Andrew “bunnie” Huang, de hacker van de huidige Xbox console heeft gereageerd op de Xbox 360 bootable kiosk demo. Hij zegt onder andere dat Microsoft’s haast vooral zorgt voor problemen die gevolgen zullen hebben op de toekomst van de goede beveiliging van het systeem. Hij is dan ook erg verast dat Microsoft in alle haast de media gereleased heeft in de kiosks. “I’m very surprised that such a media was even released into the wild by Microsoft…their own worst enemy is their own haste to get to the market.”
Like the original Xbox, the Xbox360 uses a media flag on its executables. The media flag tells the OS what type of media it should be on; typically, games are released with the flag set to Microsoft’s proprietary secure Xbox DVD format (which is in itself not that secure…). Significantly, only the executable is signed for a game; the data sections typically are not signed (presumably for performance reasons). Thus, one has the ability to fuzz the executable by corrupting the data sections, potentially invoking a buffer overrun or some other unintentional behavior–if one could effectively modify the data sections. Remember that this is normally not possible, since modifying the data segment requires making a copy to a writeable media, and this contradicts the signed media flag.
