Just when I was starting to feel bad about what happened to Sony they go and get themselves in trouble again with security issues on their PSN enabled websites. To be fair they weren’t completely hacked, but their security measures aren’t enough to prevent future attacks on personal accounts.
Essentially, if a PSN user needs to reset his/her password all they have to enter is their e-mail address and date of birth. From here the site will redirect the gamer to a password reset page where they can update their forgotten, or outdated password. Unfortunately, for those gamers who were PSN users pre-mega-hack have compromised data out in the Ether somewhere, so technically the d*ck that stole all of the user account information from the original hack could still exploit an account that had an updated password.
To prevent any additional attacks Sony has since taken down the PSN logins on their family of websites, and as of 4PM EST these services are still unavailable. I really am starting to question Sony’s competency to provide sound data security. How after 3 weeks of being down do they not see this flaw in their security system? I’m wondering if this is just an attempt by Sony’s CIO to get canned so he can retire and get away from this mess.
Sony IT Employee Enjoying His Job
I thought Sony’s mea culpa of free gifts and service was satisfactory for their oversights, but now that this happened I’m starting to think they should send us all the combined salaries of their IT department as a second helping of “I’m Sorry”. You’ve been thinking that Sony needs to start searching for new IT personnel…
[#ff entbuddha] “Making you a better geek, one post at a time!”
Via [#ff engadget]