By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - Sony Discussion - Detective Work Reveals PSN Servers Up To Date

Booh! on 08 May 2011
Nsanity said:

If going off topic is the only way win yourself argument and make me look like the bad guy then fire ahead becuse im done wastn my time responding to someone who gets upset over little of things.


It's not some posted word, boy, if you knew just a little about this matter you'd know that https://auth.np.ac.playstation.net:443/

is a PSN server and that the google cache is an evidence (because a third party, Google, registered the response of the server) of what software that server was running.

http://webcache.googleusercontent.com/search?q=cache:h9540GDnnIoJ:auth.np.ac.playstation.net:443/ auth.np.ac.playstation.net

An evidence, you know? Not the word of someone, there's an evidence, a fact that a PSN server was running up-to-date software. Now you can move along.



Around the Network
Profcrab on 08 May 2011
ShinmenTakezo said:
Profcrab said:

A poster on a website does brief research that consitutes looking up the version of a the web server operating Sony's webpage and this consitutes any sort of real proof that the servers that were breached were up to date and had the appopriate security?  The information seems just as unreliable.  Excuse me if I don't call the esteemed data security services of deathindustrial.

Sony has a black eye over this.  There was a breach and personal data was lost.  That was bad.  The informed customers 6 days after they discovered the breach.  That is worse.  A credit card database was cofirmed stolen.  That is even worse.  To top it off, the online system that went down is still down 18 days later.  BAMM!  That is a black eye that is going to sting for a few years.  Fixing this mess and repairing the damage is going to cost Sony alot of money over the course of those years.

It isn't about wanting to see Sony fall.  When we hear the details of how and why this breach occured, we can discuss the degree to which Sony was negligent before the breach.  The results of the breach, however, are bad enough.  At this point, the hole has been dug and Sony is in it.

The article says he checked what software the PSN servers were running. The software was up to date. I highly doubt Sony, or any company for that matter, would update the software on one server and not the others. That would be highly illogical, and supremely lazy. It's just software. A simple download and install is all that is needed.

No one has issued a statement as to the details of the intrusion or the status of the servers at the time.  We are likely going to get the details eventually since Sony is going to be answering detailed questions about this to the various government agencies that are investigating and the lawsuits that are brewing.  Everything we are seeing are pieces of information that people are using to speculate.  The information is either from questionable sources (the chat logs) or information that may not characterize whether or not Sony's security was "up to date".



Thank god for the disable signatures option.

NJ5 on 08 May 2011

One program (apache) on one server (auth) was up to date at a certain point (March).



My Mario Kart Wii friend code: 2707-1866-0957

Booh! on 08 May 2011
NJ5 said:

One program (apache) on one server (auth) was up to date at a certain point (March).


Almost good: Apache is the server. So it is:

on one machine, the server (Apache) was up to date (version 2.2.17) when the violation happened.

Since these servers work in parallel, they are also updated in parallel, so the unsourced claim that said that they were out of date is highly unlikely.



M.U.G.E.N on 08 May 2011

Good find



In-Kat-We-Trust Brigade!

"This world is Merciless, and it's also very beautiful"

For All News/Info related to the PlayStation Vita, Come and join us in the Official PSV Thread!

Around the Network
NJ5 on 08 May 2011
Booh! said:
NJ5 said:

One program (apache) on one server (auth) was up to date at a certain point (March).


Almost good: Apache is the server. So it is:

on one machine, the server (Apache) was up to date (version 2.2.17) when the violation happened.

Since these servers work in parallel, they are also updated in parallel, so the unsourced claim that said that they were out of date is highly unlikely.

The term "server" is used both for a computer hosting server software and each individual server software (e.g. Apache) itself... so your correction is unnecessary.

But since you're trying to nitpick, I'm going to nitpick further and say that you don't know Apache was up-to-date when the attack happened. Strictly speaking it's possible they downgraded after March 23 for some strange reason.



My Mario Kart Wii friend code: 2707-1866-0957

Booh! on 08 May 2011
NJ5 said:
Booh! said:
NJ5 said:

One program (apache) on one server (auth) was up to date at a certain point (March).


Almost good: Apache is the server. So it is:

on one machine, the server (Apache) was up to date (version 2.2.17) when the violation happened.

Since these servers work in parallel, they are also updated in parallel, so the unsourced claim that said that they were out of date is highly unlikely.

The term "server" is used both for a computer hosting server software and each individual server software (e.g. Apache) itself... so your correction is unnecessary.

But since you're trying to nitpick, I'm going to nitpick further and say that you don't know Apache was up-to-date when the attack happened. Strictly speaking it's possible they downgraded after March 23 for some strange reason.


In fact I said that it's highly unlikely, not that it's certain



ShinmenTakezo on 08 May 2011
Profcrab said:
ShinmenTakezo said:
Profcrab said:

A poster on a website does brief research that consitutes looking up the version of a the web server operating Sony's webpage and this consitutes any sort of real proof that the servers that were breached were up to date and had the appopriate security?  The information seems just as unreliable.  Excuse me if I don't call the esteemed data security services of deathindustrial.

Sony has a black eye over this.  There was a breach and personal data was lost.  That was bad.  The informed customers 6 days after they discovered the breach.  That is worse.  A credit card database was cofirmed stolen.  That is even worse.  To top it off, the online system that went down is still down 18 days later.  BAMM!  That is a black eye that is going to sting for a few years.  Fixing this mess and repairing the damage is going to cost Sony alot of money over the course of those years.

It isn't about wanting to see Sony fall.  When we hear the details of how and why this breach occured, we can discuss the degree to which Sony was negligent before the breach.  The results of the breach, however, are bad enough.  At this point, the hole has been dug and Sony is in it.

The article says he checked what software the PSN servers were running. The software was up to date. I highly doubt Sony, or any company for that matter, would update the software on one server and not the others. That would be highly illogical, and supremely lazy. It's just software. A simple download and install is all that is needed.

No one has issued a statement as to the details of the intrusion or the status of the servers at the time.  We are likely going to get the details eventually since Sony is going to be answering detailed questions about this to the various government agencies that are investigating and the lawsuits that are brewing.  Everything we are seeing are pieces of information that people are using to speculate.  The information is either from questionable sources (the chat logs) or information that may not characterize whether or not Sony's security was "up to date".

The article clearly states you can check the status of the severs' security yourself with the proper know-how. There were also links provided for the nay sayer so they could verify it  for themselves. There is no speculation. That is fact. The only way it would not be fact was if Google was in cahoots with Sony. Is Google a questionable source?

Claiming Sony's security was lax is speculation.

Proving Sony's security was not lax and providing the means to check said security is investigative and fact inducing.



kitler53 on 08 May 2011

interesting article and all but i thought the "common knowledge" of sony being out of date came from their statment of "blah blah blah ... we were exploited via a known whatever that we were not aware of. something something.

that doesn't quite add up to me.



Nsanity on 08 May 2011

What do you make of this?

http://pastebin.com/bAUHxtNr

http://www.quartertothree.com/game-talk/showpost.php?s=6bf5679b99bfadd676f244643f3fbb17&p=2673158&postcount=912