Experts on PSN Hack: Sony Could Have Done More

As the PlayStation Mesh outage enters its quartern week, with no definite answer to the question of when service wish be restored, security experts have told PCWorld that Sony could have finished more to prevent PSN from being infiltrated past hackers.

Their comments follow the congressional testimony of Gene Stafford, a computer security prof at Purdue University, who told lawmakers that Sony used an outdated version of the Apache Web server software, and had no firewall installed. Hackers compromised the PlayStation Meshwork on April 19, stole personal data, and forced Sony to rebuild its network from the ground ahead–a process that is still going on.

Sony has denied Stafford's claims, but some other experts who rung with PCWorld doubt that Sony took all precaution that it could have.

"Everything I've seen suggests that this very, very much could have been prevented," said Stan Stahl, president of the Los Angeles chapter of the Information Systems Security Affiliation, which organizes conferences for security experts.

Stahl has no man-to-man knowledge about the attack, merely his experience suggests that Sony's security approach was outdated. He noted that Sony had blamed the PSN hack, in part, happening an earlier denial-of-inspection and repair attack, which had unwittingly or intentionally weakened the network's defenses against the larger break-in. Stahl knows this method quite fortunate; he used a similar come on himself about eight long time ago to crack a waterworks's Website A part of a consulting job.

"If we can do that to a small water system district using an attack that's seven or eight eld preceding, and Sony got hit with that attack …you've got to say somebody at Sony wasn't watching the store," Stahl same.

Kris Alexander, nou of gaming scheme for Akamai, said it's uncouth for attacks to come multiple waves, every bit they did for Sony. Alexander wouldn't talk about Sony specifically because Akamai's policy is non to comment on companies in the games industry, but he did say that it's important for companies to be prepared for attacks on more than one front. "Oftentimes, especially with malicious attackers, they'Re planning righteous A hard as you are to defend yourself," he said.

After the Attack

Mike Meikle, CEO of IT consulting company Hawkthorne Group, was also critical of Sony, saying that the company's failings were evident in the way it responded to the breach. The company took five days to inform users that their name calling, email addresses, passwords, real-world addresses, and birthdays were exposed; and only after the attacks did Sony announce that information technology would employ a important information security officer to oversee the network.

"They really didn't have a definite procedure to come up to data breaches," Meikle same. Umpteen companies don't, he known, because it's an extra expense, and information security hasn't been a hot-release issue until quite recently. Motionless, Meikle was disappointed with Sony's response.

"Everyone was forward that Sony, existence Sony, would have their act together," he said, "and I think that's what's annoying people more than anything."

Was the PSN Breach Fateful?

Although Sony's plan of attack to security has come under fire, some experts–and some snuff it-hard Sony fans–have painted the gap as unavoidable. Last week, celebrated security expert Bruce Schneier told Kotaku that no network is truly secure, asserting that the fact that PSN was hacked likely had little to do with its level of security. "Everyone is in all likelihood equally sucky," he same.

Gary Bahadur of KRAA Security refutes the idea that hacking is inevitable. "If you are tireless and take in a rapid response process in place to key totally of your assets and test daily for vulnerabilities, you send away maintain a same good security posture," he wrote in an electronic mail message.

The trouble is that broad targets like Sony take to invest considerable resources in fillet attacks, according to Steve Santorelli, director of outreach for Team Cymru, a nonprofit security research company in Newmarket. "If you'ray a big enough target, you're active to have a fate of selfsame gifted people with a lot of resources and time hammering away at your systems," he said.

Videogame networks will continue to be attractive targets for hackers, because all associated credit cards pauperization to be unbroken active for subscriptions and downloadable contentedness, according to Tim Keanini, chief technical officer for network security firm nCircle. "IT's a respectable bet that other cybercriminals are looking at this breach and evaluating other gaming sites as potential targets because they are equally 'rich' in face-to-face information that can be speedily converted to parky, hard cash," Keanini wrote in an e-mail message.

Santorelli, World Health Organization before his circulating farm out worked at Microsoft and as a detective sergeant on Scotland Yard's Computer Crime Unit, warned that on that point's no facile-heater approach to stopping network breaches. Atomic number 2 argued that there inevitably to be a sea change in the way consumers treat their data.

"If there's one subject matter post-Sony, it's that this is the reality these days, and you have a responsibility to protect yourself, your networks, your family, and your information, because no one else is going to hump for you," Santorelli aforesaid.

He recommended practicing "reputable password hygiene" (specifically, not victimization the same countersign for every Website and service), keeping a close eye along banking statements, and maintaining a separate charge plate for online purchases. For more information on dealing with PlayStation Network information larceny in detail, check out our natural selection guide.

Follow Jared on Facebook and Chitter for symmetric more tech news and commentary.

Source: https://www.pcworld.com/article/491383/experts_on_psn_hack_sony_could_ve_done_more.html

Posted by: godinthemot.blogspot.com

Share this post