Psychotext said:
Never said they were a smoking gun, but if you're making mistakes on basic level security aspects like that then you're making them elsewhere. That's just an example we have clear proof of.
We don't need that to say that Sony's security might have huge holes. The RNG thing on the PS3 is a much more blatant indication, honestly.
That said, it's quite possible that security on those servers were handled by a completely separate team. Though any network is only as good as its weakest security, with any breach providing a potential jumping point to to intended target.
True, but even the supposed unpatched exploits mentioned briefly in that pasties note don't mean the server necessarily was exploitable. They may depend on payloads that are difficult to take advantage of. Ideally they would be patched, and they may have been the point of entry, but it could just as easily been something else.
Hopefully we'll eventually find out (via the congress questions most likely) how their network was breached and then we'll know exactly what they did wrong. It's highly unlikely they were attacked with a previously unknown platform vulnerability (because it wouldn't have just been them taken out, there are far tastier morsels out there)... but who knows if we'll ever get to see that information.
Oh, definitely, there was some hole in their system and it probably was old. There always is. I'm just saying that we shouldn't point to any of the known issues so far as more than speculation, because there's no confirmation, and none of them so far is a gaping hole that
had to be the point of failure. PSN
is a juicy target, though, so I wouldn't rule out a 'new' exploit for that reason, but more because generally it's something already known that is exploited. Even with good turnover, patching a server on a production system requires a lot of planning.