PSN was running on unpatched Apache server with no firewall
Few gamers will be feeling sorry for Sony and the mess caused with this PSN hacking debacle. But if you were just annoyed by what has happened, be prepared to now start getting a bit angry.
Dr. Gene Spafford, CERIAS Fellow and professor of Computer Science at Purdue University, has been talking at a hearing about the PSN security breach held by the House Subcommittee on Commerce, Manufacturing, and Trade. He explained that independent security experts monitor Sony's systems such as PSN, Qriocity, and SOE and report in an open forum Sony employees view about anything they find.
Those security experts apparently reported some major failings with Sony's servers some three months before the April 17 hack occurred. These weren't small issues, they are blatant oversights and laziness on the part of Sony's engineering team.
The issue reported was the fact Sony was running PSN on a server that had an outdated version of Apache and no firewall in place. That meant any vulnerabilities known about for that version of Apache, and patched in more up-to-date releases, were easy to take advantage of. With no firewall in place too, the hacker probably had a very easy time of it.Read More...