PlayStation 3 used to hack SSL, Xbox used to play Boogie Bunnies
By Joseph L. Flatley 
posted December 30th 2008 5:41PM
posted December 30th 2008 5:41PM
Between the juvenile delinquent hordes of PlayStation Home and some lackluster holiday figures, the PlayStation has been sort of a bummer lately, for reasons that have nothing to do with its raison d'etre -- gaming. That doesn't mean that the machine is anything less than a powerhouse -- as was made clear today when a group of hackers announced that they'd beaten SSL, using a cluster of 200 PS3s. By exploiting a flaw in the MD5 cryptographic algorithm (used in certain digital signatures and certificates), the group managed to create a rogue Certification Authority (CA) which allows them to create their own SSL certificates -- meaning those authenticated web sites you're visiting could be counterfeit, and you'd have no way of knowing. Sure, this is all pretty obscure stuff, and the kids who managed the hack said it would take others at least six months to replicate the procedure, but eventually vendors are going to have to upgrade all their CAs to use a more robust algorithm. It is assumed that the Wii could perform the operation just as well, if the hackers had enough room to spread out all their Balance Boards.
[Via ZD Net]
[Via ZD Net]
It's almost 2009 and N. Korea has nuclear bombs.
uhmmm if you guys think about this its pretty dumb i doubt these people could afford that many ps3's and just to do this with them? im pretty sure all this is wrong and this is the proper news
http://gizmodo.com/5120924/researchers-create-web-skeleton-key-with-200-ps3s
damn engadget, you're getting served by gizmodo?
lolz...nice try... MD5 hasnt been cracked. Loopholes and workarounds exist in everything and there are safeguards in place to fizzle out their impact. When MD5 can actually get sliced to pieces, we would have moved onto something else. What a stupid way for geeks to waste time and money. I hope theyre donating those ps3s to charity when theyre done with em.
So smart yet so stupid.
Quick your ignorance is showing! They didn't buy them nor do they own them.
It's called renting out a 'service' to put it bluntly.
Kinda like how I paid your mom for service last night - yes that horrible joke was totally necessary.
Suck it, PS3 rocks.
The comments here about MD5 not being broken are stupid and dangerous. MD5 is a broken algorithm and I can give you two programs that have the same MD5 hash, but one is benign and the other rm -rfs your hard drive. I can give you two documents that have the same MD5 hash but say completely different things. No one should be using MD5 anymore.
This attack takes more computing power to perform, but the end result is that you can SPOOF A ROOT CA. That means you can sign any number of certificates as anybody and in this case, their certificate is irrevocable. They can easily spoof an Amazon.com and steal your credit card number and you wouldn't even be able to tell the difference. Firefox's navigation bar will stay nice and green and say that you have a connection with Amazon.com, even if you're actually talking to a computer in some ungodly corner of Russia. All it takes is $20,000 worth of Amazon EC2 time (or maybe you can offload the work to your botnet), and around $1,000 to buy up some certs from a target CA, resources that someone who wants to spoof a root CA can come up with easily. I mean, seriously, no certificates should be signed with MD5 anymore. While no one is likely to pull off a malicious version of this attack for awhile, it is now possible.
I mean, where are these "safeguards" you vaguely allude to? You think you know more about this topic than these university researchers whose jobs it is to study this?
@planetbeing Actually, EV certs cannot be created using MD5 so green bars are still legit.
Oh mannnn. Deja vu! I could have sworn I read this article- along with all of the comments- months ago.
It's good to be alive :]
Apparently the hackers weren't enough to help PS3 outsell wii/360 !
I still play games on my PS3! I know there aren't a lot of games for it, but I've got a life and therefor just enough time to play the games there are.
One thing I don't understand is why nobody gives Sony props fro making the PS3 so easy to mod. Install a bigger hard drive? no problem. Want to install Linux? Go for it. You can't turn a screw on the other consoles without voiding their meager warranty.
I do wish that somebody would write a better media player application for it though. It's nice to have my music collection on it, but it sucks having to play it from the XMB.
That's because 'everyone else' is a Xbox fanboy in denial.
Their upset that all their time and efforts are spent keeping their Fisher Price styled toy alive and in running order versus doing cool things with it like hacking it to do new things.
Notice no one makes a Xbox 360 farm? They'd be bankrupt in an hour - as soon as they flick the power switch on all the 360's would RROD one by one!
Suck it. PS3 Rocks.
I'm going and playing Resistance 2.
raison d'être...
1. I wonder how hot it gets in that room?
Hmm... 200 watts per PS3 * 200 PS3s = 40,000 watts
Standard space heater on high = 1500 watts; 40,000 / 1500 = ~27 space heaters
2. What's the electric bill like?
40KW * 24 hours * 30 days = 28,800 KWh
at $0.10/KWh, that's $2,880 per month!
Just a few numbers to think about before buying your own PS3 farm.
But still, that's probably a lower calculations/watt then using regular servers.
I meant watt/calculation, ofc.
Take a look at how much cooling/power a big modern server/supercompuer takes and you might realise its actually not that bad. Anyone can throw around random numbers with no context
I literally was laughing out loud when I read the title of this story. "Xbox used for playing Boogie Bunnies". Funny stuff man.
Isnt this like when they claimed Sadam Hussein was collecting xbox 360s and linking them so he could have a computer powerful enough to launch a nuclear weapon?
I love how so many ppl spew their hate for Sony and anything PS3 related. For a company that sucks,ppl sure are quick to hurry up and post a comment on any article dealing with the ps3 or sony.smh That just shows you how important and relevant the ps3 and sony is. Sure it may not be sellng in wii or 360 like numbers but the system is an impressive piece of work. I bet the majority of ppl who complain about the price and "lack" of games are whiny little kids who parents wont buy them one and nerds. I have a ps3 and love it. There are plenty of good and great games on it with more to come. So continue to bash the ps3 and sony all u haters. In the end Sony will once again prove why they are a force to be reckoned with. Enjoy your xbox 360's before they rrod on you and enjoy your gamecube 1.5(wii).
Wow. Thats impressive. But am I the first to ask, how in Zeus's butthole did they get that many PS3's?
I think this is a bit mistaken and a bit contrived. If my browser only recognizes a few root certs and it knows what their certs are and associates them with specific hosts and your hacked web site has a cert saying it is signed by verisign and points to a different authority than my current verisign cert does then my browser will throw up warning. The way I understand it, this hack would only work if I had never actually gone to a site with a cert signed by one of the default root certs recognized by my browser. At previous jobs I have moved servers which I frequently ssh'd to and after the ip or hostname changed ssh would throw up a red flag warning me that the cert may be fraudulent. That is a classic man in the middle attack. I don't see how this hack defeats this feature of the protocol, it does like so many other things present the opportunity for the user to hand over the keys after being warned.
Because the gulf war didn't count as invading another country,
Saddam had his own genocide too, just ask the kurds about that one.
Sure there were no weapons, but we had one less crazy lunatic to contend with.
Now if only they used all those PS3 to crack blu-ray so we could stream blu-ray content from a home media server... Or let us rip blu-rays so we can watch them on our portable media players...
For the people who are interested to know more and also check its authenticity please click on the provided link below which all the rest of articles originated:
http://www.win.tue.nl/hashclash/rogue-ca/