Out of spite of the new 2.81 firmware, I wrote an e-mail and played dumb. Here is what I wrote to them:


Hello,

I was just curious about something. I have noticed that a few of the System Software updates Sony has released, such as the current System Software version 2.81, said that they just patched a "security vulnerability". This sounds serious; what is it, it is something I should worry about, and could it damage my PSP?

Thanks a bunch!

Scott


In return, I received this:


Hi Scott,

Thank you for writing us.

As with any hardware and software which is connected to a network, the PSP(TM) portable
entertainment system, can also be prone to malicious attacks when connected to a wireless network.
However, we have not received any reports of any malicious attacks to the PSP system at this time.

If you have concerns of malicious attacks, you may wish to verify the firewall capabilities of your
wireless router with the router's vendor (or Internet Service Provider). We also recommend that you
install a firewall program between your Internet wireless router and your PSP, in addition to
regularly updating your virus definition files.

If you have further questions regarding this message, please refer to your email case
number:[removed].

Dan
Multimedia CSR
Sony Computer Entertainment America
Consumer Services Department

It seems they are instructed to be tight-lipped about what that "security vulnerability" is, even though many across the internet know exactly what they are talking about.

I am also angered at the fact that they say that all of the features in 2.80 were actually added in 2.81. Check it out at their main update page: http://www.us.playstation.com/PSP/Support/SystemUpdate
As you can see they are stating that the video RSS, LocationFree by LAN point, etc. have been added in 2.81 when they were actually in 2.80. The only difference in the update page is under settings: "New for 2.81: A patch has been added to address a security vulnerability in the system software." In addition, the system update history doesn't even SHOW 2.80 as a past system update. If you can remember, they did the same thing with the 2.01 update.

Let your disgust flow freely...

Nice man.

I bet if you can remember my old sig which said, "Updating your firmware is Sony's way of "bricking" your PSP." When Sony released the 2.0 update, they said they blocked exploits so that a "hacker won't brick your PSP."

A year later, and they haven't changed a bit.

:) sony cant stand us.

Ahh sony, masters or slaves of their own subterfuge?

tight lips...tight @$$...sounds like $ony alright :D

Funny thing is that sony's 2.8 update allows for plugins that enable websites to access information and programs on your memstick supposedly to improve websites sevices.

To me that sounds like an extreme security risk,what if somebody trojans or hacks a plugin and uses it to run a program that writes to flash and bricks your psp or installs bots.

Not to mention invading your privacy in general.

Without the 2.8 plugin capability the risk from the tiff exploit allowing somebody to hack your psp over a network would be almost nil IMHO.

Even with the tiff exploit patched,I certainly don't trust that plugin capability they added.

Funny thing is that sony's 2.8 update allows for plugins that enable websites to access information and programs on your memstick supposedly to improve websites sevices.

To me that sounds like an extreme security risk,what if somebody trojans or hacks a plugin and uses it to run a program that writes to flash and bricks your psp or installs bots.
.


I'm 95% sure that it would not be possible to write to flash using a website

aha...i just remembered the word....they're in a state of denial :P

Stotheamuel, the info for the plugins states it can use programs from the memstick.I disagree, and think it will be very possible to write to flash from a website.In fact it may be part of sonys plan to further secure their firmware after the ps1 emu IMO.

What is the reason you think this is unlikely?

Doesn't xbox update the kernel and or dashboard online?

I am also angered at the fact that they say that all of the features in 2.80 were actually added in 2.81. Check it out at their main update page: http://www.us.playstation.com/PSP/Support/SystemUpdate
As you can see they are stating that the video RSS, LocationFree by LAN point, etc. have been added in 2.81 when they were actually in 2.80. The only difference in the update page is under settings: "New for 2.81: A patch has been added to address a security vulnerability in the system software." In addition, the system update history doesn't even SHOW 2.80 as a past system update. If you can remember, they did the same thing with the 2.01 update..

im not a religious man but i believe some1 punishes liars....I hope a lawyer or something haha

lol a hacker bricking your psp? I thought this was the cause of a person not knowing what they are doing and not reading instructions.............. so i say the F*CK with $ony and their lies!

Stotheamuel, the info for the plugins states it can use programs from the memstick.I disagree, and think it will be very possible to write to flash from a website.In fact it may be part of sonys plan to further secure their firmware after the ps1 emu IMO.

What is the reason you think this is unlikely?

Doesn't xbox update the kernel and or dashboard online?


xbox doesnt have flash access though (unless TSOPPED OR chipped)

xbox kernel and dashboard is software so it can be updated online somehow.

well there are uhhh game loaders and guess what NORMAL DEVHOOK supports it so i dont see how sony is pissed about it. infact if sony allowed homebrew 1 million loaders would come out and destroy sonys psp (or it games)

Ah, okay wally thanks for explaining that to me :)
Maybe that wasn't a good example.
Either way the info for 2.8 says it can use programs from your memstick with the plugin.
So if you have a program on your memstick that can write to flash the vulnerability is there.