Comment Re:Fail (Score 1) 534
Mod parent up. PSGroove's mention of NOR flash and dongleless jailbreaking is bunk, not sure how they got that.
Comment Re:Wow... (Score 4, Informative) 534
What did Sony do wrong? Obviously, they could do nothing about a suitably well-equipped hacker physically modifying a PS3 to stop it from verifying at all, or to always return "yup, all good" regardless of the verification outcome; similarly, a firmware bug could allow the same outcome without the expense of physical modification; but how could it be that they would have to put anything in their client(no matter how well hidden by hardware obfuscation/TPMs/smarcards/whatever) that could be used to compute their private key? Isn't a public key, which is a totally safe piece of data to disclose, all you need to verify whether or not something has been signed with the matching private key?
From my layman's understanding of what they did (View the actual conference footage here: http://www.youtube.com/watch?v=GPjd6gHY6A4 ), they don't HAVE the private key. Sony made a big mistake in their key generation method, where they were supposed to use a random value for one variable, they used a static value. Because of that, you're able to generate valid signed packages without the private key.
Comment Re:How did they get the private key, if they did? (Score 1) 534
They don't have Sony's signing key, from what I've read. What they have is a flaw in the key generation process, which allows them to generate valid signed packages without the private key. In fact, here's the video from the conference itself:
http://www.youtube.com/watch?v=GPjd6gHY6A4
Comment Re:Epic Fail? Hardly. (Score 1) 534
The people that did this exploit/hack/whatever reportedly only chose this method of action after Sony decided to remove OtherOS support from PS3's. Their stated goal is to get Linux up and running on retail PS3s. Maybe this would've occured a lot quicker if OtherOS never existed.
Submission + - Sony's PS3 Jailbroken Forever (psgroove.com) 1
ReportedlyWorking writes: It appears that Sony's PS3 has been fatally compromised. At the Chaos Communication Congress in Berlin, a team named "fail0verflow" revealed that they had calculated the Private Keys, which would let them or anyone else, generate signed software for the PS3. Additionally, they also claim to have a method of jailbreaking the PS3 without the use of a Dongle, which is the current method. If all these statements are true, this opens the door to custom firmware, homebrew software, and OtherOS! Assuming that Sony doesn't take radical action and invalidate their private keys, this could mean that Jailbreaking is viable on all PS3, regardless of their firmware!
"Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs Following this, the team declared Sony's security to be EPIC FAIL!"
"Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs Following this, the team declared Sony's security to be EPIC FAIL!"
Sarah Palin 'Target WikiLeaks Like Taliban' 1425
DMandPenfold writes "Sarah Palin, who is widely tipped as a possible Republican candidate for president in 2012, has said WikiLeaks founder Julian Assange should be hunted down in the way armed forces are targeting the Taliban and Al-Qaeda." So that means we should spend billions of dollars and not catch him? Good plan.
Jupiter Is Missing a Belt 187
mbone writes "Jupiter just went through Superior Conjunction (i.e., went behind the Sun as seen from the Earth), so it has been out of view for a while. Now that it has returned, it is different — the South Equatorial Belt (SEB) is missing. The SEB has about 10 times the surface area of the Earth, so this is not a small change. Here are a series of photos of Jupiter's new look. The Great Red Spot typically inhabits the southern border of the SEB, but it doesn't seem to be affected by the change. It's a pity that this happened at Superior Conjunction, and that there is no satellite in Jupiter orbit, so details of the change are largely missing. The SEB has previously gone missing in 1973 and 1990. Since no one really knows what makes the Jovian belts, no one knows why they disappear either. If the belts are really just material from deeper layers coming to the surface, it is possible that the convection has stopped for some reason, or that high-altitude clouds have covered it over."
Comment Re:P4 pride (Score 1) 354
Wouldn't it make more sense just to load Office 2003 on the C2D machine? It'll be more energy efficient, faster, and has less chance of taking a random nose-dive due to old age.
Comment Re:WAY UNDERSTAFFED! (Score 1) 414
You, good sir, live in the land of plenty. Can I come?
I think my corp is at about 1 syadmin per 800 people, one netadmin per 1500 people, and about 1 tech support per 700 people. I think the users would be happier with 1 tech support per 250-300users.
Comment Re:My dept is 'prox 600 computers/3 techs (Score 2, Informative) 414
Lack of AD doesn't prevent automated OS updates. You can implement WSUS without AD, which will take care of many critical OS updates, it just requires that you alter some registry settings and ensure the users have the latest Windows Update client.
Russia Confirms Failed Missile Launch Caused Norway's Light Show 236
Ch_Omega writes "According to this article over at BarentsObserver, the giant spiral seen on the sky over Norway Wednesday morning local time has been confirmed to be the result of a failed Russian missile launch. Russia now confirms that '...the missile was launched from submerged position in the White Sea by the nuclear submarine Dmitri Donskoy. Studies of the telemetric data from the launch show that the two first stages of the missile functioned as they should, and that a technical malfunctioning occurred during the third stage.' There is also an article on this at The Daily Mail."
Comment Re:anyone got hires of the beach scene ?? (Score 1, Informative) 183
The mpg on the creators site is a bit higher quality, but not much.
http://hinome.net/EFh9F10/galaxyrise.jpg
Carl Sagan Sings 183
gijoel writes "Someone with too much time on their hands and access to Auto-Tune has taken clips from Carl Sagan's Cosmos series to make this fantastic song. Watch for the Stephen Hawking cameo."
RadioShack To Rebrand As "The Shack"? 629
Harry writes "Rumor has it that RadioShack is planning to re-brand itself as The Shack later this year, after eighty-eight years under the old name (most of them with a space in between 'Radio' and 'Shack'). I hope it's not true, because I don't think the move would do a thing to make the retailer a better, more successful business." Where will we go to buy soldering irons and those RCA to headphone jack adapters now?
Comment Re:Really? (Score 1) 711
That specifies the computer-end of the cable, whereas this vote indicates an Electrical Wall Socket.
Most desktop power cables connect to the wall in the NEMA 5-15 connector. The only time I've seen IEC C13/14 connectors at the "wall" socket was on a PDU in a datacenter.
Slashdot Top Deals
fortune: cannot execute. Out of cookies.
