Sony Running Unpatched Servers With No Firewall

← Back to Stories (view on slashdot.org)

Sony Running Unpatched Servers With No Firewall

Posted by ryuzaki0 on Thursday May 5, 2011 @03:45AM from the oh-yeah-that'll-be-fine dept.

ewhenn writes "Security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which 'was unpatched and had no firewall installed.' The issue was 'reported in an open forum monitored by Sony employees' two to three months prior to the recent security breaches."

6 of 306 comments (clear)

Min score:

Reason:

Sort:

Welp by dragonhunter21 · 2011-05-05 03:47 · Score: 4, Insightful

Well THERE'S your problem.
IANAL, but shouldn't users have the reasonable expectation that their data would be secured? Is there a suit here?

--
Sent from my CR-48
1. Re:Welp by HiredMan · 2011-05-05 04:42 · Score: 3, Insightful
  
  definitely shows that PCI is bullshit ;)
  PCI certification is joke. It's in the best interests of all involved to severely limit the scope of the "certification" - due to cost, time, intrusiveness etc.- so only certain areas get tested. You can have your "certified" PCI system hooked up on a network to a botnet but insist that only your PCI computer get "certified". It's like going to doctor and telling him your arm hurts but he can only examine your arm. When it turns out to be a heart attack and you die the doctor only gets to say "His arm was fine when I checked it."
  They like to brag that "no PCI certified system has ever been breached" but that's because when you're breached they forensically figure where you violated PCI and retro-actively revoke your certification. It's worse than bullshit it's an expensive fig leaf of security theater.
  
  --
  Bill Gates - Creationist?!?
If they had cared enough... by samjam · 2011-05-05 03:57 · Score: 3, Insightful

Sony took more care to lock the customer out of equipment the customer owned on the customers premises to "protect Sony's IP" than they took to protect the customers data running only Sony's servers at Sony's premises.
Looks like they need to move their security staff to the hosting side.
Sam

--
blog.sam.liddicott.com
Re:So now security researchers are to blame? by h4rr4r · 2011-05-05 03:57 · Score: 3, Insightful

The Sony IT folks probably wanted too, but their idiot managers prevented them. Because if the update broke something or needed downtime they can't have that.
Re:So now security researchers are to blame? by Calydor · 2011-05-05 04:04 · Score: 3, Insightful

Sadly, 'taken action' in cases such as this usually involves post deletions and forum bans.
Updating and getting a firewall costs money, banning people from a forum doesn't.
Obviously it's better to treat the symptom than cure the disease.

--
-=This sig has nothing to do with my comment. Move along now=-
So... by Capeman · 2011-05-05 04:58 · Score: 5, Insightful

Everytime a new PS3 firmware comes out, with "security updates" you are almost forced to install it or you lose PSN, plus other features, but they don't care about updating and securing their servers?