PS3 virus?
- Thread starter DVFtaxman
- Start date
What about it? If you're going to craft a malicious script for any platform, flagging the source file with an execute bit is pretty much a given. Permission bits are not an architecture designed to protect you from remote file attacks, the're to prevent users of lower priviledge from doing certain things with files already on the machine.
Now, you could potentially design a browser to disable the execute bit on all downloaded files, but you can do the same thing on Windows with an ACL. But now we're not talking OS security anymore, we're talking browser security.
MasterDisaster
Regular
just imagine, several milions of consoles infected that acts as zombie-clients for a net dos attack..
even if linux runs on a virtual machine, this is doable, a very huge smurf on large scale can be a dangerous weapon
even if linux runs on a virtual machine, this is doable, a very huge smurf on large scale can be a dangerous weapon
just imagine, several milions of consoles infected that acts as zombie-clients for a net dos attack..
even if linux runs on a virtual machine, this is doable, a very huge smurf on large scale can be a dangerous weapon
Seriously, this is almost impossible. Let's look at this realistically.
For the PS3 to be attacked through the Linux back-end, the user would have to first be running the Linux client. This is already going to be a *very* small percentage of owners given that it doesn't ship out of box. The number running it at any given time is an even smaller percentage.
Secondly, when in the Linux OS, a PS3 is no different than any other Linux client really, except they're probably more likely to be missing security fixes. It's going to be hard to target PS3s though.
Now, say you do hit a PS3. Now what? You can't identify other PS3's because of the issue above. Your best bet would be to have a way to connect to PNP. To do that, you're going to need to be able to access that service which is probably not doable from the Linux client. So you need some way to infect the XMB. That's going to be pretty rough since the hypervisor can lock you out of any data that the XMB is likely to touch.
Now, let's say you actually do it through creating a corrupt save game or media file or something. Now you need a way to spread. Sure, you can probably find some peers, but now you need a network vulnerability (probably in a game) to spread. Now your only new targets are people who play a specific game online who happen to play each other. All for at most a crippled botnet?
An individual compromise under *nix is possible, but you're no more vulnerable than before because there's no way for someone offhand to just find a PS3 on the internet. You're no different offhand than a billion other machines.
So... I wouldn't worry about a PS3 worm. We heard the same FUD when consoles first started going online and nothing happened there either.
