Data security expert: Sony knew it was using obsolete software months in advance
May 4, 2011 11:15 AM
Dr. Gene Spafford testifying in Washington
this morning.
this morning.
In congressional testimony this morning, Dr. Gene Spafford of Purdue University said that Sony was using outdated software on its servers—and knew about it months in advance of the recent security breaches that allowed hackers to get private information from over 100 million user accounts.
According to Spafford, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which "was unpatched and had no firewall installed." The issue was "reported in an open forum monitored by Sony employees" two to three months prior to the recent security breaches, said Spafford.
Spafford made his comments in a hearing convened by the House Subcommittee on Commerce, Manufacturing, and Trade. Sony was invited to participate in the hearing, but declined to attend. In a letter to the committee, Sony said it has added automated software monitoring and enhanced data security and encryption to its systems in the wake of the recent security breaches.
"If Dr. Spafford's assessment is accurate, it's inexcusable that Sony not only ran obsolete software on servers containing confidential data, but also that the company continued to do so after this information was publicly disclosed," said Jeff Fox, Consumer Reports Technology Editor.
According to Spafford, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which "was unpatched and had no firewall installed." The issue was "reported in an open forum monitored by Sony employees" two to three months prior to the recent security breaches, said Spafford.
Spafford made his comments in a hearing convened by the House Subcommittee on Commerce, Manufacturing, and Trade. Sony was invited to participate in the hearing, but declined to attend. In a letter to the committee, Sony said it has added automated software monitoring and enhanced data security and encryption to its systems in the wake of the recent security breaches.
"If Dr. Spafford's assessment is accurate, it's inexcusable that Sony not only ran obsolete software on servers containing confidential data, but also that the company continued to do so after this information was publicly disclosed," said Jeff Fox, Consumer Reports Technology Editor.
Translation - We knew we were using outdated and exploitable software, but it's not our fault we set ourselves up as the biggest honeypot on the internet, while having ABSOLUTELY NO SECURITY.
Best part is the other part of what Sony said in the hearings... They accused "Anon" of doing the hacks. Yes, the same Anon that can't even properly Dox anyone anymore.
Anon's response?
3 comments:
Simply not acceptable by Sony!
Lol. They deserve it then. I can only imagine how many people are going to sue Sony over this. It's going to be a glorious occasion.
Sony has a lot to answer for, but that story that their server software was out of date turns out to be bunk.
http://bitmob.com/articles/detective-work-reveals-psn-servers-up-to-date
Post a Comment