On 05/06/2011 04:29 AM, Mark McCullough wrote: > > On 2011 May 05, at 16:45, Paul Graydon wrote: >> As much as I'm rather miffed at Sony and their attitudes to security, >> there is nothing stated that I can see to say whether or not the servers >> running outdated Apache Web servers had any connection to PSN, SOE, or >> any confidential data at all. No reference to what those outdated >> servers were even hosting. Test sites? > > I'm all too often explaining that test systems are a popular target as a > gateway into the network or the real desired system.
Actually, all my test systems are better protected than production since they have limited number of users and some things are feasible, i.e. SSL only and client certificates, IP range access restrictions, etc. There is a whole range of not necessarily security problems inherent to test systems that are much more likely to happen than a security breach, e.g. live site can link to a test site and make real users think that they did something, when in fact they only did it on a test system. You really don't want to know what kind of mess that can create ;) _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
