Re:Source (Score 2, Interesting)

If they do in fact allow for remote certificate revocation over XBox Live this might provides a means to hack it, ironically enough. Put the 360 on a network you control with a DNS provider that redirects the site it's trying to connect to to a new, fake one, and have your fake certificate authority tell it that the original certificates were hacked and provide new ones. The machine will download the replacement code-signing certificates from My 360 CA. Then what was a crytographically secure mechanism becomes just "security by obscurity" (no one knows that site URL or the format it exchanges) and we all know how well that works.

As Ed Nisley always says in his DDJ column, "to own is to be root" -- there's no truly secure hardware.