Security expert claims Sony ignored reports of server vulnerability

Did the warning come in the form of….SONY we are legion we will make you pay by attacking your servers?

Wheres the evidence of the logs. I wanna see proof this was explained in front of SONY employees. If its true those incompetent fucks need to be fired asap.

I agree, I want more Proof on this…this could be huge if true? But, show me the Money???

If it’s true that they were using old versions of Apache with no firewall, then that’s bad enough.

I know of Universities that are using Old versions of Apache software like this with no Firewalls, and have all their Students information, how they paid, and banking info..its crazy that they do this. There are people in positions like this, that don’t deserve to have their positions, it borders on being incompetent.

I would be VERY VERY surprised if Sony was like this, though!

@1 http://images.vg247.com/current//2011/05/201105056howardstringer.jpg

U mean this “time to retire fella?”, “according your quote If its true those incompetent fucks need to be fired asap.”

My answer is jaaaaa he need retirement or get fired..

How Spafford could know of “gaping vulnerabilities” in the PSN while at the same time having “no information about what protections [Sony] had in place” is beyond me.

^ Exactly, maybe this guy has connections with Anonymous and thats where he’s getting his sources from.

what exactly is the point here?
Everone knows this since february
it was all in the chat log.

@8
Sony was not attacked in February. It was attacked in April. Even assuming the chat log from February is true, messages from February do not tell us what security measures Sony used in April.

Congress wants to know what security measures Sony used in April, not what it used in February. So, here is the point: while there were chat logs available for a couple of months before the attack, they do not tell Congress what it wants to know. While Dr. Spafford is an expert on security, he testified that he had no information regarding Sony’s security system at the time of the attack. His lack of knowledge means that he cannot assume that Sony changed nothing of importance between February and April, but this is his precise assumption. Therefore, in my opinion, Spafford does not have the information he needs to tell us whether Sony’s security was good enough at the time of the attack, because he doesn’t know what Sony actually had in place. If the best he could do was cite news articles, maybe Congress should have talked to the columnists instead of Spafford.

9:

yeah noone knows if the chatlog was legit..
but seeing this chatlog, appearing in february, states the exact same security issues as what this “expert” now claims i guess it has some truth in it.
and by all means, sony should definatly know if the vulnerabilities in the log are true for there servers. So they had plenty of time to do something, which they didnt.
Its sonys own fault. in every aspect sony fucked up big time.
the only right decision was to immediatly shut down all services after they noticed the breach and only giving out confirmed information. but on a technical side… oh boy..

“Sony was not attacked in February.”
i didnt say that.

cancelling ps4…

Regaurdless of what happens in terms of a Sony outcome. This should be a huge wake up call to anyone running an online service. Beit MS, Nintendo, Blizzard, Netflix, Gamefly, whomever. If you haven’t already secured your stuff, you need to get to it asap.

Hacking like this can easily ruin most companies.

I know Capt obvious, but still.

Update on this:
http://bitmob.com/articles/detective-work-reveals-psn-servers-up-to-date

Turns out Sony werent using an out of date version of Apache. I guess ‘Security experts’ should get off their hands and do some work, rather then believe any rubbish posted on the internet if they’re going to start sending letters to Congress.

Yes I read that. In the interest of balance, and the prevention of further FUD regarding the matter, I’d like to see this news given a story in itself.