Sony responded to the questions from the U.S. House of Representatives’ Subcommittee on Commerce, Manufacturing and Trade with an open letter yesterday. But Dr. Gene Spafford, professor at the department of Computer Science at Purdue University, noted something interesting when speaking at the hearing.
Apparently, the Apache Web server software that Sony used was an outdated version and it also didn’t have a firewall installed. Oooops.
Even better, that issue seems to have been “reported in an open forum monitored by Sony employees” about 2-3 months before the Anonymous attacks and subsequent other hacks happened. I think it’s safe to say that if Anonymous knew about this, its attacks would’ve been more successful.
Actually, page 7 of this PDF that was inaccessible at the time of writing (maybe it hated foreigners) only said:
“Presumably, both companies are large enough that they could have afforded to spend an appropriate amount on security and privacy protections of their data; I have no information about what protections they had in place, although some news reports indicate that Sony was running software that was badly out of date, and had been warned about that risk.”
Awesome. Thanks to the commenters for pointing out my failing though! It was deserved and I love you all. Community member KwikPwn also found the YouTube video of the hearing (the official webcast still gives 404 error) that shows Dr. Stafford’s comments on the outdated Apache software and the lack of a firewall. Take a look for yourself!
Sony Was Using Outdated Software Prior to PSN Breach [GamePro] [Image]
