Hackers did this. Make no mistake about it. However, a new report claims Sony is just as much at fault for the 24-day PSN downtime, and the 100 million compromised accounts.
German magazine, Computer Bild, says the recent PSN security breach was a result of Sony using "obsolete software". The mag claims that it has in its possession scan logs given to them by "hacktivist" group Anonymous, the group responsible for the first round of attacks on Sony and the PlayStation Network.
The logs supposedly reveal that Sony was using Open SSH 4.4, an outdated version (the newest version is 5.7), that is said to have security holes that hackers have been well aware of for years. Additionally, Sony was using an outdated version of Apache, version 2.2.10, which is "vulnerable" to various threats.
The report goes on to put the blame on other security measures taken by Sony:
Sony's other programs and services also do not reflect the current standards of security technology
For the criminals who later stole the personal information of over 100 million users, the dated protection mechanisms of the Sony servers therefore did not present an insurmountable obstacle.
It appears that the corporate behemoth did not consider its server security to be that important – or that it had simply been asleep at the wheel. A cardinal error, because thanks to server scans and information in forums, the attackers were well-informed about Sony's security leaks. The users of the online services are now paying the price for this negligence.
Even if this information isn't accurate, it's clear that Sony's security measures weren't up to snuff, costing them billions of dollars. After the dust has settled on this entire fiasco, Sony needs to make sure that their security is impenetrable, as another event of this magnitude could spell the end for the corporation.
[Via]
