Interesting penalty notice for Sony Playstation Network hack

The penalty notice for the Sony Playstation Network hack is an interesting read:

Beside the fact that Sony did not properly encrypt PCI relevant data and the rulings vague phrasing:

“Therefore the means used would not, at the time of the attack, be deemed appropriate, given the technical resources available to the data controller.”

a main point of the ruling seems to have been the fact, that the systems were compromised by a vulnerability for which patches were available at the time of the hack.

To me this is a perfect example that patch and vulnerability management are not nice to have but instead a must have for every organization. This ruling shows that being hacked is not just an inconvenience for the targeted companies but also opens the doors to fines and reparation claims.

I would really like to know what the blackened parts were about!
So give your Nessus a go and make sure to follow up on the results ;)

About SebastianB

read it in my blog
This entry was posted in miscellaneous, SecurityNews and tagged , , . Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.