Isn’t it amazing how different things look from different directions? I lifted this piece of writeup from a friend’s Facebook page. Kennedy Tariah, in his flawless delivery on this attack said the following.
A couple of weeks ago, it was announced that hackers attacked SONY’s PlayStation network and made away with valuable customer information such as credit card numbers among others. This news was felt in almost every part of the world as Sony corp. has so many followers on its playstation network (PSN). But with this news came a rumor, that the successful attack was as a result of various vulnerabilities on the part of Sony corporation.
It was believed that reverse enginnering the playstation firmware, vulnerabilities in the Linux servers, and unencrypted data traversing the network, led to the successful attack. The event, it was said, led to the leakage of over 77 million users’ information and about 2.2 million credit card information. a report also said Sony new about the leakage full six days before notifying users.
Among all these, was an interesting fact that only credit card numbers were being stored encrypted, according to the report that three-digit pins were not encrypted at all. also email addresses and answers to security questions were stored unencrypted. this brings me to a very necessary question -WHAT WAS SONY THINKING ??
it is very amusing that a giant corporation such as Sony was this backward when it comes to network security, that as a matter of fact the play station network was not even secure, speaking in real networking sense. It also shows the importance of network security in every area of a business operation.
Currently, there is a hot discussion about PCI council’s security standards and Sony’s compliance to it. PCI council is the Payment Card Industry Security Standards Council. It is an open global forum that is responsible for the development, management, education, and awareness of the PCI security standards – a set of security requirements that a business is supposed to comply to. Now, among these requirements, is the requirement that “THE VENDOR MUST BUILD A SECURE NETWORK.”
Obviously this might have upset some network security nerds that our much more beloved aspect of computer technology is being over looked, Tenable Network Security must have been among these set of guys. Infact they have been so hurt that they posted a blog vividly explaining the advantages of running both network and authenticated scans. THAT IS THE EXTENT IN WHICH WE LOVE OUR BELOVED FIELD OF NETWORK SECURITY.
Security they say, is never an ending process therefore, it is a very sensitive and at the same time a very important issue in today’s world equally making network Security a very important field of computer technology as well. our sympathy goes to the numerous users of Sony PlayStation Network and obviously i’m very sad and exasperated.