Re: Online Games Consoles and Security Implications

From: hellNbak (hellnbakat_private)
Date: Tue May 21 2002 - 08:57:43 PDT

Next message: NGSEC Research Team: "[NGSEC] ngGame #1 - Web Authentication"

Previous message: Steve Maks: "RE: Online Games Consoles and Security Implications"
In reply to: John_Leitchat_private: "Online Games Consoles and Security Implications"
Next in thread: Dave: "Re: Online Games Consoles and Security Implications"
Reply: Dave: "Re: Online Games Consoles and Security Implications"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The XBox will run Linux.  :-)

The X-Box console is an embedded version of Win2K (I think) so if the IP
stack is the same, and depending on the patch version and what ports it
will advertise would all depend on wether or not they are hackable.

With the price of XBoxen so low now I have picked up a couple for the lab,
I was thinking of turning them into Linux based IDS and Firewalls but
perhaps we should look at one in default configuration first....

heh coming soon - NMRC-X-Firewall and NMRC-X-Snort.  :-)

On Tue, 21 May 2002 John_Leitchat_private wrote:

> Date: Tue, 21 May 2002 10:23:11 +0200
> From: John_Leitchat_private
> To: vuln-devat_private
> Subject: Online Games Consoles and Security Implications
>
> Hi.
> A strange but interesting thread maybe.......
> With the advent of online consoles such as the XBOX (microsofts own so I
> guess security could be a little weak, my own thoughts BTW) and the PS2.
> What issues are unleashed that could have or cause massive security
> implications for the home user.
> For instance:
> XBOX / PS2 can be connected to a home LAN for access or they could be
> directly connected via the broadband connectors.  I am sure there are no
> built in security features for either platform.
> Question:
> Could the devices be used in anyway that could allow an attacker to
> a)	Crash said device
> b)	Use device as a lever to interact between network devices
> c)	Any other nefarious actions
>
>
> Having not had the chance to PEN-TEST any of these as of yet I was wondering
> what the online security groups thought of this.
> FYI:  The Microsoft XBOX HAS BEEN hacked via a modchip (modchip allows
> playback of CDR DVDR and all region DVD flicks)
> The PS2 has had the same mod issues as above (only it took longer than the 4
> weeks to hack the XBOX)
> Thanks
> /John Leitch
>

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbakat_private
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Next message: NGSEC Research Team: "[NGSEC] ngGame #1 - Web Authentication"
Previous message: Steve Maks: "RE: Online Games Consoles and Security Implications"
In reply to: John_Leitchat_private: "Online Games Consoles and Security Implications"
Next in thread: Dave: "Re: Online Games Consoles and Security Implications"
Reply: Dave: "Re: Online Games Consoles and Security Implications"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 21 2002 - 15:55:30 PDT