科技回声

11 条评论

ZoFreX大约 14 年前

If I see one more article on this incident that abuses the word "firewall" I'm going to hurt someone. Surely Apache is either accessible via port 80, or it isn't. What would a firewall do to mitigate vulnerabilities in a webserver?

评论 #2518552 未加载

评论 #2518565 未加载

评论 #2519178 未加载

评论 #2518575 未加载

评论 #2519271 未加载

评论 #2518561 未加载

JoachimSchipper大约 14 年前

Not part of this article: Sony ran unpatched Apache on a system actually containing sensitive data, Sony was actually hacked via unpatched Apache.

评论 #2518422 未加载

mrcharles大约 14 年前

I have a feeling the upcoming lawsuits against sony aren't going to go well.

jswanson大约 14 年前

I've worked in IT in Japan for a little over 5 years now.Getting people to /allow/ you to patch servers is like pulling teeth. Seriously.If the OS itself is so far out of date that you can hardly find patches for it anymore, the issue is even worse.The mere specter of something possibly breaking is usually reason enough in many people's minds to not prioritize security updates, or in some case, flat out disallow them.Sadly.Edit: keep in mind that this is anecdotal, I'm sure there are companies that patch their servers properly.

PatrickTulskie大约 14 年前

An unpatched apache is hardly an apache at all.

评论 #2520177 未加载

foobarbazetc大约 14 年前

This is bullshit.If they're running RHEL (which is likely), the version number doesn't mean anything, since RedHat back ports all security patches.

teyc大约 14 年前

There is no mention of missing firewall in the report.<a href="http://republicans.energycommerce.house.gov/Media/file/Hearings/CTCP/050411/Spafford.pdf" rel="nofollow">http://republicans.energycommerce.house.gov/Media/file/Heari...</a>Quote:<pre><code> In the Sony case, the majority of the victims are likely young people whose sense of risk, privacy and consequence are not yet fully developed, and thus they may also not understand the full ramiﬁcations of what has happened. Presumably, both companies are large enough that they could have aﬀorded to spend an appropriate amount on security and privacy protections of their data; I have no information about what protections they had in place, although some news reports indicate that Sony was running software that was badly out of date, and had been warned about that risk.</code></pre>

heyrhett大约 14 年前

What version was it running? Can anyone point to an explanation of the exploit?

评论 #2518279 未加载

评论 #2518654 未加载

fosk大约 14 年前

Does anybody know what those hackers did to breach the servers?

phlux大约 14 年前

I would wonder if whomever their sys ad was, deliberately left their perimeter weak.Also, did they never do a security audit??

评论 #2518274 未加载

评论 #2519498 未加载

dirtyhand大约 14 年前

No phoenix firewall? pft

11 条评论

ZoFreX大约 14 年前

评论 #2518552 未加载

评论 #2518565 未加载

评论 #2519178 未加载

评论 #2518575 未加载

评论 #2519271 未加载

评论 #2518561 未加载

JoachimSchipper大约 14 年前

Not part of this article: Sony ran unpatched Apache on a system actually containing sensitive data, Sony was actually hacked via unpatched Apache.

评论 #2518422 未加载

mrcharles大约 14 年前

I have a feeling the upcoming lawsuits against sony aren't going to go well.

jswanson大约 14 年前

PatrickTulskie大约 14 年前

An unpatched apache is hardly an apache at all.

评论 #2520177 未加载

foobarbazetc大约 14 年前

This is bullshit.If they're running RHEL (which is likely), the version number doesn't mean anything, since RedHat back ports all security patches.

teyc大约 14 年前

heyrhett大约 14 年前

What version was it running? Can anyone point to an explanation of the exploit?

评论 #2518279 未加载

评论 #2518654 未加载

fosk大约 14 年前

Does anybody know what those hackers did to breach the servers?

phlux大约 14 年前

I would wonder if whomever their sys ad was, deliberately left their perimeter weak.Also, did they never do a security audit??

评论 #2518274 未加载

评论 #2519498 未加载

dirtyhand大约 14 年前

No phoenix firewall? pft

Sony was running unpatched Apache with no firewall for months before breach

11 条评论

Sony was running unpatched Apache with no firewall for months before breach

11 条评论