Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Detective work reveals PSN servers up to date

MykellMykell Member UncommonPosts: 780

We've all been hearing over and over again for the last week that Sony was running an outdated version of the Apache web-server software on its webservers. The implication, of course, was that this represents Sony's laissez-faire attitude toward the protection of customer information, making it easy for the hackers to gain entry to the PlayStation Network.

But the funny thing about this kind of "common knowledge" in the age of the Internet is the way rumors have an unfortunate tendancy to be repeated as fact. Just a week ago it was "common knowledge" that Sony stored every PSN password in plain text. It was also "common knowledge" that Sony Online Entertainment hadn't been compromised. Neither of those things proved true.

One member of the Beyond3D forum, deathindustrial, was curious about the outdated server software claim and did a very brief amount of very interesting research into the issue....


 

(Beyond3D's community has a unique combination of technically knowledgable users with a low rate of console fanboyism, allowing for an honest discussion of things like the PSN data breach without the conversation devolving into another proxy battle in the great fanboy wars.)

As it turns out, it is fairly simple to use Google's webcache to show what version of Apache the PSN servers were using back in March. According to a page request archived by Google on March 23, 2011, at that time Sony was running version 2.2.17 of the software. You can see from Apache's website that 2.2.17 is the latest stable version of the webserver available even today. This is a direct repudiation of the claims being made that Sony's webservers were out of date by as much as five years.

Poster deathindustrial also goes on to point out the folly in using "security expert" Dr. Eugene Spafford's testimony before Congress as a source for the claims that the servers were outdated and that Sony knew about it. In the written statement which accompanied his testimony, Spafford clearly states:


I have no information about what protections they had in place, although some news reports indicate that Sony was running software that was badly out of date and had been warned about that risk.

So he had no first-hand knowledge of the state of Sony's servers or Sony's knowledge about possible exploits, and he was literally repeating claims that he read in the media, which might have stemmed from IRC chat logs that were being passed around back in February. He didn't even do the very basic detective work it would've taken to completely repudiates the claims.

It's sad to say, but many are so eager to see Sony's eye blackened that they are willing to believe any rumor that puts the PlayStation in a negative light. We are in a backwards world where everything Sony says is assumed to be a lie or conspiracy, and anonymous IRC chat logs of dubious origins have miraculously become the most trusted news source in the industry. Here we ha

http://bitmob.com/articles/detective-work-reveals-psn-servers-up-to-date

http://forum.beyond3d.com/showpost.php?p=1549251&postcount=491

Comments

  • SandaStunnaSandaStunna Member Posts: 101

    yeah, i dont get why they want sony hurt so bad. they are also hurting the developers that rely on PSN. developers that makes fun games like pixeljunk monster, flowers, last guy, fat princess, stardust hd..etc are experiencing massive lost of revenue.

     

    http://www.joystiq.com/2011/05/09/psn-outage-costing-capcom-hundreds-of-thousands-if-not-million/

  • gauge2k3gauge2k3 Member Posts: 442

    As a computer scientist myself, the second I heard someone say they heard sony didn't use a firewall at all, I knew that I needed to just walk away from the online debate about all this.

    Anon is no simple hacker organization, I promise you they didn't just simply walk in and take what they already knew how to get.  Anon are the people who shows exploitation first, not just use it second hand like some script kiddie.

    I think people need to step back and realize how powerful this rogue organization is, and not be so quick to judge sony.  Is it Sony's fault?  Yea, to some degree, they are responsible for the protection of our data, and ultimately it was stolen.  Am I more angry at Anon, yes, I am.

    This is one of the few times that I cannot agree with the actions taken to acheive an end that Anon has done.  If it was truely done by Anon and not just a ploy to take attention off the real attacker.

    It is very hard for me to believe that Anon would use this means to achieve it's end.  They are notorious for not hurting the regular person.

    What happened here was more akin to terrorism than to Anon's usual style.  At any rate, only the attacker, and possible Sony/the government really know what happened, and they aren't going to be quick to reveal whole truths to us.

  • bezadobezado Member UncommonPosts: 1,127

    Originally posted by gauge2k3

    As a computer scientist myself, the second I heard someone say they heard sony didn't use a firewall at all, I knew that I needed to just walk away from the online debate about all this.

    Anon is no simple hacker organization, I promise you they didn't just simply walk in and take what they already knew how to get.  Anon are the people who shows exploitation first, not just use it second hand like some script kiddie.

    I think people need to step back and realize how powerful this rogue organization is, and not be so quick to judge sony.  Is it Sony's fault?  Yea, to some degree, they are responsible for the protection of our data, and ultimately it was stolen.  Am I more angry at Anon, yes, I am.

    This is one of the few times that I cannot agree with the actions taken to acheive an end that Anon has done.  If it was truely done by Anon and not just a ploy to take attention off the real attacker.

    It is very hard for me to believe that Anon would use this means to achieve it's end.  They are notorious for not hurting the regular person.

    What happened here was more akin to terrorism than to Anon's usual style.  At any rate, only the attacker, and possible Sony/the government really know what happened, and they aren't going to be quick to reveal whole truths to us.

    Haha yup yup I too was very hot headed when I heard the rumors, and was actually in defense for Sony amongst all this talk. Basically I was like how do you know what internals they have, what security they had and if it was all tied to the same system.

    I didn't think a company as large and as big as this would be that stupid to not have updated security and on top that a firewall, who the hell runs millions of dollar business and leaves the front door open on purpose. Outrageous idea that they never had a firewall, shame on the dumb shits who start rumors then fueled by more ignorant people.

  • MykellMykell Member UncommonPosts: 780

    I thought the rule of thumb nowadays for forum posts was "don't let facts get in the way of a good story".

  • DistopiaDistopia Member EpicPosts: 21,183

    Yeah lol, that's pretty ironic when you consider the reaction you would receive if you asked for proof they were negligent with their stored info. Just goes to show, don't believe everything you read on the net kids.

    Where are all of those who should be eating crow right about now? I hate SOE and their current crop of MMO's but damn I hate people jumping to conclusions more. Especially when they attack anyone who doesn't buy their BS.

    For every minute you are angry , you lose 60 seconds of happiness."-Emerson


  • ComanComan Member UncommonPosts: 2,178

    Might not have been outdated, but was definitly not good enough :P

  • jado818jado818 Member, Newbie CommonPosts: 356

    I'm more interested in why it took them 7 days to take the intrusion seriously enough to shut down servers.

     

    They either didn't have enough people to handle the situation or they took too long to figure out they lacked the skills to figure out what went wrong.

  • GdemamiGdemami Member EpicPosts: 12,342


    Originally posted by Coman
    Might not have been outdated, but was definitly not good enough :P

    It's never good enough...all you can do is follow up with criminals.

  • GdemamiGdemami Member EpicPosts: 12,342


    Originally posted by jado818
    I'm more interested in why it took them 7 days to take the intrusion seriously enough to shut down servers.

    They shut down the servers within 24 hours after they found out their network was compromised.

  • NelothNeloth Member Posts: 249

    Originally posted by gauge2k3

    As a computer scientist myself, the second I heard someone say they heard sony didn't use a firewall at all, I knew that I needed to just walk away from the online debate about all this.

    Anon is no simple hacker organization, I promise you they didn't just simply walk in and take what they already knew how to get.  Anon are the people who shows exploitation first, not just use it second hand like some script kiddie.

    I think people need to step back and realize how powerful this rogue organization is, and not be so quick to judge sony.  Is it Sony's fault?  Yea, to some degree, they are responsible for the protection of our data, and ultimately it was stolen.  Am I more angry at Anon, yes, I am.

    This is one of the few times that I cannot agree with the actions taken to acheive an end that Anon has done.  If it was truely done by Anon and not just a ploy to take attention off the real attacker.

    It is very hard for me to believe that Anon would use this means to achieve it's end.  They are notorious for not hurting the regular person.

    What happened here was more akin to terrorism than to Anon's usual style.  At any rate, only the attacker, and possible Sony/the government really know what happened, and they aren't going to be quick to reveal whole truths to us.

    Anon stated "they" didn't do it but some members with them might have (google it), I'd bet it was someone related to them with a grudge or agenda, always some (really) bad apples (in a basket of bad apples?)

  • EliandalEliandal Member Posts: 796

    Originally posted by Malickie

    Yeah lol, that's pretty ironic when you consider the reaction you would receive if you asked for proof they were negligent with their stored info. Just goes to show, don't believe everything you read on the net kids.

    Where are all of those who should be eating crow right about now? I hate SOE and their current crop of MMO's but damn I hate people jumping to conclusions more. Especially when they attack anyone who doesn't buy their BS.

       You'll never see them in this topic, since it contains actual facts.  They're smart enough to know that their stupidity won't hold here :D!

  • jado818jado818 Member, Newbie CommonPosts: 356

    Originally posted by Gdemami

     




    Originally posted by jado818

    I'm more interested in why it took them 7 days to take the intrusion seriously enough to shut down servers.




     

    They shut down the servers within 24 hours after they found out their network was compromised.

    You're right i typed in haste

     

    What I meant to say is... Im interested in why it took them 7 days to figure out data was stolen after they knew they were hacked.

     

    It seems they weren't prepared to be hacked.. and weren't prepared to track down the problem

  • NethermancerNethermancer Member Posts: 520

    Anybody who takes anything on these forums as fact needs to come back to reality. There have been guys spewing lies on every thread since the hacking. And just b/c someone has a link STILL doesnt make it true. 

    Playing: PO, EVE
    Waiting for: WoD
    Favourite MMOs: VG, EVE, FE and DDO
    Any person who expresses rage and loathing for an MMO is preposterous. He or she is like a person who has put on full armor and attacked a hot fudge sundae.

  • adam_noxadam_nox Member UncommonPosts: 2,148

    stuff like this doesn't happen without inside info or insight into security systems that normal people shouldn't have. 

    If you want to try to grasp how hard it is to just plain hack an online server, try playing an emulated mmo server that talented programmers wrote from the ground up for several years and see how impossible it is to do just about anything without access to some sort of source code.

    I'm really sick and tired of reading about anon.  They, whoever did this, and all others calling themselves hackers can never be taken seriously as people with any real skill or talent.  Sure, a few prodigies might exist, and certainly more existed in the past when computer systems were infinitely less complex than they are today, but because of how misinformed anyone is, and how rare any real hacking happens anymore, you just have to make a blanket statement that anyone who calls themselves a hacker is actually just a dumb d-bag.

  • twodayslatetwodayslate Member Posts: 724

    It as pretty evident in that PDF transcript of the congressional hearing that the testimony was pure conjecture.  Especially since neither of the three directly mentioned that they had ever had anything to do with Sony.  Not sure what the motivations of other posters were, but for me it is just fun to play devil's advocate and mess with people who are immediately colon-buddies with a large corporation simply because they enjoy what that corporation puts out.

    Honestly I could care less about their fate either way, given that I've had an active boycott against the anything Sony for the better part of a decade, but that last bit about people being eager to see Sony take a hit works both ways.  There are equivalent numbers of people who blindly went about condemning the attackers and treating Sony as if it was dying for mankind's sins.  Nobody seems to be able to recognize the concept of shared responsibility anymore.

  • LeetheLeethe Member UncommonPosts: 893

    As I recall trion's rift servers where up to date when hackers began stealing login information wholesale. "Up to date" deosn't mean "no known vulnerabilities".  (I am aware of the difference in magnitude).

    There is NO miracle patch.

    95% of what you see in beta won't change by launch.

    Hope is not a stategy.
    ______________________________
    "This kind of topic is like one of those little cartoon boxes held up by a stick on a string, with a piece of meat under it. In other words, bait."

  • FadedbombFadedbomb Member Posts: 2,081

    Originally posted by gauge2k3

    As a computer scientist myself, the second I heard someone say they heard sony didn't use a firewall at all, I knew that I needed to just walk away from the online debate about all this.

    Anon is no simple hacker organization, I promise you they didn't just simply walk in and take what they already knew how to get.  Anon are the people who shows exploitation first, not just use it second hand like some script kiddie.

    I think people need to step back and realize how powerful this rogue organization is, and not be so quick to judge sony.  Is it Sony's fault?  Yea, to some degree, they are responsible for the protection of our data, and ultimately it was stolen.  Am I more angry at Anon, yes, I am.

    This is one of the few times that I cannot agree with the actions taken to acheive an end that Anon has done.  If it was truely done by Anon and not just a ploy to take attention off the real attacker.

    It is very hard for me to believe that Anon would use this means to achieve it's end.  They are notorious for not hurting the regular person.

    What happened here was more akin to terrorism than to Anon's usual style.  At any rate, only the attacker, and possible Sony/the government really know what happened, and they aren't going to be quick to reveal whole truths to us.

     

    If you're such a "Computer Scientist", then you should look into the fact that it wasn't "Anonymous's" doing. Just because there was a plaintext file on the PSN's networking claiming it was Anon's doing, doesn't mean it WAS anon.

     

    The simple fact is, no matter the legality of the issue...."Anon" ALWAYS claims responsibility if it WAS them. Guess what, they have already stated it wasn't them. So please, stop pointing script-kiddy fingers @ Anon.

    The Theory of Conservative Conservation of Ignorant Stupidity:
    Having a different opinion must mean you're a troll.

  • GdemamiGdemami Member EpicPosts: 12,342


    Originally posted by jado818You're right i typed in haste
     
    What I meant to say is... Im interested in why it took them 7 days to figure out data was stolen after they knew they were hacked.
     
    It seems they weren't prepared to be hacked.. and weren't prepared to track down the problem

    PSN network got hacked, and there was no evidence that SOE network was affected too.

    It was easier for PSN staff to detect the attack because it was most likely their entry point and there you most likely leave traces, but when you access some machine and manage to elevate your privileges, your presence become much harder to detect and if you make an effort to cover your steps, also harder to track.

    It does not seem to me that unreasonable.


    Sony network is HUGE and you cannot just blindly 'check everything', it doesn't work that way. It does not work for way smaller networks either.

  • headenheaden Member UncommonPosts: 229

    Very interesting,  it is usually easier to blame randomly than come up with a logical conclusion.  Thanks for posting this here, I kinda found it hard to believe they would be that negligent.

  • SandaStunnaSandaStunna Member Posts: 101

    hackers can hide on the network (like sniffer) and can be unspotted for awhile. on this scenerio it was probably too late when something really unsual that caught admins attention.

Sign In or Register to comment.