Sony has been treading in hot water ever since a vulnerability in its PlayStation Network service resulted in a breach of security that allowed outside parties to gain access to the account records of 77 million users of the service. Sony claims that once the vulnerability was discovered they took down their services immediately so they could begin to conduct an investigation and revamp their security measures, but one security expert believes that Sony was warned well in advance of the attack.
In his congressional testimony, Dr. Gene Spafford of Purdue University claimed that Sony was using outdated software on its servers, and was even made aware of this issue months in advance of the attack. Security experts monitoring open internet forums had discovered that Sony was using an outdated, unpatched, and unfirewalled version of the Apache Web Server software. The issue was reported in an open forum monitored by Sony employees two or three months prior to the attack.
Sony had previously spoken to congress in an effort to provide information that would explain how the attack occurred, and the steps Sony would take correct the error and provide more adequate security to prevent future attacks. While Sony tries to repent for its massive failure to protect its customer’s data, consumers may now be wondering whether or not they can still trust Sony with their information, especially when the truth of what happened still seems to be eluding everyone.
Sony has maintained that access to its services would be up sometime this week, but with it being Friday and PlayStation Network still not up and running, its becoming increasingly harder to believe. In the meantime, Sony’s been trying to make nice with a disenchanted consumer base which may be considering switching over to its competitor’s platform.
In an effort to atone for its past sins, Sony is offering a large number of benefits to PlayStation Network members which include a free month of PlayStation Plus membership, a free month of access to their Qriocity services, and free identity theft coverage for all members when PlayStation Network returns.
The worst may not even be over. According to recent reports, a third attack on Sony’s properties may be imminent, which could mean increased downtime for its services.
Do you think Sony was unaware of issues related to its security, or merely ignoring them? Is Sony now trying to cover its tracks in order to help save face?