Microsoft's sneaky Xbox 360 "update"
In an underhanded move -- some would say, without honor -- Microsoft has covertly patched a security vulnerability in Xbox 360 that allowed hackers to run their own software. Disguised as an "operating system update," the patch seals off the console's non-privileged memory areas, which hackers are using to do such depraved things as write "Hello World" and try to run Linux. The update will be included with all games released after February 20 and is available to download via Xbox Live or the Xbox website (burnable onto CD or DVD). You best grab it before the uncontrollable urge to indulge in naughty hackery takes hold.Next time, Microsoft, tell us what we're downloading instead of slipping us a patch in an update's clothing. We're on to your shenanigans...
[Via Engadget]





Get a WordPress.com Blog





Reader Comments (Page 1 of 2)
Grog @ Mar 6th 2007 1:26PM
Ummm... it would seem that it *is* an operating system update. Just because it closes a security hole rather than enabling a feature you want doesn't change what it is.
Aex @ Mar 6th 2007 1:29PM
Those sneaky sneaky Microsoft Updates :) Tho, as long as it doesn't brick my system, they can update as often as they want to XD
Josh @ Mar 6th 2007 1:30PM
These holes could potentially also be used for cheating in games on the console. I don't mind updates like this.
kazumashell @ Mar 6th 2007 1:59PM
ummm.... it would seem it *is* a sneaky way for Microsoft to disguise the patch.
The update actually destroys a part of your CPU. Why would you defend Microsoft Grog? Are you that blind?
Mark Felps @ Mar 6th 2007 2:43PM
I find it bizarre to ding MS for slipping in a security patch, while Sony routinely refuses to tell anyone what they're patching with each update. I also have a hard time faulting MS for patchig a security hole in their OS. That's what they're supposed to do.
Poisoned Al @ Mar 6th 2007 1:35PM
While kinda sucky, you can't really blame Microsoft for patching a security hole. You CAN blame them for being sneaky about it tho.
Nij @ Mar 6th 2007 1:45PM
Engadget and Joystiq have both gotten into the habit of insulting any company when they do anything that is intended to curtail piracy. The amount of pro-piracy cheerleading these sites continue to do is very surprising considering they're owned by AOL Time Warner.
joe smith @ Mar 6th 2007 1:38PM
Umm-- and by your definition, a "patch" is not an "update" how? And how, exactly, are they being "sneaky"?
CowboyGA @ Mar 6th 2007 1:38PM
For those not following the thread at sister-site Engadget, the posts are going in this route: Yay, no game hacking. Boo, no homebrew. Why does MS care so much about homebrew? And homebrew leads does/doesn't lead to pirating.
I have a feeling this thread will do the same. Carry on.
Max @ Mar 6th 2007 1:58PM
I don't see anything wrong with them wanting to block shit like that. PSP and PS3 are at a pretty big disadvantage when it comes to software security thanks to their inclusion of Linux and web surfing.
Iced_Eagle @ Mar 6th 2007 8:09PM
How is patching a security hole NOT an OS update?
Like someone said, just because it fixes instead of adds features doesn't mean it's not an update.
Think about it. If Microsoft said "We are releasing a patch which closes a hole which allows homebrew" who in the hell would download that if they knew what homebrew was and how cool it was? They said they were releasing an OS update which is about as honest as they can get...
CPaladino @ Mar 6th 2007 2:07PM
Wow, I guess I just don't get the tone or sarcasm of this article.
So you are mad at us for closing security holes in an OS update because you want us to say specifics of what we have fixed?
Thryon @ Mar 6th 2007 1:48PM
No homebrew?
What do you call XNA? If all people cared about was homebrew, then they would use XNA and be happy, but they are using homebrew as a trojan horse to playing pirated games.
I do not have any problems with this patch. I do hope that Microsoft does stay ahead of the game this generation. I used to hate online gaming on the PC, as you never knew if your oponent was actualy better than you, or just cheating.
CowboyGA @ Mar 6th 2007 1:50PM
Nij,
I can understand the pro-hacking angle. This is a tech blog, after all. Many of the readers, myself included, love reading about the homebrew community pulling tricks from their bags. While not everyone will appreciate a blog spreading the word of hacking, it is something this field is interested in.
Take in mind that by the time we're reading these posts, MS, Sony, and Nintendo have been aware of the issue for a few days.
moominsean @ Mar 6th 2007 4:52PM
and it will take someone at least 45 minutes to hack through the patch.
Wii360dsPC @ Mar 6th 2007 2:03PM
Microsoft provides a platform for homebrew complete with tools called XNA. It's incredibly powerful and great set of tools that has allowed me to create 360 "homebrew" (ie. my own games).
This isn't about your right to create homebrew. The patch is a completely reasonable step to discourage piracy.
Lobato @ Mar 6th 2007 2:10PM
I don't think people who complain about the lack of homebrew are looking for piracy. They can do that easily already, I think they just want a way to really run homebrew without paying for a XNA subscription.
Ken @ Mar 6th 2007 2:11PM
I guess that's exactly it Mr. Paladino. Oh, and please inform us ahead of time if you're going to patch things up. With a full list of things to be updated.
That'll make us all happy. :P
-Dominic @ Mar 6th 2007 2:13PM
@14 took the words right out of my mouth. Piracy can still be achieved very easily through the firmware flash so this does nothing to curtail piracy. The only thing that this potentially stops or slows down is the use of XMBC360 and Emulators.
Vidikron @ Mar 6th 2007 2:14PM
@12
Meh... XNA is very limiting compared using the proper XDK. Just look at the early emulators people attempted to make using XNA. They are far crys from their XBox 1 counterparts. Granted, they are early version, but a fully cracked system + XDK would result in much faster and more impressive results. And your XNA creation is worthless to people who haven't also paid for XNA.
And to the people claiming this stop piracy, no it doesn't. People have been pirating 360 games using the DVD firware hacks for a long time now and this patch doesn't close that hole... all it does is kill off potential homebrew.
Also, people act like homebrew strictly equals piracy. This is far from the truth. One of the most popular uses of a modded XBox was XBMC. XBMC puts the 360's media capabilites to shame. XBMC with the power of the 360 would truly be amazing. It's too bad MS crippled the 360's media capabilites so badly and has taken such a strong stance against homebrew. I'd understand if they were attempting to stop piracy, but that excuse simply doesn't hold water when the DVD firmware hacks are still out there.
guises @ Mar 6th 2007 4:38PM
This is why I never got an Xbox (the first one). I was going to - I had said, at one point, "Man, Steel Battalion looks terrific. I'm going to go pick up an Xbox this weekend."
Then Microsoft releases a "patch", the only function of which is to prevent people from running Linux. They release this through Xbox live and screw with their customer's machines without people's consent or, in most cases, even knowledge that it was happening...
And here they're at it again, so I'm stuck buying a Wii. It's not that I'm a Nintendo fanboy, it's just that they're the only company that I don't hate. Never wanted to install Linux anyway.
Ironhide @ Mar 6th 2007 2:17PM
Speaking as a developer, I'm clapping for such a thing. The last thing I want is someone taking food away from my table because they decided to play a 'backup' as opposed to buying a legitimate copy of a game. You can argue the semantics over whether it's your legal right to make a back-up (You don't have the right btw) until you are blue in the face, but it's still theft as far as I'm concerned.
If the console is genuinely at fault for scratching the discs then MS should man up and do something about it. If it's careless kids playing the games, I question the wisdom of letting kids use a 360 or PS3 for that matter as a starter system. There are thousands and thousands of SNES out there all on cartridge. Or use the VC on the Wii. Simple as that.
quazi @ Mar 6th 2007 2:17PM
so thats why rainbow six updated and game me nothing new -.-
@17
your completely right! i love my xbmc i wish 360 had half the capabilities of xbmc.
H880 @ Mar 6th 2007 2:24PM
Wow, an update that contains a security patch. That's never happened in the history of the world. But I find it amusing that it's Microsoft that is being 'sneaky' by fixing a security hole rather than the hacker who found the hole and is exploiting it.
I for one applaud Microsoft. Keep on patching!
BIGGEN @ Mar 6th 2007 2:26PM
i think it's "sneaky" how bloggers try to drum up controversy (to get comments no less) by making things sound like what they aren't or making a mountain out of a mole hill. just like the 360 failure rates, all the sony issues (which are sometimes warranted), and wii supply problems for example.
you guys make these things sound like a conspiracy against us every chance you get and that makes impressionable readers pass this same kind of attitude to their friends, and them to their friends, and so on.
instead of putting a (usually negative) spin on it, just report it and let people decide if it's "sneaky" or not. just as i made that decision about this article. just a thought.
Jason @ Mar 6th 2007 3:40PM
I wanted to play some VF lastnight so i popped in the game to the ps3. I had to update.... I cant find my charging cable due to a move..... I cant update or play games until i find a mini usb connection... Now that sucks... A new update for my 360 that fixes a hack I dont use... Thats cool. I guess. I do like the south park pic...
iNime @ Mar 6th 2007 2:41PM
If this was a sony issue, people would have nothing but negative comments. however, seems like when it's 360, it still gets spun in a positive light.
PS3 FTW!
Wii is sux0r
360... no opinion.
jabbertrack @ Mar 6th 2007 3:26PM
"One of the most popular uses of a modded XBox was XBMC. XBMC puts the 360's media capabilites to shame."
Media Center Extender is more than capable and the 360 doesn't have a problem playing back higher res video. There are even 'hack' and 'homebrew' for Media Center.
JJC @ Mar 6th 2007 3:23PM
Amazingly, this is irrelevant to 99% of the 360 owners out there, yet many feel the need to comment about how they really know nothing about things other than what MS shoves down their throats. Smile while they've got you bent over.
DeadPlasmaCell @ Mar 6th 2007 2:43PM
"In an underhanded move -- some would say, without honor -- Microsoft has covertly patched a security vulnerability in Xbox 360 that allowed hackers to run their own software."
LoL yea and Hackers & Pirates are so honorable & fair.
Jake @ Mar 6th 2007 2:46PM
An update that adds security to discourage hacking. OMFG MS is teh devil!!!
Poo Jangles @ Mar 6th 2007 7:46PM
What an absolutely retarded article. Why WOULD they tell us about a security flaw before they patched it? That's like the cops tipping you off the night before they raid your house...you're gonna move your drugs to your friend's house -- or not connect to Live. It is THEIR technology, they have every right to protect it from hackers.
And people complaining about lack of homebrew are idiots. XNA is a great idea...if your games are so good why not pay the subscription and get them published?
Ken @ Mar 6th 2007 3:04PM
Or (even better) you can yell at them for making the hole in the first place.
OMG MS! I can't believe you didn't see that security hole when you first made the OS (for the 360)! You are teh suck!
Intentless @ Mar 6th 2007 3:10PM
Anything that helps stop the cheats out or makes it harder for them I am all for.
gullum @ Mar 7th 2007 12:19AM
Thanks M$ for patching that gaping hole. I know have confidence that Vista's security will be top notch just like the XboX And shame on Sony for including a browser and the abitliy to install Linux, have they no concern for my security?
Keif @ Mar 6th 2007 3:17PM
well if MS said what it was outright then the hackers wouldnt download it, ths making the patch itself useless
DURRRR!
Bennyishere @ Mar 6th 2007 3:25PM
Sneaky snakes :)
Jake @ Mar 6th 2007 3:26PM
Cheating is a really big problem on the 360. Jake cheats on me with NintendoFanbot all the time.
NintendoFanbot, I wish I could quit you!
Jake @ Mar 6th 2007 3:30PM
@DeadPlasmaCell
Don't be so quick to lump pirates and hackers into the same boat you ignorant turd burglar. Microsoft has more questionable business practices than most hackers you fucknut.
Ken @ Mar 6th 2007 3:36PM
Microsoft can do no wrong. Nothing to see here, move along.
They're protecting us by calling this a security issue rather than simply admitting that the only threat to the security of the 360 is to how much MS can control what goes on in your home. Thank you mighty protectors of the weak and weak minded. We need your corporation to help guide us through these troubling times. Pray at the altar of MS.
Keif @ Mar 6th 2007 3:40PM
Yes JJC Microsoft is so horrible cause they are stopping hackers. The same people the ruin online games for many.
people like JJC entertain me "oh no THE MAN is out to get me!!!" dont trust anything they say!
erac3rx @ Mar 6th 2007 3:42PM
Honestly, Joystiq/Engadget/etc.. should really just quit posting these stories, until the posters decide to actually get informed on the issue before doing so. A couple points:
The DVD-ROM firmware hacks for 360 are all alive and kicking, and work very well. You can go on Live with a backup, and there is no banning taking place. This is in part because Microsoft cannot detect the mods, and in part because the firmware only enables 1:1 backups to play-- the game contents cannot be modified in any way because the system still only plays legit signed executables.
Blocking homebrew via OS updates is standard operating procedure, but stupid. Personally I appreciate Sony's approach with the PS3. Block people from running homebrew in their PS3 OS, but let them do whatever they want if they take the time to install and boot into linux, or any other OS they choose to install. PS3 is a VERY compelling platform for the next rev of media center homebrew as a result, and it doesn't hurt that you can easily hook up huge hard drives and it is completely supported by the system.
It really is certainly a breath of fresh air that Sony is embracing this community by building an open platform, while Microsoft-- predictably-- is micro-managing every point of the system. They break video streaming for anyone not running Media Center, developers games must must have an online component, must have achievements, XBLA games have to be under a certain size, etc. etc. etc...
It's sad because 360 has amazing potential as a next-gen media center, but the hacker/homebrew types like me are going to build the functionality onto PS3 instead.
I_LUV_SONY @ Mar 6th 2007 4:31PM
Bwahahahahahahahahahahahaha!!!!
You MS fuckers are all pwned!!!
SONY would NEVER DO ANYTHING LIKE THIS! Poor little blind MS followers. Think for yourselves you cock knockers. Get a clue and a REAL system! The PS3 pwns the 360 and MS and always will!
Bwahahahahaha!!!
I_LUV_SONY @ Mar 6th 2007 3:52PM
You Microsoft fanfuxors can just die. Face it, Sony wouldn't do something like this. They embrace the OS world and MS doesn't. Buy your overpriced webcams and headsets while I use any piece of hardware I want.
Sony's 'da BOMB and MS SUXORS!
Muwhahahahahah!!!
Jake @ Mar 6th 2007 3:52PM
I have a question. How fun would hacking be if companies didn't even try to protect their products from it? Hackers should thank MS for giving them another challenge to overcome.
JJC @ Mar 6th 2007 3:56PM
Bite me Keif.
How about if I come over there and kill you now?!?
Markusdragon @ Mar 6th 2007 3:57PM
So essentially they're not allowed to protect their interests by patching security holes in their own software? Beautiful.
Keif @ Mar 6th 2007 4:00PM
HAHAHAHHAHAHAHAHA fuck
see i told you people like you entertain me.
Please, come over here and kill me right now. I want to hear more of your empty threats while you try and pretend to be a big man on the internets.
Arcaynn @ Mar 6th 2007 4:46PM
How exactly is this sneaky? It's called an update, and it's an OS update. Just because it doesn't add a feature nor "actually destroys part of your CPU" does it mean it isn't an update. Call it what you want, it's their software to do with as they please.
Also, hacking is illegal, and they are within their rights to stop it, no matter what it was used for.
Jake @ Mar 6th 2007 4:03PM
It is funny that the only "upset" people in this thread are Sony and/or PC fanboys. The 99.9% of 360 owners that just play games on it could care less if they patched a security breach in their own software. Hell, I want MS to make a lot of money on the 360 any way possible so they can possibly provide more with it. It is the haters that are taking the opportunity to blow this thing out of proportion.
I am not trying to say I love MS for this, I could really care less. But I can confidently say that the Forza2 launch being delayed 24 hours would be a bigger hit to 360 owners. Just my $0.02. But go ahead and pretend this is an uncommon practice and that MS just bent us over or whatever. At long as I have good games to play on the system, I'm happy.