Gogeden wrote:...
Yeah. I get that. But speaking for myself and only myself, I wanted to break my PS3 open to run Boinc. To use it as a mindless slave for crunching numbers. I find it foolish to even consider putting one's personal data such as credit card numbers into a system such as the Playstation 3.
I understand your wish regarding running BOINC on the PS3, however the problem which has become well documented by cyber-security professionals is a little different than what you imagined. The difficulty is not that credit card numbers are being stored on the PS3 itself but because a PS3 or computer-smartphone has been jailbroken these devices are vulnerable to being manipulated by cybercriminals who exploit/take advantage of the weaknesses of the system which did not exist until the consumer/user jailbroke his/her own system such that when the user accesses their bank accounts or visits say amazon.com to make a purchase -- all that information can be utilized/stolen/copied to discover and determine not only who the individual is but their entire financial presence and activity -- no matter where it is or what they've done. Once this information is stolen it is usually sold online to other criminal enterprises for their own uses and your financial life or identity will never recover because you will be responsible for all purchases under your codes, passwords, etc. and you'd have to be working full-time for years just to prove that these fradulent purchases were not you. Likewise for your friends, associates and other contacts with whom you may send regular or occassional emails to or even tweet or instant message with; they also end up on the same lists of criminal nets for the same reason -- they knew or corresponded with your jailbroken system.
Jailbroken systems, unlike conventional systems cannot be protected because by definition they are functioning in ways the manufacturer never designed or intended. As a result, should financial losses result such that transactions are tracked down to you by government or financial agencies (banks, investment houses, etc.) with your name or a family member -- in some states and countries then you alone are liable for all transactions. There is another nasty side-effect to all this usually the person who jailbroke their system to say run BOINC or something else, usually doesn't have the skill to repair the damage to their system, find and remove root-kits, etc. Cybercriminals rely upon that weakness and utilize that fact to their advantage as well. Unfortunately, there are millions of victims all on the hook for criminal activity they may not have perhaps caused, but they cannot prove that they did not as their electronic signature( from their accounts) reveal them as the actual perpetrators.
Gogeden wrote:But what about the companies behind the hardware? Couldn't employees of no morale work their way in too? Most likely.
It is true that companies have been vulnerable to the criminal activities engaged upon by their own employees. Companies have to engage upon reasonable defensive measures to protect their business and customers. Of course, it would be nice if human beings would just behave and cooperate in fair ways with their employers but while happily many people are decent history has demonstrated that not everyone is therefore different companies engage upon different internal security procedure to that purpose.
Gogeden wrote:I refuse to think that not ONE employee of Sony has never passed his way in without permission or even have thought of breaking into a PS3 to get some credit card information. Take it all with a pinch of salt. No such thing as perfect security nor shalt there ever exist such a thing.
Again the credit or other financial information is rarely on the system itself, however every jailbroken system no longer behaves as designed by any manufacturer or designer. Jailbroken systems don't interact normally with any other software which the manufacturer designed in the same way, if at all. Root-kits, worms, trojans and other malware "step-in" to capture what messages are sent from the jailbroken system and feed it to botnets and other malware also listening to such data packets which no longer "make sense" to normal software or the jailbroken software communicates at a level which is below or underneath the operational limits of what "normal" software is supposed to share. Again in such a setting, the problem is what network is that jailbroken system on?
Here's a scenario: Let's say you got your PS3 working running BOINC. You know that YDL and other LInux systems also run wireless and bluetooth; let's say that it's not encrypted. You get a call on your iPhone or Android and start to chat. Let's say your smartphone is jailbroken to run some app you like. Here's what has happened to others in a very similar manner: The jailbroken phone not only communicates with you and your associate it also logs your respective identities by cross-referencing online botnets which also act to triangulate information regarding what you and your associate accessed/called or interacted with AND binds with any computer nearby (bluetooth and other unencrypted wireless communications being all so friendly) acquiring information queried by the botnet and so on. This all happens in picoseconds.
Again, your computer may be living on it's own, but you don't. You do use a cell/smartphone of some type? Well, then you've a nightmare of a problem, along with all the rest of us. Even if you had utilized military grade encryption say to defend your USB drive, or you utilize a drive which self-encrypts -- all of it becomes useless because you've jailbroken either your computer or/and your cell/smartphone.