Tachikoma said:
specifically because it's a VM, accessing the physical hardware would be required to forcibly connect to the internal servers and leech the data, it's not impossible to do so from a VM, but certainly beyond the scope of a simple module vulnerability. I don't really see it as a major issue to be honest, every time a server module or platform has a security update, it's either because the developers have found a hole or one has been reported, if it's the former, they generally publish an advisory on it so the tinkerers can patch their software themselves (when their configs are too custom to just upgrade with vanilla platforms), so unless administrators update to the latest modules/platforms/etc every time theyre made available, it opens the server up to a vulnerability. Conversely, upgrading to the latest software every single time also opens you up to potential vulnerability in the fact that the new software is rarely extensively tested, it is more common than you'd think for a new update to actually open more holes than it closed. Think windows update, but a different set of holes for every single OS, every single script, and every single module. No matter how secure you think you are, theres holes, it's just a matter of someone taking the time to find them. See the post above this one for confirmation of this. |
I don't have to think of it, I am responsible for IT security and infrastructure myself.
Difference in these holes is: is it software I use and someone else wrote so I get a patch soon OR did I do wrong with my own software/implementation/configuration. It currently seems that it's not the software Sony is using but their design/implementation that is vulnerable to attacks.
