Sony Knew About Old, Unpatched Server Software for Months: Researcher
In testimony in front of Congress on Wednesday, Dr. Gene Spafford of Purdue University said that security experts monitoring open Internet forums were aware months ago that Sony was using outdated versions of the Apache Web server software, which "was unpatched and had no firewall installed."
Not only that, Spafford added that the "oversights" were "reported in an open forum monitored by Sony employees" two to three months prior to the recent security breaches of Sony's PlayStation Network (PSN) and Qriocity services. Despite that, the warnings went unheeded.
Sony was invited to attend the hearing, but declined. Instead, the company sent the letter (which we reported on earlier) explaining how the hacking of their systems, and promising that Sony's systems will be more secure in the future.