By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - Sony Discussion - Detective Work Reveals PSN Servers Up To Date

NoCtiS_NoX on 08 May 2011

 

Source: http://bitmob.com/articles/detective-work-reveals-psn-servers-up-to-date

 

We've all been hearing over and over again for the last week that Sony was running an outdated version of Apache on their webservers. The implication of course being that this represents Sony's laissez-faire attitude towards the protection of customer information, making it easy for the hackers to gain entry to PSN. But the funny thing about this kind of "common knowledge" in the age of the internet is the way rumors have an unfortunate tendancy to be repeated as fact. Just a week ago it was common knowledge that Sony stored every PSN passwords in plain text. It was also common knowledge that SOE hadn't been compromised. Neither of those things proved true.
 
One member of the Beyond3D forum, deathindustrial, was curious about the outdated server software claim and did a very brief amount of research into the issue. Beyond3D's community has a unique combination of technically knowledgable user with a low rate of console fanboyism allowing for an honest discussion of things like the PSN data breach without the conversation devolving into another proxy battle in the great fanboy wars.
 
As it turns out, it is fairly simple to use Google's webcache to show what version of Apache the PSN servers were using back in March. According to a page request archived by Google on March 23, 2011, at that time Sony was running version 2.2.17 of the popular software. You can see from Apache's website 2.2.17 is the latest, stable version of the webserver available even today. This is a direct repudiation of the claims being made that Sony's webservers were out of date by as much as five years.
 
Poster deathindustrial also goes on to point out the folly in using "security expert" Dr Stafford's testimony before Congress as a source for the claims that the servers were outdated and that Sony knew about it. In the written statement which accompanied his testimony he clearly states:
I have no information about what protections they had in place, although some
news reports indicate that Sony was running software that was badly out of date, and had been warned about that risk.
In truth, he has no first hand knowledge of the state of Sony's servers or Sony's knowledge about possible exploits and that he was literally repeating claims he read in the media which stem from IRC logs that were being passed around back in February. He didn't even do the very basic detective work it has taken to completely repudiates the claims.
 
It's sad to say, but many are so eager to see Sony's eye blackened that they are willing to believe any rumor which puts the PlayStation in a negative light. We are in a backwards world where everything Sony says is assumed to be a lie or conspiracy and anonymous "IRC chat logs" of dubious origins have miraculously become the most trusted news source in the industry. Here we have a concrete example of why its important to actually verify your source before repeating something as fact.
Well, I don't know what to believe anymore...


Around the Network
Doobie_wop on 08 May 2011

This thread will go unnoticed, this piece of info will be ignored by the media (controversy breeds coverage and hits), people will continue to spout untrue or unproven things, Sony should have mentioned this at their press interview (they may have, not sure), every case against them will lead to nothing and this once again seems to be a case of people believing what they want to believe or trying to make up things to just push along their agenda (media, fanboys, hacker supports and whatever).



Bet with Conegamer and AussieGecko that the PS3 will have more exclusives in 2011 than the Wii or 360... or something.

http://gamrconnect.vgchartz.com/post.php?id=3879752

NiKKoM on 08 May 2011

1 server /= 45 servers.. the server for the webpages could be updated but the server where our info was not...



 

Face the future.. Gamecenter ID: nikkom_nl (oh no he didn't!!) 

Rainbird on 08 May 2011

Glad to hear that Sony weren't slacking in that area after all.



mantlepiecek on 08 May 2011

The password thing was hilarious. OMG OMG Sony stores passwords in clear text OMG their encryption must be sh*t too OMG LMAO.

If this turns out to be true you can bet your ass these anal lysts won't be lasting much longer.



Around the Network
Rainbird on 08 May 2011
NiKKoM said:

1 server /= 45 servers.. the server for the webpages could be updated but the server where our info was not...

Wouldn't it be weird if that was the only one they kept up to date though? It seems natural that they would upgrade all their servers over as few rollouts as possible, and the servers that keep our data need to be contacted by the webpage server for stuff like account info and what not. Not keeping them up to date with the webpage server seems very illogical, especially if they're running five year old software.



butcherknife on 08 May 2011

I thought they have 77 servers. I wonder how long it takes to update those all those servers...days, weeks, months?



yo_john117 on 08 May 2011
NiKKoM said:

1 server /= 45 servers.. the server for the webpages could be updated but the server where our info was not...

Has Sony given a statement about all this stuff yet?



Profcrab on 08 May 2011

A poster on a website does brief research that consitutes looking up the version of a the web server operating Sony's webpage and this consitutes any sort of real proof that the servers that were breached were up to date and had the appopriate security?  The information seems just as unreliable.  Excuse me if I don't call the esteemed data security services of deathindustrial.

Sony has a black eye over this.  There was a breach and personal data was lost.  That was bad.  The informed customers 6 days after they discovered the breach.  That is worse.  A credit card database was cofirmed stolen.  That is even worse.  To top it off, the online system that went down is still down 18 days later.  BAMM!  That is a black eye that is going to sting for a few years.  Fixing this mess and repairing the damage is going to cost Sony alot of money over the course of those years.

It isn't about wanting to see Sony fall.  When we hear the details of how and why this breach occured, we can discuss the degree to which Sony was negligent before the breach.  The results of the breach, however, are bad enough.  At this point, the hole has been dug and Sony is in it.



Thank god for the disable signatures option.

Torillian on 08 May 2011
Profcrab said:

A poster on a website does brief research that consitutes looking up the version of a the web server operating Sony's webpage and this consitutes any sort of real proof that the servers that were breached were up to date and had the appopriate security?  The information seems just as unreliable.  Excuse me if I don't call the esteemed data security services of deathindustrial.

 

But you said it right there, the information is just as unreliable, so now you have two unreliable sources and yet some will still say that it's a foregone conclusion that Sony's servers were out of date.  Why trust one unreliable source over another?



...