Feeds

Prolific hacker releases PlayStation exploit

Some memory-bus corruption required

Intelligent flash storage arrays

On Monday, when we reported that the prolific hacker geohot had successfully penetrated the previously impervious PlayStation 3 gaming console, readers were understandably skeptical.

After all, the 20-year-old readily admitted his hack wasn't reliable, and he provided no evidence he was able to do some of the things modders love to do most, such as run arbitrary code or peel open the device's synergistic processing elements to take a peak at its most prized internal elements.

On Tuesday afternoon, geohot finally released his exploit so the world could see for itself exactly what the hack does and doesn't accomplish.

According to the instructions, it involves compiling and running the kernel module and then pulsing a memory bus on the PS3's motherboard.

"Try this multiple times," his instructions state. "I rigged an FPGA button to send the pulse. Sometimes it kernel panics, sometimes it lv1 panics, but sometimes you get the exploit!! If the module exits, you are now exploited."

While the idea is sound, this hack is clearly not for the faint of heart.

From there, PS3 users get full memory access, including ring 0 access from OtherOS, geohot, whose real name is George Hotz, said here. He's now turning follow-on work to the PS3 community, directing members to report their findings to the psDevWiki.

His instructions conclude: "The PS3 is hacked, its your job to figure out something useful to do with it." ®

Bootnote

Cryptographer Nate Lawson provides an excellent technical analysis of the hack here.

Choosing a cloud hosting partner with confidence

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.