Security expert testifies Sony servers went unpatched

Security expert testifies Sony servers went unpatched

Summary: Sony used outdated software on its PlayStation Network servers, according to the testimony of a security expert sitting before a congressional subcommittee.As reported by The Consumerist, Dr.

SHARE:

Sony used outdated software on its PlayStation Network servers, according to the testimony of a security expert sitting before a congressional subcommittee.

As reported by The Consumerist, Dr. Gene Spafford, computer science professor at Purdue University, testified that Sony used versions of the open source Apache Web server software that went "unpatched and had no firewall installed."

In recent weeks Sony's seen its PlayStation Network, Qriocity and Sony Online Entertainment services compromised, leading to the exposure of more than 100 million user accounts. Some credit card accounts have been taken along the way.

Sony declined to participate in the subcommittee hearing. Instead, Sony Computer Entertainment America chairman Kazuo Hirai sent a letter outlining the company's efforts and implicated someone associated with the the "hacktivist" collective known as Anonymous as the possible culprit.

Topics: Mobility, Apple, Hardware, Networking, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

45 comments
Log in or register to join the discussion
  • It coulda been mesothelioma

    This almost makes me want to turn into a lawyer.

    They took people's credit card data, stuffed it onto a server, and didn't even keep the software up to date with the security patches?
    Robert Hahn
    • Agree, it is .....

      @Robert Hahn

      the height of arrogance and reckless irresponsibility, but this is Sony, so maybe it is not surprising.
      Economister
      • RE: Security expert testifies Sony servers went unpatched

        I agree with your point, please share with us more good articles.
        <a href="http://www.iresourcer.com">advertise jobs</a>
        sandeep158
      • RE: Security expert testifies Sony servers went unpatched

        @Economister exactly said, just the way they treat their customers, it's a big slap in their face.
        <h3><a href="http://www.maurisource.com">creation web</a></h3>
        maurisource
    • Doesn't really matter that they weren't patched, the latest version still

      has dozens of security holes in it. I'd bet they've updated it now but they'll still get hacked again if whoever did it still cares...
      Johnny Vegas
      • RE: Security expert testifies Sony servers went unpatched

        @Johnny Vegas

        LOL Do you really believe all that FUD you spew?

        How do you know it'll still get hacked? Because it doesn't have a Microsoft logo on it?

        more LOL...
        ScorpioBlue
      • RE: Security expert testifies Sony servers went unpatched

        If you asked someone to look after your child, you would expect them to keep it safe and look after it like you would.
        Sony let your baby play in the middle of a busy road! Is it then a surprise that this happened? <a href="http://bodas.banquetesinnova.com">Banquetes</a>
        user202
      • RE: Security expert testifies Sony servers went unpatched

        I was lucky to not have used a credit card and to have used a weird username.<a href="http://www.777livecams-x.com">777live</a>
        What I really want to know is when does PSN will be working again. I remember Sony saying that it will be working this week???
        user202
    • RE: Security expert testifies Sony servers went unpatched

      @Robert Hahn

      corporate governance?
      desilvav
    • Message has been deleted.

      neilpost
      • RE: Security expert testifies Sony servers went unpatched

        @neilpost

        Remember the DRM rootkit? Sony isn't dumb, just arrogant.
        fairportfan
    • RE: Security expert testifies Sony servers went unpatched

      @Robert Hahn ... Better yet, they kept them on the same server as the rest of the stuff including 'net accesses? Time to abandon Sony IMO until they prove they've straightened out their act and said so publicly.
      tomaaaaaa1
  • Apache auto update wasn't installed?

    There is no one else to blame sony.
    Mic Cox
  • What IF

    There is someoneElse to blame... How about the Hackers that did this. Sony is the victum plan and simple. You may not like them or their attitude but they did not hack themselves. I am sure the other game companies are triple checking their networks right now. It's like someone broke into to your friends house and stole a bunch of stuff but he didn't have a very good lock so it's his fault..really?????
    zapped70
    • House analogy is bad

      It's more like a bank analogy. Imagine your local bank had rusty locks and one barely functioning camera. Yeah, the people who stole your money are to blame... and so is the bank.
      Michael Alan Goff
      • I blame it on us

        @goff256
        we let these people get off once caught because nobody was physicaly hurt, no property was physically taken, it's just money. And for those that do get jail time, and not a suspended setence (or a job at a security form) they just go back and do it again

        When my card data was stolen and used to purchase crap online I got the money back in 2 weeks, but that was two weeks I couldn't use my own money! Imagine if that was my only account, I would have been late on payments and stuff, or my credit ruined.

        We're the blame here because we don't treat it like something that could affect our lives moving forward (for many it does hinder or destroy their lives down the road.

        Well, I say "catch and kill" so they're no longer around to do it again, maybe the next guyt would like the thought of living more then the thought of getting caught and counting the hours to his death.
        Bill Pharaoh
      • RE: Security expert testifies Sony servers went unpatched

        @goff256 ... Duhhh, I think that was his point.
        tomaaaaaa1
    • RE: Security expert testifies Sony servers went unpatched

      @zapped70 They still share some responsibility. They should have at least taken reasonable measures to protect sensitive data. I don't think that installing critical security patches and using simple encryption is too much to ask for.

      And yes, if someone broke into my friends house and stole a bunch of stuff I was letting him borrow, and I learned he left the windows and doors wide open, I'd punch him. Sure, I'd realize that its not completely his fault, but he could have gone through simple measures to prevent it from happening.
      vel0city
      • RE: Security expert testifies Sony servers went unpatched

        @vel0city

        A friend asked to borrow my truck At the time he didn't have a valid driver's license. I told him my insurance probably wouldn't pay if i let an unlicensed driver drive the truck and he had an accident.

        He said "I've never had an accident."

        And i replied: "Bill, there's a reason they don't call them 'purposes."

        Contributory negligence is a very real legal concept.
        fairportfan
    • RE: Security expert testifies Sony servers went unpatched

      @zapped70

      Sorry, but US laws are very clear on requirements for ANYONE to house credit card data and Sony breached these laws by not having proper protections in place. Not only that, this is commone sense IT kinda stuff, so Sony is absolutely to blame here.
      omdguy