In testimony before Congress this morning, Dr. Gene Spafford of Purdue University, said that Sony was using outdated software on their servers - and I knew months before the recent security breach that allowed hackers to obtain information deprived of more than 100 million user accounts.
According to Spafford, security experts monitoring online open forums learned months ago that Sony was using outdated versions of the Apache web server software, which "was unpatched and had no firewall installed." The theme was "reported in an open forum controlled by employees of Sony" two or three months before the recent security breaches, said Spafford.
Spafford made his comments at a hearing before the House Subcommittee on Commerce, Trade and Industry. Sony was invited to participate in the hearing, but declined to attend. In a letter to the commission, said Sony has added automated monitoring software and data security and encryption systems in the wake of recent security breaches.
"If the evaluation of Dr. Spafford is accurate, it is inexcusable that Sony not only ran outdated software on the servers that contain sensitive data, but the company continued to do after this information was made public"