Amidst reports of Sony working hard to restore PlayStation Network functionality and beefing up their network security, more bad news appears to be on the horizon. Along with the threat of another attack happening this weekend, the possibility that Sony was running outdated, unprotected software on its servers has also come to light.
Displeased with Sony’s handling of the network breach, a group of hackers were observed on an Internet Relay Chat channel making plans for yet another attack on Sony, claiming to have access to their servers. This time around, assuming these are the same hackers responsible for the mid-April attacks, they plan on publicizing the information they obtain.
However, something sounds absolutely wrong about the idea here. Hackers are planning to hack Sony because they’re angry at how Sony responded to the initial hack? What’s more, they’re dragging the consumers into it by not only stealing but publicizing their info? Sounds like a very poor justification for a criminal attack.
Should the attack occur, it could strike a very big blow against Sony once again, though it might also provide a information on just how secure the new system really is.
[Source: CNET]
In related news, while Sony was unavailable to testify in front of the House of Representatives on Wednesday, security expert Dr. Eugene Spafford spoke out about the extent of Sony’s security, or the possible lack thereof.
In his written testimony, Spafford claimed that while he had no information about what type of security Sony had been running, there had been reports that they were running software that was out of date and had been warned about the risks a few months prior to the breach. In addition, Spafford went on to give more details in his oral testimony this past Wednesday:
On a few of the security mailing lists that I read, there were discussions that individuals who work in security and participate in the Sony Network had discovered several months ago, while they were examining the protocols on the Sony Network to examine how the games worked, they had discovered that the [PlayStation] Network servers were hosted on Apache Web servers–that’s that form of software. But they were running on very old versions of Apache software that were unpatched and had no firewall installed, and so these were potentially vulnerable. They had reported these in an open forum that was monitored by Sony employees, but had seen no response and no change or update to the software. … [And] that was two to three months from when the break-ins occurred.
If these statements are true, Sony could be in a lot of trouble for failing to protect consumer data, especially in the midst of a few class-action lawsuits related to the breach. In his testimony, Spafford also went on to say that Sony wasn’t the only company with security vulnerabilities, and that several corporations don’t invest because “investing in security measures affects the bottom line. They don’t understand the risks involved by not investing in security.”
As it stands, this definitely seems to be a problem that extends beyond just Sony. However, only time will tell what comes of all this.
[Source: GameSpot]