If you click on a link and make a purchase we may receive a small commission. Read our editorial policy.

Security expert claims Sony ignored reports of server vulnerability

Cyber-security expert Dr. Gene Spafford has told the U.S. House of Representatives' Subcommittee on Commerce, Manufacturing and Trade that Sony allegedly ignored reports of gaping vulnerabilities on its servers.

Spafford, a professor of Computer Science at Indiana's Purdue University, was asked to detail his testified suggestion that Sony had not taken adaquete security measures against hacking.

"On a few of the security mailing lists that I read, there were discussions that individuals who work in security and participate in the Sony network ... had discovered that the network servers were hosted on ... very old versions of Apache software that were unpatched and had no firewall installed," he replied.

"These were potentially vulnerable, and that they had reported these in an open forum that was monitored by Sony employees, but had seen no response and no change or update to the software."

Asked when this took place, Spafford answered "two to three months prior to the incident where the break-ins occurred".

In written testimony, Spafford added that he has "no information about what protections [Sony] had in place", but cited news reports suggesting these preotections were inadequate.

Thanks, Destructoid.

Sign in and unlock a world of features

Get access to commenting, homepage personalisation, newsletters, and more!

Related topics
About the Author
Brenna Hillier avatar

Brenna Hillier

Contributor

Based in Australia and having come from a lengthy career in the Aussie games media, Brenna worked as VG247's remote Deputy Editor for several years, covering news and events from the other side of the planet to the rest of the team. After leaving VG247, Brenna retired from games media and crossed over to development, working as a writer on several video games.

Comments