Forgot your password?
typodupeerror

Comment: news flash: iSuppli's BOMs are deliberately low (Score 1) 143

by bushing (#41451837) Attached to: Teardown Finds iPhone 5 Costs Apple About the Same As Did 4S

iSuppli's business model revolves around finding you low prices for components (for a nice, hefty fee, of course) for your next big consumer electronics product; these teardowns are just advertising for that service. In order to pull customers in, they mark down the lowest plausible price for each component; it's unlikely that even Apple can get these low prices for each component.

Practially every teardown they show is low-balled, because there's no way to verify any of these numbers, and lower numbers gets them more contracting business.

Comment: Re:Comparisson to Android? (Score 1) 91

by bushing (#40185501) Attached to: Apple Releases IOS Security Guide

This is well-written, but mostly incorrect, based on some bad assumptions about sandboxing and encryption.

The main differences are as follows: the iOS sandbox is somewhat weaker than the Android sandbox. It restricts fewer things and in the past (not sure if it was fixed these days), key first-party apps such as the web browser were not sandboxed at all, which is how several generations of jailbreak worked.

No, the iOS sandbox is stronger, in that it supports more fine-grained control over access to individual syscalls (based on the BSD-heritage Mandatory Access Control framework), as well as the API-level and filesystem permission-level isolation that Android relies upon. Jailbreaks didn't rely on a lack of sandboxing, for the most part -- they exploited kernel bugs in e.g. the graphics driver. It took until 2011 that "rooting" on Android even approached the complexity of the 2008 iPhone exploits; the neccesary exploits on Android were generally much simpler.

Android was designed from the ground up with the mentality that there should ideally not be an "us vs them" divide - Android treats all apps more or less the same, security-wise, meaning that the browser is just a regular app that runs in a permission-controlled sandbox like any other. This open design is one reason why the permissions UI on Android is more complex than for iOS - apps can do more things and the OS has to communicate that to you.

This is only partially true. Android most certainly does distinguish between "system apps" and 3rd-party apps -- why do you think people have to root their phones to remove crapware?

The main reason that Android's permissions UI is more complex is ... a design issue. The Android team decided that it was better to make all users click through a screen showing a bunch of scary shit, so that they could later blame the user if the app does something strange. "Dialog fatigue" ensures that very few people actually read the whole UI, and the fact that you can't (on a stock system) individually deny any access (while still using the app) means that most people just suck it up and run the app and take their chances.

Most of the rest of what you wrote is wrong, because you base it on the statement that Android's sandbox is stronger.

With regards to other features, like drive encryption, as of the latest releases I believe both operating systems are largely comparable.

Okay, now go back and actually read the Apple paper, starting with page 8. iOS's encryption is fine-grained -- the whole partition is encrypted, and then individual files are further encrypted, depending on the application and use (e.g. you can receive new email and take new photos while the phone is locked; that stuff is then encrypted and written to flash, and cannot be accessed until you unlock the phone with a PIN. Older contents cannot be decrypted until you unlock the phone). Android only got encryption with 3.x and 4.x -- about 2 years after it appeared on iOS -- and it's a shitty implementation (requires a full battery, AC power, and > 1 hour to enable or disable; any interruption will cause data loss; must enter PIN code on boot, which then causes the whole flash to be decrypted in memory until you turn the phone off).

Comment: Re:My experience with Apple... (Score 2) 133

by bushing (#35391574) Attached to: Apple Negotiates For Unlimited iTunes Downloads
I think that the issue here is that Apple is required to "only allow one download per purchase, under normal circumstances" (or something to that effect). Emailing them and asking for them to make an exception and let you redownload the music may be within the terms of their license, but "automatic" redownloading apparently isn't.
Sony

+ - Sony’s hunting down more hackers->

Submitted by xstahsie
xstahsie (1987924) writes "Thought Sony’s done looking for hackers? Nope! The company is now looking for other hackers involved, which includes Cantero, Peter, Bushing, Segher, hermesEOL, kmeaw, Waninkoko, grafchokolo and Kakaroto. They will subpoena various websites including YouTube, Twitter, PayPal, and Slashdot to find these hackers. New court documents are made available below."
Link to Original Source
PlayStation (Games)

Sony Must Show It Has Jurisdiction To Sue PS3 Hacker 217

Posted by Soulskill
from the quick-guys-make-up-something-that-sounds-technical dept.
RedEaredSlider writes "A California court today asked that Sony show it has jurisdiction over the hacker who publicized a 'jailbreak' for the PlayStation 3 console. Judge Susan Ilston, in the US District Court for the Northern District of California, said Sony has to show that George Hotz, a hacker who posted a method of 'jailbreaking' PS3 consoles, has some connection to California if Sony is to claim damages for his work on the PS3." For his part, Geohot has moved quickly to fight back against Sony's accusations. His legal team issued a statement (PDF), and also pointed out, "On the face of Sony’s Motion, a TRO serves no purpose in the present matter. The code necessary to 'jailbreak' the Sony Playstation computer is on the internet. That cat is not going back in the bag. Indeed, Sony’s own pleadings admit that the code necessary to jailbreak the Sony PlayStation computer is on the internet. Sony speaks of 'closing the door,' but the simple fact is that there is no door to close. The code sought to be restrained will always be a Google search away."
Encryption

Why Sony Cannot Stop PS3 Pirates 378

Posted by Soulskill
from the of-pots-and-kettles dept.
Sam writes "A former Ubisoft exec believes that Sony will not be able to combat piracy on the PlayStation 3, which was recently hacked. Martin Walfisz, former CEO of Ubisoft subsidiary Ubisoft Massive, was a key player in developing Ubisoft's new DRM technologies. Since playing pirated games doesn't require a modchip, his argument is that Sony won't be able to easily detect hacked consoles. Sony's only possible solution is to revise the PS3 hardware itself, which would be a very costly process. Changing the hardware could possibly work for new console sales, though there would be the problem of backwards compatibility with the already-released games. Furthermore, current users would still be able to run pirated copies on current hardware." An anonymous reader adds commentary from PS3 hacker Mathieu Hervais about Sony's legal posturing.

Comment: Re:Wow... (Score 1) 534

by bushing (#34703922) Attached to: Playstation 3 Code Signing Cracked For Good

How did Sony fuck that one up? It was my(admittedly layman's) understanding that a public/private key crypto implementation, assuming it isn't deeply flawed, using key lengths suited to the computational capacities of PDP-8s, or otherwise totally fucked, was mathematically secure against anything other than a profound breakthrough in prime factorization algorithms, an unbelievable advance in computational power, or an insider leaking your private key.

Close. These algorithms only work correctly if implemented correctly. There are various known pitfalls with each of these algorithms; for example, the original iPhone was unlocked using an RSA implementation error (Bleichenbacher attack against an RSA implementation that does not correctly validate padding and uses exponent 3). ECDSA happens to have a "pitfall" that leaks information inside the signatures it makes.

This doesn't make it a bad algorithm -- it can achieve the same security of RSA using smaller keys and in less time -- but the "pitfall" here is particularly bad.

Comment: Re:How did they get the private key, if they did? (Score 2) 534

by bushing (#34703782) Attached to: Playstation 3 Code Signing Cracked For Good

They don't have Sony's signing key, from what I've read. What they have is a flaw in the key generation process, which allows them to generate valid signed packages without the private key. In fact, here's the video from the conference itself: http://www.youtube.com/watch?v=GPjd6gHY6A4

No, GP was right. The exact signing key used by Sony may be derived from the public components of their ECDSA signatures. Not something close; not something equivalent.

Sony

Playstation 3 Code Signing Cracked For Good 534

Posted by samzenpus
from the forever-is-a-long-time dept.
ReportedlyWorking writes "It appears that Sony's PS3 has been fatally compromised. At the Chaos Communication Congress in Berlin, a team named 'fail0verflow' revealed that they had calculated the Private Keys, which would let them or anyone else generate signed software for the PS3. Additionally, they also claim to have a method of jailbreaking the PS3 without the use of a Dongle, which is the current method. If all these statements are true, this opens the door to custom firmware, and homebrew software. Assuming that Sony doesn't take radical action and invalidate their private keys, this could mean that Jailbreaking is viable on all PS3, regardless of their firmware! From the article: 'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs. Following this, the team declared Sony's security to be EPIC FAIL!'"

+ - Playstation 3 code signing cracked for good!-> 1

Submitted by F-3582
F-3582 (996772) writes "The PS3 has finally been cracked wide open! The secret code signing key has finally been discovered. Or as Marcan42 tweets:

“FWIW lightning talks tomorrow are at 11:30-13:45. PS3 demo will be 4 minutes _somewhere_ within that range (to be determined). They can try to whitelist every existing piece of official PS3 code... but good luck with that. IOW they CANNOT change keys or fix this in a new firmware, because stuff we sign is every bit as good as existing official software. Wii fakesigning vs. PS3 epic fail: Wii issue is a BUG in console code (fixable), PS3 issue is a FAIL in THEIR secret signer (not fixable).”

Read more: http://www.ps3news.com/PS3-Hacks/Fail0verflow-27C3-PS3-Exploit-Hacker-Conference-2010-Highlights/#ixzz19WiQ5lIg"

Link to Original Source
Sony

+ - Sony's PS3 Jailbroken Forever-> 1

Submitted by ReportedlyWorking
ReportedlyWorking (415617) writes "It appears that Sony's PS3 has been fatally compromised. At the Chaos Communication Congress in Berlin, a team named "fail0verflow" revealed that they had calculated the Private Keys, which would let them or anyone else, generate signed software for the PS3. Additionally, they also claim to have a method of jailbreaking the PS3 without the use of a Dongle, which is the current method. If all these statements are true, this opens the door to custom firmware, homebrew software, and OtherOS! Assuming that Sony doesn't take radical action and invalidate their private keys, this could mean that Jailbreaking is viable on all PS3, regardless of their firmware!

"Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs Following this, the team declared Sony's security to be EPIC FAIL!""

Link to Original Source

Comment: Re:Amusing video but... (Score 1) 126

by bushing (#34353200) Attached to: Stephen Fry and DVD Jon Back USB Sniffer Project

Having worked with several commercial USB protocol analyzers over the years I have yet to see one was anything more than an FPGA connected to an off the shelf USB PHY chip. As much as I like cute dog videos these guys need to post proper requirements and design specifications if they seriously want funding from me.

Click through the links to the actual Kickstarter project description. We did some handwaving to keep it accessible for J. Random (Software) Hacker, but I think we gave enough details to answer your questions.

(tl;dr: yes, you're right, and that's more or less what we're doing. Haven't decided on which PHY to use, looking at some SMSC and NXP parts.)

OpenVizsla will be a completely open design of a device that can capture USB 1.1/2.0 (high-speed, full-speed and low-speed) traffic passively between a target USB device and the connected host (usually a PC, but potentially anything that has a USB host port -- think Xbox 360 and PS3). It will be controlled by any computer using open-source client software or potentially in standalone mode (where captured traffic is stored onto an on-board SD card).

As is proper for any open and hackable design, unused I/Os on the FPGA will be exposed (via 0.1" header) for use as a primitive logic analyzer. We hope to eventually support additional sniffing interfaces (SPI, I2C RS232, SD card etc) that connect to a high-speed Mictor connector that can act as 'man-in-the-middle' and extend the device capability limitlessly.

The OpenVizsla device is built around a multi-layer PCB with around 180 surface-mount components that allow the target USB packets to be captured, buffered and delivered to the PC (or stored on SD card in standalone mode).

An XMOS event-driven processor will handle the huge amount of USB data (these little chips are fast!) and it will handle the overall communications with the host (which will be a fully published protocol!) and will provide on-board system programming, housekeeping and of course flash the status LEDs! In standalone mode, the XMOS chip will handle data acquisition and SD card storage; this processor is fully reconfigurable and can be modified and reprogrammed to improve the features or adapt to new requirements.

For the high-speed USB signals a Xilinx Spartan3E FPGA (with attached, expandable RAM) will capture, process and buffer the USB traffic from an attached USB transceiver that we use to deserialize the USB signals from the target link.

Hardware

+ - Stephen Fry and DVD Jon back USB Sniffer Project->

Submitted by Anonymous Coward
An anonymous reader writes "bushing and pytey of the iPhone DevTeam and Team Twiizers have created a Kickstarter project to fund the build of an open-source/open-hardware high-speed USB protocol analyzer. The board features a high-speed USB 2.0 sniffer that will help with the reverse engineering of proprietary USB hardware, the project has gained the backing from two high-profile individuals Jon Lech Johansen (DVD Jon) and Actor and Comedian Stephen Fry"
Link to Original Source

panic: kernel trap (ignored)

Working...