Big software companies and security (How Sony should handle hacking)

wololo

We are constantly looking for guest bloggers at wololo.net. If you like to write, and have a strong interest in the console hacking scene, contact me either with a comment here, or in a PM on /talk!

68 Responses

  1. Andrew Tavares says:

    Homebrew is just pure awesome, and I can not wait to have it on my Vita. Sony, please continue to let us find ways to run Homebrew on our devices. Thank you for this interesting story Wololo. Much appreciated.

  2. Quaeton says:

    Sony do not negotiate with hackers, much like how governments not not negotiate with terrorists. As soon as they let hackers think what they are doing is kind of ok – because they get rewarded from it, So will lose the fight. I think this is the principle behind the lack of bug bounties.

    • wololo says:

      I think this is very different and i really dont like the comparison. Bug bounties contribute to make the system as a whole more secure.

      • Wesley says:

        I think this article should be taken down. Your blog is widely read wololo, and the more people who know Sony would reward them for helping get rid of hackers/exploits, the more reporting there would be = less exploits.

    • UE says:

      Orrrr another way to view it is encouraging a cheap labour force of software testers to make sure we have stable and secure software… It is taking a “destructive” (and I say this with much sarcasm) hobby and interesest and focusing it into productive means.
      Only an idiot would see this as a bad thing.

  3. Bart says:

    WHAT IS YOUR NEXT EXPLOIT GAME. HURRY THE *** UP

  4. Eli says:

    Dont worry sony not going to give people money anyway…

  5. StepS says:

    Google offers between 100$ and 1337$ for such reports

    Hm, what? :O really 1337? 😀 I suppose that’s what attracts the newcomers

  6. new_guy says:

    what ever happened to Devee’s PSP Kernel access hack? if I were Sony, I would be offering a bounty for that one:)

  7. ziim says:

    I don’t think all hackers would turn in exploits, reward or not. Look at the apple scene. Apple pays for exploits and has even recruited one on the top hackers, but the jailbreak lives on. It is extremely difficult at this stage in the game, 5 generations of hardware to keep improving and patching, and its still being exploited. People want to OWN their device. I’m tired of being told what to do with what I pay for and I’m not alone. The tighter the package, the bigger the explosion!

    (Remember, remember the 15th of November!)

    • wololo says:

      One big difference I see is that many hackers in the PSP/Vita scene are fairly young, young enough that a reward of a several hundred dollars could matter to them more than it would to Apple hackers. Definitely, it will not entirely stop hacking of their devices (some hackers wuold not go for the bounty, just by ideology, or because they have a better way to monetize the hack for example), but I believe it would help mitigate.

      • dimy93 says:

        Yeah wololo you’re defiantly right – the future vita hackers are young people like me that have seen the potential of the homebrew scene on PSP and just want to expand the Vita’s capabilities because is one beatifically designed piece of hardware.

  8. zonicdx09 says:

    To be honest I don’t know how many people would report an exploit because they want to be able to do what they want with their system BUT I don’t think piracy of vita games will be bad considering their size and the price of memory cards for the thing.

    • dimy93 says:

      The point of both piracy and the homebrew scene is the community of people who are willing to contribute to this scene.
      Imagine that u’re able to write a cfw and u do it but not share it publicly. Then what would be the point – yes u’ll be able to create homebrews but how many homebrews can U create on your own- let’s say 5 for a year at most + the cfw itself.That of course would be cool but it’s far from the idea of having the ability of doing whenever U like with your console. The game piracy has even stronger bond with the community thing because the whole point of game piracy is the free share of paid games.
      Hence without sharing publicly your findings u won’t be able to do whenever u like with your console. This leaves people who will find vita exploits in the simple choise- do they want to share publicly their findings or do they want to get some money from sony. I’m quite sure that many people would rather get the money and run especially if Sony plays good their cards with the suite sdk

  9. braveheartleo says:

    Sony, Apple, and companies that take the Walled garden approach would rather maintain autocratic control over their technology and private properties in the form of information, manufacturing techniques and processes, etc. Anything that will be divulged or anyone who will be made privy of such secrets must be under legal agreements or be bound with NDAs, or else they risk leaking such secrets and lose the competitive edge.

  10. braveheartleo says:

    The company would rather chase after those taking a crack at its properties, fire employees that publicly demonstrate vulnerabilities, even at times keeping such vulnerabilities under wraps and instead rely upon security through obscurity. Such a company typically shoots the messenger, so to speak.

    Bug bounties will not work for companies that view any untoward action on its properties as a crime against it, especially when they are heavily invested on such assets.

  11. braveheartleo says:

    The company would rather chase after those taking a crack at its properties, fire employees that publicly demonstrate vulnerabilities, even at times keeping such vulnerabilities under wraps and instead rely upon security through obscurity. Such a company typically shoots the messenger, so to speak.

  12. yosh says:

    I bet there are more than a dozen exploitable games on psn actually xD

  13. Seaking says:

    Did you delete this post?

    • Seaking says:

      Nevermind. I apologize. It wasn’t showing up on the main page for a minute there.

  14. alpmaster007 says:

    Have multiple memory cards for your vita then you can use
    One account for like 3 Vitas and never update the firmware
    After downloading the vhbl game. Then Sony can not stop yoj
    With the patch on the firmeare if the game is already downloaded
    On the multiple memory cards. 🙂

  15. Watching The World Burn says:

    Sony Why Not Listen To Wololo (Also wololo when I showed your name to my friends some of them laughed because we were all playing age of empires)

  16. Name says:

    Guess what’s the first search result for ‘sony bug bounty’ now?
    HINT : click my name

  17. dimy93 says:

    wooow chasing hackers – are hackers animals or what ???
    It seems as if Sony’s CEOs have successfully passed the Gestapo’s training program.

  18. asmodeus says:

    sony would give 500 $ lol !!!
    i think they’ll actually give’em a 500 $ ps vita games pack to thee !!! lol

  19. cris says:

    well lets see the apple example
    they tried to stop jailbreaking,they release updates each time a jailbreaking occurs ,they offer money for exploits,but each time a jailbeaking is there and they just update with no updates in their os.
    the average user thats me wants to tweak ,(the reason i have android) i paid for psp games and i want to play them on vita freely that wont happen . what is fair for big companies is not fair for customers in the end of the day what matters is the respect of the company to the user.
    that is my opinion and black and white positions are welcome

  20. Shinny says:

    Well it reminds me about Virus VS Antivirus… Some people sell viruses so that other people can sell their Antivirus… The concept is pretty much the same, but instead of making viruses/exploits, people try to find them out, so that Sony could patch them, for a much lower prize (good economical move), cause when a hack appears people start to pirate games witch means Sony is loosing money… And that also reminded about Google paying money for the once who can hack Google Chrome…

  21. E-Kami says:

    I totally agree with what wololo said. Now we have the Playstation suite sdk so hacking the PS vita (I mean accessing the kernel) would be stupid, the only reasons which could lead hackers to make exploits is:
    1 – Accessing the PS vita kernel to use all its syscalls, interrupt…
    2 – Not making the code in C#… and using native language either
    3 – Using the PS vita at its full power
    4 – Release and iso loader… which I hope, is not hackers priority…
    As many of us are independant developpers or small teams, we do not need to use the full power of the vita, also, C# is not a bad language (even if I don’t like it). So yes, for the few hackers who want to hack the PS vita, a bounty program would be very very helpful for both, sony and hackers.

    • Shaun says:

      Don’t forget that Sony would need to approve each application that goes on PSN so not all homebrew such as emulators would be approved. Same reason iOS needs exploiting.

      • dimy93 says:

        yes and we still need to pay 99$ to distribute our creations but nevertheless a big step forward for sony

  22. Mastershake01 says:

    Thank you wololo for spreading your knowledge with us all and working on vhbl for us im 14 im home all day i mod and repair ps3s and other game consoles and right now im working on arbitrary and C++ trying to learn how to create im transitioning from editor to creator and for the people that are talking mess need to stop if you knew how hard some of this stuff is you would see so wololo i joined the other day when the hello world was up dont bag on me my brother is a employe with Sony and he sais he loves your work so not all sony employes are rats he told me the people that are watching you forum are getting paid over time lol so dont bag on him and he doent rat

  23. tonyuk73 says:

    I really dont understand why $ony have such a problem with hacks leading to running homebrew on ‘my’ vita.its what i bought it for.And with the help of wololo and all the other devs that put there time into making programs such as vbhl i know i will soon once again in the future(fingers and toes crossed) be able to play super mario through a emulator on a ps vita .And to the backstaber hackers @shame@

  24. DigiTak says:

    No no no nononononono stop trying to give sony ideas ._.

  25. gQx says:

    wololo you can earn lots of money with this bounty thing. Do you want to Sony pay you is this article about that? :)) As you said earlier Sony takes advantage of whole hacking even rumors of it. as long as sony prevents %100 piracy they will find a way to turn the situation to their advantage.

  26. Norml says:

    Sony is pretty choatic about how they handle the situation, they really need to get with the program and find that medium. Make money and work with the consumer.

  27. dfg says:

    1.67 vhbl game dragoneer’s aria

  28. dfg says:

    1.67 vhbl game dragoneer’s aria $9.99

  29. asdfjuma says:

    So you’re finally getting out of the biz Wololo? With these last few article I wouldn’t be surprised if you’re the pioneer of Sony’s new bounty program. 😛

    • wololo says:

      You know, if they had one, I would consider it. Of course, I wouldn’t reveal other people’s exploits. But the stuff I find on my own, why not.

  30. ferx says:

    what about the name of the game wen is going to be reales

    • z3r01 says:

      It gets released when it gets released…patience…an no its not dragoneers aria people…

  31. gQx says:

    Are you giving up wololo? Don’t join the Dark Side.

  32. No1 says:

    Sorry, i dont quite understand this. You’re *** off a Sony, but want them to remove all possible ways (or at least as many as possible) of hacking their systems? Sony already does this, so what exactly are you *** at?

    • wololo says:

      I am not *** off, i am just pointing fingers at another thing that sony could do much more efficiently.

      • Yes says:

        I think he is referring to your last sentence where you say:

        “Thankfully, I’m just a *** off sony customer, and I know Sony never listens to their angry customers”

        🙂

      • No1 says:

        Fair enough. I was just that i saw that you write in the last sentence that you were a *** off consumer, so i had to ask.

  33. No1 says:

    I forgot to add, i dont see why it is “what the…?” for offering bounty to lead to arrest of the PSN hackers. When someone hacks into your system and apparently try to steal data from you, dont you want them to get punished?

    The article you’re referring to there is only about the guys who did the PSN hack, it is not about normal system/console hackers.

    • Yes says:

      I think it’s worth noticing that it only says they’re concidering it. Does anyone know if Sony did ever offer a reward for tips to catch the PSN hackers? If so, what was the reward?

      • No1 says:

        I’m wondering about this too. It only says “concidering”, not that they actually did it.

        • No1 says:

          But even if they did do it, i see nothing wrong with trying to find out who did the PSN hack. The article only mention these PSN hackers, so i think that this has much to say for the whole situation.

          • Mycael says:

            Heck,
            Sony was cutting staff back then;
            Lol, them hackers could even be the IT people
            Sony fired a week before the hack-incident.

            Lol, if there’s anyone who’d know
            the vulnerabilities, it’d probli be them :))

  34. Axqe says:

    why not a market with free apps trial ones etc. android market style would b great

  35. BlackFire says:

    Damn commies.

  36. 10$man says:

    This is very interesting.
    I certainly don’t want this to happen though.
    To be honest, I would prefer being able to run my own homebrew games to having a few hundred extra dollars in my pocket (it is intriguing though).
    What would make Sony the perfect Company is if the could completely block out Piracy and also make a SDK kit released freely to PSP/PSV/PS3 owners.
    I think that possibly having two memory units on the psp, one for homebrew and one for Official Sony games, could be the solution. There would be a master drive that the system boots off of then almost like 2 memory cards you could goto Official games or Custom games.

    I guess Sony is just worried about the couple of bucks they might lose right away instead of Loyal and lasting customers.

    Owner of two PS3s and 4 PSPs. I love Sony products but I can’t stand there policies.