mandag den 2. maj 2011
Sony: 'PSN attacker exploited known vulnerability'
02.12 | Indsendt af
RoTmOoD |
Rediger opslag
Sony is getting ready to return to service some PlayStation Network offerings, amid ongoing analysis to try and identify the source of the April attack on its San Diego data centre hosted in an AT&T network facility.
While maintaining that it has not yet seen any evidence that credit card data was compromised in the attack, Sony has said that where customers are charged a fee for reissuing credit cards, it will take responsibility for those charges. The company claimed in the press conference that credit card data was encrypted.
Executive deputy president Kazuo Hirai said that while 78 million accounts were compromised, the number of affected individuals is lower than that, since some people operate multiple PlayStation Network accounts. Of these, he said, Sony only held credit card information for around 10 million customers.
Sony’s Shinji Hasejima, Sony’s CIO, told Sony’s apologetic news conference that the attack was based on a “known vulnerability” in the non-specified Web application server platform used in the PSN. However, he declined to stipulate what platform/s were used or what vulnerability was exploited, on the basis that disclosure might expose other users to attack.
Hasejima conceded that Sony management had not been aware of the vulnerability that was exploited, and said it is in response to this that the company has established a new executive-level security position, that of chief information security officer, “to improve and enhance such aspects”.
Sony also said it has asked the FBI to investigate the attack.
The company’s new package of security measures will include relocating the data centre to a new facility that was already in build, and forcing password changes on PlayStation Network and Qriocity users. Password changes will need either to come from the same PS3 that the account was created on, or will have to be confirmed via e-mail.
Hirai said other protective measures will include additional firewalls, better confirmation management, and automated detection mechanisms designed to identify unusual network traffic.
While maintaining that it has not yet seen any evidence that credit card data was compromised in the attack, Sony has said that where customers are charged a fee for reissuing credit cards, it will take responsibility for those charges. The company claimed in the press conference that credit card data was encrypted.
Executive deputy president Kazuo Hirai said that while 78 million accounts were compromised, the number of affected individuals is lower than that, since some people operate multiple PlayStation Network accounts. Of these, he said, Sony only held credit card information for around 10 million customers.
Sony’s Shinji Hasejima, Sony’s CIO, told Sony’s apologetic news conference that the attack was based on a “known vulnerability” in the non-specified Web application server platform used in the PSN. However, he declined to stipulate what platform/s were used or what vulnerability was exploited, on the basis that disclosure might expose other users to attack.
Hasejima conceded that Sony management had not been aware of the vulnerability that was exploited, and said it is in response to this that the company has established a new executive-level security position, that of chief information security officer, “to improve and enhance such aspects”.
Sony also said it has asked the FBI to investigate the attack.
The company’s new package of security measures will include relocating the data centre to a new facility that was already in build, and forcing password changes on PlayStation Network and Qriocity users. Password changes will need either to come from the same PS3 that the account was created on, or will have to be confirmed via e-mail.
Hirai said other protective measures will include additional firewalls, better confirmation management, and automated detection mechanisms designed to identify unusual network traffic.
Abonner på:
Kommentarer til indlægget (Atom)
Blog Archive
-
▼
2011
(24)
-
▼
maj
(19)
- The hackers hacked: main Anonymous IRC servers inv...
- On 20th day of PlayStation Network down time, Anon...
- Exclusive: Third attack against Sony planned
- As Sony counts hacking costs, analysts see billion...
- LastPass Security Notification
- NZ Parliament DDoS a success: Anonymous
- [NEW THEFT] Sony announces theft of data from its ...
- PlayStation Network Security Update
- #Anonymous attacks Iranian state websites
- Hacker posts screenshot of sex video on SPAD website
- Source Code is the New Hacker Currency !
- The Japan crisis an IT security
- Sony: 'PSN attacker exploited known vulnerability'
- Diablo 3: 'We're on the home stretch', says Blizzard
- GeoHot - PSN attack is Sony's own fault.
- Google, MPAA and isoHunt Clash in Court
- Hackers Claim to Have PlayStation Users’ Card Data
- Rumor – Hacker claims credit card information sent...
- Rumour: PSN member credit card numbers on sale in ...
-
▼
maj
(19)
Faste læsere
Leveret af Blogger.
6 kommentarer:
Sony are bastards
The farce continues .. :P
I heard about this. Im kind of glad I didnt put so much cash into getting a PS3.
I still can't believe this. Glad that I am a PC gamer, lol.
I don't care about my info being stolen. Enough companies sell that anyway. I don't care about my credit card being stolen. It is easy enough to monitor that. All I care about it wanting to play Portal and Mortal Kombat for a change.
I need to switch to PC gaming...
Send en kommentar