An Internet security expert uncovers "a potential bonanza for hackers."

If a report from news organization Reuters is any indication, Sony's overall Internet security is lacking far beyond the confines of the PlayStation Network, Qriocity music service and Sony Online Entertainment servers. 

Reuters has concluded that "Sony Corp's computer networks remain vulnerable to attack three weeks after the company learned that it had been victim of one of the biggest data breaches in history, according to an Internet security expert." That security expert is John Bumgarner, chief technology officer of the partially government-funded U.S. Cyber Consequences Unit. And the flaws Bumgarner found in Sony's Internet security -- and how he found them -- are startling. 

As stated by Reuters, Bumgarner "had viewed only parts of Sony's network that were visible over the Internet, and did not attempt to break in to password-protected sites or exploit any vulnerabilities." Rather, all Bumgarner did is use Google to find a series of servers, files and other sensitive areas where data might be stored, things that shouldn't be available to the average Internet user. He calls it "Google hacking," and he was able to find a series of weaknesses, many of which Sony has since fixed (due to Reuters informing Sony of the possible security issues). Reuters referred to his findings as "a potential bonanza for hackers… using little more than a web browser." 

Bumgarner concluded to Reuters that "no one should be able to point a web browser at Sony and see a security management console or find their identity management system that has been indexed by Google." Yet, that's exactly what Bumgarner was able to do. Another Internet security expert, Mikko Hypponen of the computer security company F-Secure, went even further when speaking with Reuters about Sony's lack of Internet security and what the company is attempting to do to fix it. "[Sony has] been running around in circles for the past three weeks," he told the news agency. 

Sony responded to Reuters via e-mail, telling the news agency that "the first and most important thing to note is that protecting our customers data is a company-wide commitment that we take very seriously." But with the PlayStation Network now down for 24 days and counting, gamers are anxious to know when they'll be able to get back online with their PlayStation 3s and PSPs. The latest official word from Sony was that the PlayStation Network would be back in as little as "a few more days" as of May 10th, but there's been nothing beyond that. 

http://ps3.ign.com/articles/116/1168409p1.html

Just read that on IGN. So far I would say this is the most conclusive evidence that Sonys online security was very subpar.

This is evidence?

Did you read the article?

Yes. Which is why I am asking if this can actually be described as evidence.

Apparently he didn't.

But didn't we just have a thread about how Sony servers were updated and the fans flocked to its defense?

This keeps going in circles, lol.

So far all the evidence used has been from random irc chat logs and blogs. This information is coming straight from the chief officer of a large internet security firm and is being reported by a major news outlet. I would say this is pretty irrefutable evidence to the lack of basic security protocols.

*passes flamesuit* you're gonna need it, not allowed to post anything but positive news for this PSN fiasco!!

I think most would agree too. Lets see what happens here though. Maybe the VGC community will suprise me

This sucks balls, I have been dying to get online and play Portal2 with my brother up in Berkeley. None of this info makes me think that is going to happen anytime soon.