Attacks/Breaches
1/28/2011
10:05 PM
50%
50%

Sony Wins Restraining Order Against Hacker

George Hotz, who gained notoriety by hacking the iPhone, was barred from distributing, creating, or marketing his technology for running unauthorized software on the PlayStation 3.

Sony has convinced a federal court to issue a temporary restraining order that bars a hacker from distributing his technology for running unauthorized software on the PlayStation 3.

U.S. District Court Judge Susan Illston in San Francisco found that Sony had submitted sufficient evidence to show that it would suffer "irreparable harm" if the hacker, George Hotz, continued to distribute his technology for circumventing the PS3's firmware that's meant to prevent running a separate operating system on the video-game console.

The court also ruled that Sony had submitted "substantial evidence" showing Hotz had violated the Digital Millennium Copyright Act by making it possible to run pirated software on the PS3. Stopping others from running such software was in the public's interest, as it prevented copyright violations.

The order, issued Wednesday, bars Hotz from "creating, posting online, marketing, advertising, promoting, installing, distributing, providing, or otherwise trafficking in any circumvention technology, products, services, methods, codes, software tools, devices, component or part thereof." Hotz is also barred from posting links to any Web site offering or promoting such technology.

The court ordered Hotz to turn over to authorities "computers, hard drives, CDs, DVDs, USB sticks, and any other storage devices" on which circumvention technology is stored.

Hotz's lawyers had argued that the court did not have jurisdiction over the case, because Hotz does not live in California. The court disagreed, saying Hotz's alleged activities had an impact on California. Illston said Hotz could bring up the argument again at a later date.

Sony sued Hotz this month, along with two other hackers in Europe and 100 "John Does" who worked on and distributed technology to circumvent the PS3's "technology prevention measure" for unauthorized software.

Hotz, aka "Geohot," first gained notoriety in 2007 when he hacked his Apple iPhone in order to use the smartphone on multiple carriers' networks. Apple at the time had an exclusive deal with AT&T. In late 2009, he turned his attention to the PS3 and documented his attempt to hack the system on his Web site.

SEE ALSO:

Sony Sues Hackers Over PS3 Jailbreak

Sony Blocks Linux On PS3

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2208
Published: 2014-12-28
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.

CVE-2014-2209
Published: 2014-12-28
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.

CVE-2014-5386
Published: 2014-12-28
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initial...

CVE-2014-6123
Published: 2014-12-28
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs.

CVE-2014-6160
Published: 2014-12-28
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.