Data security expert: Sony knew it was using obsolete software months in advance
32 replies, posted
[release]In congressional testimony this morning, Dr. Gene Spafford of Purdue University said that Sony was using outdated software on its servers—and knew about it months in advance of the recent security breaches that allowed hackers to get private information from over 100 million user accounts.
According to Spafford, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which "was unpatched and had no firewall installed." The issue was "reported in an open forum monitored by Sony employees" two to three months prior to the recent security breaches, said Spafford.
Spafford made his comments in a hearing convened by the House Subcommittee on Commerce, Manufacturing, and Trade. Sony was invited to participate in the hearing, but declined to attend. In a letter to the committee, Sony said it has added automated software monitoring and enhanced data security and encryption to its systems in the wake of the recent security breaches.
"If Dr. Spafford's assessment is accurate, it's inexcusable that Sony not only ran obsolete software on servers containing confidential data, but also that the company continued to do so after this information was publicly disclosed," said Jeff Fox, Consumer Reports Technology Editor.
[/release]
[url=http://news.consumerreports.org/electronics/2011/05/data-security-expert-sony-knew-it-was-using-obsolete-software-months-in-advance.html]Source[/url]
And this man knows how?
[QUOTE=Swilly;29630466]And this man knows how?[/QUOTE]
[quote]The issue was "reported in an open forum monitored by Sony employees" two to three months prior to the recent security breaches, said Spafford.[/quote]
did you even read it?
and once again all the blame falls right back onto sony like a 10 ton bag of bricks.
Sony droppin the ball as usual
its still not sonys' fault though, it's the hackers's obligation to follow the law and not steal information.
[editline]5th May 2011[/editline]
i mean its like saying that if you leave your friends' car unlocked, it's you're fault it gets stolen
[editline]5th May 2011[/editline]
(it's actually the thief's fault btw)
[QUOTE=Uber|nooB;29631112]its still not sonys' fault though, it's the hackers's obligation to follow the law and not steal information.
[editline]5th May 2011[/editline]
i mean its like saying that if you leave your friends' car unlocked, it's you're fault it gets stolen
[editline]5th May 2011[/editline]
(it's actually the thief's fault btw)[/QUOTE]
no its sonys fault because it is up to them to do all they can to stop the thief from getting anything. The thief will end up in jail whenever he/she/it is caught but sony is completely responsible.
Wow Sony for all the money you have you do not want to update your software how sad, no wonder why it was so easy for the hackers to get all that information. Any systems administrator worth his salt know to get updates like patches and such for the servers for security reasons alone.
[QUOTE=Uber|nooB;29631112]its still not sonys' fault though, it's the hackers's obligation to follow the law and not steal information.
[editline]5th May 2011[/editline]
i mean its like saying that if you leave your friends' car unlocked, it's you're fault it gets stolen
[editline]5th May 2011[/editline]
(it's actually the thief's fault btw)[/QUOTE]
This isn't a rape case, Sony should protect the personal information they collect
[QUOTE=jordguitar;29631154]no its sonys fault because it is up to them to do all they can to stop the thief from getting anything. The thief will end up in jail whenever he/she/it is caught but sony is completely responsible.[/QUOTE]
pointlessly blaming sony and any other company in a similar position wouldn't solve the problem
only more laws against hacking will
[QUOTE=Uber|nooB;29631187]pointlessly blaming sony and any other company in a similar position wouldn't solve the problem
only more laws against hacking will[/QUOTE]
They are already breaking the law by hacking, they don't give 2 shots about the law
[QUOTE=Uber|nooB;29631187]pointlessly blaming sony and any other company in a similar position wouldn't solve the problem
only more laws against hacking will[/QUOTE]
Government is still oblivious on how the internet works. How the fuck will that help?
[QUOTE=Uber|nooB;29631112]its still not sonys' fault though, it's the hackers's obligation to follow the law and not steal information.
[editline]5th May 2011[/editline]
i mean its like saying that if you leave your friends' car unlocked, it's you're fault it gets stolen
[editline]5th May 2011[/editline]
(it's actually the thief's fault btw)[/QUOTE]
this post doesn't make any sense :psyduck:
[QUOTE=Uber|nooB;29631112]its still not sonys' fault though, it's the hackers's obligation to follow the law and not steal information.
[editline]5th May 2011[/editline]
i mean its like saying that if you leave your friends' car unlocked, it's you're fault it gets stolen
[editline]5th May 2011[/editline]
(it's actually the thief's fault btw)[/QUOTE]
So you'd be OK with it if your bank piled up the money in the back room?
It's the robber's fault if your money goes missing after all.
It's totally not the company's duty to protect their customers.
[QUOTE=Uber|nooB;29631187]pointlessly blaming sony and any other company in a similar position wouldn't solve the problem
only more laws against hacking will[/QUOTE]What they did was already illegal. Sony has an obligation to protect the private information of it's customers, as would any other business; by not doing so they have jeopardised the financial details of millions.
[QUOTE=Sgt Doom;29631332]What they did was already illegal.[/QUOTE]
obviously not illegal enough if they even considered doing it
[QUOTE=Uber|nooB;29631344]obviously not illegal enough if they even considered doing it[/QUOTE]
You do realise some people just don't give a fuck even if they're going to get the death penalty?
[QUOTE=Uber|nooB;29631344]obviously not illegal enough if they even considered doing it[/QUOTE]Murder is illegal, yet people still do it. Unless you're suggesting executions (even then, many US states execute murderers, but it doesn't seem to be helping), laws do not have a 100% preventative effect. In this case, the vast amount of data stolen from such an unusually soft and improperly defended target could net millions for the criminals involved.
The hackers and Sony are both at fault for their respective mistakes.
Sony failed to secure their database containing millions of users' personal details. Criminal negligence.
The hacker(s) unlawfully entered the database and stole credit card details.
[QUOTE=Jon27;29631410]The hackers and Sony are both at fault for their respective mistakes.
Sony failed to secure their database containing millions of users' personal details. Criminal negligence.
The hacker(s) unlawfully entered the database and stole credit card details.[/QUOTE]Summed it up perfectly there.
it r not sony fault. sony just company the hacker deserve death penalty cuz they r the ppl at fault
They just need to get over this lawsuit bullshit, I just want to know how much money and market share Sony's going to lose over this.
Payback's a bitch.
[QUOTE=nikomo;29632180]They just need to get over this lawsuit bullshit, I just want to know how much money and market share Sony's going to lose over this.
Payback's a bitch.[/QUOTE]
Everyone is talking about payback but the only people getting hurt are the people who had nothing to do with this shit and are just customers.
[QUOTE=Uber|nooB;29631344]obviously not illegal enough if they even considered doing it[/QUOTE]
The fuck is wrong with you.
Screw it, your ban list says it all, report troll and move on.
[QUOTE=Jon27;29631410]The hackers and Sony are both at fault for their respective mistakes.
Sony failed to secure their database containing millions of users' personal details. Criminal negligence.
The hacker(s) unlawfully entered the database and stole credit card details.[/QUOTE]
actually no, its the credit card holder's fault for not pre-emptively cancelling their cards before the attack
[QUOTE=MR-X;29632280]Everyone is talking about payback but the only people getting hurt are the people who had nothing to do with this shit and are just customers.[/QUOTE]
I highly doubt Sony's CEO's doesn't give a fuck about the shit going on.
Except that would actually explain this whole mess if that's true.
[editline]5th May 2011[/editline]
[QUOTE=Uber|nooB;29633258]actually no, its the credit card holder's fault for not pre-emptively cancelling their cards before the attack[/QUOTE]
I call troll
[QUOTE=MR-X;29632280]Everyone is talking about payback but the only people getting hurt are the people who had nothing to do with this shit and are just customers.[/QUOTE]
Only way to get Sony's attention.
[QUOTE=Uber|nooB;29633258]actually no, its the credit card holder's fault for not pre-emptively cancelling their cards before the attack[/QUOTE]
Really? Why dont you shut your mouth hole before you look more like a massive idiot.
[QUOTE=jordguitar;29633551]Really? Why dont you shut your mouth hole before you look more like a massive idiot.[/QUOTE]
hey now, everyone is entitled to their own opinion
[editline]5th May 2011[/editline]
no need to be so rude
[QUOTE=Uber|nooB;29633592]hey now, everyone is entitled to their own opinion
[editline]5th May 2011[/editline]
no need to be so rude[/QUOTE]
You lost that when you said we must predict when a company holding our card info is about to be hacked and to cancel all our cards before the hack happens.
Sorry, you need to Log In to post a reply to this thread.
