An official Sony Twitter account has leaked the PlayStation 3 master signing key at the heart of the company's legal offensive against a group of hackers being sued for showing how to jailbreak the popular game console. Kevin Butler, a fictional PS3 vice president, retweeted the metldr key in what can only be assumed was a …
... will they now try to prosecute the people who are discussing the Tweet...?!
I've already handed in my computer...
And both eyeballs!
Luckily for me I can touch type on my air keyboard ;o)
The title is required, and must contain letters and/or digits.
Sony Legal adds vetting posts for the PR droids to their job description?
> An official Sony Twitter account has leaked the PlayStation 3 master signing key
I wouldn't call this a "leak". He didn't go into their secret source code, find the secret key, and post it to Twitter.
Someone posted a tweet directed at him with a random-looking string of hex and a cryptic comment. He obviously didn't know what it was, but thought the hex numbers looked a bit like the co-ordinates you use on a Battleships board. So he replied with a slightly lighthearted reply. And the Twitter program also copied the original message in his tweet.
Obviously, as soon as it was pointed out what the number was, he removed the tweet.
I don't think he actually did anything wrong. There was no way for him to know what the number was. It's not like people memorize the number. And as a Sony employee, he shouldn't have access to Sony's copy of the key, and his employer would probably prefer him not to read sites about hacking Sony's copy protection.
He didn't go into their secret source code, find the secret key, and post it to Twitter.
He published the key where he got it from is not relevant.
Possible rational explanation?
downvote that shit! We don't need that sort of talk on here!
I donh't think he did much wrong either
But given what's going on at the moment you would have thought some common sense was a useful skill in a PR droid. Maybe not though.
OTOH how many people outside of techy circles even know what a crypto key is, let alone what one looks like?
His mistake was on many levels, due mainly to a big ego.
one, it was not @exiva to the original sender, but was a public tweet.
two, it was not just a reply to @exiva but a RT of the orignial tweet containing the secret key.
three. it was the real secret key NOT a "random string of hex" if he'd changed it then no problem.
What he should have tweeted was:
"@exiva you just sank my Battleship >:'o("
But no the marketing twonk thought thats such a good joke I'll publish it so the world can see it.... And in doing so broke the first rule of secrets club, dont publish your secret.
The fact that the marketing twonk did not know the key is technically not relevant, the key should be so obscure that there is a billion to one chance of him publishing it in a series of random numbers. so it's not possible(incredibly unlikely) to just publish it without knowing or being prompted. The point here is that he was prompted to publish it and did so.
A marketing person needs to be fully aware of every character they publish, THIS is the FAIL. he published something he did not understand, and the consequence is dire.
IF someone had posted "sony to give away ps3s for free" to him in English or Japanese, would he have reposted it? verbatim?
A thousand billion billion billion billion billion to one.
The marketing department should now evreything going on with their comapany and what people are saying about it. If they hadn't heard about the recent cases of their company being hacked, they arent usefull to the company.
Oh they'd heard that someone had copied the key... So they were rigorously avoiding all talk of bars of soap, chewing gum, and other key copying techniques...
Marketing is worth every penny.
Well...it wasn't even Sony who retweeted...
In all honesty, shouldn't we be more truthful than this? From what I understand reading other reports of this stupidity, someone sent the old private SELF signing key to the fake (clearly) Kevin Butler twitter account that is managed by a marketing person who works not for Sony, but for the marketing firm that Sony uses to handle the Kevin Butler campaign. The person behind the twitter account isn't a Sony employee, nor are they technical, nor should the be technical, or expected to be approving every retweet with some Sony legal team. Kevin Butler is a fictional person, so anything said it neither official, nor can it be attributed as authoritative. Not only that, but the point behind the twitter and other social networking elements of the Kevin Butler personality is to interact with gamers in a humorous manner to generate positive buzz. Therefore when someone tweets that account, they normally will get some kind of joking reply - like "You sank my battle ship!".
Of course sending the hex key yo that twitter and seeing it retweeted must have felt really good for the guy that did it, but it's hardly Sony leaking or giving away the signing key - is it? This is what really bugs me about The Register and tech media in general. Never let the truth get in the way of a hit generating headline. I used to think that the Register was better than that. Not any more.
Let's see, "Hacker Exploits Marketing Lack of Knowledge, Spreads Old PS3 Key" just doesn't have quite the same ring to it as "Sony tweets 'secret' key at heart of PS3 jailbreak case" does it? Perhaps one is more accurate than the other, but one is more likely to generate hits than the other. Guess which is which.
re: Well...it wasn't even Sony who retweeted
Law is law, and is often very differnent to what you percieve as common sense.
Legally an agent, paid by sony, published on behalf of sony, a secret key, that Sony are in the process of trying to withold/redact whatever.
There is no deception in this story. There is however a plonker, who is willing to repost anything for a cheap laugh, even if he doesn't understand the consequences of his actions.
Wonder if the Twitter..
.. account was compromised & some one put the key up. seems the only logical explanation.
at epic fail.
lets face it
At the moment the Japanese are going a bit crazy on copyright what with passing new laws that makes lending games illegal, and nintendo is trying to sue people that sell their saved games to other players.
Note game rentals are already illegal in Japan (unless you pay the correct Yakuza boss the correct sums of course.)
best defence ever?
See, the key is that irrelevant even sony dont mind sending it out into the world..
I hope that Sony goes bankrupt. I will never purchase another Sony product. I hope that 20,000,000 people view the video on hacking ps3, that should keep da lawyers busy for a few decades.
Not the way to go
The title was a little misleading, I thought Sony leaked the unknown key.
Anyway this certainly undermines their legal case, should they now sue themselves for discussing (disclosing) the key? - no of course not they're the ones attempting to enforce copyright on their own property.
IMO DMCA is one of the most restricting laws that holds down the open development. In fact Sony should be letting these hackers get on with it, so they can fix flaws. No exploit employees involved , free labour. The DMCA just enforces security via obscurity.
Sony screwed themselves
Sony have put themselves into this situation.
their knee-jerk reaction to remove the OtherOS feature has actually pushed people who used that legitimate feature to now look at the jailbreak/rooted world to get that feature back... they then
enter the world where pirated games are a download away..and its all too easy for them to join the dark side.... when they used to live a world away from it, happily booting between linux and GameOS.
>>remove the OtherOS feature has
Because people were doing things they didn't want to happen.. i.e. unlocking the RSX in OtherOS. There is a reason it's locked out.. Sony makes money from licensing games. If they allowed OtherOS full access to the hardware there would be no reason for publishers to get their games officially licensed by Sony. You may not agree with Sony's business model but there is a clear reason why they removed OtherOS.
>>actually pushed people who used that legitimate feature
People keep making out that lots of people used OtherOS... without any numbers at all.
I would guess if OtherOS was running on a significant portion of the 44 million PS3's out there, then there would have been more of a fuss. One guy in the US tried to sue Sony for removing it and got nowhere right?
>>to now look at the jailbreak/rooted world to get that feature back...
I'm just guessing here.. but I reckon the people using these recent developments for warez opposed to homebrew is something like 1000 to 1?
>>world where pirated games are a download away..
The only reason this has all happened was the PSJailbreak.. which is for warez.
>>when they used to live a world away from it,
So homebrew is a "gateway drug?" even more reason for Sony not to allow homebrew right.
>>happily booting between linux and GameOS.
Yes, all those millions of PPC linux users that don't seem to appear anywhere.. The Wii is PPC too.. have we seen any massive jump in PPC linux users? Nope. From the Debian popcon stats we can see that Debian PPC hasn't grown in like 3 or 4 years.... You know if you want to run a commodity OS you can just buy X86 hardware right?
There are quite a bit of PPC users, and PS3 isn't just PPC but it also has the CellBE processor, the only one with such a thing. Thanks to IBM's axing of the Cell Blades, the only way to get 'em now is by buying a PS3!
OtherOS users would never ever need to crack the ps3 for pirated games; those in the industry actually think that Sony's move was stuipd because the pirates themselves had considered the PS3 too hard to crack, and thanks to OtherOS the hackers didn't care about hacking the thing.
In fact, the hackers stopped short of enabling piracy precisely because they weren't interested in that. It was the pirate community the one that went and used the opened doors to enable the "copy game to HDD, run from HDD" thingy. But they would still be unable to do so if the hackers hadn't cracked the thing, and the crack wouldn't have happened if OtherOS hadn't been disabled in the first place!
It may be a small % of PS3 users, but it is the kind of people that actually have the knowledge to crack the thing. Bad move!
Yes, I agree 100% with your comments. I am a linux head, I did not own a ps3. Now they are unlocked I have purchased one, with intent to make it my lounge room computer/media center. I have recently installed debian linux on it, and, well, it needs some work yet, but I'll enjoy helping improve it to the point where I can boot the ps3 normally for official bluray disks, or boot linux and use it for everything I currently use my dated laptop for.
I bet, infact know, lots of people are buying ps3s now they can do a lot more with them. Being cracked will sell more units of ps3, push the numbers sony use to woo developers, and pirates will pirate and consumers will still legitimately consume. Game publishers will make just as much money from the ps3 now, as they do from the xbox 360.
I did not know that I just became transparent
I did not know I am transparent and inexistent. I have in fact two PPC desktops.
My main personal laptop nowdays is a MacBook Pro Titanium which my other half obtained via skipdiving before leaving her last job. The dolts in their IT did not know how to fix a run of bad sectors under Mac OSX. Despite it being 8 years old for most laptop tasks it performs _ON_ _PAR_ with the company hp nc94xx crap I am obliged to have from my work. Under Linux (debian to be more exact).
Similarly, till recently the shared desktop in my house was a Mac Mini G4 similarly running Debian. Similarly written off by dolts in IT somewhere and obtained via skipdiving. The only reason I went back to Intel for that is that the Mini does not hibernate.
I also know quite a few other users which use PPC for Internet exposed home/SME servers. It is quite a bit of fun watching k1dd10tz trying to apply their scr1pt k1dd13z 31337 sk1llz to a non-Intel big endian machine.
Yours, sincerely, a PPC linux user.
see, that's all fine
A PS3 would make a rather good HTPC, they're quiet and powerful and they come with a wireless controller - you could put some games on there too (mmmm, ScummVM on the big screen!) and using it for crunching Hard Numbers if that's your thing too. I'd definitely like to have a PS3 as part of my video processing and image stacking system. Lots of grunt in those Cell cores for that kind of thing.
The problem, from Sony's point of view, is the PS3 unit itself if a loss leader. They lose money on every console they sell - they make it back when you buy games, download stuff from PSN and so on. But if all you do is install linux, then Sony are just subsidising your HTPC, and they don't want to do that.
There were quite a few people using them - standalone or clustered - for Science, at least until it got cheaper/easier to use a stack of GPUs and OpenCL for most things. Sony, as a business first and foremost, didn't want to be paying for research that they didn't benefit from. I understand their point of view, but they handled it badly - they should have known that removing OtherOS would have triggered this kind of arms race, one they will always lose. How to handle it any other way is the difficult question - although it's possible that the negative publicity they're seeing now is costing more than a handful of PS3s!
It's not hard to handle it another way
"How to handle it any other way is the difficult question"
The root cause of the problem was that Sony were selling a very useful bit of kit for a loss, in the hopes of getting more people addicted to their overpriced games.
The other way of handling it would be to simply not sell the hardware at a loss. Instead, make money on every unit you sell and it wouldn't matter what use the customers were making of the hardware.
Even better, since you are no longer subsidising the hardware, the software doesn't have to be quite so overpriced which would give Sony a bit more leeway to undercut their rivals.
If Sony are unable to make the hardware at a price customers would buy at, then maybe thats a sign that it just wasn't a good design to start with for it's stated objective of playing a computer game.
Ok, so you are one user with like 4 ppcs machines.. someone call fedora, suse etc.. they need to get their PPC build machines back up and running!!!
Dont re-write history.
>>There are quite a bit of PPC users, and PS3 isn't just PPC but it also has the
>> CellBE processor, the only one with such a thing. Thanks to IBM's axing of
>>the Cell Blades, the only way to get 'em now is by buying a PS3!
Ok, so IBM don't want to sell you a Cell anymore and neither do Sony.. you think it might be time to consider a new architecture?
>> the pirates themselves had considered the PS3 too hard to crack,
PSJailbreak came first. Don't try to re-write history the other way around.
The keys would have never been leaked had the PSJailbreak not appeared.
>>and thanks to OtherOS the hackers didn't care about hacking the thing.
So what the hell was GeoHot doing? Trying to unlock everything to OtherOS.
>> used the opened doors to enable the "copy game to HDD, run from HDD" thingy.
Again, you have it the wrong way around. Without the USB exploit from the PSJailbreak this would have never happened.
>> but it is the kind of people that actually have the knowledge
>>to crack the thing. Bad move!
Except that the PSJailbreak beat them to it?
just watched one of the videos on youtube
well about 10 seconds of some spotty merkin youth explaining it all.
If Sony want to write to me I will of course refer them to Arkell versus Pressdram 1971!
Twitter messages are not private ruling...
So this info appeared on twitter officially by sony we are allowed to publish it ourselves since twitter was ruled not private.... brilliant :D
is a "fictional Vice President"?
Search is your friend
after this little stunt, he'll disappear and Sony will try to pretend he never existed.
A complete defence?
I guess George Hotz, aka geohot, potentially has a 'complete defence' to the allegations levelled at him by Sony.
The whole matter proves that Sony still hasn't figured out security following that 100% foul up with the root technique. See: < https://secure.wikimedia.org/wikipedia/en/wiki/Sony_BMG_copy_protection_rootkit_scandal >.
Sony, your are fucking idiots!
Please re-read the content of YOUR post and tell me if YOU ARE a fucking idiot. If you're going to bring someone else's intellectual capacity into question - you'd best make damned sure your own house is in order first. *sighs*
Sigh! Presumably the person who downvoted your reply is someone else who doesn't know the difference between "your" and "you're".
I believe that's what the young'uns these days called, "pwned"!
SONY, a masterclass in crass stupidity!
Ok Sony, nothing on the web
Can we have tee-shirts and a song, as with the AACS key?
They might prevail? How?
I have not (and don't intend to) read the text of the DMCA; however, I'd bet big that the proscription of circumventing encryption refers to the person/entity who does the circumventing. I'd be rather surprised to discover that the DMCA's language extends to anyone who just happens to read or watch something said person/entity has chosen to publish on the subject.
Or does it...?
The DMCA is a travesty anyway, a weapon an industry can use to harass and intimidate not only individuals, but competitors and innovators as well (cases in point: aftermarket toner cartridges for printers and garage-door openers), in ways nothing like the stated intent of the law, not to mention anyone who dares publish legitimate criticism of the quality or security of some product (lots of cases of embarrassing security flaws about which the researchers who found them never published their findings because they were threatened with DMCA action).
This is just another example of how it can be stretched (if this action goes Sony's way) to ridiculous lengths.
I agree with a previous poster; I intend to avoid Sony products anywhere I can.
it's just a number
I hereby claim ownership of the number 7. Stop using it or pay me!
Not master key
It was the key used for generating dongle ID's , not the master key.
"Kevin Butler, a fictional PS3 vice president..."
"A email sent to Butler [...wasn't...] returned"
Well if he's fictional, his email address probably is too, so...
But seriously, does that mean that he's a genuine employee, whom Sony have fictionalised as a vice-president (presumably for some idiotic marketing-related reason)?
I ask because I'm as confused as Goat Jam (upthread) appears to be.
Mentioning the key is illegal under the DMCA.
Now that appears to have been confirmed by a judge, only one question remains to be answered:
Who at Sony is behind the "Kevin Butler" account and going to jail?
I really have to have a T shirt with:
46 DC EA ... CD D2 C2 - You sank my Battleship!
set nonsense to flank speed! GO!
Well of course it's Sony!
...and Kevin Butler is indeed a real person, and not a character created for Sony by Deutsch ....
.... and of course Kaz Hirai himslef actually vets every Tweet sent, received, retweeted by Kevin Butler, who, again, is absolutely real in all senses of the word, and the Twitter account has never ever been managed by Deutsch.
And Other Os removal - wasn't that because George 'Please turn your camera towards me' Hotz, openly crowed that he had cracked the PS3 BEFORE Other OS was removed on the original design PS3s. And for those people that cite the iPhone Jailbreak as a precedent - the main motiviation behind that was to open the phone up to other carriers as all other phones were capable of being unlocked, and thus was seen as a consumer choice issue.
He only released the metldr key, because FailOverflow got there first and therefore they were stealing thunder that GeoHot thought was rightfully his, thus possibly restricting his 15 mins of fame and getting his face on FOX news.
The fact is, that the hacker community relies on the idea that Sony, Nintendo, and MS Xbox division WON'T do anything to stop them because of 'teh internetz' - I believe you should have the ability to do whatever you want to your stuff, as long as the ramifications of those actions are only restricted to you, but the signal-to-noise ration of online glitchers/modders and cheaters to homebrew enthusiasts must be about 10000 to 1.
Surely it must gall the true homebrew community to know that their community is being used as an excuse and smokescreen for hackers. What Sony should do is a) re-enable OtherOS through a small patch that can be downloaded if you want it, like an app on the Playstation Store, and b) release a hobbyist SDK like XNA.
But for everyone shouting out about the loss of OtherOS, people like the US Navy that were using PS3s for clusters didn't sue Sony, why not? Because to them the Sony firmware is just a glorified Grub bootloader.
Apologists..... cheeky modder fokkers.
When I grow up I want to be a fictional VP.
That would be the same Sony that hacked and crashed users' PCs with its dumb-ass DRM on music CDs a few years back? Couldn't happen to nicer people.
No, that was BMG, actually it was...
Actually the CD CRM crapolla wasn't Sony at all. No offense to anyone who wishes to believe that Sony is the great Satan, but you are very wrong. Sony is a large multi-national corporation that owns many different companies, and is split across many different products and markets. Music CD production is/was owned, operated by Song BMG. BMG is a separate company within Sony, and operates that way. The CD DRM technology deployed was developed by a company BMG hired to protect their music CDs against copying. As it happens, few people inside BMG had even a partial understanding of how the technology worked. The point though is that It wasn't Sony. BMG is owned by Sony, but a wholly owned subsidiary company runs itself as part of the Sony group and has no relationship with SCE - Sony Computer Entertainment, which is the parent for SCEI, SCEJ, SCEE and SCEA.
Now, Sony being a good corporate decided to take it on the chin and took responsibility for what had happened, but, the truth of the matter is that someone in BMG wanted to stop their CDs from being copied and bought some DRM technology that was implemented by a third party. But you know, it's much easier just to say that Sony did it.
What bothers me is the way people who *should* know better, swallow all the half truths and myths as fact around here.