Sony's new security plan: so many flaws hackers tire before hitting them all

Tiny ISP subsidiary takes small hit; big sites still show big flaws


Among the invitations (too glaringly insecure to be called "flaws") found by John Bumgarner, CTO of the federally funded Internet security research company U.S. Cyber Consequences, was a sweepstakes app created for the 2001 Christmas season and defunct since then, that was designed to collect registrations and give registrees access to systems deeper in Sony's network.

Another pointed Bumgarner to a server running an identity management system that controlled access to and logins for the Sony Pictures Entertainment network.

That one provided good evidence of Sony's new security conscious IT policies: Bumgarner found it doing a Google search using the term " identity."

As if some ignorant hacker could ever figure out a trick like that.

Sony told Reuters it fixed the flaws right away. This morning the search still led the way to a Sony login server, and another and another before I got tired of looking -- but not to the actual login data. Which, I suppose, is an improvement.

Join us:






Answers - Powered by ITworld

Ask a Question