[ISN] Sony Networks Lacked Firewall, Ran Obsolete Software: Testimony

From: InfoSec News <alerts_at_private>
Date: Mon, 9 May 2011 03:05:44 -0500 (CDT)

By Fahmida Y. Rashid

Sony failed to use firewalls to protect its networks and was using 
obsolete Web applications, which made the company’s sites inviting 
targets for hackers, a Purdue University professor testified May 4 to a 
Congressional committee investigating the massive data breach of the 
Sony game and entertainment networks.

Sony disclosed on April 26 that thieves had stolen account information 
of up to 77 million users on the PlayStation Network and Qriocity. A 
week later, the company admitted on May 2 that the Sony Online 
Entertainment gaming service had also been breached, affecting an 
additional 24.6 million users.

About 101 million user accounts have been compromised to date. The 
stolen data included names, addresses, email addresses and dates of 
birth. Some credit card information may have been stolen, but Sony 
claimed the numbers were securely saved as a cryptographic hash.

What happened and what Sony is doing about the security breach are the 
two main questions everyone is asking, from the irate users on forums 
and blogs, to the various state attorneys-general planning lawsuits, all 
the way to Congress where lawmakers are holding hearings.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
Received on Mon May 09 2011 - 01:05:44 PDT

This archive was generated by hypermail 2.2.0 : Mon May 09 2011 - 01:08:57 PDT