follow-up: Sony Networks Lacked Firewall, Ran Obsolete Software: Testimony

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.eweek.com/c/a/Security/Sony-Networks-Lacked-Firewall-Ran-Obsolete-Software-Testimony-103450/

By Fahmida Y. Rashid
eWEEK.com
2011-05-06

Sony failed to use firewalls to protect its networks and was using 
obsolete Web applications, which made the company?s sites inviting targets 
for hackers, a Purdue University professor testified May 4 to a 
Congressional committee investigating the massive data breach of the Sony 
game and entertainment networks.

Sony disclosed on April 26 that thieves had stolen account information of 
up to 77 million users on the PlayStation Network and Qriocity. A week 
later, the company admitted on May 2 that the Sony Online Entertainment 
gaming service had also been breached, affecting an additional 24.6 
million users.

About 101 million user accounts have been compromised to date. The stolen 
data included names, addresses, email addresses and dates of birth. Some 
credit card information may have been stolen, but Sony claimed the numbers 
were securely saved as a cryptographic hash.

What happened and what Sony is doing about the security breach are the two 
main questions everyone is asking, from the irate users on forums and 
blogs, to the various state attorneys-general planning lawsuits, all the 
way to Congress where lawmakers are holding hearings.

[...]

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/