kick @$$ playstation 3 Irony

[joeorc]

TECH

* GADGETS
* GAMES
* ATHOME
* BIZTECH
* SECURITY
* CONNECTIVITY
* TECHTIPS
* ITJOBS

PlayStation a hacker's dream

Patrick Gray
November 27, 2007
Next
Advertisement

The powerful processors in Sony's PlayStation 3 gaming console now have another use: cracking passwords.

New Zealand-based security researcher Nick Breese claims to have used the year-old gaming console to crack passwords at speeds 100 times greater than Intel hardware is capable of.

Breese, a security consultant with Security-Assessment.com, presented his findings to the Kiwicon hacker conference in Wellington, New Zealand.

"Suddenly we have a massive increase in terms of . . . cryptography cracking," he told Next. "Eight-character 'strong' passwords can be broken in a couple of days whereas before it would take weeks."

Speed is important to "brute force" password cracking, which relies on guessing all possible combinations of the characters that make up the password.

The accelerated technique means passwords protecting Office, PDF, ZIP and Lotus Notes ID files can be cracked with breathtaking speed. However, many other password types are handled more securely in software and remain unaffected by Breese's claimed speed increase.

"They're still safe. However, the gap has shrunk a hell of a lot," he says. "If you had access to a thousand PlayStations you could (still) crack an eight-character Linux password in a few days."

Breese's presentation comes just weeks after Russian company Elcomsoft claimed to have accelerated password cracking by a factor of 25 by using the processors found on PC graphics cards.

While expensive, specialist hardware has achieved these speeds already, the PlayStation 3's availability and low cost mean the use of the console for password cracking will become commonplace.

PlayStation 3 can also be used to break basic encryption schemes, Breese says, although widely used ciphers such as the 128-bit Secure Sockets Layer (SSL), used to protect online banking transactions, remain safe. "It'll speed up the attacks but I can't see that it's broken," he says. "(It) is still safe because the people implementing the ciphers foresaw CPU power rapidly increasing."

The gaming console is perfect for cracking passwords because the chips it uses are optimised to rapidly perform the calculations required to model 3-D environments. The computing techniques used to crack passwords are similar.

Breese hopes his research encourages software-makers to beef up their password security. "That's the reason I'm doing this," he says.

Excerpts from Nick Breese's Kiwicon presentation can be heard in Patrick Gray's podcast at http://ITRadio.com.au/security

http://www.smh.com.au/news/security/...036813741.html

whats IRONIC:

PS3 withstands hack challenge
Competition ends with no hackers up to the challenge
Liz Tay 19/03/2007 14:49:21

There was only one winner of an international challenge that offered a PlayStation 3 to any hacker able to attack it: Sony. Over the two-month-long competition, the PlayStation 3 was able to withstand numerous attempts by hackers worldwide, proving to the competition organiser its potential use as a server.

The challenge was first issued in November 2006 by Japanese Web host Shimpinomori to test the security of the PlayStation 3 Open Platform and the viability of using it as a heavy-duty server platform. Results came as a pleasant surprise to Shimpinomori founder, Augustin Vidovic.

"I was half expecting that someone would find a crack in the Linux setup, and it did not happen," he said. "Nobody could hack into the PS3."

And it wasn't for lack of trying. Standard hack attempts have left Vidovic with more than one gigabyte of logs full of what he calls 'unimaginative' attempts on the HTTP. Other hackers attempted brute force attacks on the SSH port.

According to Vidovic, the most notable hack attempt exploited a limitation in the number of simultaneous SSH connections that could be supported on the PS3, in order to prevent other challenge participants to connect to the SSH for a few hours.

The challenge was called to a halt on 2 January 2007 with the PS3 emerging unscathed. Vidovic said this proved the PS3's abilities to run continuously for extended periods of time without any heat problems, and can be trusted to be a good, reliable and secure server.

Vidovic now owns three PS3 machines, one of which will be used as a server, the second as an experiment development platform for the Cell processor, and the third as a game console. He is currently also researching applications and methods to set up a PS3 as a server.