Hacking Did flow just release?

smf · Jul 9, 2020

susi91 said:
Seems that guy got about 75k in total from sony

https://hackerone.com/oct0xor

He had three vulnerabilities (1 high & 2 medium) out of his bluray talk, when he was invited to the bug bounty.
The $40,000 one was in the first three & the other two were lower amounts, so I'm going to say that is probably from that.

I look forward to more talks. The $25,000 one 4 months ago sounds like it might be kinda fun.

dannyb1 · Jul 9, 2020

The 40k one had to have led to a full blown JB.
Got a feeling that this xploit might have been 1 of a few and may still have an xploit that can be taken over to the PS5.

smf · Jul 10, 2020

dannyb1 said:
The 40k one had to have led to a full blown JB.
Got a feeling that this xploit might have been 1 of a few and may still have an xploit that can be taken over to the PS5.

The high value exploit, that he was invited to the bug bounty around that time for, led to code execution on the ps3 & ps4 bluray drive, probably ps5 too. While optical discs are so 20 years ago, I'm sure if you could mod a ps5 drive and burn discs then it would cause sony a lot of problems.

If those first three are not then not only did they omit adding the three from the video, but he had another high value one up his sleeve.

leonmagnus99 · Jul 12, 2020

can someone enlighten me to what that bounty thing exactly is?
Does sony offer money to hackers to hand them over bugs they've found ?

what for is that, so that the hackers that found the bugs don't release it to the public etc.?

hippy dave · Jul 12, 2020

leonmagnus99 said:
can someone enlighten me to what that bounty thing exactly is?
Does sony offer money to hackers to hand them over bugs they've found ?

what for is that, so that the hackers that found the bugs don't release it to the public etc.?

Yes, roughly. In this case, for example, Sony paid theflow to tell them the bug first, rather than release it to the public before Sony knew about it. This way it's fixed in current firmware versions, so its usefulness is limited to a significantly smaller number of consoles, rather than being made available to every PS4, and Sony then pushing out a fixed firmware and hoping most people will update rather than stay on the vulnerable version for piracy lols.

leonmagnus99 · Jul 12, 2020

hippy dave said:
Yes, roughly. In this case, for example, Sony paid theflow to tell them the bug first, rather than release it to the public before Sony knew about it. This way it's fixed in current firmware versions, so its usefulness is limited to a significantly smaller number of consoles, rather than being made available to every PS4, and Sony then pushing out a fixed firmware and hoping most people will update rather than stay on the vulnerable version for piracy lols.

damn, hmm i think if pirates had made 'theflow' an offer of 20k we would have had it up to the latest huh? xD

hippy dave · Jul 12, 2020

leonmagnus99 said:
damn, hmm i think if pirates had made 'theflow' an offer of 20k we would have had it up to the latest huh? xD

Maybe, or maybe he's one of those devs that likes to be "responsible", who knows.

Hacking Did flow just release?

Well-Known Member

Active Member

Well-Known Member

Well-Known Member

BBMB

Well-Known Member

BBMB

Similar threads

Popular threads in this forum