Sony updated the PlayStation Blog yesterday to remind everyone (again) that they have been “working around the clock” to restore the PSN and Qriocity services, and are in the final stages of testing before flipping the “on” switch withing the next few days. This rare opportunity for decent PR news has been dampened by new claims that Sony had been using outdated software prior to the hack.
During congressional testimony on Wednesday Dr. Gene Spafford of Purdue University stated that Sony had been using “outdated software” on their servers and had known that this was a potential security problem for “months” prior to the attack.
Spafford got this information from security experts who stated the company was warned in an “open forum monitored by Sony employees” two to three months before the security breaches that they were using outdated versions of the Apache Web server software, and that it “was unpatched and had no firewall installed”.
Sony did not attend the hearing but in a letter to the committee stated that they have “added automated software monitoring and enhanced data security and encryption” since the security breaches.
Let’s just hope that Sony’s new plan to actually pay attention to their servers pays-off before the next planned attack on their systems this weekend.
Source: The Consumerist
*Update* Turns out from a bit of internet detective work, that the software on Sony’s servers were up-to-date. Full report here.