Hacking Sony’s SIEA

This post has been largely removed in compliance with a notice received from Sony Interactive Entertainment.

Multiple vulnerabilities were discovered in an SIEA internal system. They were responsibly disclosed and fixed.

Timeline

08/31/2016 (Me) — Notification of Issue A

09/01/2016 (Sony) — Assigned issue #1472749409

09/25/2016 (Me) — Request for update

09/27/2016 (Sony) — “Actively pursuing internal activities”

04/15/2017 (Me) — Notification of incomplete fix for Issue A, set disclosure deadline of July 14th

04/18/2017 (Sony) — Acknowledged, requested I “refrain from public disclosure”

04/18/2017 (Me) — Reaffirmed the 90-day deadline of July 14th

04/21/2017 (Sony) — Notification that fix will be out by end of May

04/29/2017 (Me) — Notification of Issue B

05/01/2017 (Sony) — “Investigating this submission to determine the best course of action”

05/03/2017 (Me) — Notification of Issue C

05/04/2017 (Sony) — Assigned #1493927870 to Issue B and #1493927871 to Issue C; “continuing to work” on Issue A

06/02/2017 (Me) — Notification that Issue A seems to be fixed

06/07/2017 (Sony) — All issues have been fixed

06/07/2017 (Me) — Notification that fix for Issue A is incomplete, sent draft post and new 90 day deadline

06/14/2017 (Sony) — “Investigating this submission to determine the best course of action”

06/21/2017 (Sony) — Issue A fully fixed

06/22/2017 (Sony) — Notice to remove this “posting” from public access