By using this site, you agree to our Privacy Policy and our Terms of Use. Close
fordy on 02 May 2011
Edit Thread
the_wizard_man said:
fordy said:
the_wizard_man said:

No I'm saying if he told te actual hackers in the chat room what the weaknesses were he is at legal fault but thats a big if, and he wouldn't have done it knowingly but that doesn't excuse it if he did, and companies use computers that you can't even find used anymore not surprized they don't upgrade often 


The hardware doesn't make a bit of difference. The software was not updated, by at least two versions. That was a timespan of 11 months, and for something that is responsible for security of info for 77 million accounts, this is severe negligence on behalf of Sony.

So they are suppossed to update immedately regardless of what actually changes were made in the software? I can see companeis expoilting that by mkaing pointless updates, oh wait MS already does, anyways I don't know if it's negligence or not to me that doesn't seem that bad considering the costs involved, I can see a company only upgrading every year but again I don't know what the industry standards are and I suspect neither do you 

Assumptions can be dangerous. I work in the software industry, with a decent amount of experience with the open source community.

There is a well-known fact about open source software such as Apache: the fixes to exploits happen very quickly once discovered, but in order for this to happen, the exploit must be made public in order for the explot to be replicated (to see if it's fixed when it's coded up). so it's a matter of keeping up with the community, because that's also where the hackers get their information. It's the lazy, negligent companies that end up getting slammed with known exploits.

I refer you to a post made in http://httpd.apache.org/

Apache HTTP Server 2.2.17 Released 2010-10-19

The Apache HTTP Server Project is proud to announce the release of version 2.2.17 of the Apache HTTP Server ("httpd"). This version is principally a security and bugfix release.

This version of httpd is a major release of the stable branch, and represents the best available version of Apache HTTP Server. New features include Smart Filtering, Improved Caching, AJP Proxy, Proxy Load Balancing, Graceful Shutdown support, Large File Support, the Event MPM, and refactored Authentication/Authorization.

This was the second update that Sony missed on it's authorization server. As you can see, some exploits have been fixed with a refactoring of the Authentication/Authorization protocol. You will also notice that this is dated October 19th of 2010. Sony didn't even have 2.2.16, letalone 2.2.17. They had 2.2.15. The exploit could have been delivered by anoyone browsing the Apache forums on what bugfixes were made to meet the 2.2.16 or 2.2.17 release.

In the terms of frequency, many financial institutions as well as places that store sensitive information, make it (at least) a daily occurance to frequent the sites that deliver this critical news. It's not like the news is scarce, either, I frequent several sites in order to keep up with recent changes in software. It's my job to do so.