PlayStation Network – Anonymous leaks PSN ssh logs, shows Sony is responsible for data theft
Outdated server software may have caused PSN outage allowing hackers to enter PlayStation Network stealing more than 100 million user data sets from PSN and SOE. Since the allegation itself isnt exactly new, there are new proofs that this rumor is correct.
German publication Computer BILD got information from Anonymous proofing that Sony may have acted negligent when it comes to the servers of the PSN. Computer BILD reports that Sony tries to hide the facts, but now there are some embarracing news.
Report even claims that Sony lies when it comes to the statement of outdated servers. Computer BILD got an exerpt showing log files that proof that Sony was, as of the hacking attack, using very outdated server software, such as OpenSSH 4.4 – current version is 5.7. Back in 2006 there were reports about OpenSSH 3.x and 4.x and the security issues those versions utilize.
But SSH was not the only open door for hackers: Sony used an outdated version of the Apache webserver as well. Apache found on Sony’s server was 2.2.10 while current version is 2.2.17. So Sony made it easy for hackers to access sensible data as since summer 2009 there were bug reports about “dangerous security issues” in the mentioned version, as Hamburger Presse states.
Guido Alt, spokesman for Sony Germany, told Computer BILD that he was not handed any information about Sony using old server software. But since Anonymous’ log files show log-ons to Sony-servers, Sony could seriously be in trouble. Although those logs would not be valid evidence in a court unless Sony approve them, community pressure will become a serious topic to Sony. At least for now, they have to tell the truth – now where logs are handed around the press.