Sony has denied claims that their servers were running outdated software and that they lacked firewalls. The rumors were presented during a Congressional hearing by security expert Dr. Gene Spafford. Sony's senior director, Corporate Communications and Social Media, Patrick Seybold, released a statement denying these reports.
"The previous network for Sony Network Entertainment International and Sony Online Entertainment used servers that were patched and updated recently, and had multiple security measures in place, including firewalls."
Dr. Gene Spafford of Purdue University testified that Sony may have been using outdated software and they knew it. According to Dr. Spafford security experts monitoring forums knew Sony was using outdated versions of the Apache Web server, and it "was unpatched and had no firewall installed." He went on to say the issue was "reported in an open forum monitored by Sony employees" several months before the attack. Links to these forums, proof they existed or were written by someone with any authority on the matter were absent from the testimony.
I'm not saying either side is lying, but they can't both be entirely correct. Who do you think is right?