1 Star2 Stars3 Stars4 Stars5 Stars (Rate This)
Loading...

Sony announced that some PSN services, including online play would come back this week and Sony’s Patrick Seybold passes along the bad news that service renewal has been delayed to an unspecified time.Sony’s Patrick Seybold passes along the bad news that service renewal has been delayed to an unspecified time and is giving users 30 free days each PlayStation Plus premium services, as well as some free downloadable content…………..

 

Sony failed to use firewalls to protect its networks and was using obsolete Web applications, which made the company’s sites inviting targets for hackers, a Purdue University professor testified May 4 to a Congressional committee investigating the massive data breach of the Sony game and entertainment networks.Sony disclosed on April 26 that thieves had stolen account information of up to 77 million users on the PlayStation Network and Qriocity. A week later, the company admitted on May 2 that the Sony Online Entertainment gaming service had also been breached, affecting an additional 24.6 million users.About 101 million user accounts have been compromised to date. The stolen data included names, addresses, email addresses and dates of birth. Some credit card information may have been stolen, but Sony claimed the numbers were securely saved as a cryptographic hash.What happened and what Sony is doing about the security breach are the two main questions everyone is asking, from the irate users on forums and blogs, to the various state attorneys-general planning lawsuits, all the way to Congress where lawmakers are holding hearings.

 

Not only did Sony fail to use firewalls to protect its networks, it was using outdated versions of the Apache Web server with no patches applied on the PlayStation Network, according to Gene Spafford, a Purdue University professor of computer science who is head of the U.S. Public Policy Council of the Association for Computing Machinery and the executive director of the Center for Education and Research in Information Assurance and Security.Sony also did not have a firewall running on PSN’s servers. These problems were flagged on security forums two or three months prior to the April data breach, Spafford told lawmakers. Because the forums were monitored by Sony employees, Sony was well aware of the problems, according to Spafford.Sony was large enough that it could have afforded to spend an appropriate amount on security and privacy protections of its data, Spafford said at the hearing.While Sony declined to appear before the May 4 hearing convened by the House Committee on Energy and Commerce, the company sent an eight-page letter detailing what it is doing to the Subcommittee on Commerce, Manufacturing and Trade.

 

Sony has improved levels of data protection and encryption in its database and added automated software monitoring and configuration management tools to help defend against new attacks, Sony Computer Entertainment chairman Kazuo Hirai wrote in the letter. The company has also enhanced its ability to detect software intrusions, unauthorized access and unusual activity patterns in the network. Finally, it has also implemented additional firewalls. Sony named three network forensics firms, Data Forte, Guidance Software and Protiviti, to investigate the breach.The breach likely started with an oops somewhere, such as a mis-configured server or a malicious e-mail attachment sent to an administrator, Jon Heimerl, director of strategic security for managed security service provider Solutionary, told eWEEK. The fact the attack was so successful indicates an apparently lack of maturity in the internal network and security controls, according to Heimerl. “How much hardening, encryption, and monitoring were in place?” he asked.“There are no consequences for many companies that under-invest in security,” Philip Lieberman, CEO of Lieberman Software, told eWEEK. No one is holding the CIO or CSO accountable for their poor decisions. The auditors who should have provided an accurate assessment of the risks Sony faced for not being up-to-date on its technology did not do their jobs, Lieberman said.

 

“I would love to know the name of the auditors responsible for the shoddy IT security audit of Sony,” Lieberman said. Publicly firing the auditor would be justice for Sony’s stockholders and customers, according to Lieberman.While Sony will face financial consequences, such as the cleanup costs, lost customers and a damaged brand, it would be nothing near what the consequences are for their customers, Lieberman said. The loss of personal information will most likely be nothing more than a cost of doing business for Sony, according to Lieberman.“If you are a security expert looking for a job, I would keep my eyes on the Sony Website as clearly they have significant need for experts who understand defense in depth,” Randy Abrams director of technical education ESET, said.IT managers and senior executives say they are concerned about security and about being attacked, but they aren’t actually doing anything about it, James Lyne, senior security strategist at Sophos, told eWEEK. Enterprises invest in various security products, but only 6 percent of the purchased technology is actually being used. “They don’t even get the basic things like patching right,” Lyne said.

 

In summary, sony told the subcommittee that in dealing with this cyber attack they followed four key principles:

  1. Act with care and caution.
  2. Provide relevant information to the public when it has been verified.
  3. Take responsibility for our obligations to our customers.
  4. Work with law enforcement authorities.

Sony also informed the subcommittee of the following:

  • Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber attack.
  • Sony discovered that the intruders had planted a file on one of our Sony Online Entertainment servers named “Anonymous” with the words “We are Legion.”
  • By April 25, forensic teams were able to confirm the scope of the personal data they believed had been taken and could not rule out whether credit card information had been accessed. On April 26, we notified customers of those facts.
  • As of today, the major credit card companies have not reported any fraudulent transactions that they believe are the direct result of this cyber attack.
  • Protecting individuals’ personal data is the highestpriority and ensuring that the Internet can be made secure for commerce is also essential. Worldwide, countries and businesses will have to come together to ensure the safety of commerce over the Internet and find ways to combat cybercrime and cyber terrorism.
  • Sony is taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security and the naming of a new Chief Information Security Officer.

 

 

Sources :eweek, blog.us.playstation

Buy Cheapest Related Product From Amazon.com


LG Optimus Black Debuts In Europe

Sleek Audio Cancel Plans To Develop Products Under The Sleek by 50 Brand
You can also press the left/right arrow key on your keyboard to go to previous/next post
  On May 8, 2011(5 years, 4 months ago.)

You May Also Like:

What Do You Think?

3 Responses

  1. Guest Says:

    Please change the name of this article. Way to dash my hopes.

    Posted on May 8th, 2011 at 7:22 AM

  2. Matt Says:

    so Osama bin Laden is dead…it’s amazing what Americans can do when the PlayStation Network is down

    Posted on May 8th, 2011 at 7:28 AM

  3. Mattdog1333 Says:

    psn back up tomorrow say that every day someday you’ll be right.might have to get somthing else to play on while waiting indeffinitly for psn

    Posted on May 8th, 2011 at 5:48 PM

Leave a Reply




Loading Facebook Comments ...

FTC Disclosure: Some of the links of this website are "affiliate links." This means if you click on the link and purchase the item, we will receive an affiliate commission.


Recent Search

Recent Tutorials

There is a high-risk XSS Vulnerability in W3 Total Cache, and we have got the guide to the fix for you.
Check out this tutorial to know how to install Apple watchOS 3 beta certificate on your Apple Watch and start enjoying the new version.
If you are trying to jailbreak iPhone, iPad or iPod on iOS 9.2 - 9.3.3 without using a computer or Apple ID, then check this video tutorial.
Pokemon Go users are complaining about the crashing and server issues. Check out the tutorial to solve error problems and thanks us later.
Turning off Wi-Fi Assist is a great way to save mobile data since it automatically starts using cellular data when Wi-Fi signal is poor .
If you want to secure your SIM card from others using it, then check out this tutorial to know how to set up the SIM Pin code on your iPhone.
CiderTV is a great alternative to control Apple TV from the Notification Center. Check out this tutorial to set up CiderTV on your iPhone.
Are you annoyed by the split screen mode on the iPhone 6 Plus or 6s Plus? Check out this quick tutorial to turn off split screen feature.
If you could not wait to installed the iOS 10 beta version on you iPhone and now struggling for the errors, then this tutorial is for you.
Siri might not understand the question you asked. But you can use Siri by editing the text that you asked & it will give an updated answer.

TTJ Deals

Close You Have To Login
User:
Pass:
Login With »Login With TwitterLogin With Facebook