If ever you were surprised by the statement of the need of a random number for signature in my post PS3 jailbroken or if you’re interested in the mathematics behind the exploit, I would recommend that you read Nate Lawson’s post DSA requirements for random k value.
Funnily, he posted that before the hack of PS3 was public. In general, his blog root lab rdist is excellent (although very technical). Nate was a former employee of CRI (the company of Paul Kocher)
Without any official announcement, Google has made a new movement towards fighting content piracy. The auto complete function, i.e. the feature that proposes guessed choices while you type your query, does not anymore propose some proposals that may be related to piracy. For instance, when typing “Black Swan T”, it does not anymore propose Black Swan Torrent. Nevertheless, the filtering is not consistent. “Black Swan S” proposes “Black Swan Streaming” as seventh choice. When I type “pi”, I’m still proposed as second choice “Pirate bay”! TorrentFreak has analysed more in details the strategy of filtering. This new filtering does only impact the auto-completion, and not the query, i.e. “Black Swan torrent” gives links to torrents.
Obviously, this is one additional goodwill towards content owners. This is part of a larger strategy (see Google acquires Widevine)
Will it have any impact for users? No! It is just theater security as good will for studios.
At the December CCC conference, George Hotz, by the nickname of GeoHot, disclosed that he has discovered the private key used to sign the firmware of all PS3 devices.
Usually a piece of code is signed using a private key. The device checks that the code is properly signed using the corresponding public key. if it is the case, it proves that the software was not tampered and that it was issued by the owner of the private key (here Sony). Normally, there is no way to guess the private key from the public key. The usual assumption is that this private key never ever does leak out. They are usually stored in Hardware Secure Module (HSM) within a safe and with strict security policies. It is the corner-stone assumption of most of the trust models.
It seems that GeoHot and Fail0verflow guessed the private key due to a mistake in the signature software that uses a fixed value and not a true random value, dixit a member of Fail0verflow team in an interview to BBC.
PS3 was already jaibroken. The difference with the previous jailbreak[/url] is that this one is purely software. it does not require to change anything in the PS3.
There is no way to recover. It is now possible to execute any arbitrary code on the PS3, because it is possible to sign any code. The issue is that this checking is done in the loader which cannot be modified in the field (else the hackers could easily change this checking process 
)
Sony has launched, under the DMCA, a procedure of temporary restraining order that attempts to stop dissemination of jailbreak.
Lessons:
– Proper implementation of cryptography is difficult
– PS1 and PS2 were open to homebrew applications. They were never hacked. PS3 was closed… Blocking the access of a game console for homebrew may be an attractor for crackers.
In a recent article, published in October’s IEEE Security and Privacy issue, S. ABU-NIMEH and T. CHEN studied the so-called blog spam. Spam blog is the phenomenon to add spamming comments, totally irrelevant to the topic. There are several categories:
The study showed that the practice is increasing. From more than one million collected comments, 75% were spams! They were issued by a limited number of emails address and IP addresses.
Studies try to build classifiers that attempt to detect blog spams. They are not yet accurate.
Meanwhile, there are a few lines of defense:
End of 2010, I experienced this damned attack on this site. In one night, I could find more several tens of blog spams on one topic. It even reached 300 in one night. At the beginning, I indulged (you may still find some of them) and cleaned the mess. Then, it started to become worrying. The default installation of my blog provides a basic anti-spam test that is the answer to a simple arithmetic calculus. It seemed not deterrent enough. Then I started to black list some words such as codeine, Valium or hemoroid. This is not the usual vocabulary of security It slowed down the number of comments, but did not stop them. My last solution was to use CAPTCHA. CAPTCHAs are not user friendly, and may even rebuke some people to post comments. Nevertheless, it seems to have (temporarily?) stopped the spammers.
By the way, this issue of IEEE security and privacy has also an excellent paper from Teddy Furon and Gwenael Doerr about “tracing pirated contents on the Internet” 
The LittleBlackBox project does host 2,000 SSL public-private key pairs extracted from gateways, routers…
It seems that some manufacturers did use the same SSL key pair for all the instances of a given hardware and firmware. The project attempts to collect the largest collection of such keys together with the details of corresponding firmware and hardware. Once you know the used keys, it is possible to mount a man in the middle attack. This is clearly the aim of this project.
What is difficult to believe is that many devices share a single key pair. Good security practice requests to use a unique key pair per device. Why should a manufacturer use only one key pair? Most probably because it simplifies the manufacturing. Providing an individual key pair for each box is complex (especially in a “hostile” environment such as a factory). Nevertheless, it is an incredible wrong design decision not to do so. Furthermore, manufacturers can even not revoke the leaked keys because else they would also revoke genuine devices!
Good news for Technicolor’s customers, our devices do not have such flaw.
Lesson: There are some economic-driven decisions that should not be allowed to have secure solutions. Security has a price.
Thanks Patrice for the pointer
This is the provocative title of a study conducted by Abigail De Kosnik from the Convergence Culture Consortium. The author compares the advantages for the consumers between legal offers and the pirate “offer”.
The conclusion is that pirate offer is more attractive than the legal ones, and thus not only because it is free. For instance, the legal offer is divided up among many sites. No one merchant does offer the “complete” catalog of video content, whereas sites such as The Pirate Bay do. Pirate content has no limitation (i.e. DRM) and offer codecs that are universally supported. This is not the case for legal offers. And the list is long:
Single search
Simple indexing
Uniform software and UI
File portability
Freedom from Preempting in the US
Commercial-free
The conclusions are that legal services should take some good ideas from the pirate offer, such as standardize the way to get access to or tos earch content, go immediately to global audience, offer a premium service for personal archives, eliminate the TV set, and charge according to volume usage.
Of course, the study is biased. The study clearly forgets that the pirate offer does not have to comply with copyright laws, commercial agreements, and has not to fund creation of content. It does not take into account economics. Nevertheless, some recommendations are interesting (but not necessarily easy to deploy).
In 2008, the European Union (EU) ratified the (Directive 98/84/ECC) that defines a legal protection for Electronic Pay-Services. The objective was to enable a consistent anti-piracy protection in the EU to allow Pay TV, electronic distribution, and VOD services.
The Council of Europe has proposed a new version so called Conditional Access Convention that should extend to all its members. The Council of Europe has 47 members covering the quasi-entire European continent, plus Russia and Turkey. The EU has proposed to all its members to sign it to bootstrap the ratification process.
Such a wide convention would be useful to fight content piracy, at least in Europe.