[ EEPI-Discuss ] Re: One Week to Shattered Security: Lessons From the Sony PSP Exploit Saga

EEPI - Electronic Entertainment Policy Initiative
EEPI Home Page
EEPI Announcements Mailing List Information
EEPI Discussions Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ EEPI-Discuss ] Re: One Week to Shattered Security: Lessons From the Sony PSP Exploit Saga

To: Lauren Weinstein <lauren@vortex.com>
Subject: [ EEPI-Discuss ] Re: One Week to Shattered Security: Lessons From the Sony PSP Exploit Saga
From: James Carlson <james.d.carlson+eepi@sun.com>
Date: Thu, 23 Jun 2005 14:54:35 -0400 (EDT)
Cc: eepi-discuss@eepi.org

Lauren Weinstein writes:
> So, the capability to run unsigned programs really is a two-edged sword
> as far as the PSP is concerned.

Certainly; it always is.

I still believe that the waters are muddied, though, by calling a
crack in this scheme an actual "security" problem.  If there were a
security problem it would consist of:

  - Software that claims to be from Sony (or some other "legitimate"
    maker), but actually is not, thus fooling users.

  - Software that (deliberately or not) is distributed to unsuspecting
    users and that performs undesired operations.

None of those things seems to be claimed here.  What's claimed here is
a way to make applications written by the unwashed usable on these
platforms.  Thus, no security breach.  Perhaps a copying violation,
perhaps an opening to running something new on those platforms, but
not in and of itself a fault in security.

In my estimation, conflating these distinct ideas plays directly into
the hands of the people who want to make what used to be called
"homebrew" projects illegal and even (in its darkest moments) quashing
competition from garage-based upstarts.  Security shouldn't mean
management of rights.

-- 
James Carlson, KISS Network                    <james.d.carlson@sun.com>
Sun Microsystems / 1 Network Drive         71.234W   Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757   42.497N   Fax +1 781 442 1677

   [ Given that the widespread availability of a broadly usable exploit
     for most PSPs is only a few days old, it may be a bit too soon to
     expect much activity in the two categories you note above.  But
     given the twisted minds behind the current barrage of malicious
     code contaminating so many programs and so much e-mail, it would
     seem only a matter of time before the PSP is seen as an attractive
     target.  Whether or not trying to keep the system closed is the best 
     approach toward trying to ameliorate this risk is a separate 
     question, of course.
                          -- Lauren Weinstein (EEPI-Discuss Moderator) ]

_______________________________________________
EEPI-Discuss mailing list information:
http://lists.eepi.org/mailman/listinfo/eepi-discuss

References:
- [ EEPI-Discuss ] Re: One Week to Shattered Security: Lessons From the Sony PSP Exploit Saga
  - From: Lauren Weinstein <lauren@vortex.com>

Prev by Date: [ EEPI-Discuss ] Re: One Week to Shattered Security: Lessons From the Sony PSP Exploit Saga
Next by Date: [ EEPI-Discuss ] "Alluvium": A "Swarmcasting" system for distributed video streaming
Previous by thread: [ EEPI-Discuss ] Re: One Week to Shattered Security: Lessons From the Sony PSP Exploit Saga
Next by thread: [ EEPI-Discuss ] Re: One Week to Shattered Security: Lessons from the Sony PSP Exploit Saga
Index(es):
- Date
- Thread