How careless was sony? Very according to this article

**floetry** · 05-13-2011

By that point, someone was already testing Sony's network for weaknesses. Bret McDanel, a veteran security researcher, says a program known as penetration testing software, which methodically checks a network for vulnerabilities, began scanning Sony's PlayStation Network at 7:09 a.m. on Mar. 3. McDanel knows this because Sony left one of its server logs, which record all the activity performed by a machine, completely unguarded on the open Web. "Having these logs in the public domain gives a potential attacker insight into the system," he says.

McDanel says the probers used an off-the-shelf program that is easy to obtain and not very stealthy. Anyone checking the server logs would have been able to recognize its telltale signs and prevent the break-in, and Sony was "negligent" for not doing so, he says. On Apr. 15, after six weeks of scanning, the penetration software suddenly stopped, most likely because "they found what they had been looking for, a vulnerability in the network," says McDanel. Four days later, Sony noticed the first signs of a break-in. A company spokesman says Sony was the victim of "a highly sophisticated attack" and that the company's network "had multiple security measures in place."

http://www.businessweek.com/magazine...9035889849.htm

**jonathanm1978** · 05-13-2011

Originally Posted by floetry

http://www.businessweek.com/magazine...9035889849.htm

Does this follow the same path as the guy with a doctorate's degree that went before the Senate Subcommittee hearing using evidence that he frigging google'd to say that Sony had "outdated apache and no firewall"??

Where's the supposed weblog? I mean evidence is key, and just someone telling a story for the sake of "oh my, bad Sony should've done _______" doesn't really prove much, except that some writers spend about 3 minutes on a search engine deriving an article before hitting "submit".

Really if this what the facts, would Sony not have been busted in on YEARS ago? This doesn't really fit into the sense-making mindset...if they were so careless, why all of a sudden in 2011? Why not in 2006 when PSN went live? People only started hacking attempts at Sony in 2011? Anon / other groups attacking Sony didn't exist until 2011? Nobody ever tried to find vulnerabilities in Sony's PSN until 2011? Even myself, with no journalistic background, I find myself asking the obvious, sensible questions on the matter, and this doesn't add up. Appears to be speculation and fear-mongering, plus ultimately, a biased opinion and an ulterior motive.

**aylk** · 05-13-2011

Originally Posted by jonathanm1978

Does this follow the same path as the guy with a doctorate's degree that went before the Senate Subcommittee hearing using evidence that he frigging google'd to say that Sony had "outdated apache and no firewall"??

Where's the supposed weblog? I mean evidence is key, and just someone telling a story for the sake of "oh my, bad Sony should've done _______" doesn't really prove much, except that some writers spend about 3 minutes on a search engine deriving an article before hitting "submit".

Really if this what the facts, would Sony not have been busted in on YEARS ago? This doesn't really fit into the sense-making mindset...if they were so careless, why all of a sudden in 2011? Why not in 2006 when PSN went live? People only started hacking attempts at Sony in 2011? Anon / other groups attacking Sony didn't exist until 2011? Nobody ever tried to find vulnerabilities in Sony's PSN until 2011? Even myself, with no journalistic background, I find myself asking the obvious, sensible questions on the matter, and this doesn't add up. Appears to be speculation and fear-mongering, plus ultimately, a biased opinion and an ulterior motive.

What is your theory?

**Dave-The-Rave** · 05-13-2011

Sony ****ed up...we all know, everyone should get on with their lives..my card is long cancelled now.

**jonathanm1978** · 05-13-2011

Originally Posted by aylk

What is your theory?

That most of the mainstream media who are reporting such "OMG this is HEADLINES" could have ulterior motives, like writing reviews on future games for...say...Xbox 360, or Nintendo's new console, while making sure they give every bit of negative reporting they can to Sony and the issue with PSN breach. Why so many articles with people who know SO much about Sony security? If their security was so flawed and open to attacks, why didn't someone get into the PSN or Sony servers earlier than this? Why wasn't Sony breached before now? They are all talking about the ease in getting into the PSN, so why weren't there big reports on this? Obviously it would've been up to Sony to fix the issue, but I'm sure some bad publicity verses what we have now. If so much about Sony and their security (or lack thereof) was available to mostly anyone, why didn't someone point out via media reports and headlines similar to the ones we are seeing now? Maybe because some / most / all of these supposed "easily attainable" breaches with Sony didn't exist? Maybe, since hackers had SO much control and access over the PSN, they changed something internally that made Sony appear to be the big, bad guy here. How hard is it to write a logfile, and change the time and date attributes? (simple really)...
Anyone with any amount of know-how can make a log-file, put any date they want and leave it somewhere. He||, they could've written a logfile with a timestamp of August 3, 1997 and said that Sony's servers had a logfile showing a security vulnerability that was discovered in 1997 before PS2 was even around, and PSN was just a dream...

Obviously logfiles might be there, but far as dates/times and such, nobody can be ultimately sure that since the hackers did so much to cover their tracks, that they also didn't do something, like create a log-file with obvious security flaws shown, and leave it to help point blame aside from the Anon calling card that was also left (that in itself shows they had read + write capability on PSN).

There's just too many possibilities here, and too many variables, and not to mention, too many reporters pointing blame at Sony that most likely have an ulterior motive in their biased reports.

**thelastjef** · 05-14-2011

couldn't agree with you more jonathan

**Kydosan** · 05-14-2011

Originally Posted by jonathanm1978

Why so many articles with people who know SO much about Sony security? If their security was so flawed and open to attacks, why didn't someone get into the PSN or Sony servers earlier than this? Why wasn't Sony breached before now?

If it really was an Apache 2.2.15 vulnerability, bear in mind that that version launched in August, and it was likely weeks/months after that before Sony upgraded.

**GrimUpNorth** · 05-14-2011

Originally Posted by jonathanm1978

There's just too many possibilities here, and too many variables, and not to mention, too many reporters pointing blame at Sony that most likely have an ulterior motive in their biased reports.

Absolute baseless nonsense as usual. No evidence just pure codswallop from the spiritual home of the bizarre conspiracy theory.

Either the whole of the worlds media is against Sony because their rivals are basically paying them or offering them some kind of incentive to do so.

Alternatively they could be reporting the truth, and you dont like the truth as it says bad bad things about your beloved multinational so you assume it to be misleading lies and a global conspiracy to damage a company.

Wonder which of the two scenarios above is more likely? I'll may my cards on the table and state that I doubt business week will be getting the exclusive review of Mario Galaxy 3 anytime soon. Maybe if they do the likes of our good friend born in 1978 might be on to something...

**eagle2010** · 05-14-2011

I very seriously doubt a reputable business magazine like business week would print lies. Not just the security advisor but a purdue university professor too said Sony's security was like Tom closing the barn door after the thief already stole the horse. You can never argue with a Sony fan boy who always thinks they always know better than the experts, and bash anyone who says anything bad about Sony. He probably googled all his info off the Internet too but of course everyone who says it was Sony's lack of security he calls liars and all those who blame the hackers are right. But I pose a new view it's both of their faults Sony for not properly securing their servers and not encrypting our personal information and the hackers whoever they are for breaking in and stealing our personal info and whatever else they got their hands on.
Fanboys always will argue that they are right no matter whatever anyone else says.

**Fenix** · 05-14-2011

So now your a fanboy if you want to see evidence, and not just some dude saying stuff?

**jonathanm1978** · 05-14-2011

#8 - ignored.

#9 -

You should really try facts before listing things like "Purdue Univ ...", when the guy admitted he got his information for "forum readings and headlines", NOT factual evidence. The crap he told the Senate subcommittee was baseless rumor, and he head no clue that ONLY the banner was saying Sony had outdated Apache software. They were running the latest version (even the hackers said it), and that updating the banner was just trivial and unnecessary.

You should take caution when accusing others of bashing, as she shoe seems to fit you well. And calling someone a fanboy simply because they don't trend with the latest headlines, and stick to facts. That's l33t.

Fenix: even that "some dude saying stuff" admitted that he had NO proof to back his allegations, and he stressed that he said "Sony MAY have been running...blah blah"

**clean515** · 05-14-2011

Originally Posted by Dave-The-Rave

Sony ****ed up...we all know, everyone should get on with their lives..

The answer is no. People will keep on talking about this years to come, you have to get on with your life and deal with it.

**Ghost-Rhayne** · 05-14-2011

Originally Posted by jonathanm1978

#8 - ignored.

#9 -

You should really try facts before listing things like "Purdue Univ ...", when the guy admitted he got his information for "forum readings and headlines", NOT factual evidence. The crap he told the Senate subcommittee was baseless rumor, and he head no clue that ONLY the banner was saying Sony had outdated Apache software. They were running the latest version (even the hackers said it), and that updating the banner was just trivial and unnecessary.

You should take caution when accusing others of bashing, as she shoe seems to fit you well. And calling someone a fanboy simply because they don't trend with the latest headlines, and stick to facts. That's l33t.

Fenix: even that "some dude saying stuff" admitted that he had NO proof to back his allegations, and he stressed that he said "Sony MAY have been running...blah blah"

What he is saying is right, this clown at the senate got his facts from a ****ing forum lol It's a joke but no one really cares about these things. There was even some tech forum (who arent biased gamers) who did abit of research and found Sony were running the current patch for their servers. But the misinformed and ignorant haters will hate on.

**jonathanm1978** · 05-14-2011

Originally Posted by ghost_rhayne

What he is saying is right, this clown at the senate got his facts from a ****ing forum lol It's a joke but no one really cares about these things. There was even some tech forum (who arent biased gamers) who did abit of research and found Sony were running the current patch for their servers. But the misinformed and ignorant haters will hate on.

Yeah, they said Sony just didn't update the banner at the top of the server admin page..but the actual software was the most current. Basically its like having a text file saying you're running Win 95, but the actual OS on your computer being Win 7 64-bit. What difference does that text file make? None. Same as the banner saying Sony ran outdated Apache software..it did nothing...and served no purpose, except to tell someone the version of Apache (I'd hope Net Admins already know what they are working on, it would be like your mechanic asking for the manual to your car before he could do any work to it or fix it for you.