PlayStation 'Home' gets hacked multiple times

Sony's new service has been hacked already. It appears that modern development methods have been replaced with time-to-market issues.

Dave Rosenberg Co-founder, MuleSource
Dave Rosenberg has more than 15 years of technology and marketing experience that spans from Bell Labs to startup IPOs to open-source and cloud software companies. He is CEO and founder of Nodeable, co-founder of MuleSoft, and managing director for Hardy Way. He is an adviser to DataStax, IT Database, and Puppet Labs.
Dave Rosenberg
2 min read

It didn't take very long for Sony's new PlayStation Home to fall prey to hackers, with multiple developers already exploiting different areas of the service.

One hack uses Apache and DNS redirection to let you display your own version of PS Home to display movies, text and music of your choosing.

Another hack allows for the downloading of any file you want, like someone's user profile or avatar, and the final near-term vulnerabilities include uploading any file to the Home server or deleting any file from the Home server.

It's not clear to me that there won't be APIs or other mechanisms to interact with PlayStation Home in the ways that the hacks have determined, but I would assume open APIs would make hacking a lot less interesting. Besides the obvious business reasons to release open APIs (increase adoption, ecosystem, etc.) it would give people the option to do more creative and less risky hacks around the core and accessories.

A quote from StreetskaterFU:

SONY f*%&d it really up! First they delay HOME for more than a year, then they delay it a few times again and again till finally we have a HOME beta on a technical standard from 2005 with crappy graphics, a few boring areas and many many many many many many many many bugs.

It's a bit surprising just how weak the security is, especially considering the competitive pressures and the existing knowledge of how to build secure client/server applications. So far it sounds like basic enterprise development techniques would have removed these risks.

Via Gizmodo