BreachExchange mailing list archives
follow-up: Sony Networks Lacked Firewall, Ran Obsolete Software: Testimony
From: security curmudgeon <jericho () attrition org>
Date: Mon, 9 May 2011 14:11:33 -0500 (CDT)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://www.eweek.com/c/a/Security/Sony-Networks-Lacked-Firewall-Ran-Obsolete-Software-Testimony-103450/ By Fahmida Y. Rashid eWEEK.com 2011-05-06 Sony failed to use firewalls to protect its networks and was using obsolete Web applications, which made the company?s sites inviting targets for hackers, a Purdue University professor testified May 4 to a Congressional committee investigating the massive data breach of the Sony game and entertainment networks. Sony disclosed on April 26 that thieves had stolen account information of up to 77 million users on the PlayStation Network and Qriocity. A week later, the company admitted on May 2 that the Sony Online Entertainment gaming service had also been breached, affecting an additional 24.6 million users. About 101 million user accounts have been compromised to date. The stolen data included names, addresses, email addresses and dates of birth. Some credit card information may have been stolen, but Sony claimed the numbers were securely saved as a cryptographic hash. What happened and what Sony is doing about the security breach are the two main questions everyone is asking, from the irate users on forums and blogs, to the various state attorneys-general planning lawsuits, all the way to Congress where lawmakers are holding hearings. [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- follow-up: Sony Networks Lacked Firewall, Ran Obsolete Software: Testimony security curmudgeon (May 09)