PSP Exploit sets off Panda Alarms |
Ó
While homebrew development teams have been exploring the libtiff exploit to enable us to play homebrew games, others could be exploring it to brick our handhelds. According to Panda Software, these malware exploit the buffer overflow vulnerability of PSPs with firmware that can view TIFF files. The company revealed that there is already a proof-of-concept code that demonstrates this vulnerability, and that hackers can take advantage of this flaw to wreak havoc on your PSP. Last year, their PandaLabs detected the Format.A and Tahen Trojan viruses designed to infect PSPs and delete its files, making the handheld unusable - bricked.
The most basic precaution that all PSP owners can take is to only connect to trusted and reliable sources. In addition, all downloaded files and software should be scanned with an updated anti-virus program to clear it of any threat to your PSP, says the company. But you guys always do that, right?
*NOTE* We need to clarify something about the use of anti-virus programs on PSP-specific files. They will also detect the Downgrader, X-flash, and other flash memory-loading programs as a "threat," even if they really aren't (as we all know), and may try to modify or even delete them. So be careful if you really plan on using anti-virus programs on PSP files. Or, more preferably, choose a trusted site.
Via vnunet.com
21 Jumps Custom firmware 5.50GEN-D now out
Contact Us:
The QJ.net Network |
 |
| Site | Feed |
| QJ.NET | RSS |
| Nintendo DS | RSS |
| PlayStation 3 | RSS |
| PSP Updates | RSS |
| Wii | RSS |
| Xbox 360 | RSS |
| MMORPG | RSS |
| Personal Computer Games | RSS |
| iPhone - iPod Touch | RSS |
| QJ.NET Forums | RSS |
Add QJ.NET
User Favorites - December
User Favorites - December
Categories
Archives
Accessories
Add-ons
Applications
Artwork
Batteries
Cheats
Deals
Emulators
Events
Featured Articles
Firmware
Flash Applications
Flash games
Game Demos
Games
Hacks & Exploits
Homebrew Applications
Homebrew Demos
Homebrew Development
Homebrew Emulators
Homebrew Games
Homebrew Themes
How-To
Humor
Imports
Interviews
Magazines
Mods
MY QJ
News
Off Topic
On Shelves This Week
Opinions & Analysis
Podcasts
Previews
PSP Go
PSP Minis
PSP Slim & Lite
QJ How-To Series
QuickJump QuickGuide
QuickJump QuickPeek
Reviews
Rumors
Scans
Screenshots
Site News
Titles
UMD Movies
Videos
Weekend Warrior
Wi-Fi
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
Comments [refresh]
Whatever will I do.
This is exactly why I said the 2.81 firmware was essential, and had nothing to do with the decrypter.
2nd poster plx?
Psht, only nubs get viruses on their PSP's.
Can I trust this site?
if psp's can be hacked then it should be sony's job to make it more safe
never thought of scanning before but i will now. as long as the psp can get virus's, someone should be making one or two for the ds's of the werld. why should they get left out or are they the Mac's of hhgaming.
SONY PROBABLY TIPPED THEM OFF TO GET PEOPLE SCARED I BET SONY HAVE CREATED A MALICIOUS CODE AND THERE GONNA RELESE IT UNDER DRAGONUK'S USERNAME LOL SO WE BLAME HIM WHILS THEY LAUGH......
PEOPLE COMMON SENSE SAYS USE ONLY TRUSTED SOURCES AND IF IN DOUBT WAIT TILL SOME OTHER SUCKER TRYS THE EXPLOIT/PATCH/WHATEVER BEFORE YOU DO OR GET A UP CHIP AND YOU WILL HAVE NADA TO WORRY BOUT
HOLLA AT YA BOY
wait.. if its just a TIFF couldnt you get infected by just going on the web browser? (if you open an infected page
BS! Only sony will do that. So we be forced to update firmware, thats crap.
SNARG, GTFO OF MY INTERNET. Only *****ing morons get viruses on their PSPs, or on their computers now that I think of it.
Agree Post 10!! LoL!! Bah its definately not good for psp homebrew, but we couldnt dodge this virus anymore, now the infection will spreak all over the world!! AHHH DESTRUCTION!!
@6-they fixed the tiff exploits in 2.81........so they dont need to make anything, and why the hell do you think they would care for someone that isnt using the lastest firmware?they are evil
i say get pspantivirus from dcemu a good site and download all hb from here my favorite place
Exactly.
You see that's why they update firmwares when exploits are found, because it is there responsibility to do so!
They would be neglegent not to. Only narrow minded self absorbed people that can't see anything from any persepective but there own don't get that. cough: post11: cough.
Ok well i was usin dev hook and playing a game i got out of the game and soon enough my game was deleted then nxt thing my other games where getting deleted so i formatted it and put dev hook back on with the games but it happened last night so ima have to pay attention to my files...Game was cso could it be the cso's?????
simple answer, don't use your 1.5 psp to go web-surfing
not that its very good at it anyway
Sony could of at least put together some good apps for the psp themselves and whacked them on a UMD, if home brew bothered them that much
@17-i never found a site that has some especific psp destroying virus....most sites that try to do something bad would probably look for a windows/system folder or something....so i assume surfing the web is save(since they cant force you to open a progam that flashes your psp,nor they can flash it directly)just assuming this stuff though...
@15-yeah it is their resposability, but that doesnt make them less evil =p
while we're all scanning for potential viruses the scanenrs will conveniently label our downgraders as virii, since its the exact same exploit...how nice
Lets think about this for a moment. A hack is a hack. Pure and simple. What may seem as a way to get homebrew into our beloved psp's is also a way for others to f**k up our machines.
YES most certainly you are at risk (Anyone with fw less than 2.81 or 1.50 and devhook up to 2.71); I agree with (17) just don't web surf, or if you do, make sure you turn the images off. As a plus, turning off the images makes web sites load much faster on my psp anyway.
that happened when they make the downgrade of 2.0 and the news only stay for a couple of month and then dissapeared cause sony think that 2.+ nobody can downgrade so when $ony saw the 2.5/2.6 downgrade they make 2.71 and then 2.71 downgrade see the light they scared so bad that they make 2.81 so fast so they miss the decryption thing and now this the make bussines with panda labs so the can sell and antivirus or better make ppl upgrade the sofware!!!! HEARD THIS SONY I LOVE HOMEBREW AND I NEVER NEVER GIONG TO UPGRA TO YOUR PIECE OF $#!7 FW I RATHER USE DEV-HOOK
SO BOOSTER WHERE R U MAN!!!!!
how do u TURN OFF IMAGES for web browser??
how do u TURN OFF IMAGES for web browser??
awhile ago.. like 4 months? ive had a prblem like this.. or soo.. i added a folder into music with some songs (game songs? ) and then in about a week i decided to delete it.. to add some games.. soo i did but wen i deleted it unhooked the usb.. then hooked it up again it automatically copied that song folder back into my psp.. and i tried deleting it directly .. and then with irshell but wateva i did wen i rehook the usb it auto copied the folder.. the onli way i got outa this was format my mem (2gig) .. soo i was wonderin if this had some to do with the topic
homebrew firewall? just a thought
Using the official $ony browser you can.
Open up the browser, goto tools -> Settings -> View Settings. From here you can disable images
RTFM tools > settings > view settings
thx man much appricated
In loving memory of those who died on September 11th, send this to 11 people and something good will happen tomarrow, if not, yo don't have a heart
My solution still does not protect you from the threats of malicious homebrew that takes advantage of the libtiff exploit.
However, one half of the program is solved, if there is no way for the web-browser to be scripted to turn images back on!!
*****ing seriously. Stop being ass*****ed-*****whipped-*****slammed morons. Sony doesn't CARE, they don't give a ***** if you like homebrew, and they don't give a rat's ass if you upgrade or not. Get over yourselves.
Also, the libtiff vulnerability is what causes the buffer overflow you *****headed idiots. Guess what? I, myself, could code a *****ing virus that takes advantage of the overflow. Just like the downgrader, I could simply *****ing delete files from the firmware. Guess we'd see who'd be laughing then huh? It'd be you *****weeds.
Jesus christ.
I only download from this site. so I think I'm safe
what a lot of BS,
1st
yes people could do bad things that could brick your psp using a tiff image but guess what (2.0-2.6) users have the eloader, as long as you use the eloader to run your HB you cant brick your psp since it dont have the access.
2nd
Just download your files (Homebrew) from here, after people have tested it and you'll be ok.
hey pal, if you had a clue what 'a virus' is you would not post such bul*****. the best you could try to code is a 'trojan horse' (look up the difference in google). but good luck in your endeavor. don't miss to let us know when the virus is ready ; )
to the rest of the alert netizens here: what dumb ass views random tiffs on his psp? tiffs have one purpose and one only - to propagate homebrew. but if you're careless enough to not check what you intentionally run on your psp's - well, tough luck.
Hmmmmm.... I made a handheld....others use it for their own nefarious deeds.... so I hack my own system and screw them...thanks again $ony. They are evil enough to do this!
This so called Libtiff exploit trojen is going to delete my files on my flash, than I'd like to have it, becuase you need kernal access and people belive 2.8 has no kernal access.
i downloaded from sony connect and got some type virus called psp destrution program it lock my psp up and it wont even come on
as long as i get everything from this site....its safe....right?
Bull***** bro.
We don't even know if the PSP's browser DO support .tiff files
Couldn't we use this way to also flash the psp with custom firmwares, im not totoally on the scene of all the flash custom firmwares out there but i think that this could also be used in a good way
go to the photo icon of your psp dont push x, push start
weird aint it
I know this happens on pc's but why on such a hacker friendly device as the psp? Sometimes you can't always filter all the dirt out. *sigh*
I agree with part of what 31 said. Sony could care LESS about homebrew, in fact homebrew MAKES SONY MORE MONEY b/c eloders and isos chew up alot of memory so you have to buy more memory=ka-ching...
to 21 shut up you ignorant tard...you make the people w/ a brain stem who run homebew look as dumb as you. You have no idea what you're saying.
I'm a proud 1.5 user, trashing sony THE PEOPLE WHO MADE THE ALMIGHTY PSP is simply assinine.
hacker are ga.y except for the people who hack for good
the qj.net people < Good hacker
virus & trojans people
The name itself sais enough. IT IS AN EXPLOID. This means it can be abused, for good and for bad. If used wrongly, and it will be sooner or later, it will crash your PSP or install a virus to infect other PSP's (with for example gamesharing).
Being able to crash your PSP makes it a critical exploid.
It's good there is an update so Sony can not be held responsible for any crashes.
lol this is total bs caus in the libtiff exploit they dont have kernal mode which means the hacks cant get access to the flash and thats y ppl still prefer to run 1.5FW psps..... like me :)
ESET NOD32 AntiVirus System 4ever!
The libtiff exploit is a buffer overflow. It does indeed have kernel access. How on earth do you think the downgrader exists in the first place? The libtiff vulnerablility OBVIOUSLY has flash access, or there would be no downgrader......
Besides, you definitely could code a virus for the PSP, store it in the flash, and have it load as a module every time you boot your PSP up.
In a buffer overflow you can execute code, ANY code that you can, within certain limits. That is why you have the eboot loader, that is why you had the 2.00 downgrader, and that is why you now have the 2.01-2.71 downgrader without the use of GTA.
R.I.P
In loving memory of those who died on September 11th, send this to 11 people and something good will happen tomarrow, if not, yo don't have a heart
stfu with ur *****ty chain spam *****
netFront _cannot_ show tiff files. the tiff exploit works only when you intentionally open tiff files.
i loaded my psp with Norton Antivirus 2006, and i run ad-aware homebrew once a day. I switch my sony browser over to Microsoft IE 7. Plus... Thanks to Windows Vista, the remaining 1.8 gigs of my memory card is used up. There is no room for a virus on my psp! :)
Hopefully the losers who are capable of writing viruses for the psp will skip that thought and focus more on the developement for it instead (such as DevHook .47 - Support for 2.81 firmware). Why bring down the community, when you can make it stronger!
I don't think fanboys or hackers will create stuff just to sabotage your PSP. Perhaps to take advantage of your PSP would make more sense. The way this sounds to me, the "hackers" Panda Software is talking about are their own programmers creating stuff so that we will buy their product (their anti-virus) to scan stuff for our PSP and at the same time might as well use it for our PCs. Sneaky, sneaky!
Panda is an 'okay' AV but so damn slow and takes over your computer like a Symantec product would do. It's not even that reliable. It's just decent.
So everyone should be careful what they put in their PSP, Make sure what you download comes from a reliable source and scan it with whatever AV works for you (I personally love NOD32).
Go to these sites this site and pspbrew.com.I go to pspbrew.com and I have never had a problem with them.By the way there is this site I went to called pspwallpapers .comthey gave me a huge virus and I had to completely start all over everything DO NOT GO TO PSPWALLPAPERS.COM!!!!!!IT MESSED UP MY COMPUTER!!!!but now its fine
I was on the internet with my 1.5 PSP using Devhook 2.71 on this website for a bout 20 mins and then i found a update in my memory stick (2 of them)!!!!!!!!!!
Banned frrom the forums for a year so can't post there *****!
Why are people thinking that Sony would make a virus or something to mess up your PSP. They would not do such a thing considering all the potential lawsuits they would endure. Remember what they did on some of their music cds that caught peoples attention and they were forced to stop. They could however make software or firmware that could legally be used as a tool to stop you or make it hard for you to use homebrew.
wait.. if its just a TIFF couldnt you get infected by just going on the web browser? (if you open an infected page
nice one #9
gamerz275
...you're probably the biggest idiot in here next to that person who uses that chain-letter. Quote...
"*****ing seriously. Stop being ass*****ed-*****whipped-*****slammed morons. Sony doesn't CARE, they don't give a ***** if you like homebrew, and they don't give a rat's ass if you upgrade or not. Get over yourselves."
So you're a dumbass if you think Sony cares whether or not we use homebrew? What the... Words can not express what a damn retard you are for saying that. That's like saying Sony doesn't care about ISO loaders (CSO's are better. ;) ) Sony cares a lot. You can bet your ass they want every single person to upgrade to a 2.81, or to have the lower ones bricked for NOT updating. And as for Sony not reading this? This as in just this site or this as in everything about homebrew? Because otherwise every single one of their "Protects you against malicious software" updates have coincidentally came out after they were discovered using homebrew? ...*****ing idiot.
.
...You're all Psycho.
First:
no, a virus utilizing the libtiff exploit CANNOT brick your PSP through the web browser. The exploit uses an overflow in picture VIEWERS. the web browser is not really a picture viewer and, since it's an exploit pic, probably couldn't be posted directly on a website anyways.
Second:
Sony's excuse of making 2.81 because of "possible malicious software utilizing the exploit" is *****ing bull*****, they hate homebrew and we all know it. It was specifically stated that the exploit DID NOT have kernal access in 2.8. Now how does one expect to access flash in USER MODE. Sony is basicly using the following as an excuse for being Homebrew Haters:
Sony: "OMG OMG, There's a possibility that someone might make a virus in a picture file for 2.01-2.71. Nobody is intelligent enough to keep from opening a suspicious picture file. If we don't make a crappy update soon thier PSP's may be bricked!!!!!
Homebrew users: "well why don't you let us handle not opening the pics, and those of us who can't can simply upgrade to 2.8 which has no kernal access. So go work on a GOOD firmware update *for once*"
Sony: "No, all homebrew users are too stupid to handle it. Prepare for a crappy patc...I mean.......er......umm...... useful update."
Homebrew users: "Great. Can't wait for that pat...I mean....new unconventional format that nobody uses because it sucks."
Sony: "Hey, we could add that too. You should be on our development team."
number 40 rock on!!!!!!
sony dont care!! so dont blame it on them and plus if you hate sony so much get rid of your psp!!
evry thing are caming soon
***** this
As fas as I can tell, the main reason that $ony dispises the homebrew scene is because people will make malicious code that bricks the PSP causing lots more tech calls that ultimately costs $ony more money. By doing their best to prevent homebrew, they try to eliminate people from making those same programs that bricks the PSP, thus saving them money, as well as preventing potential piration caued by programs that rip the image off a UMD disk .. in short, they do this for 2 reasons, in both cases, they are watching their own back.
I got the PSP as a V 1.52 and I upgraded to try to get videos to work, but if I had known what I could do I never would have done so. As for downgrading or such, how hard would it be to copy all the contence of the PSP to some flash folder on a memstik and just replace that with a dump of a V 1.5 or even V1.0 firm? With the font hack you can get the registry, so I bet it can't be that hard to do.
Well, this is just speculation. As for exploiting on a web site, I am going to create a page specificly to see what happens if I exploit the tiff on a site, and see how the PSP works ...
Thats why I only rely on dl.qg.net, I know all the files are not viruses on there!
***** all of u. 1.5 psp's can't view tiff images so 1.5's won't get the *****i virus