Sony hack highlights the danger of poor Linux system administration
According to security expert, Dr. Gene Spafford, at a hearing set up by the Commerce, Manufacturing and Trade subcommittee in Washington, Sony's problems began when they failed to update their Apache web server software. In addition to their failure to patch the web server, Dr. Spafford told congress that Sony were not using a Firewall, which heightened the security risk.
Dr. Spafford said that Sony had not only known about these vulnerabilities on their systems but had also known that this information was in the public domain, as security experts monitoring internet forums said it had been reported in an open forum, which was apparently monitored by Sony employees, 2 – 3 months ago.
It is estimated that 100 million Sony users have been affected by the hack, with 3million of those being British users. It is likely that the UK Information Commissioner will also take action over the hack as it appears Sony has failed to take reasonable care of the private and sensitive data of its users.
Now is the time to check your version numbers and make sure that your managed hosting provider is updating vulnerabilities and patching your server on a regular basis. If you do not have expert support for your server, now might be a very good time to consider making that investment.
Over the last two weeks, Sony's shares have dropped 4% and, according to YouGov's Brand index, Sony's popularity has dropped from +17.4 to -9.65 since the hack occurred. This is a PR disaster for Sony and it is too soon to speculate what long term implications this will have on the electronics giant, however if the short term effects are any indication, they are likely to be heavy and long lasting.
In retrospect what price would Sony pay to have had a security audit of their systems which identified and closed this simple loophole prior to the hack?
If you have concerns about the security of your infrastructure, contact the ForLinux team today on or email