'We have to admit we were not fully sufficient' exec admits
Sony was internally aware of security shortcomings before its PlayStation Network was hacked, the company has said.
Sony chief information officer, Shinji Hasejima (pictured), this week confessed at a Tokyo press conference that security measures could have been improved.
“The vulnerability [of the network] was a known vulnerability, one known of in the world. But Sony was not aware of it... was not convinced of it,” he said.
“We are now trying to improve aspects of it”.
Shiro Kambe, the senior vice president at Sony, also apologised for the oversight.
Advertisement
“We thought we had taken enough management and control measures [to ensure the network was secure], but looking back, there might have been room for further enhancement,” he said.
“We have to admit we were not fully sufficient.”
Over 100 million PlayStation Network and Sony Online Entertainment accounts were exposed by an unauthorised user last month.
Around ten million credit cards stored on Sony’s servers may have been stolen, the company warned. A criminal investigation is underway in the US, though not in Japan – implying the hacker was based in the US.
[TIMELINE – THE PSN ATTACK AND COLLAPSE]
Sony repeatedly apologised at the press conference, beginning and ending the meeting with a ‘deep bow’.
The company explained that it was vulnerabilities in its web application server that caused the hack.
Rik Ferguson, both a PlayStation user and computer security expert at Trend Micro, said lax security controls for digital networks are not out of the ordinary.
“Unfortunately, it is common for companies to run servers that they know has vulnerabilities,” he told Develop.
“In the enterprise world, companies want maximum up-time. They don’t want to take their servers down, so they try to balance security with up-time.
“So companies try to deliver security patches in a bunch, say every few months. This of course means there’s a period of time when these vulnerabilities are not secured.
“Sadly a lot of companies are doing things this way”.
Sony have ZERO sincerity. Over the last ten years as a company Sony have become more like Apple in their business ethos. Consumers are a means to end... dominance of the market place is their objective at any cost. They legal book needs to be thrown at Sony over this or where will the line be drawn?
A Furious PS3 owner and Sony product consumer.
playstaion network cooming back online with ps plus for one month aleast come back online ps3 is mile s better than shitbox 360 yeh boi cant wait for 2 new releases battlefield 3 and modern warfare 3
is sad psn knew about the flaws but hey everybody makes mistakes not everybody is perfect i feel sorry for anyone whos gotten their credit card stolen but they are trying to help you guys and if they bowed at that conference means they are really sorry PLZ FORGIVE THEM!!!!!!!!!!! ^_^ KEEP FIGHTING SONY im ur loyal fan im never going to buy and xbox
Well done Develop, for letting people like #2, drag your respected "industry" status, down to the gutter level of IGN. When you decide to man-up, and get your reputation back on track, let everyone know will ya?
Either that, or get a creche for the children, for when mommy isn't on their PC.
Have been on fanboy comment alert all day long. Clearly a couple got in during lunch break.
Rob, good to see you guys are still preventing this sort of nonsense from hitting the comments, I'd imagine there would have been far more if it wasn't so controlled. I enjoy having an educated discussion here at Develop, and Lee - you have to admit man, at least there are only 2 of them.
All fanboys and girls aside, that was a pretty big risk Sony took, and it turned around and bit them. I don't own anything that could connect to the PSN network, but I feel sorry for those that do and have suffered from this oversight on Sony's behalf.
“The vulnerability [of the network] was a known vulnerability, one known of in the world. But Sony was not aware of it."
So. . . it sounds like he's saying the exact opposite of what's stated in the headline. He's acknowledging that the vulnerability with the older version of Apache was well known within the security community, but claiming that Sony was unaware of it.
Oh dear Lord they're inadvertently admitting to gross negligence. It's like fitting and alarm but leaving your back door open, and then trying to claim insurance ..
