Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Security Expert: Sony Knew Its Software Was Obsolete Months Before PSN Breach
#1
http://consumerist.com/2011/05/security-...reach.html

Quote:In congressional testimony this morning, Dr. Gene Spafford of Purdue University said that Sony was using outdated software on its servers — and knew about it months in advance of the recent security breaches that allowed hackers to get private information from over 100 million user accounts.

According to Spafford, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which "was unpatched and had no firewall installed." The issue was "reported in an open forum monitored by Sony employees" two to three months prior to the recent security breaches, said Spafford.

Spafford made his comments in a hearing convened by the House Subcommittee on Commerce, Manufacturing, and Trade. Sony was invited to participate in the hearing, but declined to attend. In a letter to the committee, Sony said it has added automated software monitoring and enhanced data security and encryption to its systems in the wake of the recent security breaches.

"If Dr. Spafford's assessment is accurate, it's inexcusable that Sony not only ran obsolete software on servers containing confidential data, but also that the company continued to do so after this information was publicly disclosed," said Jeff Fox, Consumer Reports Technology Editor.
Reply
#2
This doesn't need a new thread.
Reply
#3
Sarah Wrote:This doesn't need a new thread.

I don't mind it being here. Just another reminder that Xbox Live will always be superior.
Reply
#4
Sarah Wrote:This doesn't need a new thread.

Regardless, after reading this it's very hard to not hold sony accountable now. Your business class opinions may have just done a full 180. ._.
Reply
#5
Takebacker Wrote:Regardless, after reading this it's very hard to not hold sony accountable now. Your business class opinions may have just done a full 180. ._.

Nope. They're in the same place they were before, because we've known since this started that they had faulty security standards. But there's still empathy for Sony because they're not the bad guys, they're still victims, just as their customers are. Leaving a door unlocked doesn't justify the actions of the thief.

Sony isn't being targeted in an attempt to get them to secure our data, they're being attacked for petty and selfish reasons, and as such it's impossible for ANY reasonable person not to place fault on the hackers over Sony.
Reply
#6
Sarah Wrote:Nope. They're in the same place they were before, because we've known since this started that they had faulty security standards. But there's still empathy for Sony because they're not the bad guys, they're still victims, just as their customers are. Leaving a door unlocked doesn't justify the actions of the thief.

Sony isn't being targeted in an attempt to get them to secure our data, they're being attacked for petty and selfish reasons, and as such it's impossible for ANY reasonable person not to place fault on the hackers over Sony.

Leaving YOUR door unlocked doesn't justify the actions of the thief and doesn't place blame on yourself, leaving the bank's money deposit lock open doesn't justify the thief, but you have a lot of blame to you as well.

It's just like saying that people who get hacked for sharing information are not to blame for being hacked.
Reply
#7
Shidoshi Wrote:Leaving YOUR door unlocked doesn't justify the actions of the thief and doesn't place blame on yourself, leaving the bank's money deposit lock open doesn't justify the thief, but you have a lot of blame to you as well.

It's just like saying that people who get hacked for sharing information are not to blame for being hacked.

Ideally, they shouldn't be. There shouldn't be any danger in things like this, which further emphasizes the guilt of wrongdoers. Stop redirecting the blame to the victim. This is the real problem with society.

YOU GOT ROBBED? SHOULDN'T HAVE BEEN CARRYING AROUND THAT MUCH MONEY
YOU GOT RAPED? STOP SHOWING SO MUCH SKIN
YOU GOT HACKED? MAYBE YOU SHOULDN'T HAVE USED YOUR NAME

Seriously.
Reply
#8
Sarah Wrote:Ideally, they shouldn't be. There shouldn't be any danger in things like this, which further emphasizes the guilt of wrongdoers. Stop redirecting the blame to the victim. This is the real problem with society.

YOU GOT ROBBED? SHOULDN'T HAVE BEEN CARRYING AROUND THAT MUCH MONEY
YOU GOT RAPED? STOP SHOWING SO MUCH SKIN
YOU GOT HACKED? MAYBE YOU SHOULDN'T HAVE USED YOUR NAME

Seriously.

We don't live in an ideal world, also again your 3 examples treat a single person having her own property violated. When it's a company/person that has property of several different people they are much more responsible for it, you can be careless with your own things but you can't if it's not yours.
You can't act as if we live in an ideal world and blame the wrongdoers everytime, specially when dealing with property of others.
Reply
#9
Until I see a court issue a fine against sony for obsolete/no security, then they aren't in the wrong. You need licenses to hold credit card numbers and pomegranate. It isn't sign up for a business for the FEIN then you get everything on a silverplate.
Reply
#10
Shidoshi Wrote:We don't live in an ideal world, also again your 3 examples treat a single person having her own property violated. When it's a company/person that has property of several different people they are much more responsible for it, you can be careless with your own things but you can't if it's not yours.
You can't act as if we live in an ideal world and blame the wrongdoers everytime, specially when dealing with property of others.

You can absolutely blame the wrongdoers EVERY. SINGLE. TIME. Doing something wrong is ALWAYS ON YOU. Always. There are no IFs ANDs or BUTs about it. And it's not as if Sony did nothing. They just didn't have the NEWEST technology. You might as well blame a bank for losing money to robbers who find a weakness in one of the managers by kidnapping her family and making her retrieve the money for them.

There is no such thing as perfect security. These idiots would have found a way to do this regardless of what Sony had done.
Reply
#11
I'm not saying the hackers are not to blame, just that sony has part of the blame if they neglected to get better security.
Reply
#12
Here is the thing psn has been fine for what 5 years? Then this happen. Technology evolves so fast of-course sony will have outdated software. Their could be many reasons why sony couldn't upgrade the system one big reason would be downtime.

websites have been hacked in the past that have upgraded security. Would this patch have really been able to stop the hackers? The hackers would have found a way to get in to the severs regardless of secruity. This basically reminds me of the scene in social network when he was hacking in to all those college websites.
Reply
#13
I just find it funny to see how much of a plantain-riding fangirl of sony sarah is, quite hilarious.
Reply
#14
yo72 Wrote:I just find it funny to see how much of a plantain-riding fangirl of sony sarah is, quite hilarious.

If they were in the wrong I would call them out on it, but they're not.
Reply
#15
Sony is kind of in both worlds at once: they fucked up but they also were the ones who got fucked over. They are at fault in the sense that they were unable to adequately protect their customers, and should definitely be investigated for that negligence. But, at the same time, they are the victims.
Reply
#16
Sarah Wrote:There is no such thing as perfect security. These idiots would have found a way to do this regardless of what Sony had done.

Not to be rude or anything but I don't think they're idiots. They seem pretty professional to me.
Reply
#17
Greg Wrote:I don't mind it being here. Just another reminder that Xbox Live will always be superior.

Not really lol
Anything can be hacked, people just need a motive to do so. Just because Sony got hit before M$ doesn't mean the same can't happen to them if they piss off Anon to the breaking point as well.
Reply
#18
Though Anon has stated that they had nothing to do with this particular hacking.
Reply
#19
CommanderJinn Wrote:Though Anon has stated that they had nothing to do with this particular hacking.

http://blog.us.playstation.com/2011/05/0...entatives/
Quote:We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”

They had nothing to do with it at all, eh?

Also from the other topic
Dark Link Wrote:Anon never admits to anything, and there's too many videos of them talking about their "Attacks" on Sony.
The most recent thing I read from them was "We didn't do it, but OTHER Anon members might've been involved in this attack, which we have no relation to." Even if it wasn't the main group, there were still "other" Anon members who did this.
Reply
#20
Your self-quote reminds me of the whole Obama and the killing of innocent civilians debate. Anyways, fact is that the group as a whole had no intention of doing it, secondly they stated they would stop attacking PSN, thirdly no previous Anon attacks on anyone has actually gone as far as getting credit card access. Are they capable? Sure. Doesn't mean that they would, as a group, have done and condone it.

Quote:"If a legitimate and honest investigation into credit card theft is conducted, Anonymous will not be found liable," it stated. "While we are a distributed and decentralized group. Our ‘leadership’ does not condone credit card theft.
http://venturebeat.com/2011/05/05/anonym...sn-outage/
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)