Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft

Xbox Security Keys Changed 245

anth writes: "A couple a months ago we discussed some reverse engineering of the Xbox which discovered the security code. The last paragraph of this letter from Nvidia says MS changed the code, and that they had to write off chips with old code as a result."
This discussion has been archived. No new comments can be posted.

Xbox Security Keys Changed

Comments Filter:
  • by SmallFurryCreature ( 593017 ) on Sunday August 04, 2002 @12:09PM (#4008326) Journal
    MS has the right to update and fix any software bit automaticcaly. :P
    • Ouch, this is costing them more money? Good. About time they returned some of their ill gotten gains to the consumer. :) Plus I consider this a nice twist on their new EULA that they seem to want to force on all of their customers. Must be there thought is "Sure, we're not robbing them enough with our lousy software, let's just totally alienate them with our new MS aproved hacking rules." :D I don't hate Microsoft. I just hate their ethics, or the extreme lack thereof.
      • > About time they returned some of their ill gotten gains to the consumer. ...except that it's actually going down the toilet, not back to the consumer.
      • About time they returned some of their ill gotten gains to the consumer. :)

        How lame is this idea! Nobody forces consumers to use MS products, regardless how many times you want to yell 'Monopoly' in a theater. All MS's gains are well gotten gains. You're problem isn't with MS, it's with lazy consumers who accept substandard products. Oh well. That's life. Get over it already.
  • Cat and mouse (Score:2, Insightful)

    by ObviousGuy ( 578567 )
    At some point the technology is just going to progress to the point that these silly hacks are not worth the time nor the money.
    • Well, first off, you should change your name to ObliviousGuy...

      Why?
      A. Someone's ALWAYS got the time. (these are geeks)
      B. Someone's ALWAYS got the money. (not all the geeks lost all their $ in the dot-bomb implosion.)

      'nuff said.
    • Yah, exactly.
      That's why even after 3 card swaps, hundreds of ECMs, mind boggling amounts of destroyed cards, DTV is still hacked by people. I mean, they just gave up giving up, right?
      Hacks will always exist, and you can save more money by giving up after being hacked the first time -- the people buying your tech to pirate your programming, or in this case games, are just not the customers you need to take care of. Consider selling your hardware at a profit to avoid being burned by pirates (what a concept!)
      Spend the money where it counts -- on paying customers!
      • Re:Cat and mouse (Score:2, Insightful)

        by God! Awful ( 181117 )

        Hacks will always exist, and you can save more money by giving up after being hacked the first time -- the people buying your tech to pirate your programming, or in this case games, are just not the customers you need to take care of.

        Yeah, that's basically what they told me in prison: "I'm going to anally rape you whether you like it or not, so you might as well sell your body for some cigarettes."

        -a
  • blamed (Score:5, Funny)

    by mmThe1 ( 213136 ) on Sunday August 04, 2002 @12:13PM (#4008346) Homepage
    We never blamed Xbox.

    Yes, Microsoft is the one. I never blame Windows or Visual Studio.
    • I blame the former everytime Forte4Java goes on a flicker fest at work.

      I blame the latter for not updating J++ since beta 1, forcing me to use such a powerful app as forte on such a shitty OS such as Windows.

      All I can say is:
      Forte damn well better run as good the iBook I'm about to get as it does on my Linux server.
  • Hrmmm... (Score:3, Interesting)

    by vofka ( 572268 ) on Sunday August 04, 2002 @12:14PM (#4008355) Journal
    Surely the nVidia Lawyer types should have seen this kind of thing coming, and keeping that in mind, should have built a clause into their contract with Micro$haft stating that they would receive a certain acceptable minimum notice of a Code-Change, so that the manufacturing losses (and hence financial losses) were minimised?

    Hindsight, it seems, once again has 20-20 vision!
    • Re:Hrmmm... (Score:3, Interesting)

      The lawyers probably would have seen had the glaring dollars signs from the sales people not blinded them. The Desktop GIANT planting an order 6 million + chips? Even if the lawyers saw it anything they said would have been drowned out be the cash registers.

      The odd thing is that their tech guys didn't spot this. After all why should the graphics ship have the code hardcoded in it?

      • Re:Hrmmm... (Score:3, Interesting)

        by geirhe ( 587392 )
        The odd thing is that their tech guys didn't spot this. After all why should the graphics ship have the code hardcoded in it?
        Power consumption.
        Speed.
        Ease of programming.

        The reasons for putting things in microcode or hardware are not hard to see if you are an ASIC designer.

  • by Anonymous Coward on Sunday August 04, 2002 @12:15PM (#4008357)
    I doubt they changed the key as it would be hacked just as easily as the last one. What they've probably done is changed the encryption method to make it harder to do so.. I mean if you're going to scrap a whole lot of chips, you better do it right.
    • by martissimo ( 515886 ) on Sunday August 04, 2002 @01:09PM (#4008565)
      that would be pointless, the MIT guy didn't even attempt to break MS's 128 bit RC4 encryption in the first place.

      their weakness was that the data actually travels un-encrypted along a high speed bus on the mainboard for a very short run, and is checked after that run for a 32 bit "magic number" at the end of their plaintext stream... that is the spot he watched, he made a lil device that plugged into that bus and read the data as it streamed unencrypted.

      unless they encrypted traffic on that bus it would be totally pointless, and the MIT guy who did the research also points out all the complications that doing so would cause (latency, power consumption, reliability)

      his research [mit.edu] (pdf warning) really is a good read if you havent gone through it yet.
    • They just have to change the key. The encryption method is considered quite good (the problemis, they can use any encryption method they want.. it wasn't cracked anyway!)

      Only a small group of people can recover the information from the bus, as such they are the only ones who can mod the new Xboxes. Unlike the old one where everyone and their dog had the keys... etc.

      I suspect that is the theory they are going with, right or wrong.
      • If it is just a key change, they would have been better off if they had used one-time PROM cells inside the chip to hold the key. Then, the key could be set as the last step before the box leaves the factory. No need to throw away chips.
        • If it is just a key change, they would have been better off if they had used one-time PROM cells inside the chip to hold the key. Then, the key could be set as the last step before the box leaves the factory. No need to throw away chips.

          Chances are that is the way they do it. The chips they're tossing were likely already burned in anticipation of MS's next order. Can't undo a PROM.
    • Aahhhh, but Microsoft didn't scrap a whole bunch of chips, nVidia did. Isn't that a slick way of sticking someone else with the cost of your mistakes? I'd be curious to know the volume procurement agreement between the two, and why the heck nVidia got stuck with excess inventory when the product was working correctly as designed. I would expect that when a customer error like the encryption/key issue forced a re-rev, the customer (in this case, Microsoft) would have been stuck with the inventory as well as the NRE (non-recurring engineering) fees for the rev, itself. This is tempered with the issue of whether nVidia had built to-order or built ahead. The latter nVidia would be stuck with.
      • I would expect that when a customer error like the encryption/key issue forced a re-rev, the customer (in this case, Microsoft) would have been stuck with the inventory

        Unless nVidia had already produced more inventory than had been sold at that point. It's common for things like this to be sold as x thousand units per day for y days. If they had excess capacity at the plant, they would have used it rather than turning the fab process on and off (it's usually easier to leave a factory running producing excess products than repeatedly stop-starting).

        Usually, this is good for them as they can than have the factory producing something else until the surplus has been nearly exhausted before changing back.

        I guess MS had a clause where they had to give a week or whatever notice of a chip rev, but by that point nVidia may have already massively overproduced the obsolete chips.

  • by jmd! ( 111669 ) <jmdNO@SPAMpobox.com> on Sunday August 04, 2002 @12:21PM (#4008372) Homepage

    And that we will be taking an inventory write off in Q2 related to the amount of Xbox MCPs that were made obsolete when MSFT transitioned to a new security code (by way of the MIT hacker) and excess in nForce chipsets that we built in anticipation of higher demand of Athlon-based PCs.

    O poor monopoly powers. Entire chip lines and console plans changed by a lone MIT student.

    I love it.
    • Well, entire branches of the Linux kernal, and various other software projects, like Apache, are changed as a result of security exploits.

      Nothing new there, except this is a case of code embedded in hardware.
      • Re:My heart weeps (Score:3, Insightful)

        by kubla2000 ( 218039 )

        Well, entire branches of the Linux kernal, and various other software projects, like Apache, are changed as a result of security exploits.

        The ever-so-subtle distinction between your observation and that of the original posting is that when security holes force rethinkings and reworkings of applications and protocols in the Open Source world, there isn't an entire great big monopoly suffering, just some geeks losing sleep reworking code... as opposed to thousands and thousands of stock holders all of whom are wringing their teeth and gnashing their hands in hopeless, helpess despair as one whipper-snapper post-grad at MIT all but destroys their hopes and dreams of infinite wealth and world peace and dogs and cats loving each other... and god dammit I just can't go on for the shame...

  • by JFMulder ( 59706 ) on Sunday August 04, 2002 @12:22PM (#4008375)
    If for the software this changes nothing (and probably does, after all, the games must still play on the console), it probably changes something in the MOD chip. So that means that the new XBOX that is shipped will not be compatible with the old mocdhips. The result? MOD Chip installers will have to thrown away their old supply of mod chips to make new ones, unless there's a simple way to change the keys in the MOD chip. This is surely going to hurt the mod chip companies who will have to throw away their old mod chips and buy new ones. If Microsoft keeps changing the keys in the hardware often enough, the mod chippers are going to run in a lot of troubles determining which mod chip is needed for which XBOX. This is a brilliant move.
    • ... they'll get to sell a slightly modified mod-chip to the old customers -- again! 2x the profit, wohooo!

    • by SN74S181 ( 581549 ) on Sunday August 04, 2002 @12:36PM (#4008440)
      Does anybody have the code from the MOD chips in downloadable form, so we can evaluate it for ourselves? Usually it's just some PIC embedded controller or an FPGA. There should be a site where the code can be downloaded for free and people with the tools can make their own Mod chips.

      Or are the Mod chips protected by 'security through obscurity' and hardware locks? If so, isn't that kind of ironic?
      • Usually you don't publish your MOD chip schematics, to prevent exactly that. They're not terribly worried about reverse engineering, as if you could do the job, you'd probably profit more from reverse engineering the xbox instead ;). So yea its security through obscurity, but they're not going for a secure modchip really. Just one that they alone can sell to the masses.
      • There are config bits that prevent that. The PIC dies even have a metal layer over the copy protect config bit from deliberate resetting.

        PIC security isn't the best, they can all be breached with a few different techniques, supposedly with a few hundred dollars of parts and labor. Sometimes people use some special method of overloading the Vpp pin so that the bond wire overheats and melts - that wire is needed in some of the bypass methods.
      • Unless something has changed, modchips for the xbox are as simple as a replacement bios that you solder onto the test points.. bios as in a "dumb" romchip.
    • not really. (Score:3, Informative)

      by Anonymous Coward
      Modchips cost $5.
      29F040 chips loaded with a proper .bin work fine.

      dunno how much money im loosing here....

      And when the next xbox rev. is hacked, and the next chips costs $5 as well, everyone will be laughing, because we all know Microsoft can't create a secure system if their lives depended on it
      • If the modchips are indeed 29F040 chips, that means that the EXACT same chips, even the "old stock" modchips will work.

        That F means flash - Take old stock, stick it in the burner again, you have current up-to-date modchips.
    • This strategy never stopped people hacking the PS2 (why does slashdot cover's M$s XBOX more than the PS2?)
      In fact, installers like the occasional change. It helps them move old hacked console stock (well, at least in the case of the PS2, where a hacked console usually remains a hacked console). Next, it increases the price of the new modchips to unbelieveable levels (another source of income) and, lastly, increases the price of older, cheaper to hack consoles.

      Yay! M$ helps pirates make more money again! Woohoo! What do you think will happen next? They'll price their games outside the reach of the expert buyer just like they did with Win XP Professional and M$ office Professional to ensure more piracy?
      This is almost as intelligent as when Homer J. Simpson decided not to buy the $0.50 washer from the plumber.
    • Yeah, more likely it'll provoke contract disputes or legal actions from nvidia, who doesn't want to have to throw out chips it's already made. If microsoft keeps this up, they'll never get nvidia to lower the price.

      Is there really a big xbox game pirating scene?

      This is all silly anyway. I remember when I was younger (under 16) I used to "pirate" video games. Of course back then that meant a 1-300k download. Probably took just as long though. As soon as I was old enough to have a job, and money I stopped doing it, and started actually paying for the games I wanted. It seems to me that beyond basic anti-piracy efforts, companies are wasting money on copy protection. The people that they stop can't afford the games anyway, and the "software pirates" that can afford the games tend to be the people who will use the money to break the new protection rather then purchase the game. It would be interesting to see a study that looked for a correlating revenue increase when a new copy protection scheme comes out. More importantly, how much cheaper would my games be if I wasn't shelling out a SafeDisc 2 royalty for every one of them?
    • I'm sure there are enough unsold original Xboxes in the channel to allow all the mod chips to be sold, if people want them. All this would mean to the mod chip people is that they now (or will, once this one gets cracked too) have two products to sell instead of one. Seems like a good deal to me. I really doubt the mod chip companies are gonna just toss the old chips, it's not like M$ is gonna force people to return their first gen boxes because of their hardware oversight.
  • Even a close partner such as Nvidia could be fscked up hard this way, I wonder people would still trust other proprietary security control [slashdot.org] by MS.

    A slight changes in code could do such a damage, no wonder why MS want to push DRM and Palladium. :)
    • Maybe Microsoft is getting ready to get into the video card/chip manaufacturing business and their logical first step would be to hose Nvidia.
      • I see it now...let's say:

        1. MS partners with Nvidia, helps crashing their major competitor(goodbye voodoo)
        2. MS crashes their close partner Nvidia by destroy their entire product line(blame the damn MIT studnet!)
        3. Seek more partnerships

        With DRM/Palladium, replace "Nvidia" above with any other company name, repeat.
  • geek girl (Score:5, Funny)

    by t_allardyce ( 48447 ) on Sunday August 04, 2002 @12:28PM (#4008394) Journal
    "My girlfriend and I spent friday night in the lab together"

    Oh man :( i wish i had a girlfriend like that. actually... i wish i had a girlfriend lol.
    • by Raul654 ( 453029 ) on Sunday August 04, 2002 @12:32PM (#4008416) Homepage
      It's time like these there should be a "+1, Pitiful" as a moderator option. Or, -1 maybe?
    • And we are to believe that any work gets done?
  • Just goes to show (Score:1, Insightful)

    by Anonymous Coward
    Doesn't this just prove that anyone who banks millions or billions on having encryption that won't be hacked is a fool? And that's not even to speak of one who believes that their product cannot be reverse-engineered. I swear, the DMCA is setting up an unreasonable belief in companies that their products will never, ever be hacked. Regardless of the morality of the situation, anything more technologically complex than an abacus WILL be hacked by someone, and I have no sympathy at all for people who proceed believing that's not the case.
    • The abacus is so fscking simple that we keep looking for deeper meaning.

      I honestly think that the next encryption standard will be pig-latin or ceaser-cypher based. Those that break the encryption will still be called "criminals" and "anti-capitalists". Whoever "makes" the standard will sue, and the source code, or napkin drawings, will be confiscated and kept from the general public.

      That said, it would take us a lot longer to crack a ceaser-cypher than it would take us to crack a DES messsage. Security in Simplicity.
      • Um, if it's a simple Caesar cipher (i.e. all characters in the message are shifted a constant number of characters) then at most you'll have 25 1-place iterations, at most (assuming that you're only using alphabetic characters; if you're using alpha-numeric characters, it's at most 35 1-place iterations) to go through before you "stumble" on the right answer...

        Now, if it's a Vigenere cipher, that's different.

        Kierthos
    • Re:Just goes to show (Score:4, Interesting)

      by fferreres ( 525414 ) on Monday August 05, 2002 @06:38AM (#4011052)
      Maybe it's also a marketing move. The can claim all the extra stock was not sold due to the need to replace the hardware.

      Ie: "it's not we couldn't sell it. We have to ditch the hardware because of piracy. All money lost due to piracy, DoD please help is, they are destroying the industry!"

      So they turn an error in they part into something that can help them strategically. This is just a posibility, but with MS you never know (with Windows, they never did a reversion like this. Remember the bug in XP cds, they just release it on schedule even though the shipped version already had security bugs. They just solved them after release)
  • by nesthigh ( 447909 ) on Sunday August 04, 2002 @12:35PM (#4008429)
    I wonder if this will have any affect on this soon to be realeased product. It's supposed to be bios upgradable.

    Have a look here: Open Xbox - PC - Bioxx [lik-sang.com]

    Odd that it's just now coming out, eh? ;-)

    Next

  • by Restil ( 31903 ) on Sunday August 04, 2002 @12:41PM (#4008462) Homepage
    The next time they have to write off inventory because of a needed security change. Sure, hackers might not be the best friends to that contractual agreemnt NVidia has going, but at some point, they're going to get tired of writing off inventory and flushing money down the toilet just because Microsoft doesn't want people using the Xbox for ANYTHING but an XBox.

    -Restil
    • As I read it, the weakness was in the chip. The code passes unencrypted for a short piece of the bus, and the MIT guy tapped that signal. Unless MS designed the chip, it's nVidia's fault.
    • Yes, if MS repeatedly changes the code(s?) involved here, it may keep mod chippers busy trying to keep up (as suggested in a previous post), but NVidia would be forced to keep near zero inventory of chips, and thus the leadtimes for the XBox will increase by a fair amount I expect. Then the question will be: Do you want a PS today or an XBox next week/month? Not good for the MS bottom line, and thus I would be surprised if they do repeately change codes.
    • Well, hopefully if MS is going to make this a pattern of changing the code every so often, they will start telling nvidia in advance. For instance instead of just saying that they want X number of MCPs, say that they want Y MCPs with code A, and then Z MCPs with code B. If they set this up, they could change codes every month, or even every week, inorder to foil the modchippers.
  • Random observations. (Score:4, Interesting)

    by secondsun ( 195377 ) <secondsun@gmail.com> on Sunday August 04, 2002 @12:47PM (#4008482) Journal
    This really sucks for Nvidia. They had the Xbox chips ready to go and MS, instead of using up the current supply and then transitioning, forces Nvidia to scrap the line and go with their newly resecured chips.

    An analagy to this would be if MS upgraded our operating system in the run of the night and billed us for it; even though we did not consent for them to do this.

    What is really funny is that modding consoles does no damage to the companies bottom line. MS makes money from developer fees, developers make money from the games they sell, and hackers get to have fun and maybe download a hacked game. (this assumes they have a dvd burner, which many don't). By doing this MS has made the XBOX look bad to hardware devlopers [who loose when they have to scrap technology], software developers [wouldn't want MS to change something games rely on], and the tech elite[who don't like MS anyway].

    Of course this really doesn't matter much when it comes to Xbox sales and games. As the old sayings go, the games speak for themselves. Too bad the Xbox family lacks vocal cords.

    Secondsun
    • Actually, much as it pains me to say this, hacking *can* affect the bottom line of a company, in this case. It's a well known fact that Microsoft is losing money when they sell an X-Box... total up the parts cost yourself. Sure, they're losing less money than they used to, but building a video game system from essentially off the shelf parts isn't cheap.

      So what does this mean? "Hackers" who buy an X-Box just to run home-brew software, and not any MS-Licensecd games... is only actually making MS lose money.

      Moral of the story? Buy X-Boxes and don't buy games. =]
  • excess in nForce chipsets that we built in anticipation of higher demand of Athlon-based PCs..

    Never mind that the nForce was hype that never really beat out older motherboards.
    • The nForce makes a quite decent value system. It has a decent quality chipset that can be paired up with some DDR and an older Athlon, to make a nice cheap system that actually has decent video performance (especially for an onboard video chipset!).

      It was never really meant as a performance board, but instead as a value board that had decent performance. As long as you don't expect it to run like the newest Geforce4s, it does a great job as an economy market board.

  • It works for them. (Score:3, Insightful)

    by Martigan80 ( 305400 ) on Sunday August 04, 2002 @01:02PM (#4008544) Journal
    This is a great tax write off for them, just think of what they can claim per chip, and the R&D cost.
    • by nlh ( 80031 )
      and it did wonders for their stock price, too. What...$20 to $9 in about a week? Yeah, great tax write-off.....::rolleyes::
  • Labeling circuits (Score:1, Interesting)

    by Anonymous Coward
    One thing I never understood is why do companies label all the circuits and chips that they put out for productions. I can't think of any reason that a consumer would want the model/serial number of the chips on the printed board, or information about which control lines do what. This only helps in reverse engineering, which most companies do not want. Wouldn't it make more sense to paint with an opaque nonconductive layer and remove the model numbers from any chips that are there?
    • If there was a fault in circuitry that wasn't picked up when they were testing the machines they would have to recall all the ones they have sold and fix them, if all the chips were unidentifiable then this would be very difficult.
      • Yeah, but these days the "fix" is usually replace the entire board or in some cases even replace the entire system. I wouldn't think that it's cost effective in any way to try to repair PCBs in this day and age.
  • I am curious why Nvidia didn't just tell M$ to stick it. Microsoft can't very well switch GPU providers at this point. AFAIK, Nvidia also only gets a kickback on the consoles sold (nothing from licensing fees), so they couldn't care less if the boxes get modded or not. An army of Linux Xbox servers would be great for them.
    • Hmm..

      Actually.. how much you wanna bet MS *COULD* switch GPU's right now?

      I could forsee MS announcing Nvidia is out in the contract renewel period. MS would then just say: "okay, we will pay BLAH for a chip that behaves precisely as the NVIDIA chip did. Same package, same pins, everything. "

      Anyone who could deliver a new chip that met (and maybe even exceeded; the Xbox GPU is a couple years old by now, probably) would get the contract.

      That would be really interesting.

      Also: MS might not have designed the system to allow direct GPU interfacing - ie - it was abstracted out DirectX style. If this is the case, MS could switch out GPUs without a problem.
    • It is very likely it was spelled out in the contract that Nvidia would take that portion of the risk.
    • Simple: Microsoft OWNS Nvidia (And if it's not them directly, it's some investor deep in MS or MS shareholders pockets)
  • It has already been discussed by people active in looking at the X-Box here [xboxhacker.net], including a comment by bunnie, the original Hacking God. The current feeling is that until they stop using a commodity CPU, whatever they do can be worked around in greater or lesser time.
  • by Anonymous Coward
    I'm curious how they could have done this for the Xbox. They can't change the security keys as they already have a widely established installed base that uses the old hardware and keys.

    AFAIK, the security codes were a mechanism of authenticating the Xbox software to be genuine - to stop pirate / unauthorised games from being played on the Xbox. There are already a significant number of titles (and machines) out that will use the "old" security codes, presumably the ones that have been cracked.

    If they change the codes - suddenly they're going to have new machines out that won't play the old games. Likewise, if they bring out new games - they must be capable of running on the old machines.

    Like I said - it doesn't make 100% sense.
    • This change is probably invisible to software. Most likely, it'll relate to authenticating the hardware components against one another. I'm guessing that the new key or new encryption method would prevent the box from booting up at all. But once it boots up, the software probably won't see any of the changes in the next run of hardware.
    • You're absolutely right. They can't break the existing installed base of games or consoles. So, all this is doing, is changing the way the hardware transmits the encyption electrically, forcing a re-design on the mod chip makers. Normally this happens when you do a board redesign, which is normally done when you can make the things cheaper, and is normally a carefully planned part of the cycle.

      It's possible they've combined a couple of chips, and the savings from the redesign have outweighed the cost of dumping unused parts.

      I reckon NVidia are just trying to avoid drawing attention to poor sales.
  • point 1

    Not only does MS screw its competitors, MS is causing a ruckus with its *partners*.

    Kind of like killing the hen that lays golden eggs....

    They have the muscle to be able to do this, but its baad bad business.

    =====

    point 2

    Why wasn't Nvidia thinking ahead on this issue either?
    They could use a CMOS-like chip containing the security key/algorhythm, that would be far less costly to produce, especially if its likely it will need to be changed in the future.

    Maybe use a Complex Programmable Logic Device [xilinx.com]?

    Yes MS kind of screwed Nvidia, but Nvidia appearing to be a "forward thinking" company... why did they get themselves in this position to begin with.
  • Isn't it obvious? (Score:5, Insightful)

    by BandwidthHog ( 257320 ) <inactive.slashdo ... icallyenough.com> on Sunday August 04, 2002 @02:23PM (#4008824) Homepage Journal
    Everybody's commenting about how all the parts of this story don't add up, that these megacorps wouldn't make such obvious blunders, or handle them so crudely. Hmm. While the old "follow the money" trick may not directly apply in this case, it's close enough.

    What is the upshot of this incident, once you filter out all the distractions?

    1) Hacker bypasses DRM-type security
    2) Company "forced" to retool/change security
    3) Direct, demonstrable monetary losses

    They need to set precedents that exposing obvious security gaffes (unencrypted signal on the bus in this case) leads directly to major financial losses. Makes future prosecutions much easier.
    • exposing obvious security gaffes ... leads directly to major financial losses.

      I'm sure someone will argue this, but the truth of the matter is that having obvious security gaffes leads directly to major financial losses.
  • Buy More XBoxes! (Score:2, Interesting)

    ...If you don't like Microsoft.

    Remember, it costs Microsoft $300 to make an XBox, but they sell it for $200. That's why:

    1. The hardware is so good considering the price
    2. They're losing so much money on it
    3. They don't like the idea of people hacking the OS in any way
    4. Keeping the system totally proprietary is more important to them than even the survival of project
    They intend to make money on the games, not on the box itself. They're paying for 1/3 of the box, so they want to keep tight control over what you can do with it.

    For reference for those who question the numbers, I got them from a MS programmer: Their employee purchase plan allows them to buy software at a Huge Discount. Their is no discount on the XBox; though they jokingly say you can buy it at cost if you really want to.

    • by RelliK ( 4466 )
      Remember, it costs Microsoft $300 to make an XBox, but they sell it for $200. That's why:

      The problem is that Microsoft already spent $300 to make an xbox. They lose that money no matter what. If you buy an xbox they will get $200 and partially recover their losses.

      In short, Microsoft loses $100 on an xbox if you buy it. They lose $300 if you don't buy it.

      • Who said manufacturing costs where $300? That's a dream, it surelly is below $300. That $300 figure includes R&D costs. So the more people buy it, the closer they will get to break even.

        People missinforming on this subject are helping Microsoft. Unless they can probe the $300 stand for just MANUFACTURING costs, which I bet is lower than that (and it's all COMODITY HARDWARE, except the feture cripling plugs).
  • I somehow don't understand why microsoft needed to do this. First of all, can't the keys be regained using the same technique the MIT student used the first time? If I remember correctly, he used an unencrypted part of the bus to watch as data flew by. Quite stupid on microsoft's part, but brilliant on the student behalf. As for nVidia, I don't think they had anything to worry about when it came to microsoft. I would have told microsft to deal with its problems until the manufactured chips ran out. oh, and one more thing, the student never gave out the codes, so why does microsoft need to change the keys?
  • It's the only way to stop these hacker-terrorists.
    Of course, banning this one malicious tool is not enough,
    we also need to ban oscilloscopes, multimeters and everything capable of measuring an electrical current.

    For ordinary computer users, this means:
    Under linux, run "shutdown now"
    Windows users are asked to run a program.

  • to those 200,000 unsold XBox stocked in Japan? Landfill? ;)
  • I can't believe they would scrap that many chips over something so stupid. There must have been some bug in the chips that they needed fix and this saves face...

Sendmail may be safely run set-user-id to root. -- Eric Allman, "Sendmail Installation Guide"

Working...