Sony Ships Fix For Flawed PlayStation Firmware Update

Version 2.41 corrects defects in v2.40, released about a week ago, that caused some PlayStation 3 systems to stop working.
Sony has released a fix for a PlayStation 3 firmware update that caused some customers' systems to stop working.

Version 2.41 corrects defects in v2.40, released about a week ago, that caused some PlayStation 3 screens to go black. Sony pulled the older version from its servers and released the corrected version Tuesday.

"We want to extend our apologies to the PlayStation community for any inconvenience," Sony said in the company's PlayStation blog.

PlayStation users greeted the fix with enthusiasm. "I feel so happy lol," one user said on the official PlayStation 3 message board.

With so many users downloading the fix at once, the most common complaint was the slowness of the process. "Hell, mine is slow as hell," one user said.

Key improvements in the latest firmware are in-game access to instant messaging to communicate with other players and other PS3 features, such as checking downloads, changing settings, and playing music from the user's library. In addition, the firmware introduces a trophy system to award players for game performance.

The trophy system, however, may require some customers to buy games that support the new feature, "Kind of sucks," one PlayStation user said on the message board. "Now I got to buy some games from PSN to try out the trophies."

Last week was not a good one for PlayStation users. Along with the flawed firmware update, Sony's PlayStation Web site was the victim of a SQL injection attack.

SophosLabs said that visiting the site ran a script that pretended to do an online security scan of the visitor's computer, and then presented a bogus warning message that the PC was infected with malware. "Users frightened by the scareware 'warnings' might rush to spend money on useless software," the security firm said in its blog.

SQL injection attacks involve passing malicious code to SQL databases as user input. An improperly configured or vulnerable SQL application can be made to execute that input. All that's needed is to add into a Web page HTML code that calls a script on a malicious site.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing