Sony: ‘PSN attacker exploited known vulnerability’
In a post-attack follow-up, the Register reports Shinji Hasejima, Sony’s CIO, in an apologetic news conference said that the attack was based on a “known vulnerability” in the non-specified Web application server platform used in the PSN. However, he declined to stipulate what platform/s were used or what vulnerability was exploited, on the basis that disclosure might expose other users to attack. Hasejima conceded that Sony management had not been aware of the vulnerability that was exploited, and said it is in response to this that the company has established a new executive-level security position, that of chief information security officer, “to improve and enhance such aspects.”
