Security Software Moves to Consoles – Web Filtering for PS3

Ah it seems some companies are having the same idea as me, consoles might well be the next infection vector for zombie style botnets, they have good processing power, the current generation has ample hard-drive space and they are network connected.

The difference with consoles is they tend to be turned off when not in use unlike PCs which are quite often left on.

Still infecting a few million PS3s could be a great attack mechanism – so the latest update for the PS3 is web filtering, the first step towards security software for consoles.

Sony has integrated a website filter into its latest PlayStation 3 firmware. But while use of the utility is optional and, for now, free, neither the console giant nor its security partner, Trend Micro, are saying how much they’ll demand from user whene the free-use period ends next April.

Trend claimed the site blocker, which is part of PS3 firmware version 2.0, posted last week, is the world’s first global internet security service games console.

It’ll be interesting to see how much it costs when it stops being free, and what the uptake is like percentage wise. I have a feeling it’ll be very low.

If users choose to activate the filtering service, which is accessed through the PS3’s internet browser, they must select a password. If a blocked website is then accessed, users can enter their password to view the site.

Trend’s service is free to use until April 2008, it said. Bizarrely, however, it was unable to say how much it will demand PS3 owners cough up after that date if they want to carry on using the service, perhaps to keep inappropriate content away from their kids.

Apparently the pricing structure hasn’t even been worked out yet, but then I guess they just want to get it out there as the ‘first’ security software for a console and increase the branding strength.

Source: The Register

Posted in: Hardware Hacking, Malware

, ,

Latest Posts:

tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.
Arcane - Tool To Backdoor iOS Packages (iPhone ARM) Arcane – Tool To Backdoor iOS Packages (iPhone ARM)
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.

14 Responses to Security Software Moves to Consoles – Web Filtering for PS3

  1. Pantagruel November 29, 2007 at 10:39 am #

    Darknet’s comments are getting predictive values ;)

    Look like a good idea to get some webfiltering into the latest gen consoles. Many reviews and websites have shown them to have quite some potential ( some companies are even selling cluster options
    But just webfiltering won’t be enough, it will only be a matter of time before PS3/XboX online services suffer from a hack and serve as a distribution point for a PS3/XboX driven botnet.
    When in need of an filtering update you’d have to flash in new firmware (I smell rogue firmware opportunities). This update option would allow for other hacks (no region fix, used alternate media,etc..) enlarging the change of a user installing rogue firmware from not so sound sources.

    Again there is no patch for human stupidity and this webfiltering, to me, appears to be a hurdle easily taken.

  2. dirty November 29, 2007 at 5:18 pm #

    All this sounds like is websense for PS3…and you have to ability to still view the site by entering your password…what sites will be blocked? how often will they be updated?

    I agree with Pantagruel, I dont think this will be enough…

  3. Darknet November 30, 2007 at 7:58 am #

    Well it’s just a start, it shows the paradigm is shifting and companies are going to start developing security software for consoles. Who knows, it might be the next big market.

  4. Goodpeople November 30, 2007 at 10:34 am #

    About time they started looking at game consoles. I agree with all of the above. It’s not much.. yet.

    But it is a start. I suppose this is just the beginning. What bothers me however is that it won’t stay free. Part of the firmware. If you buy the box, doesn’t the firmware come with the machine?

    We don’t pay for BIOS updates for our computers either… And isn’t that the same Trend Micro?

  5. Mitchel Ashley December 1, 2007 at 12:16 am #

    I was contemplating porting the Cobia security convergence platform to Playstation 3 or Xbox360 before I was abruptly terminated last month.

    I see it being important for 2 reasons. First, Cobia’s up take is very slow, much slower than we had planned on and part of it is the hardware requirements. Second, the more hardware that security platforms run on, the more ubiquitous Real Security will be.

    Just imagine for a second your playstation 3 acting as a home gateway, complete with Stratguard Cobia IPS protecting the packets that flow in and out. It’s compelling and once it grows to have a few hundred users, think of the partners that will start developing 3rd party applications for it.

  6. Nobody_Holme December 1, 2007 at 10:21 am #

    Sounds like an attempt to fix flagging sales to me… PS3s suck hard, imho… and that of everyone I know. Also lets thinks… charged for security on your console? I see everyone paying for that one, honest…

  7. dirty December 3, 2007 at 12:48 am #

    Yah I dont fore see people shelling out extra cash for those services when the consoles cost so much in the first place. The last thing a kid or parent is worrying about is security for their console…at least the average player not ones on this site.

  8. Goodpeople December 3, 2007 at 3:42 pm #

    and let’s not forget that most people connect to the internet with a dsl modem. Those things all have a built in firewall.

    I wouldn’t spend a dime on additional security software. I’d fix it some other way.

  9. dirty December 3, 2007 at 5:16 pm #

    IDK about the DSL modem firewall…if that secured everything we wouldn’t have such huge botnets out there.

  10. Pantagruel December 3, 2007 at 8:48 pm #

    @ Dirty
    The big problem is DSL providers supplying their modem/router in ‘bridged mode’ instead of using the firewalling capabilities of the router. Eventhough the majority of consumer router/modems is quite restricted in terms of firewalling/etc they are by far more difficult to get past than a Windows XP box littered with holes and bugs. Biggest problem however is the user switching of the firewall to allow for easy internet for aall attached internet appliances effectively turning the firewall into a ‘bridge’ like mentioned before.

  11. dirty December 3, 2007 at 9:14 pm #

    That was my pretty much my point…my comments above just trying to reflect that end users are ultimately responsible and most are apt to not use security for ease of functionality…….

  12. Goodpeople December 4, 2007 at 8:31 pm #

    @ dirty,

    I agree with you that the end user is ultimately responsible and that most users trade off security for ease of use. But that’s another discussion.

    This discussion is about securing game consoles. My statement is that I would probably not spend money on additional software for a game console, if I can secure the damn thing better in another way.

  13. dirty December 4, 2007 at 8:35 pm #

    I think it is the same discussion….i dont think most users will secure their game consoles…

  14. Sir Henry December 14, 2007 at 5:47 pm #

    I agree with the sentiment that people are not going to initially see security for consoles as a matter of importance. I think, however, that as soon as the console can be compromised and used as a conduit into the rest of the network, the importance of console security will be the latest buzz in the media.