Image Credit: Bethesda
Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Category:
News

Sony May Have Been Using Outdated Security Software, Claims Expert

Image of Logan Westbrook Legacy Author
Logan Westbrook Legacy Author
|

Published: May 6, 2011 11:01 am

This article is over 13 years old and may contain outdated information
image

Companies apparently don’t understand the risks involved in lax online security, or even worse, decide to take their chances.

Dr. Gene Spafford, an expert in electronic security and a professor in computer science at Indiana’s Purdue University, says that Sony may not only have been using outdated security software when hackers attacked PSN, but that it also knew it had a problem months before the intrusion happened.

Speaking at a Congressional hearing about the “The Threat of Data Theft to American Consumers” – the very same hearing that Sony declined to attend – Spafford said that he had seen discussions on some of the security mailing lists he read, where people who had worked on PSN had found that the servers were running old, unpatched software, without a firewall installed. He said that these people had notified Sony of the potential risk two to three months before the attack, but had seen no response, nor any update to the software. However, he made it clear that this information was just what he had seen reported and stressed that he personally didn’t have any firm details on Sony’s security measures.

Spafford said that companies and corporations often didn’t want to invest in online security as they didn’t understand the risks and costs involved in not doing so. For each compromised record, he said, a company incurred over $200 worth of costs, but added that even companies that did understand the risks involved seemed willing to play the odds. “Security is not something that returns a value,” he explained. “It’s not something that adds to the bottom line.”

While it’s true that Spafford’s comments are based on hearsay rather than any provable facts, it’s also true that it’s hearsay that he was willing to bring up in front a Congressional hearing. That might say more about Spafford than it does about the information, but it’s hard to believe that a security expert would just believe everything that he read. If what Spafford says is true, it would be mean that Sony was one of the companies that decided to play the odds. Unfortunately, Sony lost, and now we all have to deal with the fallout.

Source: The Consumerist via CVG

Recommended Videos
The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission.Ā Learn more about our Affiliate Policy
related content
Author
Image of Logan Westbrook Legacy Author
Logan Westbrook Legacy Author