DCAWD.com

chicken n waffles wrote:

In congressional testimony this morning, Dr. Gene Spafford of Purdue University said that Sony was using outdated software on its servers — and knew about it months in advance of the recent security breaches that allowed hackers to get private information from over 100 million user accounts.

According to Spafford, security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which "was unpatched and had no firewall installed." The issue was "reported in an open forum monitored by Sony employees" two to three months prior to the recent security breaches, said Spafford.

Spafford made his comments in a hearing convened by the House Subcommittee on Commerce, Manufacturing, and Trade. Sony was invited to participate in the hearing, but declined to attend. In a letter to the committee, Sony said it has added automated software monitoring and enhanced data security and encryption to its systems in the wake of the recent security breaches.

"If Dr. Spafford's assessment is accurate, it's inexcusable that Sony not only ran obsolete software on servers containing confidential data, but also that the company continued to do so after this information was publicly disclosed," said Jeff Fox, Consumer Reports Technology Editor.

Libra Monkee wrote:I still think it's sad how the PS3 is the only the device to ever LOSE features over its lifespan. Backwards compatability, 2 usb ports, Other OS, flash memory ports, and now PSN. Plus, they sue you if you tinker with the object you spent $300-$500 to buy. The expression "uber fail" comes to mind.

Maybe it's time I invest in an Xbox.

complacent wrote:i'm really happy i only paid $200 for mine, brand new. thank you sony card promotion!

complacent wrote:the ing book.

We discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”

Speaking to Bloomberg, Sony's Shigenori Yoshida said that the company was uncertain when services would be fully functional but that a 'plan to restart the services' on May 31st was still in place.
The Japanese electronics giant is currently working around the clock to repair its shonky security which was breached by hackers on April 20th. Even if the planned date isn't shifted once again, as it has been several times already, the entire network will have been broken for 41 days come May 31st.
The latest theory is that a rogue splinter cell from many-headed hacking hydra Anonymous was responsible for the action which led to Sony pulling the plug, but there are about as many theories out there as there are hacked accounts, which currently stand close to the 100 million mark.
The entire staff here at thinq_ can't remember a single occasion of any network service being taken down for more than a month for any reason, and we have a fair few years between us.
Sony likes to break records but we can see the company's directors being less than delirious once this hits the pages of the Guinness Book.

Remember the recent PlayStation Network outage? You know the one, right? It started in late-April and lasted up through this weekend's phased restoration (and continues on for many un-phased users). Well, Sony would like to sincerely apologize for the whole thing the best way it knows how: free video games. The company today announced its "Welcome Back" program, which is letting all existing PSN and Qriocity users in North America pick two of the following games: Dead Nation, inFAMOUS, LittleBigPlanet, Super Stardust HD, and Wipeout HD + Fury. PSP users, meanwhile, can chose two from LittleBigPlanet, ModNation Racers, Pursuit Force, and Kill Liberation. You can claim the games at some point in the next 30 days, and once you've downloaded, they're yours to keep. The gesture may well prove too little, too late for many disgruntled users -- but even they'll likely have trouble staying angry at Sackboy's adorable little dirt-stained mug.

I've lost count of how many times Sony's online properties have been hacked now—I just don't have that many fingers—but it's happened again. Databases used to operate sonypictures.com, sonybmg.nl, and sonybmg.be have been compromised by a group calling itself Lulz Security, or LulzSec for short. This is the same group that earlier in the week hacked PBS's servers in retaliation for a documentary felt to be critical of Wikileaks; they also hacked sonymusic.co.jp last week.

Just as was the case with the sonymusic.gr hack and LulzSec's sonymusic.co.jp hack, the latest hack was performed using SQL injection: a rudimentary technique that depends on improper handling of website URLs. Being susceptible to SQL injection is embarrassing enough—techniques to prevent it are well-known, and easy to apply to any database-driven website—but what makes this hack even worse is the data that has been compromised.

The hackers retrieved account information from the database. They claim there are more than a million accounts in total; their BitTorrented dump just contained a sample. The database contained information about a variety of different account types, apparently related to different promotions and features operated by the company. Different sets of accounts, but with one major feature in common: they included plaintext passwords. Anyone who can read the database can read the passwords. And given that password reuse is rampant—many, many people use the same passwords for websites as they do their e-mail or online banking—many of those who have had their Sony accounts compromised now risk having their e-mail accounts attacked.

Some accounts also included names, phone numbers and full postal addresses.

At some point, one has to imagine that Sony will realize that it's a major target for hackers and it will wise up and fix its multitudinous broken Web applications. Until then, Lulz Security's "Lulz Boat" will continue to find rich plunder wherever it sails.

Sabre wrote:
One really has to wonder: Why is Sony such a big target? Removing the "Other OS" feature was a dick move, but that can't explain the wrath that they have endured from the hackers of the world. lol, I'd much rather this be focused on the MPAA/RIAA (j/k). I'm shocked that XBL hasn't been hit either.

The long arm of the law may have finally caught up with some of the hackers behind the recent (and seemingly endless) PSN outage. Authorities in Spain say they have arrested three members of the hacktivist collective Anonymous and seized at least one computer used in the attacks on Sony. Those arrested are believed to have been important in coordinating the group's activities in the country and to have distributed the Loic DDoS tool to others. Now, of course, the Spanish government will have to be on high alert -- if we know one thing about Anonymous, it's that it is not trigger shy when it comes to exacting revenge.

It's been several months since the massive hack that brought the PlayStation Network to its knees. For Sony, the nightmare isn't over. A new lawsuit filed this past week alleges that the company ignored the warnings of its own staff, made no attempt to address the small break-ins now seen as precursors to the huge assault that followed, and actually fired security personnel immediately prior to the break-in.

There are numerous allegations. The company is accused of lavishly upgrading its own corporate security while neglecting to safeguard consumer information. This last is an established fact--while Sony remains the genuine victim of an attack, the company's external-facing servers were running outdated security software with known flaws. There were actually two significant incidents—77 milion accounts in North America and Europe were accessed in April, while an additional 25 million accounts were lifted on May 2.

The suit doesn't name how many SOE (Sony Online Entertainment) employees were laid off, but notes that the number was a "substantial percentage." If the suit is accurate, Sony may end up looking worse than it aready does. Unlike the data breach, which we didn't think would cause long-term harm, a case that demonstrated corporate suits were only concerned with patching security flaws on the corporate side of the equation really *could* leave a bad taste in customers' mouths.