XBox hackers -- what a bunch of overblown drama queens

http://lists.netsys.com/pipermail/full-disclosure/2003-July/010895.html

The existance of an exploitable vulnerability within the dashboard could totally compromises the XBOX security system. It will make the box
independent from Microsoft signed code and therefore this information is released to the public now on the 4th of July 2003, the day of the XBOX Independence.

VIVA LA REVOLUCION!

Yes Microsoft could try to upgrade the dashboard and fix the vulnerability with such an update, but keep in mind that this vulnerability is like a “local root” hole. You can do nearly everything with it and this includes redirecting reads and writes to the xboxdash.xbe file. Additionally people who do not play games on their box will not be reachable with such updates.

There are some people that just don’t get it.

It’s not even a “real” vulnerability. It’s the same old Agent Under Fire 007 savegame buffer overflow exploit. Buy a copy of that game (platinum edition works) then load a special savegame and boom. You still can’t flash the ROM without changing a jumper inside the box, either.

This just makes it a bit easier for them to hand off the trusted (signed) thread of execution to another program that isn’t signed.