Sony has been accused of hosting it PlayStation Network on servers running out of date software with no firewalls, and of continuing to run them in this fashion even after being made aware of the problem.
In a recorded address to a House of Representatives committee hearing on cyber-security, considerable concern was expressed about Sony’s handling of PSN security.
In particular, Purdue University professor Dr. Gene Spafford claimed that “individuals who work in security and participate in the Sony network” had “months prior to the incident where the break-ins occurred” become aware that the PSN servers ran “very old versions of Apache software that were unpatched and had no firewall installed.”
Sony is said to have been made aware of these issues, but apparently took no action and continued running its servers with old software and no firewall.
Sony has not responded to the allegations, but its most recent statements to the US government and its users have admitted no error on Sony’s part and blamed everything on wicked cyber-criminal masterminds.
Regarding when the PSN will be coming back online, Sony still has not offered a timetable – its latest update only says the secure PSN is in “internal testing”:
“Today our global network and security teams at Sony Network Entertainment and Sony Computer Entertainment began the final stages of internal testing of the new system, an important step towards restoring PlayStation Network and Qriocity services.”
Presumably this included running “yum update apache2” and placing the servers behind a proper firewall…
im pretty sure this has been debunk?
I heard a rumor that Sony’s American Cockfags…Executives have been declared a flight risk because they might flee and avoid testifying. I don’t know if that’s true or not, but I hope it is. Just in case.
I’m an IT specialist/network tech and I am laughing hysterically here…
So I was right about them running free av software and no firewalls in the 1st post about this story after all. Wonder how many other free to play games there are online that also have zero security. I know that SOE is a monthly sub but eq2f2p is still out there and also has our data at the SOE servers. But anyway, thats as lame as lame can be come the hell on, $15.00 a month from all those people and they cant buy a corporate nortons or bitdefender to protect our data? Sounds like they are liable to me.
someone should get a few servers, and host an event outside of soe, get hackers to attend, and cripple the servers. and than have servers from other people behind various firewall and patches.
if this shits true, can we realy trust they encrypted data (encryption is a very low priority compared to firewall off and patch the servers)