Veracode security researcher Chris ‘t0ph’ Lytle detailed his views to a Black Hat webinar audience this week on how and why the Sony Playstation Network was attacked.
Lytle offered up a number of theories as to what actually took down the PSN. The top theory is that Sony was using unpatched server software. That software includes the open source Apache Web server running Linux as well as the Apache Tomcat application server.
Lytle noted that multiple Sony sites have been hit in the last month with SQL injection flaws, which leads to another possibile theory.
“Of the attacks where the attack vector was known, they are all things that Sony’s coders are directly responsible for,” Lytle said. “For the other ones, we’re looking at an un-patched server in which case Sony’s IT team would be responsible for it.”