Experts say,even after three weeks, the security flaws in Sonys servers which allowed for an enormous breach of personal customer data remains unfixed with the potential for another attack. The remaining vulnerabilities in the networks security were discovered remotely in a contracted evaluation of the companys current security effectiveness.
John Bumgarner, a network security expert, says Sonys system is weak enough that there are potential abuses from hackers using the most basic of applications. Bumgarner works for an independent group that researches possible network security threats for both corporations and the government.
Sony would not disclose what exactly the flaws in their security were or whether active systems could be accessed, but they have already fixed a portion of the potential threats. The company claims that protecting their customers information is a top priority.
There are still exploits remaining in Sonys network however, and Bumgarner has not explored more sophisticated methods of cyber attacks. He did state that the two major breaches made public by Sony seem to be the only noticeable instances of hacking.
One instance that displays a lapse in security is Sony Santa, an old gift card registry sweepstakes that collected personal information of customers which was posted online. Earlier this month Sony discovered their error and is now ensuring the information is no longer available.
Other problems have included open access to employee login information systems. Sony had mistakenly given an address of the sensitive server application to search engines. In addition, customers who played Sony games on Facebook had their personal information and IP addresses made publicly available. Sony has since fixed these exploits.
Even though Sony has claimed that security flaws were only present in PlayStation Network (PSN) and Sony Online Entertainment (SOE), a myriad of other networks seem to have issues as well. Hackers were able to use Google in order to find exploitable elements of Sonys network which highlights dangers in connecting major data servers to the Internet.
The entire issue began when hackers contacted a Sony network administrator through email with malicious links that installed a virus on his PC. The computer was then used to attack Sony. The information of Sony IT employees was readily available through some careful Googling.
The Sony PlayStation Network is still down and Sony has not made an announcement regarding the outage since May 10th.
Felt bad for em.
