this post was submitted on 05 Apr 2024
163 points (97.1% liked)
Games
16785 readers
850 users here now
Video game news oriented community. No NanoUFO is not a bot :)
Posts.
- News oriented content (general reviews, previews or retrospectives allowed).
- Broad discussion posts (preferably not only about a specific game).
- No humor/memes etc..
- No affiliate links
- No advertising.
- No clickbait, editorialized, sensational titles. State the game in question in the title. No all caps.
- No self promotion.
- No duplicate posts, newer post will be deleted unless there is more discussion in one of the posts.
- No politics.
Comments.
- No personal attacks.
- Obey instance rules.
- No low effort comments(one or two words, emoji etc..)
- Please use spoiler tags for spoilers.
My goal is just to have a community where people can go and see what new game news is out for the day and comment on it.
Other communities:
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This is normal MO for Alex, and follows computer ethics guidelines for someone attaching this stuff to his real identity. He's very active in this scene, especially in recent years with Sony hardware.
Also, keeping gaming devices on old firmware to wait is an incredibly normal requirement for cracks and homebrew stuff.
Sony has a pretty good bug bounty program. He'll usually report it to Sony, post something on social media telling people to hold off on updating firmware past the vulnerable level, and then it's up to Sony to fix what is a legitimate security issue. You wouldn't want a rogue developer hiding something in a game and turning your device into part of their botnet. Once Sony confirms it's a legitimate vulnerability, he gets paid the bounty, Sony patches the exploit, and the details of the vuln are released and homebrew tools follow shortly after.
Everyone is acting like if he didn't report it to Sony, and instead released it directly to the open internet, they'd somehow magically never know. That's complete and utter delusion.
The only time stuff like this hits the open net and doesn't get patched anyway is when devices are past the end of support, or if the vulnerability is so deep into the design or hardware that it can't be patched.
Wii exploits rely on issues with the physical chips themselves that can't be patched in software. Same with 3DS. PSPs rely on exploits in the recovery/factory mode/menu functionality, some of which was intentionally held back from release until after Sony stopped caring. I'm pretty sure the exploits with first gen Switches rely on a hardware flaw as well.
Point being, if you released this as a hacking tool first, Sony still patches it. The only thing you do is maybe delay their patch by a short few weeks, ruin any professional reputation connected to the identity used to release it, put yourself in the crosshairs of potentially life ruining legal trouble as they try to unmask your real identity, and miss out on a cool payout.
There's people who have been arrested for this shit for years and fined such crazy amounts of money that they will never pay it off. Stupid, but not worth the fucking risk when you can just do it this way.
Are you suggesting that the majority of the comments in this thread are from people who have no idea what they're talking about? On Lemmy? Unheard of!