Sony Running Unpatched Servers With No Firewall - Slashdot

Follow Slashdot stories on Twitter

×

Sony Running Unpatched Servers With No Firewall 306

Posted by CmdrTaco on Thursday May 05, 2011 @11:45AM from the oh-yeah-that'll-be-fine dept.

ewhenn writes "Security experts monitoring open Internet forums learned months ago that Sony was using outdated versions of the Apache Web server software, which 'was unpatched and had no firewall installed.' The issue was 'reported in an open forum monitored by Sony employees' two to three months prior to the recent security breaches."

This discussion has been archived. No new comments can be posted.

Sony Running Unpatched Servers With No Firewall

Search 306 Comments Log In/Create an Account

Comments Filter:

Welp (Score:5, Insightful)

by dragonhunter21 ( 1815102 ) writes: on Thursday May 05, 2011 @11:47AM (#36035970) Journal

Well THERE'S your problem.
IANAL, but shouldn't users have the reasonable expectation that their data would be secured? Is there a suit here?

Share
twitter facebook
If they had cared enough... (Score:4, Insightful)

by samjam ( 256347 ) writes: on Thursday May 05, 2011 @11:57AM (#36036094) Homepage Journal

Sony took more care to lock the customer out of equipment the customer owned on the customers premises to "protect Sony's IP" than they took to protect the customers data running only Sony's servers at Sony's premises.
Looks like they need to move their security staff to the hosting side.
Sam

Share
twitter facebook
Re:So now security researchers are to blame? (Score:4, Insightful)

by h4rr4r ( 612664 ) writes: on Thursday May 05, 2011 @11:57AM (#36036096)

The Sony IT folks probably wanted too, but their idiot managers prevented them. Because if the update broke something or needed downtime they can't have that.

Parent Share
twitter facebook
Re:But, but, but... (Score:2, Insightful)

by LWATCDR ( 28044 ) writes: on Thursday May 05, 2011 @11:59AM (#36036136) Homepage Journal

I don't know if Anonymous is too blame for this. They are still after all a bunch if vindictive thugs and the Internet version of a street gang but that doesn't make them guilty of this.
But just because the door has a cheap lock on it doesn't mean the criminal isn't to blame.

Parent Share
twitter facebook
Re:So now security researchers are to blame? (Score:4, Insightful)

by Calydor ( 739835 ) writes: on Thursday May 05, 2011 @12:04PM (#36036188)

Sadly, 'taken action' in cases such as this usually involves post deletions and forum bans.
Updating and getting a firewall costs money, banning people from a forum doesn't.
Obviously it's better to treat the symptom than cure the disease.

Parent Share
twitter facebook
Re:Welp (Score:4, Insightful)

by HiredMan ( 5546 ) writes: on Thursday May 05, 2011 @12:42PM (#36036682) Journal

definitely shows that PCI is bullshit ;)
PCI certification is joke. It's in the best interests of all involved to severely limit the scope of the "certification" - due to cost, time, intrusiveness etc.- so only certain areas get tested. You can have your "certified" PCI system hooked up on a network to a botnet but insist that only your PCI computer get "certified". It's like going to doctor and telling him your arm hurts but he can only examine your arm. When it turns out to be a heart attack and you die the doctor only gets to say "His arm was fine when I checked it."
They like to brag that "no PCI certified system has ever been breached" but that's because when you're breached they forensically figure where you violated PCI and retro-actively revoke your certification. It's worse than bullshit it's an expensive fig leaf of security theater.

Parent Share
twitter facebook
So... (Score:5, Insightful)

by Capeman ( 589717 ) writes: on Thursday May 05, 2011 @12:58PM (#36036904)

Everytime a new PS3 firmware comes out, with "security updates" you are almost forced to install it or you lose PSN, plus other features, but they don't care about updating and securing their servers?

Share
twitter facebook
No Firewalls (Score:1, Insightful)

by Anonymous Coward writes: on Thursday May 05, 2011 @01:11PM (#36037080)

Web servers do not need firewalls. If your servers are only providing public facing services there is no need to firewall them. In fact, firewalling them can make them more vulnerable to DDoS attack.

Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

413 commentsChatGPT Leans Liberal, Research Shows
347 commentsAmazon CEO Says 'It's Probably Not Going To Work Out' For Employees Who Defy Return-to-Office Policy
327 commentsHotel Owners Start To Write Off San Francisco as Business Nosedives
323 commentsChina is Building Nuclear Reactors Faster Than Any Other Country
315 commentsChina is Calling in Loans To Dozens of Countries

I tell them to turn to the study of mathematics, for it is only there that they might escape the lusts of the flesh. -- Thomas Mann, "The Magic Mountain"