What is wrong with you?
Re: (Score:2)
What double standard? Good technicians are encouraged to explore the network. Or do we just want to let the Chinese develop good security knowledge? He didn't destroy anything, that's the point. What is wrong with you?
Good technicians who are employed to explore a network are encouraged to do it. That's about as far as it goes in reality.
Re: (Score:2)
Re: (Score:2)
Or, shall we see another case of the famous Slashdot Double Standard?
Why not, is it forbidden? I'm looking to Washington DC and I don't see a Single Standard, even if US may benefit from having one (e.g. consider the Constitution, how many "standard" interpretation it does have?).
Re:Sort of interesting, but... (Score:5, Interesting)
Re:Sort of interesting, but... (Score:4, Insightful)
That's my concern in this. Seizing his bank access seems punitive to me and he hasn't been found guilty of anything. The alleged offenses don't even seem to warrant that action.
I really hope his legal team can set some kind of precedent to keep a tighter leash on prosecution agencies.
Re: (Score:2)
Civil forfeiture is wonderful isn't it?
Re: (Score:2)
Re: (Score:3)
"It should be up to the courts to decide whether this deserves just a slap on the wrist. Until that time, it should be treated seriously."
No, he should be treated innocent UNTIL proven guilty in a court. That mean bail unless he is a flight risk or danger to the public at large. Also it does not mean freezing his bank accounts.
Re: (Score:2)
No, he should be treated innocent UNTIL proven guilty in a court. That mean bail unless he is a flight risk or danger to the public at large. Also it does not mean freezing his bank accounts.
You might think that it means freezing bank accounts is not allowed, but the law does not agree. Considering that he was apparently in cahoots with at least one other person overseas, they really don't want to allow him to transfer any proceeds of crime offshore.
Re: (Score:2)
So if I notice that the gate around an industrial complex has a security flaw, sneak in, sneak back out and tell you about it, then I should have my bank account seized and have my house raided?
Need to nip it in the bud (Score:5, Funny)
It starts out like this, a hacker looking for the latest games, then it leads to Global Thermonuclear War.
Re: (Score:2)
No damage? (Score:1, Informative)
There seems to be this common misconception that a network can be broken into without causing any damage. Tell that to the IT department that has to re-flash and re-image every damn machine on the network to make sure no backdoors were left behind.
Re: (Score:1)
So, you're saying that IT shouldn't fix backdoors on their network as long as no one ever breaks in using them (that they know about)?
Re:No damage? (Score:5, Insightful)
There seems to be this common misconception that a network can be broken into without causing any damage. Tell that to the IT department that has to re-flash and re-image every damn machine on the network to make sure no backdoors were left behind.
There seems to be this common misconception that having to fix a network to remove holes and backdoors is somehow worse than having lived with it for some time without knowing it Not to mention the fact that your second sentence does not substantiate the first, also known as the non sequitur fallacy: not having caused any damage and being under suspicion for having caused some are two completely independent things.
Re: (Score:1)
Re: (Score:2)
Guess there is a difference between your definition of "damage" and the GP's. In a business setting, any time, effort, or money that you spent, and would not have to spend if there were no breach is considered "damage".
And as long as you can make things up, any word can mean anything you want. So, to continue your line of reasoning: my dictionary tells me that "breach" can mean the same thing as "crack" or "fissure", and the hole was there before the guy got in there, so logically, they'd have to spend effort anyway.
Re: (Score:3)
Your front door lock is broken, but you didn't realise it. A passer-by tells you that is broken. Do you blame him for the "damage" to your wallet that comes from fixing it?
Or how about this: You're understandably unhappy that he pushed your door open and poked his head in. He claims he didn't take anything (and given how he volunteered the information about your door, there's no reason to disbelieve him), but are you angry at him that you now feel the need to double-check everything you own, just in case he
Re: (Score:2)
Your front door lock is broken, but you didn't realise it. A passer-by tells you that is broken. Do you blame him for the "damage" to your wallet that comes from fixing it?
Or how about this: You're understandably unhappy that he pushed your door open and poked his head in. He claims he didn't take anything (and given how he volunteered the information about your door, there's no reason to disbelieve him), but are you angry at him that you now feel the need to double-check everything you own, just in case he (or someone else) took something?
If the lock was "broken" because he was able to devise a method to pick it necessitating that I replace the lock then YES. Imperfect security is reality everywhere all the time. If you think your systems are completely secure all it means is that you are mistaken.
Re: (Score:2)
Your argument is that his actions opened their systems wider, than if he hadn't done anything? Is there any evidence of that being the case here?
If that's not the case, then he still did them a favour by pointing out a hole in their security. Sure there may be others, but now they know about this one. The responsible action would be to close the hole (and thank him), but they could always ignore it and do nothing; they'd be no worse off.
Re: (Score:2)
Your argument is that his actions opened their systems wider, than if he hadn't done anything? Is there any evidence of that being the case here?
If that's not the case, then he still did them a favor by pointing out a hole in their security. Sure there may be others, but now they know about this one. The responsible action would be to close the hole (and thank him), but they could always ignore it and do nothing; they'd be no worse off.
No, my point is that a system that is not perfectly secure is not an invitation for anyone who wants to access the system. Just as you will go to jail if I leave my front door closed but unlocked and you walk in and rifle through my wife's underwear drawer. Maybe you take a photo of it, while you're there but leave the actual items. Unlocked (or insecure in computers) does not equate to do whatever you want. If the company had no security other than a telnet uid/pwd, he still isn't allowed to crack that
Re: (Score:2)
Pretty hard line to take on a guy who was a) a kid, b) merely curious, not malicious, c) did no damage, and d) did them (and their customers) a favour by alerting them to a security hole that could be maliciously exploited by the next hacker to drop by.
Some companies (e.g. Epic) actually appreciated the heads-up, and sent him a signed poster in thanks. Your position that he be punished instead, while defensible under a strict interpretation of the law, looks more like a dick move to me. I'd expect a judge w
Re: (Score:2)
Guess there is a difference between your definition of "damage" and the GP's.
In a business setting, any time, effort, or money that you spent, and would not have to spend if there were no breach is considered "damage".
Excuse me...
Why is it that you think that a breach that is committed by someone who reports it to you and potentially faces repercussions for their having a Bushido-style sense of honor about things causes less damage than a breach committed by someone who then proceeds to profit from said breach without disclosing it to you, up to and including selling the details of how to repeat it to third parties?
Do you somehow think that the people who open themselves up to the repercussions are smarter than the ones
Re:No damage? (Score:5, Insightful)
There seems to be this common misconception that a network can be broken into without causing any damage. Tell that to the IT department that has to re-flash and re-image every damn machine on the network to make sure no backdoors were left behind.
Those actions and associated costs are not the result of having your network broken into. They are the result of being told your network is vulnerable - even if you have no knowledge that the network was actually broken into.
Re: (Score:2)
No, you're conflating two different types of security vulnerabilities:
1) The gap the guy originally used to get in, plus any other pre-existing vulns.
2) the gaps the guy may have introduced into the network while he had access, via new malware, etc.
The re-flashing and stuff mentioned on the GGP is primarily to mitigate #2.
#1 is definitely not the guys fault, but any precautions required to mitigate #2 definitely are.
And whether you agree with the law or not, breaking into secured networks is still illegal r
Re: (Score:2)
My network is vulnerable. I know this, because it exists.
The question is how vulnerable.
I run Linux, not OpenBSD, so there's a greater chance that I'll get a zero-day attack sprung on my network. However we make that compromise because it's considered reasonable.
I run services we need, but each is a risk.
There is no such thing as a secure network, there is only a secure-enough network.
Re: (Score:2)
There seems to be this common misconception that a network can be broken into without causing any damage. Tell that to the IT department that has to re-flash and re-image every damn machine on the network to make sure no backdoors were left behind.
Those actions and associated costs are not the result of having your network broken into. They are the result of being told your network is vulnerable - even if you have no knowledge that the network was actually broken into.
That is not completely correct. Once you know your network has been broken into you can no longer trust any device that has potentially been intruded upon and more often then not a full rebuild is required, simply finding a vulnerability means you have to patch it not rebuild. There will always be vulnerabilities, maintaining and monitoring is key to that, however once a vulnerability is exploited the cost skyrockets.
Re: (Score:2)
So what you're saying is, if you say to me in conversation you are running a server with such and such software, and I reply also in conversion that the latest version of software such and such is exploitable, then give you the URL to the security announcement... I now somehow owe you money despite not even knowing where your network is let alone haven't touched the thing? Simply because you need to check for backdoors and reimage potentially backdoored machines?
I think you don't understand how this "fau
Re: (Score:2, Informative)
Having been through such a situation in the past - while the GP contained some hyperbole, I can tell you our guys spent a couple days checking and cleaning up after an intrusion. If you don't think there's a (necessary) significant investment of time that goes into dealing with an intrusion, you've likely never actually worked in IT.
Re: (Score:2)
Re: (Score:2)
I do that for systems I maintain.
I've nuked systems just for looking suspicious, despite not being able to prove someone cracked them (half the binaries in /bin stopped working, I figure that's fairly damn suspicious).
Anyone who doesn't re-image a cracked system is unbelievably naive, and it will come back to bite them hard one day. Like hell am I going to take the word of someone who broke into my systems that they didn't leave a rootkit.
Re: (Score:2)
A couple of weeks ago, one of our deployment SSH keys was compromised. After the hole was plugged, every employee had to re-key, re-upload keys, etc - even though we knew only one key was obtained .
What kind of org do you work in where they don't take security importantly enough to do this?
Durango hasn't been revealed (Score:1, Insightful)
> he retrieved information about the PS4 and next-gen Xbox 'Durango' (which turned out to be correct)
"Durango" hasn't been revealed yet. How do we know his info is correct?
Re: (Score:2)
They might mean he had info on early development kits, a lot of that info has leaked out (there are after all lots of companies that have said kits).
Early development kits aren't final hardware though, so they don't mean much to consumers or people on the outside.
Chinese Army (Score:5, Insightful)
Ugh.
If some surfer dude from Oz can do this imagine what the Chinese Army and the TLAs have gotten into.
I don't know is this is good or bad, Mutually Assured Destruction can be a good thing, as well as can be the dissemination of information.
However it sure should give people pause when they put a server online. Or make their bank accounts available on the web.
It might be a case of not if but when.
Re: (Score:2)
> Go China! At this point, they're our best hope of saving the world from the Americans.
Be careful what you wish for. You might get it.
Re: (Score:2)
You are late for your labor camp job comrade... Please send video of you being beaten by your neighbor to the Ministers email address by 3am or you will be punished by the overseers.
who cares (Score:2)
So, it's okay for the u.s government and even corporations to spy on our communications(facebook, phone calls, chats), emails, and whatever we upload to the cloud without a court warrant but when somebody does it to a corporation or government it's time for the feudal u.s system to go bat shit crazy on his/her ass. If u.s does not follow the constitution why should we, remember by the people for the people. Hah, who cares it's a feudal system. People just stop hacking it's not worth losing your life over.
Re: (Score:2)
No it's not OK for the government to do that. But just because the government screws you over doesn't mean you can go screwing over 3rd parties. The problem isn't that the law against cracking networks is necessarily bad (although I'll agree it's not perfect and overreaches), it's that the government and corporations aren't held to the same standard as individuals, which is a completely separate issue.
Its funny... (Score:1)
Because no one seems to be blaming the companies like usual, no one is blindly angry for no reason and no one seems pissed off. Why? Because he stole information that users here find interesting.
I mean he did the same thing that hackers have done to companies before and you people lined up to spout the same comments and blame the companies for being hacked many many many times but now all the sudden you change your tune simply because he wasnt trying to steal personal information about you. He commited the
Really? (Score:2, Insightful)
Summary: Kid breaks in networks of corporate entities, accesses trade secrets, purchases development hardware using fraudulent information, brags about it on the internet and then cries about being "ruined".
There is nothing "ethical" about any of this kid's shenanigans. He cried about them taking his toys away, and doesn't even realize he's going to pound-me-in-the-ass prison yet.
Moral of the story: Common sense eludes hacker.
banking fraud can get you time in a FPMITA (Score:2)
banking fraud can get you time in a FPMITA and he did it on the International level.
In the USA..... (Score:2)
WE make sure that no good deed goes unpunished. no matter where you are in the world, do something good and we will find you and punish you.
Let me get this straight... (Score:2)
Your computers and other electronic devices can be confiscated without warrants or your "permission" within 100 miles of the U.S. border without cause or suspicion because you have no right to privacy, and the contents of your phone can be examined by a police officer during a traffic stop, but their computers are private and protected by people with guns?
Right. Got it.
In the past, people would never have tolerated this. They'd have risen up against it and the evil bastards who propagated it.
Now, we're just
"He hasn't done any damage" (Score:2)
I would argue that he may have done a great deal of damage. Releasing plans for future products can tip off competitors. Information regarding future products can also result in a customer not purchasing what is currently available in anticipation for a future product. Both of these can mean millions of dollars in losses for a company.
Re: (Score:2)
yes, breaking in and taking information
people would oppose someone breaking into their house and stealing all their financial documents, but its apparently harmless to break in and commit industrial espionage
Re: (Score:2)
Re: (Score:2)
You would think that after Geohot showed the way (not!), that people would leave Sony alone to wither on the vine.
At any odds you would care to name, I would bet that 99.8% of users upgraded their PS3 firmware (currently at rev. 4.31) without giving a second's thought to Geohot or Linux on the console.
Re: (Score:2)