Sony has been accused of hosting it PlayStation Network on servers running out of date software with no firewalls, and of continuing to run them in this fashion even after being made aware of the problem.
In a recorded address to a House of Representatives committee hearing on cyber-security, considerable concern was expressed about Sony’s handling of PSN security.
In particular, Purdue University professor Dr. Gene Spafford claimed that “individuals who work in security and participate in the Sony network” had “months prior to the incident where the break-ins occurred” become aware that the PSN servers ran “very old versions of Apache software that were unpatched and had no firewall installed.”
Sony is said to have been made aware of these issues, but apparently took no action and continued running its servers with old software and no firewall.
Sony has not responded to the allegations, but its most recent statements to the US government and its users have admitted no error on Sony’s part and blamed everything on wicked cyber-criminal masterminds.
Regarding when the PSN will be coming back online, Sony still has not offered a timetable – its latest update only says the secure PSN is in “internal testing”:
“Today our global network and security teams at Sony Network Entertainment and Sony Computer Entertainment began the final stages of internal testing of the new system, an important step towards restoring PlayStation Network and Qriocity services.”
Presumably this included running “yum update apache2″ and placing the servers behind a proper firewall…