By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - Sony Discussion - Detective Work Reveals PSN Servers Up To Date

hxczuner on 08 May 2011
ShinmenTakezo said:
Profcrab said:

A poster on a website does brief research that consitutes looking up the version of a the web server operating Sony's webpage and this consitutes any sort of real proof that the servers that were breached were up to date and had the appopriate security?  The information seems just as unreliable.  Excuse me if I don't call the esteemed data security services of deathindustrial.

Sony has a black eye over this.  There was a breach and personal data was lost.  That was bad.  The informed customers 6 days after they discovered the breach.  That is worse.  A credit card database was cofirmed stolen.  That is even worse.  To top it off, the online system that went down is still down 18 days later.  BAMM!  That is a black eye that is going to sting for a few years.  Fixing this mess and repairing the damage is going to cost Sony alot of money over the course of those years.

It isn't about wanting to see Sony fall.  When we hear the details of how and why this breach occured, we can discuss the degree to which Sony was negligent before the breach.  The results of the breach, however, are bad enough.  At this point, the hole has been dug and Sony is in it.

The article says he checked what software the PSN servers were running. The software was up to date. I highly doubt Sony, or any company for that matter, would update the software on one server and not the others. That would be highly illogical, and supremely lazy. It's just software. A simple download and install is all that is needed.


Unti recently, I would've agreed with this without a second thought and, for the most part, I believe Sony is in the right, but all of this does cast a shadow of doubt, no? One would think that a company of Sony's caliber would keep all of their servers updated, but one would also think that they would be more on the ball as far as damage control is concerned. It's all so iffy, and there's so much that we can't know it's hard to form a solid opinion.



3DS | 2363-5694-1881 | lpfisher

Around the Network
Capulous on 08 May 2011
kitler53 said:

interesting article and all but i thought the "common knowledge" of sony being out of date came from their statment of "blah blah blah ... we were exploited via a known whatever that we were not aware of. something something.

that doesn't quite add up to me.


This. Sony said they were attack through a known vulnerability. It doesn't make sense, if the servers were up to date. They would also have been the first to discount the claims about their servers, if it were untrue. The fact that they haven't really makes this "claim" seem baseless.



thismeintiel on 08 May 2011
Profcrab said:

A poster on a website does brief research that consitutes looking up the version of a the web server operating Sony's webpage and this consitutes any sort of real proof that the servers that were breached were up to date and had the appopriate security?  The information seems just as unreliable.  Excuse me if I don't call the esteemed data security services of deathindustrial.

Sony has a black eye over this.  There was a breach and personal data was lost.  That was bad.  The informed customers 6 days after they discovered the breach.  That is worse.  A credit card database was cofirmed stolen.  That is even worse.  To top it off, the online system that went down is still down 18 days later.  BAMM!  That is a black eye that is going to sting for a few years.  Fixing this mess and repairing the damage is going to cost Sony alot of money over the course of those years.

It isn't about wanting to see Sony fall.  When we hear the details of how and why this breach occured, we can discuss the degree to which Sony was negligent before the breach.  The results of the breach, however, are bad enough.  At this point, the hole has been dug and Sony is in it.

As Trollian said, the professor's claim was just as, if not more, unreliable.  And I have to laugh at the few years comment.  It will take only a few months after the PSN goes back up for this to be out of the vast majority's minds.  It's already started to slip out of people's minds because of the news of Bin Laden's death. 



 

thismeintiel on 08 May 2011
Capulous said:
kitler53 said:

interesting article and all but i thought the "common knowledge" of sony being out of date came from their statment of "blah blah blah ... we were exploited via a known whatever that we were not aware of. something something.

that doesn't quite add up to me.


This. Sony said they were attack through a known vulnerability. It doesn't make sense, if the servers were up to date. They would also have been the first to discount the claims about their servers, if it were untrue. The fact that they haven't really makes this "claim" seem baseless.

Yes, but didn't this accusation of the out of date software come from the government hearing?  This happened after Sony's press conference.  And right now, I think Sony is a little more interested in sorting this whole mess out and helping the FBI/Homeland Security get all the facts, than answer questions brought up by a professer using "proof" from a chatlog at a subcommittee meeting.



 

Booh! on 09 May 2011
Nsanity said:

What do you make of this?

http://pastebin.com/bAUHxtNr

http://www.quartertothree.com/game-talk/showpost.php?s=6bf5679b99bfadd676f244643f3fbb17&p=2673158&postcount=912


This:

http://www.quartertothree.com/game-talk/showpost.php?p=2673715&postcount=961

Moreover 2.2.17 is the latest stable version of the Apache server, the 2.3.xx are beta versions (that's the usual practice for versioning in open source software).



Around the Network
Filletofish on 09 May 2011
Booh! said:
Nsanity said:

What do you make of this?

http://pastebin.com/bAUHxtNr

http://www.quartertothree.com/game-talk/showpost.php?s=6bf5679b99bfadd676f244643f3fbb17&p=2673158&postcount=912


This:

http://www.quartertothree.com/game-talk/showpost.php?p=2673715&postcount=961

Moreover 2.2.17 is the latest stable version of the Apache server, the 2.3.xx are beta versions (that's the usual practice for versioning in open source software)


That link says that there was at least one server that wasn't running 2.2.17 but a much older version. It only takes one server to be out of date.



nanarchy on 09 May 2011

The truly interesting thing on the blog and the discussions below it is that his research proved the exact OPPOSITE of what he is claiming, i.e. their were a number of servers that were not upto date.

 

Really this is just a bad security researcher that is using silly claims to grab some attention/hits.



Booh! on 09 May 2011
nanarchy said:

The truly interesting thing on the blog and the discussions below it is that his research proved the exact OPPOSITE of what he is claiming, i.e. their were a number of servers that were not upto date.

 

Really this is just a bad security researcher that is using silly claims to grab some attention/hits.


This proves that the only servers that were not up to date were those marked as rc. The purpose of these servers is unknown.

This, on the other hand, disproves the following original claims:

  1. Their servers were all out of date.
  2. Their servers had not firewalls.
  3. Their servers were outdated of as much as five years.

That's what professor Spafford told the Congress and what this stuff disproves.



Profcrab on 09 May 2011
thismeintiel said:
Profcrab said:

A poster on a website does brief research that consitutes looking up the version of a the web server operating Sony's webpage and this consitutes any sort of real proof that the servers that were breached were up to date and had the appopriate security?  The information seems just as unreliable.  Excuse me if I don't call the esteemed data security services of deathindustrial.

Sony has a black eye over this.  There was a breach and personal data was lost.  That was bad.  The informed customers 6 days after they discovered the breach.  That is worse.  A credit card database was cofirmed stolen.  That is even worse.  To top it off, the online system that went down is still down 18 days later.  BAMM!  That is a black eye that is going to sting for a few years.  Fixing this mess and repairing the damage is going to cost Sony alot of money over the course of those years.

It isn't about wanting to see Sony fall.  When we hear the details of how and why this breach occured, we can discuss the degree to which Sony was negligent before the breach.  The results of the breach, however, are bad enough.  At this point, the hole has been dug and Sony is in it.

As Trollian said, the professor's claim was just as, if not more, unreliable.  And I have to laugh at the few years comment.  It will take only a few months after the PSN goes back up for this to be out of the vast majority's minds.  It's already started to slip out of people's minds because of the news of Bin Laden's death. 

The online service being down this long that has several ramifications. First, customer's will be hesitent to store credit card numbers on the service.  This means lost PSN sales.  This leads to the second point.  No one is going to want to make PSN exclusive games.  Anyone who has, has just seen a month of revenue go down the tubes.  If you were one of those developers, would you think of staying exclusive in the future?  Sure, Sony can lower their licensing fee and provide incentives, but after the nature of this intrusion, it is likely that PSN sales will be slugish when it does come back up.  So, expect that the developers are going to go multiplatform.

Third, this is going to affect the popularity and overall sales fo recently released online centered games.  That is lost revenue.

How is it starting to slip out of people's minds?  The service is still down.  What will stick in people's minds is.  "Don't give credit card info to Sony." and "Sony's onine service is unreliable."  Now, after the service is back up, those concerns may not really be valid, but they will stick with the PS3 for the rest of this generation just like the RRoD sticks with Microsoft even though new systems fixed the issue.  All of this translates into lost sales and major money that Sony has to invest to fix the PR nightmare.  Microsoft didn't even get dragged in front of Congress to explain the issue.  The media put a giant flashlight on this issue because they love to show big companies screwing up.  This is going to stick with people when they are looking to drop several hundred on a game system.

When all is said and done, this will have cost Sony big money.



Thank god for the disable signatures option.

Vetteman94 on 09 May 2011

Hmmm, this is interesting news if true