By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - Sony Discussion - SoE hacked and is out for the count

Grimes on 02 May 2011
the_wizard_man said:
Grimes said:

One that Sony recently discovered. But one that which has been identified and patched elsewhere for a while already.

so do you fix everything you notice the second you notice it, things take time, at most it took them too much but without an actual time frame and industry standards to compare it to we don't even know that 


Actually yes. When security patches are released, administrators are expected to be aware of it and apply them if necessary.



Anyone can guess. It takes no effort to throw out lots of predictions and have some of them be correct. You are not and wiser or better for having your guesses be right. Even a blind man can hit the bullseye.

Around the Network
the_wizard_man on 02 May 2011
Grimes said:
the_wizard_man said:
Grimes said:

One that Sony recently discovered. But one that which has been identified and patched elsewhere for a while already.

so do you fix everything you notice the second you notice it, things take time, at most it took them too much but without an actual time frame and industry standards to compare it to we don't even know that 


Actually yes. When security patches are released, administrators are expected to be aware of it and apply them if necessary.

So the second one person on the team discovers the vunerability the adminstrator is suppossed to magically know it and repair it within a second?



Grimes on 02 May 2011
the_wizard_man said:
Grimes said:
the_wizard_man said:
Grimes said:

One that Sony recently discovered. But one that which has been identified and patched elsewhere for a while already.

so do you fix everything you notice the second you notice it, things take time, at most it took them too much but without an actual time frame and industry standards to compare it to we don't even know that 


Actually yes. When security patches are released, administrators are expected to be aware of it and apply them if necessary.

So the second one person on the team discovers the vunerability the adminstrator is suppossed to magically know it and repair it within a second?

I expect a security to be on top of any patches that are released to known vulnerability. They should be aware of it within days at most and have some plan of action put together. It shouldn't stay unpatched for months.

I would expect my administrators to be on email lists which inform people whenever security patches are released. Also, I would expect them to remain informed of the latest security developments by checking sites relevant to installed software on a daily basis.



Anyone can guess. It takes no effort to throw out lots of predictions and have some of them be correct. You are not and wiser or better for having your guesses be right. Even a blind man can hit the bullseye.

the_wizard_man on 02 May 2011
Grimes said:
the_wizard_man said:
Grimes said:
the_wizard_man said:
Grimes said:

One that Sony recently discovered. But one that which has been identified and patched elsewhere for a while already.

so do you fix everything you notice the second you notice it, things take time, at most it took them too much but without an actual time frame and industry standards to compare it to we don't even know that 


Actually yes. When security patches are released, administrators are expected to be aware of it and apply them if necessary.

So the second one person on the team discovers the vunerability the adminstrator is suppossed to magically know it and repair it within a second?

I expect a security to be on top of any patches that are released to known vulnerability. They should be aware of it within days at most and have some plan of action put together. It shouldn't stay unpatched for months.

I would expect my administrators to be on email lists which inform people whenever security patches are released. Also, I would expect them to remain informed of the latest security developments by checking sites relevant to installed software on a daily basis.

So where is the source saying that it was longer then days? Or even a day, or even 4 hours? Like I said without a time frame and industry standards to compare we don't know anything



fordy on 02 May 2011
the_wizard_man said:
fordy said:
the_wizard_man said:
fordy said:
the_wizard_man said:
fordy said:
o_O.Q said:

The funny thing about sony being accused over this stuff is the assumptions made by people that other networks are guaranteed to be more secure.

 


If proper maintenance is made to the other networks, then yes, they would be more secure than Sony's.

Sony's had proper maintenance so no, you are just assuming again


For gods sake, will people read the damn articles posted before spouting their stupidity?

http://www.wired.com/threatlevel/2011/04/trixter/

“If Sony is watching this channel they should know that running an older version of Apache on a RedHat server with known vulnerabilities is not wise, especially when that server freely reports its version and it’s the auth[entication] server”

Sony knew this guy was on to something. Why do you think he's being questioned now?

Because he's an ex-con with the skills to do the crime 

You didn't read the article.

He's a WHISTLEBLOWER. He sees vulnerabilities and reports them. He was jailed for shedding light on such vulnerabilities. He wasn't exploiting them.

I'll let you in oon another piece of the article:

"The authentication server he mentioned in the chats was running Apache 2.2.15, which was superseded in June 2010"

An update to Apache was available for almost a year. So where is this routine maintenance that you believe Sony had?

Nowhere did I see the article state he told sony about it just that he was discussing it, which could actually make him an accomplish, either way he did time and has the skills to do it, thats all people need to question some one, I'd be concerned if they didn't question him


So if you have the skills to do it, you're automatically accused of being an accomplice? Is that what you're trying to say? Do you honestly listen to yourself when you spout this nonsense, or do you just switch off?

you didn't take into regard that the fix to Apache was 11 MONTHS OLD. There is no excuse for trying to justify such a lapse in maintenance, and your attempt to defend this position puts your ethics in serious doubt.



Around the Network
the_wizard_man on 02 May 2011
fordy said:
the_wizard_man said:
fordy said:
the_wizard_man said:
fordy said:
the_wizard_man said:
fordy said:
o_O.Q said:

The funny thing about sony being accused over this stuff is the assumptions made by people that other networks are guaranteed to be more secure.

 


If proper maintenance is made to the other networks, then yes, they would be more secure than Sony's.

Sony's had proper maintenance so no, you are just assuming again


For gods sake, will people read the damn articles posted before spouting their stupidity?

http://www.wired.com/threatlevel/2011/04/trixter/

“If Sony is watching this channel they should know that running an older version of Apache on a RedHat server with known vulnerabilities is not wise, especially when that server freely reports its version and it’s the auth[entication] server”

Sony knew this guy was on to something. Why do you think he's being questioned now?

Because he's an ex-con with the skills to do the crime 

You didn't read the article.

He's a WHISTLEBLOWER. He sees vulnerabilities and reports them. He was jailed for shedding light on such vulnerabilities. He wasn't exploiting them.

I'll let you in oon another piece of the article:

"The authentication server he mentioned in the chats was running Apache 2.2.15, which was superseded in June 2010"

An update to Apache was available for almost a year. So where is this routine maintenance that you believe Sony had?

Nowhere did I see the article state he told sony about it just that he was discussing it, which could actually make him an accomplish, either way he did time and has the skills to do it, thats all people need to question some one, I'd be concerned if they didn't question him


So if you have the skills to do it, you're automatically accused of being an accomplice? Is that what you're trying to say? Do you honestly listen to yourself when you spout this nonsense, or do you just switch off?

you didn't take into regard that the fix to Apache was 11 MONTHS OLD. There is no excuse for trying to justify such a lapse in maintenance, and your attempt to defend this position puts your ethics in serious doubt.

No I'm saying if he told te actual hackers in the chat room what the weaknesses were he is at legal fault but thats a big if, and he wouldn't have done it knowingly but that doesn't excuse it if he did, and companies use computers that you can't even find used anymore not surprized they don't upgrade often 



fordy on 02 May 2011
the_wizard_man said:

No I'm saying if he told te actual hackers in the chat room what the weaknesses were he is at legal fault but thats a big if, and he wouldn't have done it knowingly but that doesn't excuse it if he did, and companies use computers that you can't even find used anymore not surprized they don't upgrade often 


The hardware doesn't make a bit of difference. The software was not updated, by at least two versions. That was a timespan of 11 months, and for something that is responsible for security of info for 77 million accounts, this is severe negligence on behalf of Sony.



the_wizard_man on 02 May 2011
fordy said:
the_wizard_man said:

No I'm saying if he told te actual hackers in the chat room what the weaknesses were he is at legal fault but thats a big if, and he wouldn't have done it knowingly but that doesn't excuse it if he did, and companies use computers that you can't even find used anymore not surprized they don't upgrade often 


The hardware doesn't make a bit of difference. The software was not updated, by at least two versions. That was a timespan of 11 months, and for something that is responsible for security of info for 77 million accounts, this is severe negligence on behalf of Sony.

So they are suppossed to update immedately regardless of what actually changes were made in the software? I can see companeis expoilting that by mkaing pointless updates, oh wait MS already does, anyways I don't know if it's negligence or not to me that doesn't seem that bad considering the costs involved, I can see a company only upgrading every year but again I don't know what the industry standards are and I suspect neither do you 



o_O.Q on 02 May 2011

i still don't get what makes you so sure that similar vulnerabilities aren't present on other networks.... 



Grimes on 02 May 2011
o_O.Q said:

i still don't get what makes you so sure that similar vulnerabilities aren't present on other networks.... 


When there is evidence that millions of users data are being compromised, then they should be criticized as much as Sony.



Anyone can guess. It takes no effort to throw out lots of predictions and have some of them be correct. You are not and wiser or better for having your guesses be right. Even a blind man can hit the bullseye.