Is Sony's Network Secure Enough to Defend Against Another Attack?
Sony initiated the restoration of its online services for Sony Online Entertainment (SOE), Playstation Network (PSN) and Qricity services this weekend. But is Sony's network secure enough to safeguard against another attack?
SOE's library of MMOs returned with "welcome back" in-game events and free play time for players to make up for the recent cyber attack outage. Before logging back into any of these services, players are required to change their passwords, one of the many things that hackers were able to gain access to when they breached Sony's security last month.
EverQuest Online Adventure (EQOA) is still in the midst of downtime. The only updates since the May 14th reactivation announcements are the original post that the game would not be returning yet and a follow-up post stating that it is not ready. There's no official announcement for when services may return for EQOA.
Is Sony's new network ready to meet the challenges of persistent hackers?
After the announcement that phased restoration had begun, Sony President and CEO Kazuo Hirai posted a video message to customers apologizing for the outage and loss of personal information. PSN users will be receiving complimentary services and digital products as compensation for downtime. SOE and PSN users will also have the option to enroll in 12 months of identity theft protection.
Sony completely rebuilt the PSN and SOE services in order to make them more secure against attacks, but is it secure enough? Sony's home country of Japan isn't so sure. According to a report from Time.com, the Japanese government isn't giving the company permission to start up the game's services there because they "still have concerns about what exactly Sony has done to bolster security."
The report quotes Kazushige Nobutani, director of the Media and Content Industry department at the Ministry of Economy, Trade and Industry, who told Dow Jones Newswires in a release that officials require more information from Sony about what they've done to help make the network more secure, noting that "as of May 13th, Sony was "incomplete in exercising measures that they said they will do on the May 1 press conference." Nobutani could not comment on what the issues were for security reasons.
But the Japanese government isn't the only one calling the security of Sony's new system into question. A report from Afterdawn News states that Internet security expert John Bumgarner, also the chief technology officer for the U.S. Cyber Consequences Unit and a U.S. military special operations veteran, examined the system and found a handful of security flaws, including one that he called a "potential bonanza for hackers by using little more than a web browser, Google's search engine and a basic understanding of Internet security systems." The good news is that Bumgarner found that Sony has fixed 3 of the 5 flaws he had found over the last week.
In the meantime, PSN and SOE customers are enjoying the restoration of at least some services. A brief Q&A FAQ has been posted to explain what is and is not working for PSN. But this incident that compromised the personal details of over 100 million accounts begs one question - if Sony can fail so badly at protecting consumer information, how safe and secure are our details with any other online service that we choose to use? If you're concerned that you might be at risk of identity theft, be sure to check out Sony's offer to customers for 12 months of identity theft protection.