Yesterday Sony blamed the "hacktivist" group Anonymous for the late April attack on the Playstation Network that has their online servers down for weeks and angered their users and sparked a congress wide investigation. Now that the investigation has begun the testimonial stage, can Sony point the finger at themselves after recent findings?
Dr. Gene Spafford, a professor at Purdue Universtity and a security expert took to the stand yesterday and made claims that Sony knew that their servers were at risk for months, because of out of date Apache software.
"....some news reports indicate that Sony was running software that was badly out of date, and had been warned about that risk....
Nonetheless, the increase in sophistication of attackers, and the growth in data do not totally explain all the incidents. My personal conclusion from reviews of reports in the pressand discussions at professional meetings is that operators of these systems — both in government and the private sector — continue to run outmoded, flawed software, fail to follow some basic good practices of security and privacy, and often have insufficient training or support. The most commonly cited reason for these failings is cost. The cost of providing better security and privacy protection is viewed as overhead that is not recovered in increased revenue, and it is usually one of the first things trimmed in budget cuts. Running outdated software and unpatched operating systems exposes citizens to risks and consequences whose cost a company does not bear. Therefore a company does not have an immediate economic incentive to make the investment needed to prevent breaches." - Dr. Gene Shappord via Committee of Energy and Commerce
If this revelation proves to be true, Jeff Fox a Consumer Reports Techonology Editor told The Consumerist that Sony needs to blame Sony.
"If Dr. Spafford's assessment is accurate, it's inexcusable that Sony not only ran obsolete software on servers containing confidential data, but also that the company continued to do so after this information was publicly disclosed..." - Jeff Fox, Consumer Reports Technology Editor
Sony did not directly respond to the latest allegations, however Sony President Sir Howard Stringer released another apology on behalf of Sony. During the apology Stringer still blamed the hackers for the main reason for the security breach.
"I know some believe we should have notified our customers earlier than we did. It’s a fair question. As soon as we discovered the potential scope of the intrusion, we shut down the PlayStation Network and Qriocity services and hired some of the best technical experts in the field to determine what happened. I wish we could have gotten the answers we needed sooner, but forensic analysis is a complex, time-consuming process. Hackers, after all, do their best to cover their tracks, and it took some time for our experts to find those tracks and begin to identify what personal information had — or had not — been taken." - Sir Howard Stringer, Sony President
While the hackers may have caused the security intrusion that left millions of users wondering if their credit card and personal information had been comprimised, Sony needs to start thinking about if the recent allegations of known outdated server software can hold up in court and what this means for the future of Sony in the video game industry if it can be proven.
via Playstation Blog
Recommended Comments
There are no comments to display.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now