There’s fail, there’s epic fail, and then there’s Sony. You may’ve thought it wasn’t possible, but Sony has just outdone itself on the fail scale, forcing us to add yet another notch. During the congressional testimony this morning, Dr Gene Spafford of Purdue University revealed just how badly Sony managed its Playstation Network servers. It’s… Bad.
What are the basic tenets of maintaining network-connected computers? Exactly – keep your software up to date, and use a firewall (or otherwise close and/or monitor your ports). These are such elementary rules it’s hard to imagine anyone would ignore them in this day and age. Sure, I can understand some grandma not running Windows Update properly on her 8 year old Windows XP machine, but professionals managing the world’s second most popular online gaming network?
Spafford states that security experts monitoring open internet forums had found out that Sony was running outdated versions of the Apache web server, with no patches applied. To make matters worse, Sony did not have a firewall installed. Topping it all off, these security experts reported these flaws months before the current breaches on security forums monitored by Sony employees. Wow.
“If Dr Spafford’s assessment is accurate, it’s inexcusable that Sony not only ran obsolete software on servers containing confidential data, but also that the company continued to do so after this information was publicly disclosed,” said Jeff Fox, Consumer Reports Technology Editor.
Let’s be clear here: the folks who stole the data are criminals and need to be apprehended. However, if Spafford’s story is true, and you’d think that you wouldn’t lie during a congressional hearing, you can easily argue that Sony are criminals as well.
They were basically hiking up their skirts, battering their eyelashes, and making pouty lips to the criminal world. Poor analogy. Let me make it clear: they are acting like criminals themselves. This is going to cost them dearly in law suits and damages – and rightfully so.
This is what we call cosmic karma.
Theyâ€™ll just sue the security researchers for “illegally” publishing the info, leading to the breach.
When someone shows a stupid company how stupid they are for shooting themselves in the foot, they wonâ€™t stop shooting, theyâ€™ll start shooting the other guy too.
This isnâ€™t even half over yet. The Sony train-wreck has just begun.
Edited 2011-05-05 21:15 UTC