The House of Representatives Energy & Commerce Subcommittee on Commerce, Manufacturing and Trade continues to seek answers regarding last month's breach of the PlayStation Network's security. The one it got yesterday from Purdue professor and security expert Dr. Gene Spafford is troubling, to say the least, if the situation he detailed actually played out as described.

Spafford told the subcommittee that, according to security mailing lists he subscribes to, "individuals who work in security and participate in the Sony network" had learned "several months ago" that PSN was hosted on servers running "very old versions of Apache software that were unpatched and had no firewall installed."

The professor continued, "they had reported these [issues] in an open forum that was monitored by Sony employees, but had seen no response and no change or update to the software." The timeframe for these events was "two to three months prior to the incident where the break-ins occurred," according to Spafford.

It's important to note that his account of the situation and information is second-hand. Still, the potential for this testimony to cause the subcommittee, headed by representative Mary Bono Mack (R-CA), to demand more answers from Sony -- and, more specifically, the individuals mentioned by Spafford -- does exist.

Sony could not be reached for comment.



http://www.joystiq.com/2011/05/05/psn-servers-were-unpatched-and-had-no-firewall-installed-secu/#comments

Posted: May 05, 2011 7:47 pm