Few gamers will be feeling sorry for Sony and the mess caused with this PSN hacking debacle. But if you were just annoyed by what has happened, be prepared to now start getting a bit angry.
Dr. Gene Spafford, CERIAS Fellow and professor of Computer Science at Purdue University, has been talking at a hearing about the PSN security breach held by the House Subcommittee on Commerce, Manufacturing, and Trade. He explained that independent security experts monitor Sony’s systems such as PSN, Qriocity, and SOE and report in an open forum Sony employees view about anything they find.
Those security experts apparently reported some major failings with Sony’s servers some three months before the April 17 hack occurred. These weren’t small issues, they are blatant oversights and laziness on the part of Sony’s engineering team.
The issue reported was the fact Sony was running PSN on a server that had an outdated version of Apache and no firewall in place. That meant any vulnerabilities known about for that version of Apache, and patched in more up-to-date releases, were easy to take advantage of. With no firewall in place too, the hacker probably had a very easy time of it.
We don’t know what’s worse here, the fact Sony engineers ran such an unsecure system, or that they knowingly ignored being called out on it be some security experts in a forum. Whatever the case, that $1 billion PSN lawsuit in Canada just got some fresh ammunition to use in court.
As for Sony, they were invited to attend the hearing, but declined and sent a letter instead explaining how their systems will be much more secure in future.
Dr. Gene Spafford, CERIAS Fellow and professor of Computer Science at Purdue University, has been talking at a hearing about the PSN security breach held by the House Subcommittee on Commerce, Manufacturing, and Trade. He explained that independent security experts monitor Sony’s systems such as PSN, Qriocity, and SOE and report in an open forum Sony employees view about anything they find.
Those security experts apparently reported some major failings with Sony’s servers some three months before the April 17 hack occurred. These weren’t small issues, they are blatant oversights and laziness on the part of Sony’s engineering team.
The issue reported was the fact Sony was running PSN on a server that had an outdated version of Apache and no firewall in place. That meant any vulnerabilities known about for that version of Apache, and patched in more up-to-date releases, were easy to take advantage of. With no firewall in place too, the hacker probably had a very easy time of it.
We don’t know what’s worse here, the fact Sony engineers ran such an unsecure system, or that they knowingly ignored being called out on it be some security experts in a forum. Whatever the case, that $1 billion PSN lawsuit in Canada just got some fresh ammunition to use in court.
As for Sony, they were invited to attend the hearing, but declined and sent a letter instead explaining how their systems will be much more secure in future.
No comments:
Post a Comment