PlayStation Network Outage Update: Sony Negligent In PSN Security

Here we go again, folks. Another group of hackers are planning to go after Sony, because they don’t like how Sony dealt with the PlayStation Network shutdown. According to Ripten:

Just moments ago we learned that an unnamed informant spoke to CNET after observing hackers boast about currently having access to some of Sony’s online servers. The attack is primarily to gain access to customers private and confidential data, and once acquired the hackers then plan to publicize all or some of the information.

This coming after Sony had pointed the finger at Anonymous, after Kaz Hirai claimed that there was no evidence Anonymous had been involved a few days earlier. This situation has gone beyond being ludicrous. Now it’s just plain annoying. Boring and annoying, a rare combination. As for restoration of PSN service, Sony says they’re in final stages, so hopefully online gameplay will return this week.

In other PlayStation News – Expert: Sony Negligent In PSN Security

An expert has given testimony to the US House of Representatives Subcomittee on Commerce, Manufacturing, and Trade during its commencement on hearings on the “unauthorized intrusion” on Sony’s PlayStation Network and Qrocity service, stating Sony knew that their security software was dated and lacked any sort of firewall against hacking.

Cybersecurity expert Dr. Gene Spafford’s testimony stated that security experts discovered discussions on forums that talked about how the PSN’s security was lacking. The threads revealed that the network was using old versions of the Apache Web server software, which ”was unpatched and had no firewall installed.”

Worse, two to three months before the attack, the vulnerability was reported ”in an open forum monitored by Sony employees,” but the company took no action to rectify the situation. If the testimony is accurate, Sony could be slapped with a serious criminal negligence charge.

The Sony intrusion alone compromised 100 million accounts both on the PSN and its Qriocity service, according to Spafford. He also cited the total cost of the breach to Sony, credit card companies, and other outfits, at $21 billion. Thieves in credit-card theft forums actually complained that the PSN breach was so great that it was depressing the price of such information by a “factor of five or 10″ on the black market.

Spafford didn’t reserve his accusations for Sony, either. He stated that law enforcement is ill-equipped to handle cyberterrorism and cyberthieft. Additionally, most companies are not equipped with enough security measures because ”investing in security measures affects the bottom line. They don’t understand the risks involved by not investing in security. … So when they are hit, they pass that cost along to their customers, and to the rest of society.” In other words, a classic case of being penny wise and pound foolish.

Spafford’s proposed solution to future security is to limit the amount of data kept by companies such as Sony and to “age the data” so it expires after a certain time.

C-Span posted the video of the testimony here.

(Thanks, GameSpot.)

Jonah Falcon is a blogger for TMRzoo and and covers all gaming consoles and platforms including Sony Playstation 3, Microsoft XBOX 360, Nintendo Wii, Sony PSP and computer games designed for Mac OS, Microsoft Windows and Linux operating systems. Jonah provides his readers with reviews, previews and up to date gaming industry news and rumors.

Game Stooge Footer