Skip to content

A Small Update: Sony’s PSN Servers Actually Up-to-Date (UPDATED)

May 9, 2011

Over on Bitmob, Brad Grenz wrote an update regarding the PSN issue that I think should be shared to people to quell some of the fear, uncertainty, and doubt currently plaguing the gaming public.

Grenz found a post on the Beyond3D forums that detailed what some quick thinking and even quicker researching could do. Writes Grenz,

One member of the Beyond3D forum, deathindustrial, was curious about the outdated server software claim and did a very brief amount of very interesting research into the issue….

(Beyond3D’s community has a unique combination of technically knowledgable user with a low rate of console fanboyism, allowing for an honest discussion of things like the PSN data breach without the conversation devolving into another proxy battle in the great fanboy wars.)

As it turns out, it is fairly simple to use Google’s webcache to show what version of Apache the PSN servers were using back in March. According to a page request archived by Google on March 23, 2011, at that time Sony was running version 2.2.17 of the software. You can see from Apache’s website that 2.2.17 is the latest stable version of the webserver available even today. This is a direct repudiation of the claims being made that Sony’s webservers were out of date by as much as five years.

In connection to this, the poster, deathindustrial, also noted the exact quote said by Dr. Stafford, the “security expert,” during the testimony before congress. Instead of turning there, it might be better if I link to Pete’s post over on Dragonchasers from a few days back, which has the quote written down but also put in video form. As it stands, Stafford had “no information about what protections they had in place,” which sort of makes his testimony a rather moot point.

Of course, we’re all still waiting for word on Sony’s PSN servers, but if we spread the word and get people to think more rationally about the situation, it may prove to our benefit that folks don’t jump to conclusions about the reputation of an entity as important as Sony.

EDIT:

I just had a thought about this. Seeing as Sony’s already mentioned and apologized for flaws in their security, it’s probably good to note that up-to-date servers may not necessarily mean completely secure servers (though I doubt there is something like a completely secure server, anyway, but I digress).

I’ll take my own advice and not make the logical leap from one idea to the next without thinking about it further. Apologies to all.

Update:

I checked back on the post that this write-up is based on, and there appears to be another wrinkle in the entire thing. Bitmob commenter Psycho Logikal is asserting that the news post written on Bitmob is inaccurate, for lack of a better way of putting it.

According to Psycho Logikal, the research done was in reference only to a subset of the servers Sony was using for PSN. If such is the case, then the article from Bitmob would be inaccurate to a certain degree by virtue of bad wording, but contains otherwise useful information.

I’ll watch the discussion for more information as it becomes available.

About these ads
4 Comments leave one →
  1. May 10, 2011 02:21

    I was pretty much of this opinion before, but reading about it in places like this and elsewhere just shores up my perception of this whole thing. Sony was most likely following best practices, a group saw a potential mark after the weakened defenses from Anonymous’ DNS attacks, and struck while they had an opportunity and cover to do so. People (including congress) are wanting a concrete organization/entity to lay blame and accountability on, and with the attackers unknown/suspected, there is no firm target for that dart. Sony probably choose poorly in the how the held old information, but I would be surprised if they didn’t adhere or supersede the understood best practices of network security.

    • May 10, 2011 07:56

      For a big company to not follow best practices seems like corporate suicide. Sony is a long-standing company though, so they must have done something right to thrive for so long. :)

  2. May 12, 2011 06:00

    I wish they’d get the MMO games back online! I wonder how they will try to make this up to people, besides a free 30 days to subscribers. I hear they are helping with theft protection for the PSN but I don’t even use it for our PS3.

    • May 12, 2011 08:41

      Hopefully they will add some kind of option to get free levels so I can skip certain content. Honestly, I wouldn’t mind going back to EQ2 or trying some other SOE game if I could skip stuff I’d already done, so I don’t have to pay for the subtime that makes me have to go through that gauntlet again.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: