Linked by Thom Holwerda on Thu 5th May 2011 21:07 UTC, submitted by sawboss
Games There's fail, there's epic fail, and then there's Sony. You may've thought it wasn't possible, but Sony has just outdone itself on the fail scale, forcing us to add yet another notch. During the congressional testimony this morning, Dr Gene Spafford of Purdue University revealed just how badly Sony managed its Playstation Network servers. It's... Bad.
Thread beginning with comment 471933
To read all comments associated with this story, please click here.
No excuse but...
by mrhasbean on Thu 5th May 2011 21:38 UTC
mrhasbean
Member since:
2006-04-03

...I think it would surprise a lot of people just how many organisations of all sizes don't keep software up to date or run effective firewalls. While this is insanely stupid for a company the size of Sony, and they deserve every head bashing they get over it, I can guarantee they aren't on their own.

Downtime (cost), software compatibility (cost of upgrading) and cost of actually doing the job regularly are some of the major excuses I've had thrown at me in over 25 years of doing this stuff, and no amount of explaining how negative the consequences might or what the cost could be if they don't do it seem to work on some people. Way too many have the "It'll never happen to me" mentality. Windows and now Android are proof of that.

Edited 2011-05-05 21:39 UTC

Reply Score: 5

RE: No excuse but...
by ephracis on Thu 5th May 2011 22:18 in reply to "No excuse but..."
ephracis Member since:
2007-09-23

Not only Windows and Android but iOS and Mac OS X as well.

Just about any software except "Hello, World!" is unsecure and probably being exploited for fun and profit as we speak.

Reply Parent Score: 6

Hello World Exploits
by eMPee584 on Fri 6th May 2011 00:30 in reply to "RE: No excuse but..."
eMPee584 Member since:
2007-01-29

Just about any software except "Hello, World!" is unsecure

For a large stock of 0day h3lL0 w0OrLd exploits, drop me a mail covertly. Surely we can find a suitable product matching your victim n0ob's language of choice.

Reply Parent Score: 3

RE: No excuse but...
by SReilly on Thu 5th May 2011 22:57 in reply to "No excuse but..."
SReilly Member since:
2006-12-28

Sadly I have to agree. I've yet to join a company that actually implements proper upgrade planning into their IT strategy. Some of my customers (mainly banks) have no problem implementing proper security procedures and making sure their systems are patched, port locked and behind firewalls so it's not impossible. Thing is, for a bank to get insurance, they need to be able to prove that they have taken all reasonable precautions, that is securing their systems one notch down from unplugging them from the network and locking them in a safe.

Explaining to a company the costs associated with the theft of potentially valuable data is far from easy. Many of the intermediary businesses working with the banks don't have anywhere near the security needed to deal with large transactions. Sometimes the thought of who has my personal information stored where keeps me up at night. :-(

Reply Parent Score: 5

RE: No excuse but...
by toast88 on Fri 6th May 2011 06:47 in reply to "No excuse but..."
toast88 Member since:
2009-09-23

Downtime (cost), software compatibility (cost of upgrading) and cost of actually doing the job regularly are some of the major excuses I've had thrown at me in over 25 years of doing this stuff, and no amount of explaining how negative the consequences might or what the cost could be if they don't do it seem to work on some people. Way too many have the "It'll never happen to me" mentality. Windows and now Android are proof of that.


Just to be clear. We're not talking about a 25 employee car repair shop which run one server to host their website, email and employee database (no offense meant against those people), but a multi-billion dollar company like Sony. They definitely have the manpower and financial means to build and maintain a secure and always up-to-date infrastructure.

And if Sony doesn't feel they can handle the server administration themselves, they can easily contract an external company to do that. For an online service like PSN where people's credit card information is hosted on the servers, a properly secured environment is not optional but mandatory.

Sorry, but there is NO excuse for that.

Adrian

Reply Parent Score: 5