Feeds

Sony: 'PSN attacker exploited known vulnerability'

Preps network for service restart

The Power of One eBook: Top reasons to choose HP BladeSystem

Sony is getting ready to return to service some PlayStation Network offerings, amid ongoing analysis to try and identify the source of the April attack on its San Diego data centre hosted in an AT&T network facility.

While maintaining that it has not yet seen any evidence that credit card data was compromised in the attack, Sony has said that where customers are charged a fee for reissuing credit cards, it will take responsibility for those charges. The company claimed in the press conference that credit card data was encrypted.

Executive deputy president Kazuo Hirai said that while 78 million accounts were compromised, the number of affected individuals is lower than that, since some people operate multiple PlayStation Network accounts. Of these, he said, Sony only held credit card information for around 10 million customers.

Sony’s Shinji Hasejima, Sony’s CIO, told Sony’s apologetic news conference that the attack was based on a “known vulnerability” in the non-specified Web application server platform used in the PSN. However, he declined to stipulate what platform/s were used or what vulnerability was exploited, on the basis that disclosure might expose other users to attack.

Hasejima conceded that Sony management had not been aware of the vulnerability that was exploited, and said it is in response to this that the company has established a new executive-level security position, that of chief information security officer, “to improve and enhance such aspects”.

Sony also said it has asked the FBI to investigate the attack.

The company’s new package of security measures will include relocating the data centre to a new facility that was already in build, and forcing password changes on PlayStation Network and Qriocity users. Password changes will need either to come from the same PS3 that the account was created on, or will have to be confirmed via e-mail.

Hirai said other protective measures will include additional firewalls, better confirmation management, and automated detection mechanisms designed to identify unusual network traffic.

To try and recover customer goodwill after the long shutdown of services, Sony announced a “welcome back” package that will include free access to premium services including movie and music downloads.

PlayStation Network and Qriocity services will be progressively restarted over the coming week. Users can track the progress of service restoration on the company’s US or European blogs. ®

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.