Third cyber-attack on Sony planned - rumour
Online gossip points to new breach, as U.S. Congress hears expert testimony
Online reports suggest that a group of hackers are planning a third wave of attacks on Sony this weekend, apparently as "retaliation" for Sony's handling of the original security breach.
According to CNET, discussion on IRC channels suggest that hackers already have access to some Sony servers. It is claimed they plan to publicise all or some of the information they copy from Sony's servers - potentially including customer names, addresses, and credit card numbers.
CNET suggests that the third attack will be by "the same group of hackers that was able to infiltrate the PSN servers", but does not speculate on whether they are associated with the Anonymous collective - as suggested by Sony Computer Entertainment boss Kaz Hirai.
In related news Purdue University security expert Dr. Gene Spafford has claimed in a report to the U.S. Congress House Energy and Commerce Subcommittee (PDF) that many companies and organisations that store large amounts of user data routinely run outdated operating systems without sufficient protection.
Although Spafford referred to the PlayStation Network incident he admitted he had no first-hand knowledge of Sony's security precautions, but he did offer this general summary of industry attitudes:
"My personal conclusion from reviews of reports in the press and discussions at professional meetings is that operators of these systems... continue to run outmoded, ﬂawed software, fail to follow some basic good practices of security and privacy, and often have insuﬃcient training or support."
Online reports claim that Sony was running an outdated version of the Apache Web server software without a firewall when it was originally attack, although this is still yet to be substantiated.