Sony Knew Its Servers Run on Obsolete Apache Months Before Data Theft
Dr. Gene Spafford of Purdue University said in a congressional testimony that Sony used outdated software on its servers, and knew about it months before the theft of over 100 million user accounts.
According to Spafford, security experts learned months ago from Internet forums that Sony was using old versions of Apache which "was unpatched and had no firewall installed." He also said that the issue was "reported in an open forum monitored by Sony employees" two to three months before the theft.
Spafford commented on the situation in a hearing at the House Subcommittee on Commerce, Manufacturing, and Trade. Sony was invited to participate, but declined to attend. In a letter to the committee, Sony said it has added automated software monitoring and enhanced data security and encryption — a bit too late now that everything had been stolen already.
Source: The Consumerist
Write a comment below. No registration needed!
|
|