Praise Microsoft....for making Windows and IE so filled with holes and exploits, that most people focus on that :D

Praise Microsoft....for making Windows and IE so filled with holes and exploits, that most people focus on that :D

No Microsoft Windows, no Sony rootkits on audio discs! Giving credit where it's due.

So IRC it was, ok... Well, whatever. Perhaps we get some official info on what is possible with this and what is not but the fact that there even is a vulnerability based on SQL injection doesn't put a good picture on Sony's attempt to secure their network.

And why do you explicitely mention blade servers running vm's? Nobody was expecting them to use one server.

Ahh yes, the 7 year old rootkit issue, must be nice to rest on those laurels and ignore the dozens of Windows exploits since then. :D

Ahh yes, the 7 year old rootkit issue, must be nice to rest on those laurels and ignore the dozens of Windows exploits since then. :D

Not directly related but a fun point non the less.

Windows XP is now so atrociously exploited that the combined number of compromised machines on the planet ensure that a windows XP machine on a fresh install will contract a virus or malware within 10 seconds of the network being connected, with no input or actions taken by the user to achieve this.

There's just that many malware/spyware/virus ridden machines constantly throwing out their junky tentacles in to the web that WinXP without a good firewall is like waving a bagel at a flock of hungry seaguls.

specifically because it's a VM, accessing the physical hardware would be required to forcibly connect to the internal servers and leech the data, it's not impossible to do so from a VM, but certainly beyond the scope of a simple module vulnerability.

I don't really see it as a major issue to be honest, every time a server module or platform has a security update, it's either because the developers have found a hole or one has been reported, if it's the former, they generally publish an advisory on it so the tinkerers can patch their software themselves (when their configs are too custom to just upgrade with vanilla platforms), so unless administrators update to the latest modules/platforms/etc every time theyre made available, it opens the server up to a vulnerability.

Conversely, upgrading to the latest software every single time also opens you up to potential vulnerability in the fact that the new software is rarely extensively tested, it is more common than you'd think for a new update to actually open more holes than it closed.

Think windows update, but a different set of holes for every single OS, every single script, and every single module.

No matter how secure you think you are, theres holes, it's just a matter of someone taking the time to find them.

See the post above this one for confirmation of this.

I don't have to think of it, I am responsible for IT security and infrastructure myself.

Difference in these holes is: is it software I use and someone else wrote so I get a patch soon OR did I do wrong with my own software/implementation/configuration. It currently seems that it's not the software Sony is using but their design/implementation that is vulnerable to attacks.