[ EEPI-Discuss ] Re: One Week to Shattered Security: Lessons from the Sony PSP Exploit Saga

EEPI - Electronic Entertainment Policy Initiative
EEPI Home Page
EEPI Announcements Mailing List Information
EEPI Discussions Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ EEPI-Discuss ] Re: One Week to Shattered Security: Lessons from the Sony PSP Exploit Saga

To: "Posten, Samuel" <Samuel.Posten@ilex.com>
Subject: [ EEPI-Discuss ] Re: One Week to Shattered Security: Lessons from the Sony PSP Exploit Saga
From: James Carlson <james.d.carlson+eepi@sun.com>
Date: Thu, 23 Jun 2005 13:09:18 -0400
Cc: eepi-discuss@eepi.org

Posten, Samuel writes:
> What everyone seems to be missing in all this hoopla is that the same
> restrictions are working quite well for other platforms, specifically the
> original Xbox.  There is still no software only work around to the lockdown
> they provide and the hardware solution requires a complicated and not
> inexpensive 'chipping' to be permanantly installed.

The other thing I think is missing here is an adequate definition of
the terme d'art "security."

Calling an attempt to cripple a platform by making it unable to run
"unblessed" software doesn't quite equate to security[1] in my
estimation, nor does liberating the platform from such constraints by
knowing users somehow constitute "shattering."

I think it would be better call these mechanisms by their rightful
name as copy-inhibiting or "digital rights management" schemes and
these so-called "exploits" an attack on those schemes, and not muddy
the waters by subtly implying these attacks are in any way equivalent
to real security problems: the ones that cost the *users* their
property.

Using the word "security" here just gets us mired in the world of
hackers, worms, viruses, and the like, and that's not really the
focus.


[1] Yes, I'll admit that allowing module-signing is certainly a form
    of security.  The line I'm drawing is between that intent, and
    simply preventing users from knowingly running software they'd
    prefer to run, or writing their own.  The line is between damaging
    a system you do not own, and making changes to one that you've
    purchased yourself.  DMCA might make the latter "illegal," but
    that's no excuse for clouding the language.

-- 
James Carlson, KISS Network                    <james.d.carlson@sun.com>
Sun Microsystems / 1 Network Drive         71.234W   Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757   42.497N   Fax +1 781 442 1677
_______________________________________________
EEPI-Discuss mailing list information:
http://lists.eepi.org/mailman/listinfo/eepi-discuss

References:
- [ EEPI-Discuss ] Re: One Week to Shattered Security: Lessons from the Sony PSP Exploit Saga
  - From: "Posten, Samuel" <Samuel.Posten@ilex.com>

Prev by Date: [ EEPI-Discuss ] Re: One Week to Shattered Security: Lessons from the Sony PSP Exploit Saga
Next by Date: [ EEPI-Discuss ] Re: One Week to Shattered Security: Lessons From the Sony PSP Exploit Saga
Previous by thread: [ EEPI-Discuss ] Re: One Week to Shattered Security: Lessons from the Sony PSP Exploit Saga
Next by thread: [ EEPI-Discuss ] "Alluvium": A "Swarmcasting" system for distributed video streaming
Index(es):
- Date
- Thread