During yesterday's hearings held by the Congressional House Subcommittee on Commerce, Manufacturing, and Trade on the subject of data theft--and, largely, the current situation with Sony and the PlayStation Network--the committee heard testimony from Dr. Gene Spafford, the executive director at Purdue University's Center For Education and Research in Information Assurance and Security. During his testimony, Spafford dropped a potentially damning piece of info regarding the Sony breach.

During yesterday's hearings held by the Congressional House Subcommittee on Commerce, Manufacturing, and Trade on the subject of data theft--and, largely, the current situation with Sony and the PlayStation Network--the committee heard testimony from Dr. Gene Spafford, the executive director at Purdue University's Center For Education and Research in Information Assurance and Security. During his testimony, Spafford dropped a potentially damning piece of info regarding the Sony breach.

ooooooooooooh

damn :)

You know what? I'm sure they did.

Wait, this guy testified that he read something on the internet?

Huh?

You can insert this phrase for nearly every company that deals with internet services or hosting.  If it's related to the internet, it's security is probably out of date.  It's all of matter of who is targeted and the resources available to combat it.  That being said, step it up next time Sony.

Wow, this combined with not showing up when a congressional committee summons you? This is looking rough for Sony.

That seems potentially dealbreaking for Sony.

Sony made an open declaration for hackers to come at them so any compromise to the integrity of their system is 100% Sony's fault for not being "up to date" and prepared for said attack they instigated.

That E3 Sony press conference is going to be so uncomfortable.  It's going to be like Pee Wee Herman's first stage appearance after his arrest.  It's going to be so cringe worthy, and I'm not going to miss a minute of it.

OH SNAP

oh snap

If this is true then it opens the way for some criminal indictments of Sony's corporate ladder. It will also probably affect the way that corporations are treated in the future as all sorts of precedents are going to be set by this.

Surprise surprise surprise

Sony is fucked.

Reminds me of all the other disasters that occur, people get lax with security and or protocol and eventually some shitstorm occurs. 

Ehh, no doubt those fucking hackers will attack PSN again as soon as it's up again.

That Dr. Spafford, rarin' to regulate with his BOWTIE! 

" I would assume this is not true. Theres no proof. It's not an offical report from a company. "

" I would assume this is not true. Theres no proof. It's not an offical report from a company. "

" I would assume this is not true. Theres no proof. It's not an offical report from a company. "

How many idiots are going to still say Sony did no wrong? 

" @SRanker said:

" I would assume this is not true. Theres no proof. It's not an offical report from a company. "

Sony aren't exactly going to come out and say "it happened because our security sucked".  That would be admitting to negligence and that's their biggest worry at the moment. "

Old software and no firewalls? Great, just great....

There is no denying that Sony is boned here. And to protect them like a fanboy won't help anyone's case either so don't bother. I'm not sure if it was incompetence, or sheer arrogance, that prevented Sony from protecting itself and it's customers. I'd like to think that they didn't know what they were doing. But if that was the case then why are they in the online business in the first place? 

" That E3 Sony press conference is going to be so uncomfortable.  It's going to be like Pee Wee Herman's first stage appearance after his arrest.  It's going to be so cringe worthy, and I'm not going to miss a minute of it. "

The CSpan picture really threw me. For a second I thought I was reading Indecision Forever.

I have to say that I am very disappointed at Sony. They took 150+ hours to let customers know that their information was compromised. They throw $5.99 at customers so they can have access to PSNplus for a month. And now they are accused of using outdated security software (similarly to us using norton antivirus 2002 in our PCs)? I spend 50% of my gaming time playing Xbox and about 40% playing PS3. However, it looks like MS will be getting most of my money going forward. The only way that I can regain my confidence in Sony is if they start firing the executives that made the horrible decision to NOT invest in IT security and the ones that declared war on the hackers.

But... Look at how old he is! Life is too short to tell lies! "

BOOM

Of course shit hit the fan because they didn't play the "better be safe than sorry"-card! That's always the reason to a disaster where human engineering is involved. They could have figured that out once the PS3 got hacked, yet they didn't pull the plug on their network because it just "might" happen. That's not a reason strong enough to take such a drastic measure, yet here we are.

Today I learned my porn cache is hundreds of times more secure than Sony's servers. Frightening.

" Wait, this guy testified that he read something on the internet?Huh? "

wired had an article similar with a guy who actually was hacking his ps3, and found out that their apache servers were out of date (he had the revision numbers) determined using packet sniffers on his network, and explained that they do not even attempt a firewall or VPN.

" There is no denying that Sony is boned here. And to protect them like a fanboy won't help anyone's case either so don't bother. I'm not sure if it was incompetence, or sheer arrogance, that prevented Sony from protecting itself and it's customers. I'd like to think that they didn't know what they were doing. But if that was the case then why are they in the online business in the first place? 

As a gamer I don't care how much free content Sony is willing to throw my way. I simply won't buy into that shit. My credit card information may have been compromised - I don't know. Even if the users personal information hadn't been stolen people still scrambled to protect themselves by any means possible. Knowing that gamers came to PSN for entertainment only to be fucked in the end is unforgivable. This could mess up a lot of gamers lives - or the lack thereof. 

Sony is going to need to do something to get me back on the Playstation with their next console. As of now with the PS3? I'm done. It's being packed up and sold along with the games.

"

0 surprise, strange how a tech giant like Sony would be so inept with the internet in many ways. Doesn't look good for them.

" I would assume this is not true. Theres no proof. It's not an offical report from a company. "

I love how people throw around terms like "unforgivable" and phrases like "Sony is fucked".

Most people at this point just want the system back so they can get back to gaming online. Most, if not all of this was on Sony, yes, but for any company that has to deal with this, and there have been a lot, it's usually "lesson learned" and we're all better off for them having gone through it. You can bet it was a huge wake up call for a lot of other online service providers as well.  Sony likely was targeted because they pissed off hackers, but to believe this couldn't happen to just about any company these days is naive at best. The effectiveness of any security is only as god as the asshole standing outside the door's desire to get in.

If you're boxing up your PS3 to sell because this happened, please, fucking go.  Regardless of what's currently going on, there are a shit ton of awesome PS3 games coming out this year, and I personally will be playing the shit out of them (and I'll be playing Gears 3 and hopefully some new Zelda and whatever else great games come out on any system this year).

Also, it's not being a fanboy to be realistic about a situation. It's just common sense.

I can't wait for E3.

Old guys be oldin'.

(I've never been prouder of my gray "neutral" status on a website before)

I'm no lawyer-man, but does saying IT'S TRUE CUZ I SAWS IT ON THE INTERWEBS have any legal backing whatsoever?

hahahahaha r.i.p. sony whocares-2011

Sony is also offering free Identity Theft Protection for all users of the Playstation Network in the United States, and is working right now on trying to get a service that would work in other territories and countries as from what I can tell, this one only works with the United States.

I'm no lawyer-man, but does saying IT'S TRUE CUZ I SAWS IT ON THE INTERWEBS have any legal backing whatsoever?

@Goldanas:
You realize that forum discussion is not something that is exclusively on the internet, right? He's citing reports from discussions by those involved by in forum discussions initiated by Sony. There is a signifigant difference between that and some random forum on the internet (You really didn't think he was citing a internet forum, did you?).

Not surprising.

Well, this is something we already knew, but the fact is that the people in charge of security answer to the people who have the money, and they don't always have a lot of say.

Spending a bunch of money to upgrade something that they just upgraded a few months ago probably seems insane to the admin/accounting people at Sony who don't understand how security works.


Also to anyone who is saying this is fake, firstly, why would this be fake? Its a doctor/professor talking to congress, that's pretty legitimate. Plus its been said many times by people who have examined Sony's security that they were using an older version of apache with known security flaws. Its been stated by many people in many places.

" I'm no lawyer-man, but does saying IT'S TRUE CUZ I SAWS IT ON THE INTERWEBS have any legal backing whatsoever? "