By using this site, you agree to our Privacy Policy and our Terms of Use. Close

Forums - Sony Discussion - Reuters: Expert Finds "Security Flaws in Sony's Networks"

Booh! on 15 May 2011
Badassbab said:

That's pretty shocking. I can't believe a Multi National Corporation could make such school boy errors but then again I shouldn't be too surprised if we hold Murphy's Law to be true.

Also want to point out this is a Reuters article, not IGN.

http://www.reuters.com/article/2011/05/13/us-sony-idUSTRE74C70420110513


The OP is an IGN article.

IGN REUTERS

Reuters has concluded that Sony Corp's computer networks remain vulnerable to attack

 Sony Corp's computer networks remain vulnerable [...] according to an Internet security expert.

Moreover the security expert said that "he found no evidence of breaches beyond the two Sony has disclosed" (reuters, not ign) and that "Security experts have said they believe the hackers initially gained access to Sony's network through a "spear-phishing" attack that targeted a systems administrator who had broad privileges to access data on Sony's networks", which makes sense if the hackers really used a server from Amazon.



Around the Network
Badassbab on 15 May 2011
Booh! said:


The OP is IGN article.

IGN REUTERS

Reuters has concluded that Sony Corp's computer networks remain vulnerable to attack

 Sony Corp's computer networks remain vulnerable [...] according to an Internet security expert.

Moreover the security expert said that "he found no evidence of breaches beyond the two Sony has disclosed" (reuters, not ign) and that "Security experts have said they believe the hackers initially gained access to Sony's network through a "spear-phishing" attack that targeted a systems administrator who had broad privileges to access data on Sony's networks", which makes sense if the hackers really used a server from Amazon.


That is an amateurish error by IGN  (not the first nor will it be the last and presumably it was an error) but in all fairness to them they did mention the security expert and the organisation he works for straight afterwards. There are still some basic issues that should be adressed explained in greater detail in the original Reuters article.






Kasz216 on 15 May 2011
Booh! said:
Kasz216 said:
Booh! said:
 

"did not attempt to break in to password-protected sites or exploit any vulnerabilities"

Ah, ok: that explains it all.

Bumgarner concluded to Reuters that "no one should be able to point a web browser at Sony and see a security management console[...]"

Uhm, I'm smelling the odour of a MS bot: only MS servers have a "security management console" (it's a part of MS Forefront Protection), but Sony use Apache servers. It's like someone saying that the start menu of the MACOSX is bad...

Uh....

You sound like a crazy conspiracy theorist.

http://apacheconsole.sourceforge.net/

He refered to the Apache management console, as the security managment consolee... maybe because it was the management console for security?

It's called an adjetive.

Aside from which, ever hear someone call a Copy machine a Xerox machine?  They Xerox fanboys?

People calling tissues Kleenex.

People calling soda Coke.


You are branding him a microsoft fanboy, because he called the Apache Management Console that manages Security... the Security Management Console?

I mean, seriously?  That's what it is. 

Do better research next time:

  • "Apache Management Console" != "Security Management Console".
  • APM is a side-project, dead since 2003.
  • APM was never completed.
  • APM was intended to be a replacment for the Microsoft  Management Console, a configuration tool for the IIS (hence the name similarity).
  • APM was never meant for security, but just for general configuration.
  • The console interface of the Apache server is called Apache Server Control Interface (no console).

Besides that I already pointed out that if someone say Internet Explorer instead of web browser, he may be biased or have got a partial training on the subject.

Not to say that the IGN article is sensationalist and badly worded.

Yet every single form of Apache I can find uses some sort of "Security console". 

and yes... a console used for a secuirty program = security console.

Like say  BASE security console.  Mod Security Console etc., Etc. etc. etc.



yo_john117 on 15 May 2011

I can't wait until we get get an official report about all this.

Although this does look like the strongest piece of evidence we've had on this whole PSN security shenanigans.



Kasz216 on 15 May 2011
yo_john117 said:

I can't wait until we get get an official report about all this.

Although this does look like the strongest piece of evidence we've had on this whole PSN security shenanigans.

What makes you think we will?

Sure we've got government agencies working on it, but that doesn't mean we'll get to see the reports.



Around the Network
yo_john117 on 15 May 2011
Kasz216 said:
yo_john117 said:

I can't wait until we get get an official report about all this.

Although this does look like the strongest piece of evidence we've had on this whole PSN security shenanigans.

What makes you think we will?

Sure we've got government agencies working on it, but that doesn't mean we'll get to see the reports.

Well I would imagine the reports will surface with time.



Icyedge on 15 May 2011
dsister said:
Icyedge said:

Its becoming obvious enough there was security issue within Sony's network. With that said, this forum isnt call "Sony hating discussion" its "Sony gaming discussion". This actually isnt even talking about the PSN: "Sony's overall Internet security is lacking far beyond the confines of the PlayStation Network, Qriocity music service and Sony Online Entertainment servers. "


I see "Sony Discussion" so anything related to Sony fits in here nicely. Just like how OS, Web broswer, and skype news end up in the MS section 

Its in the gaming forum. Between, I usually dont mind off topic but the atmosphere is getting ridiculous.



Icyedge on 15 May 2011
Kasz216 said:
Icyedge said:

Its becoming obvious enough there was security issue within Sony's network. With that said, this forum isnt call "Sony hating discussion" its "Sony gaming discussion". This actually isnt even talking about the PSN: "Sony's overall Internet security is lacking far beyond the confines of the PlayStation Network, Qriocity music service and Sony Online Entertainment servers. "


No.  It's Sony discussion.

Gaming discussion is a completely different forum.

Its gaming forum then Sony discusion. Look at the top.



Kasz216 on 15 May 2011
Icyedge said:
Kasz216 said:
Icyedge said:

Its becoming obvious enough there was security issue within Sony's network. With that said, this forum isnt call "Sony hating discussion" its "Sony gaming discussion". This actually isnt even talking about the PSN: "Sony's overall Internet security is lacking far beyond the confines of the PlayStation Network, Qriocity music service and Sony Online Entertainment servers. "


No.  It's Sony discussion.

Gaming discussion is a completely different forum.

Its gaming forum then Sony discusion. Look at the top.

For gaming companies.  Not gaming as in gaming.



Icyedge on 15 May 2011
Kasz216 said:
Icyedge said:
Kasz216 said:
Icyedge said:

Its becoming obvious enough there was security issue within Sony's network. With that said, this forum isnt call "Sony hating discussion" its "Sony gaming discussion". This actually isnt even talking about the PSN: "Sony's overall Internet security is lacking far beyond the confines of the PlayStation Network, Qriocity music service and Sony Online Entertainment servers. "


No.  It's Sony discussion.

Gaming discussion is a completely different forum.

Its gaming forum then Sony discusion. Look at the top.

For gaming companies.  Not gaming as in gaming.

Ok, in "gaming forum" its not gaming as in gaming, I get it now.