Over on Bitmob, Brad Grenz wrote an update regarding the PSN issue that I think should be shared to people to quell some of the fear, uncertainty, and doubt currently plaguing the gaming public.
Grenz found a post on the Beyond3D forums that detailed what some quick thinking and even quicker researching could do. Writes Grenz,
One member of the Beyond3D forum, deathindustrial, was curious about the outdated server software claim and did a very brief amount of very interesting research into the issue….
(Beyond3D’s community has a unique combination of technically knowledgable user with a low rate of console fanboyism, allowing for an honest discussion of things like the PSN data breach without the conversation devolving into another proxy battle in the great fanboy wars.)
As it turns out, it is fairly simple to use Google’s webcache to show what version of Apache the PSN servers were using back in March. According to a page request archived by Google on March 23, 2011, at that time Sony was running version 2.2.17 of the software. You can see from Apache’s website that 2.2.17 is the latest stable version of the webserver available even today. This is a direct repudiation of the claims being made that Sony’s webservers were out of date by as much as five years.
In connection to this, the poster, deathindustrial, also noted the exact quote said by Dr. Stafford, the “security expert,” during the testimony before congress. Instead of turning there, it might be better if I link to Pete’s post over on Dragonchasers from a few days back, which has the quote written down but also put in video form. As it stands, Stafford had “no information about what protections they had in place,” which sort of makes his testimony a rather moot point.
Of course, we’re all still waiting for word on Sony’s PSN servers, but if we spread the word and get people to think more rationally about the situation, it may prove to our benefit that folks don’t jump to conclusions about the reputation of an entity as important as Sony.
I just had a thought about this. Seeing as Sony’s already mentioned and apologized for flaws in their security, it’s probably good to note that up-to-date servers may not necessarily mean completely secure servers (though I doubt there is something like a completely secure server, anyway, but I digress).
I’ll take my own advice and not make the logical leap from one idea to the next without thinking about it further. Apologies to all.
I checked back on the post that this write-up is based on, and there appears to be another wrinkle in the entire thing. Bitmob commenter Psycho Logikal is asserting that the news post written on Bitmob is inaccurate, for lack of a better way of putting it.
According to Psycho Logikal, the research done was in reference only to a subset of the servers Sony was using for PSN. If such is the case, then the article from Bitmob would be inaccurate to a certain degree by virtue of bad wording, but contains otherwise useful information.
I’ll watch the discussion for more information as it becomes available.