Sony's software was months out of date.

Discussion in 'GBAtemp & Scene News' started by Rydian, May 5, 2011.

  1. Rydian
    OP

    Rydian Resident Furvertâ„¢

    Member
    27,883
    8,113
    Feb 4, 2010
    United States
    Cave Entrance, Watching Cyan Write Letters
    Sony's software was months out of date.
    New information about the Sony hacking.
    [​IMG]

    New information has come to light surrounding the Sony hacking incident.

    According to Dr. Gene Spafford, a security expert Purdue University, Sony was informed of a security concern months before the incident. A user on Sony's public forums informed them that the version of Apache (web server software) Sony was using on it's servers was out of date, and not running behind a firewall. According to the report, no action was taken to remedy this.

    Anybody who works on servers can tell you that it's often a pain to update the software running on them. You run into deprecation of required functions, incompatibility with other software, you often have to re-create configurations, and sometimes you need to get used to a new method of doing things. This process costs a company more money as they often need to pay their techs overtime, and servers are often down for periods of time as the upgrades are completed and troubleshooting steps are done.

    This doesn't mean it's okay to slack off! It's very important to stay up-to-date from a security perspective. Newer versions of server programs come out often because they fix security vulnerabilities. If your server isn't updated, then even though the new version of the software may fix a flaw, your server is still vulnerable to it because you haven't updated. There's often a buffer time between when an exploit is patched and when it's targeted in the wild, but waiting multiple months is well beyond an acceptable limit.

    There's many places online where security flaws are publicly published, where people are encouraged to submit security flaws they've found in a program so that the creating company in question can fix it, and so users of the software can be warned. These are valuable resources for companies, to the point where some companies run bug trackers themselves on their site. The problem is that since many these are public resources, the company in question is not the only one with access to the information. Submissions often include a proof-of-concept exploit to prove to the company that the flaw should be taken seriously, but it's often not hard for an anonymous visitor to take the proof-of-concept code and modify it into something that's actually dangerous.

    This is an issue that a company such as Sony should be well aware of.[/p]

    [​IMG] Source
    [​IMG] Discussion
     
  2. Rydian
    OP

    Rydian Resident Furvertâ„¢

    Member
    27,883
    8,113
    Feb 4, 2010
    United States
    Cave Entrance, Watching Cyan Write Letters
    Personal opinion: Hey look, Sony decided to try to cut maintenance costs again!
     
  3. 1234turtles

    1234turtles GBAtemp Advanced Fan

    Member
    717
    115
    Jan 1, 2011
    United States
    thats the price of free online
     
  4. TwinRetro

    TwinRetro Global Moderator

    Global Moderator
    6,246
    5,070
    Aug 29, 2008
    Djibouti
    Hiatus Hell
    So there you go. It's no longer speculation, there is undeniable proof that Sony's servers weren't up to snuff.
     
  5. Quietlyawesome94

    Quietlyawesome94 GBAtemp Maniac

    Member
    1,146
    557
    Dec 4, 2010
    United States
    The Internet
    Well we saw how that approach worked out for them.

    C$1 Billion suit filed against Sony (I might feel sorry for them if they lose this. But than again, probably not.)
     
  6. chrisrlink

    chrisrlink your friendly neighborhood serial killer

    Member
    1,608
    199
    Aug 27, 2009
    United States
    Elm street
    well thats ironc no wonder they got hacked it's like a big "hack me" sign on their back sony word of advice next time just don't update you proprietary ps3 (which infact should't be yours because we bought the damn thing(s) ) but update you DAMN server security next time
     
  7. FrozenIndignation

    FrozenIndignation Tyrant R. of ye olde Prinny Squad

    Member
    GBAtemp Patron
    FrozenIndignation is a Patron of GBAtemp and is helping us stay independent!

    Our Patreon
    535
    1,249
    Nov 10, 2010
    Antarctica
    Wherever Yakity sax plays
    Oh sony, you silly troll you. [​IMG]
     
  8. RexNebular

    RexNebular Advanced Member

    Newcomer
    54
    0
    May 1, 2006
    They weren't kidding about removing Linux support. They even stopped updating their own Linux servers [​IMG]
     
  9. ShadowSoldier

    ShadowSoldier GBAtemp Guru

    Member
    9,383
    3,300
    Oct 8, 2009
    Canada
    Seriously, how the hell can people defend Sony at all at this time? I can still find people who say "suing sony or bitching at them isn't going to help anything. They don't deserve any of it."

    Bullshit they don't. Like I said, the damage has been done already, people should be suing Sony harshly. And so far, nothing is happening. And yet this shows that Sony was just lazy and didn't care about protection. What a joke of a company.
     
  10. Nollog

    Nollog GBAtemp Addict

    Member
    2,703
    472
    Oct 10, 2008
    Oh Shock!
    Sony not listening to people trying to help them secure their servers.
     
  11. TwinRetro

    TwinRetro Global Moderator

    Global Moderator
    6,246
    5,070
    Aug 29, 2008
    Djibouti
    Hiatus Hell
    BLAM! You ALL get a taste of the Bitch Puddin'!
     
  12. ultimate.fake.ac

    ultimate.fake.ac GBAtemp Regular

    Member
    107
    0
    May 29, 2010
    Canada
    Yay, yet another chapter to the saga. Looking forward to the next one!
     
  13. Skyline969

    Skyline969 MENUdo Afficionado

    Member
    2,207
    8
    Nov 18, 2008
    Canada
    Saskatchewan
    [​IMG]

    Nintendo has never had a failure of this magnitude, and their online services are free as well.

    Now then, I'm deeply disappointed in Sony over this. I was before, but this has even further pushed it. However, will I stop using Sony products? Of course not... but I will further be known as John Doe, living at 123 Fake St in Anytown, Canada.
     
  14. junkerde

    junkerde Banned

    Banned
    483
    37
    Jan 3, 2011
    United States
    sony is fag, thus i dub thee troll.
     
  15. ShadowSoldier

    ShadowSoldier GBAtemp Guru

    Member
    9,383
    3,300
    Oct 8, 2009
    Canada
    If you're going to make a fake address, at least use a real one that isn't yours. Use

    1313 S. Harbor Blvd, Anaheim Ca. 92802.

    Disneyland won't mind.
     
  16. TwinRetro

    TwinRetro Global Moderator

    Global Moderator
    6,246
    5,070
    Aug 29, 2008
    Djibouti
    Hiatus Hell

    Or 1060 West Addison Street
    Chicago, IL 60613

    lol
     
  17. Skyline969

    Skyline969 MENUdo Afficionado

    Member
    2,207
    8
    Nov 18, 2008
    Canada
    Saskatchewan
    Preferably somewhere in Canada, since I do plan on continuing usage of PSN and purchasing stuff (using prepaid cards only, of course). That way I can pay in Canadian dollars. I may set my location to be in Alberta though, so I can skip 5% sales tax. [​IMG]
     
  18. EpicJungle

    EpicJungle stop browbeating me can't you see i'm sexy

    Member
    1,002
    3
    Aug 28, 2009
    Canada
    Why is Sony so careless [​IMG]
     
  19. Gh0sti

    Gh0sti iOS Guru

    Member
    1,326
    49
    Aug 19, 2009
    United States
    Inside you, all around you
    this says it all
    [​IMG]

    source vgcats.com
     
  20. gamefan5

    gamefan5 Kid Icarus Uprising connoiseur

    Member
    4,947
    2,071
    Aug 29, 2010
    Canada
    Somewhere in this Earth
    Ok this is ridiculous as hell.

    My friend, you just described perfectly the situation.