Kasz216 on 10 May 2011
| CGI-Quality said: http://bitmob.com/articles/detective-work-reveals-psn-servers-up-to-date We've all been hearing over and over again for the last week that Sony was running an outdated version of Apache on their webservers. The implication of course being that this represents Sony's laissez-faire attitude towards the protection of customer information, making it easy for the hackers to gain entry to PSN. But the funny thing about this kind of "common knowledge" in the age of the internet is the way rumors have an unfortunate tendancy to be repeated as fact. Just a week ago it was common knowledge that Sony stored every PSN passwords in plain text. It was also common knowledge that SOE hadn't been compromised. Neither of those things proved true.
One member of the Beyond3D forum, deathindustrial, was curious about the outdated server software claim and did a very brief amount of research into the issue. Beyond3D's community has a unique combination of technically knowledgable user with a low rate of console fanboyism allowing for an honest discussion of things like the PSN data breach without the conversation devolving into another proxy battle in the great fanboy wars.
As it turns out, it is fairly simple to use Google's webcache to show what version of Apache the PSN servers were using back in March. According to a page request archived by Google on March 23, 2011, at that time Sony was running version 2.2.17 of the popular software. You can see from Apache's website 2.2.17 is the latest, stable version of the webserver available even today. This is a direct repudiation of the claims being made that Sony's webservers were out of date by as much as five years.
Poster deathindustrial also goes on to point out the folly in using "security expert" Dr Stafford's testimony before Congress as a source for the claims that the servers were outdated and that Sony knew about it. In the written statement which accompanied his testimony he clearly states:
I have no information about what protections they had in place, although some
news reports indicate that Sony was running software that was badly out of date, and had been warned about that risk. In truth, he has no first hand knowledge of the state of Sony's servers or Sony's knowledge about possible exploits and that he was literally repeating claims he read in the media which stem from IRC logs that were being passed around back in February. He didn't even do the very basic detective work it has taken to completely repudiates the claims.
It's sad to say, but many are so eager to see Sony's eye blackened that they are willing to believe any rumor which puts the PlayStation in a negative light. We are in a backwards world where everything Sony says is assumed to be a lie or conspiracy and anonymous "IRC chat logs" of dubious origins have miraculously become the most trusted news source in the industry. Here we have a concrete example of why its important to actually verify your source before repeating something as fact.
|
Interesting. Though i'm not sure i'm not sure i'd say a website apparently named after a Sony buzzword is fanboy free. A bunch of partisians can have a reasonable conversation just as eaisly as normal people.... so long as they know each others credentials.
Also, do we know May 23rd was the day of the hack? Or the day they discovered the hack.
