back to article Security watchers unpick PlayStation hack

Security analysts have narrowed down the probable causes of the infamous Sony PlayStation Network breach. Sony is slowly restoring its PlayStation Network and Online Entertainment service following a hack that exposed the personal details of 77 million PlayStation Network gamers and (separately) 25 million customers of its …


This topic is closed for new posts.
  1. Anon the mouse

    nice write up

    Just a couple of things.

    "As a side note, Google’s web cache shows that Sony’s servers were up to date, so this whole theory may be bunk."

    Not true, the Google cache only shows one server (Auth). Which was updated soon after the IRC chat happened. What wasn't updated were the other ones (Shop,account,content,patches, etc) and these have never been cached by Google. An Nmap revealed they were running apache 2.2.11 on all the core servers except the Auth obviously.

    Sony would appear to have been watching the right channels for information about weaknesses, but they didn't do more than a token gesture towards keeping patched and up-to-date servers.

    With regards to Rebug and SP-INT (Developer network) Sony have said that they weren't that concerned as it was an intentional bug on the developer network and until Rebug appeared there were no problems with the system of trust alone.

    If this hack hadn't happened I'm quite sure Sony would have kept on coasting with the servers never getting more than a token patch on Auth and SP-INT cleansed every few months.

    1. Anonymous Coward
      Anonymous Coward

      so..... ?

      Which ones were on 2.2.11?

      1. Carol Orlowski

        All the main ones

        according to that link. As nobody knows what those servers were, or what they contained.

        Anyways, it's looking increasingly likely this was all down to a SOE disgruntled employeee, not a cyber attack.

    2. Anonymous Coward


      Was probably still in the "in tray" of Change Management, patch the Auth server and then wait a few weeks to see if something broke before further rolling out. Not like you would want to cause an outage or something.......

  2. This post has been deleted by its author

    1. Annihilator Silver badge


      In a case like this, it's very very unlikely that you'll get full disclosure from Sony as to how they f**ked up. To do so will be akin to accepting full liability in a legal sense and I think they'd be reluctant to do that as doing so would leave them (even more) open to lawsuits and the like.

      Hypotheses and deductive reasoning is all we'll get.

    2. Anonymous Coward


      Maybe the story is trolling to get the comentards to fill in the facts?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021