Here's an example from my past, where there WAS the same hole exploited. I won't name the company, but let's just say I found a MAJOR security hole for them, and reported it straight to their top folks (it was that major, that it needed addressed, ASAP.)
The response I got was that their 'elite' team had been aware of said issue, for over a year, and 'decided' it was a calculated risk. Didn't matter that it was massively hackable, and I could easily take everything from their network, top to bottom... The 'elite' folks had already decided, in their minds, that it was a necessary risk. So, in this case, they WERE aware of a hole, yet didn't fix it.
That doesn't mean Sony was aware of the first or second (or any still unremedied) holes. But as you pointed out, they are huge, and therefore, once hole one was publicly disclosed, their efforts to find and remediate any others should've gone into high gear, because common sense dictates that, now, they have that target hanging out there.
(edit - please excuse multiple posts tonight, in succession... Working from my phone, remote, and if typing gets too long, it times out during reply, and I lose it all. So better to 'chunk it up' into a couple posts, when necessary)
Last edited by hayabusa
on Sat Oct 15, 2011 9:07 pm, edited 1 time in total.
~ hayabusa ~
"All men can see these tactics whereby I conquer,
but what none can see is the strategy out of which victory is evolved."
- Sun Tzu, 'The Art of War'
OSCE, OSCP (Former - GPEN, C|EH - both expiring / expired)