Ail said:
Kasz216 said:
Ail said:
Vetteman94 said:
Ail said:
thranx said:
No i dont agree. I have yet to see sony supporters reconcile the fact that sony did not keep their server software up to date which is a basic security task.
|
You know the only information we have concerning that is a guy reporting they were running an old version of Apache.
That version while not being up todate had no known security hole...
|
I thought that it did have a known vulnerability that was fixed on the later versions
|
This is the list of apache vulnerabilities :
http://httpd.apache.org/security/vulnerabilities_22.html
Supposedly sony was running 2.2.15.
The only vulnerabilities listed related to DoS, not breaching the machine...
|
According to sony... themselves. Their security was broken by a known security vulernability they weren't aware of.
|
Can you point me toward where Sony gave details about how the breach happened ? I would like to know more about that...
|
The only details they gave was that it was a Known vulernability that they themselves did not know about.
http://www.tomsguide.com/us/PSN-Hack-Exploit-Data-Theft-Credit-Cards,news-11050.html
Also present at the press conference was Chief Information Officer Shinji Hasejima, who revealed that the attack actually exploited a “known vulnerability” in the web application server platform used in PSN. According to the Reg, Hasejima admitted that though it was generally known, Sony management were not aware of it. To that end, the company has created a new role of ‘chief information security officer’ in an effort to prevent history repeating itself. Hasejimi refused requests for more information on the server platform used, or the vulnerability exploited, for security reasons.
