Sony's software was months out of date.

Rydian

Resident Furvert™
Member
Joined
Feb 4, 2010
Messages
27,880
Trophies
0
Age
34
Location
Cave Entrance, Watching Cyan Write Letters
Website
rydian.net
XP
8,898
Country
United States
Sony's software was months out of date.
New information about the Sony hacking.
spaffordsecurity_542011.jpg

New information has come to light surrounding the Sony hacking incident.

According to Dr. Gene Spafford, a security expert Purdue University, Sony was informed of a security concern months before the incident. A user on Sony's public forums informed them that the version of Apache (web server software) Sony was using on it's servers was out of date, and not running behind a firewall. According to the report, no action was taken to remedy this.

Anybody who works on servers can tell you that it's often a pain to update the software running on them. You run into deprecation of required functions, incompatibility with other software, you often have to re-create configurations, and sometimes you need to get used to a new method of doing things. This process costs a company more money as they often need to pay their techs overtime, and servers are often down for periods of time as the upgrades are completed and troubleshooting steps are done.

This doesn't mean it's okay to slack off! It's very important to stay up-to-date from a security perspective. Newer versions of server programs come out often because they fix security vulnerabilities. If your server isn't updated, then even though the new version of the software may fix a flaw, your server is still vulnerable to it because you haven't updated. There's often a buffer time between when an exploit is patched and when it's targeted in the wild, but waiting multiple months is well beyond an acceptable limit.

There's many places online where security flaws are publicly published, where people are encouraged to submit security flaws they've found in a program so that the creating company in question can fix it, and so users of the software can be warned. These are valuable resources for companies, to the point where some companies run bug trackers themselves on their site. The problem is that since many these are public resources, the company in question is not the only one with access to the information. Submissions often include a proof-of-concept exploit to prove to the company that the flaw should be taken seriously, but it's often not hard for an anonymous visitor to take the proof-of-concept code and modify it into something that's actually dangerous.

This is an issue that a company such as Sony should be well aware of.[/p]

icon11.gif
Source
discuss.png
Discussion
 

chrisrlink

Has a PhD in dueling
Member
GBAtemp Patron
Joined
Aug 27, 2009
Messages
4,191
Trophies
0
Location
duel acadamia
XP
3,735
Country
United States
well thats ironc no wonder they got hacked it's like a big "hack me" sign on their back sony word of advice next time just don't update you proprietary ps3 (which infact should't be yours because we bought the damn thing(s) ) but update you DAMN server security next time
 

ShadowSoldier

Well-Known Member
Member
Joined
Oct 8, 2009
Messages
9,382
Trophies
0
XP
3,823
Country
Canada
Seriously, how the hell can people defend Sony at all at this time? I can still find people who say "suing sony or bitching at them isn't going to help anything. They don't deserve any of it."

Bullshit they don't. Like I said, the damage has been done already, people should be suing Sony harshly. And so far, nothing is happening. And yet this shows that Sony was just lazy and didn't care about protection. What a joke of a company.
 

Skyline969

MENUdo Afficionado
Member
Joined
Nov 18, 2008
Messages
2,209
Trophies
0
Age
29
Location
Saskatchewan
Website
Visit site
XP
488
Country
Canada
1234turtles said:
thats the price of free online

objection-541x400.png


Nintendo has never had a failure of this magnitude, and their online services are free as well.

Now then, I'm deeply disappointed in Sony over this. I was before, but this has even further pushed it. However, will I stop using Sony products? Of course not... but I will further be known as John Doe, living at 123 Fake St in Anytown, Canada.
 

ShadowSoldier

Well-Known Member
Member
Joined
Oct 8, 2009
Messages
9,382
Trophies
0
XP
3,823
Country
Canada
Skyline969 said:
1234turtles said:
thats the price of free online

Now then, I'm deeply disappointed in Sony over this. I was before, but this has even further pushed it. However, will I stop using Sony products? Of course not... but I will further be known as John Doe, living at 123 Fake St in Anytown, Canada.

If you're going to make a fake address, at least use a real one that isn't yours. Use

1313 S. Harbor Blvd, Anaheim Ca. 92802.

Disneyland won't mind.
 

TwinRetro

Former Staff
Former Staff
Joined
Aug 29, 2008
Messages
6,257
Trophies
0
Age
37
Location
Hiatus Hell
Website
yourmom.com
XP
4,582
Country
Djibouti
ShadowSoldier said:
Skyline969 said:
1234turtles said:
thats the price of free online

Now then, I'm deeply disappointed in Sony over this. I was before, but this has even further pushed it. However, will I stop using Sony products? Of course not... but I will further be known as John Doe, living at 123 Fake St in Anytown, Canada.

If you're going to make a fake address, at least use a real one that isn't yours. Use

1313 S. Harbor Blvd, Anaheim Ca. 92802.

Disneyland won't mind.


Or 1060 West Addison Street
Chicago, IL 60613

lol
 

Skyline969

MENUdo Afficionado
Member
Joined
Nov 18, 2008
Messages
2,209
Trophies
0
Age
29
Location
Saskatchewan
Website
Visit site
XP
488
Country
Canada
TwinRetro said:
ShadowSoldier said:
Skyline969 said:
1234turtles said:
thats the price of free online

Now then, I'm deeply disappointed in Sony over this. I was before, but this has even further pushed it. However, will I stop using Sony products? Of course not... but I will further be known as John Doe, living at 123 Fake St in Anytown, Canada.

If you're going to make a fake address, at least use a real one that isn't yours. Use

1313 S. Harbor Blvd, Anaheim Ca. 92802.

Disneyland won't mind.


Or 1060 West Addison Street
Chicago, IL 60613

lol
Preferably somewhere in Canada, since I do plan on continuing usage of PSN and purchasing stuff (using prepaid cards only, of course). That way I can pay in Canadian dollars. I may set my location to be in Alberta though, so I can skip 5% sales tax.
tongue.gif
 

Site & Scene News

General chit-chat
Help Users
    Scott_pilgrim @ Scott_pilgrim: "i do indeed play osu" although lately ive been taking a bit of a break to play etterna