The French Security Incident Response Team (FrSIRT) has reported the libtiff exploit as a "Raised" risk category exploit.

The URL is
http://www.frsirt.com/bulletins/6778

The Japanese media is reporting this as a HIGH RISK exploit. Itmedia is particularly vocal on this one
http://www.itmedia.co.jp/enterprise/articles/0609/01/news051.html

With all this high attention it is becoming quite clear that we should see an updated firmware coming up soon sometime from Sony.

Translation and More Via Comments

if only i could read japanese

can someone translate this please

http://translate.google.com/translate?u=http%3A%2F%2Fwww.itmedia.co.jp%2Fenter prise%2Farticles%2F0609%2F01%2Fnews051.html&langpair=ja%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools

Thats the translated page :) for those not bothered to view it haha heres the translation:-

In PSP vulnerability of not yet patch

The vulnerability “of High Risk” was discovered with Photo Viewer of PSP.

2006 September 01st 14:48 renewals

The french security system FrSIRT reported that August 31st, with the SONY portable game machine “PSP” vulnerability was discovered. Degree of risk 2nd is high in, it is made “High Risk”.

As for this vulnerability, error occurring the occasion where the TIFF picture of the illegitimate type where “Photo Viewer” of PSP used libTIFF is processed causes. When the attack person abuses this vulnerability, you say that by the fact that the illegitimate picture is made to open to the user, fragility being able to execute optional command it finishes on PSP.

As for receiving the influence of this problem the firmware version 2.00~2.80 of PSP. The patch which corrects this vulnerability is not offered.

----------------------------------------------------------------

I think what its trying to say in other words is that Sony have not offered a patch yet and may not be able to as a tiff file is...well a tiff file haha, they could remove tiff support but then we can hack into the tag of a MP3 file, and if they remove that people will get angry.

WARNING: You may gain full access to the hardware you paid for. *HIGH RISK*

Briggzy11: has a buffer overflow exploit been discovered in the psps id3 tag code?

WTF?

Can somebody break this down into noobz terms for me?

i smell 2.81

i smell 2.81
I hope not they should just bring out 3.00 so people can hack it already lol and i know theres gnna be some people that will upgrade ti 2.81( if it comes out) then theyll be pi$$ed they cant have homebrew when 2.8 is hacked

yeah they should bring out 3.00 but you know sony, they wont bring out 3.00 straight away, they'll bring out a patch first

WTF?

Can somebody break this down into noobz terms for me?


your PSP copuld be used as a bomb on a flight.:eek:

add it to the list of hairgel, milk and every other feckin thing they talk about lately.

http://translate.google.com/translate?hl=en&sl=ja&u=http://www.itmedia.co.jp/&sa=X&oi=translate&resnum=1&ct=result&prev=/search%3Fq%3Dwww.itmedia.co.jp%26hl%3Den%26lr%3D%2 6ie%3DUTF-8%26sa%3DG

here's a translate

Ya I´m guessing 2.81. Lets see what there next move is going to be

lmao.

soon sony will have color coded psp security levels. (for noobs)

this would be yellow or orange.
(high risk of being able to use your psp)

What is this? Is it a new eLoader or Downgrader or something?

your PSP copuld be used as a bomb on a flight.:eek:

add it to the list of hairgel, milk and every other feckin thing they talk about lately.
Funny dude but fkin true !!!! confiscated a urine sample off me :).lol;) so my piss is on the risky items list .

http://www.frsirt.com/english/advisories/2006/3419

french webpage english translation, translated by who? by them....most sites have an "english" button =)

Why didn't they keep the libTiff exploit in the bag until right after the next fw version came out? That way we would have had an exploited brand new fw and Sony wouldn't have been able to do much about it...

Why were you trying to carry piss on the plane anyhow?

Why were you trying to carry piss on the plane anyhow?
DUDE was a joke TAKING THE PISS GET IT !!! Dooohhhh

Meaning the airline TOOK THE PISS :)

Why didn't they keep the libTiff exploit in the bag until right after the next fw version came out? That way we would have had an exploited brand new fw and Sony wouldn't have been able to do much about it...

They did.

The libTiff exploit as been in the works since before 2.8.

it really means terrorist becasue it says the attackers could finish programs like to 'detonate a bomb' and the psp finishes the program.

To a question asked to me earlier when I translated this...

...There can be a exploit in a MP3 file, We just need somebody willing to try it out :)

it means that the agency that sony has payed to test/ investigate the new exploit thinks it is serious enough for sony to update the firmware. thus they have moved the threat up to high risk... i.e. they reckon the downgrader/iso loader is plausable using this hack... i guess it's not really news to any of us here but i expect 2.81 in the next week or two.

FW3.00 won't be coming until the official launch (mid oct iirc) as it's got actual "new features" rather than just being a security update and sony want to launch these with some degree of fanfare, alongside the run up to the ps3 release in november.

actuly , it is high risk if considering that bad homebrew may rick ur psp, like the 2.00 one remember?
but other dangers are not :)
i dont think fanjita will ofer a dangerous loader :D

i wonder if firmware 3.0 would ever get cracked

and i wonder when 2.6 be cracked ohh wait it did a while ago so lesson is that nothing in this is impossible but it just takes time.

so what does this mean to me, the 2.70 user, nothing i hope, btw, think this makes me a pro

Lol yeah this is a high risk you might actually use your psp after having downgraded it.

ohh, how bothersome that is

This is my favorite quote



When the attack person abuses this vulnerability, you say that by the fact that the illegitimate picture is made to open to the user, fragility being able to execute optional command it finishes on PSP.


I would be really pissed if it finished on my psp...eeewwwwwww.

i wonder if firmware 3.0 would ever get cracked


Everything gets hacked eventually, it just never seems like it at the beginning.