Not to step into an area that I know little about <xbox security>; but I think " If Microsoft could secure a game console running Win2K you'd imagine Win2K and XP would be a lot more secure then they appear to be." Is something of a logical fallacy. Keep in mind - we are talking about separate worlds here - a game console is something that, for the most part, need to perform *ONE SET OF FUNCTIONS*. Making hardware, software and peripherals work together in a secure, FAST fashion when you only need to do 1 set of functions, and when user tinkering is <by default> limited/non-existent (not counting those of you who crack the case open and really get into them :)> is *nowehere* near as difficult as trying to make an OS/platform that needs to support thousands of pieces of 3rd party software, hardware and has users breaking it in countless unimaginable ways ... </$.02> Thanks! TJ -----Original Message----- From: Elan Hasson [mailto:elanat_private] Sent: Tuesday, May 21, 2002 10:25 PM To: Stan Bubrouski Cc: vuln-devat_private Subject: RE: Online Games Consoles and Security Implications heh, nintendo was cool.. I own an xbox myself. I'm VERY happy with it. i should probably install the xdk again and post some of the docs to the list. It was saying how all the packets are encrypted and stuff and how it can take a DoS (for example, something that could 'clog the pipe') and be able to drop the packets and sort through the garbage-data and not affect game performace packets or something. Yes, it does run a Windows2000 kernel (slimmed down of course) I've even played with dissassembling xbox images. Its nice stuff. VERY nice. MS did an excellent job with it. the fact that all of the software runs on a harddrive and isn't on a chip is a BIG plus. That gives the ability for people to download updates and stuff to it...hehe XBOX-service pack 1 anyone? HEH! -----Original Message----- From: Stan Bubrouski [mailto:stanat_private] Sent: Tuesday, May 21, 2002 8:15 PM To: Elan Hasson Subject: Re: Online Games Consoles and Security Implications Elan Hasson wrote: > The xbox is VERY secure, read the docs on Network Security in the SDK. > > MS even has a bit in there about Denial Of Service..and how the xbox can > handle it and not affect game performance. > REDICULOUS. They call Win2k very secure. They call IE very secure. The bottom line is that it is a Microsoft product with embedded Win2k code (correct?). This is quite the contrary to what you suggest. If Microsoft could secure a game console running Win2K you'd imagine Win2K and XP would be a lot more secure then they appear to be. What Microsoft writes and what Microsoft does are two different things, you can't guarentee security, you can only try to ensure it by taking the proper steps. I recall Bill Gates calling Windows one of the most secure OS's, A FLAT OUT LIE. Not trying to start a flame war, so let's not, just pointing out to kids that might be reading this, that there is no proof the XBoX is more secure than PS2 or anything else. You want security, pull out your old 1986 nintendo ;-) Best Regards, Stan Bubrouski ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. *****************************************************************************
This archive was generated by hypermail 2b30 : Wed May 22 2002 - 09:19:47 PDT