Thanks, North Korea

Reflecting on the historic pantsing that some North Korean hackers gave Sony Pictures, I think some could fairly describe it as the best possible thing to happen right now. And by ‘some’ I do not mean Sony’s competition. You can bet their own schadenfreude is heavily tempered by a frantic code brown review of their own data security. Rather I mean experts like Richard Clarke who have been screaming, begging and tearing their hair out about digital security.

When you think about how many ways that a hostile power, or a hostile group of teenagers with a laptop, can screw with us the main question about a digital 9/11 is when and how bad.

As it turns out the answer is now and pretty bad, but importantly not the end of the world. A company lost money and a lot of people got embarrassed. Blackmailers got what they wanted, which will no doubt encourage underpowered states to screw with big powers more in the future. But in the end no one died, even if a few sys admins probably wish they had. Overall I think people will eventually look back and feel very, very lucky that it shook out that way. Let me lay out my thinking.

By now it should be clear that most of our digital infrastructure has shit security. College compsci majors can usually red team their way into our electrical grids. Lockheed might put up a fight (the Chinese get through anyway) but 2014 taught some hard lessons about how most companies neglect their computers. Sony’s admins basically kept an unencrypted folder titled ‘everyone’s password’. Target stepped on a rake and Home Depot protected customer data like your great-aunt protects her AOL account. It is not terribly gratifying when you give up begging her to use something more challenging than ‘password1’ for the eighty seventh time and the next day she ‘donates’ $42,000 to a teenager in Sevastopol loses the payment and personal information of every goddamned customer for the last six months.

You could ask, why should the Sony hack do any good? Earlier breaches did not persuade Target to overhaul it security and the Target disaster somehow failed to dislodge Home Depot’s head from its ass. I think it has a lot to do with who got hurt. The earlier breaches embarrassed Target and Home Depot and pissed off shareholders, but aside from sacrificial scapegoats in mid-management the breaches were mostly a customer problem. That let businesses regard these things coolly, from a risk-reward perspective. In broadest terms you could describe the hacks as someone else sneaking in and shearing some more wool off of the sheep.

Sony more or less inverted that story. Some customers got fleeced, for example I might avoid the Playstation Network for now, but that does not begin to describe what happened to Sony. Instead of sneaking in an open barn door and making off with livestock in the dark, North Korea made a public spectacle out of Sony’s humiliation. They screwed with employees’ computer monitors. They released emails, scripts, drafts, planning documents, IT records and anything else they could find on Sony’s hard drives. Nobody likes having their private business written on a banner pulled behind a slow-flying plane, and I imagine it comes as an especially rude shock to corner office executives long used to lavish deference and (limited) untouchability.

When you are humiliated, more than anything else you want the story to fucking please go away already. Sony for example sent some very expensive lawyers on a futile quest to get the press to leave this story alone. Yet the story just. will. not. die. In part this has to do with Sony being an entertainment company. We Americans go embarrassingly gaga for stage managed little news bites about our favorite celebrities and the films they make, so we have no defense against all that stuff shooting unedited out of a fire hose for everyone to consume all at once. What’s wrong with the next Bond movie, what might happen to Spider-Man, what do Sony employees think about Adam Sandler? (not highly.) You have an academic look at one of the larger businesses in entertainment, suddenly rendered completely transparent. You have the national security angle for us policy wonks. Then you have the safety versus freedom angle about releasing the movie, a tough call that I would not necessarily second guess. You never know how much more damaging material they might have held back as a threat. The disaster has an absolute, seemingly bottomless wealth of story hooks.

It all adds up to an astonishing ordeal for Sony: a public humilitation and a financial disaster that just drags on and on, exposes and hampers their long term business plans and then, adding insult to injury, Sony becomes the goat for pulling the movie. Put me in the place of a senior executive at some other business or utility and I will do two things, basically right away. First I will look hard at who I might piss off and how I can avoid it. Like that reaction or not but you better learn to live with it. Power has moved around some since days when America’s most dangerous neighbors were Canada, Mexico and sharks. Nowadays the walls around your castle are only as secure as a password, and most passwords are shit. Nobody with a corner office and a Bentley wants to sacrifice himself for your principles.

However, I also find it pretty damn self-evident that we have entered a bull market for computer security. Nothing bumps security up the cost-benefit ledger like this seemingly neverending public ruin and humiliation of a company that probably did a better job at securing its networks than you do. After all, you can’t please everyone all the time. Stepping lightly earns some peace of mind but people sleep a lot better when they don’t have to. For that reason I suspect, and by that I mean I desperately hope, that Sony will provide that extra psychological nudge for people who run things from radio stations and online stores to airports and electrical grids to spend a little more resources red teaming their network security. The next time someone puts that kind of effort into attacking a network they could have more in mind than a dumb movie.

***Update***

From the comments.

My day job is network security. Sony is not going to be the wakeup call, because others will simply think they’re different, and it can’t happen to them.

It will take either a major months-long disabling attack on an electrical or water grid, or a major attack on a financial system (you wake up and your bank account, and a few million others, are zeroes) for companies and citizens to finally take this shit seriously.

Hell, even the basic lesson from the Sony hack – that YOUR email can be read by someone/anyone other than the intended recipient – has not gotten through the heads of any users I’ve talked to recently.

Sigh. Gonna start huffing glue early today.






119 replies
  1. 1
    srv says:

    Obama can’t even win a virtual war.

    This is what happens when you turn government agencies designed to protect us from foreignors into domestic spying factories.

  2. 2
    Gordon, the Big Express Engine says:

    This post made me think of this:

    http://m.youtube.com/watch?v=7htBb-w9fNw

  3. 3
    CONGRATULATIONS! says:

    My day job is network security. Sony is not going to be the wakeup call, because others will simply think they’re different, and it can’t happen to them.

    It will take either a major months-long disabling attack on an electrical or water grid, or a major attack on a financial system (you wake up and your bank account, and a few million others, are zeroes) for companies and citizens to finally take this shit seriously.

    Hell, even the basic lesson from the Sony hack – that YOUR email can be read by someone/anyone other than the intended recipient – has not gotten through the heads of any users I’ve talked to recently.

    ETA:

    Obama can’t even win a virtual war.

    @srv: It ain’t Obama. Alone among the digital nations, the United States takes the best and brightest hackers, the ones who smoke dope in their parent’s basements, the guys with proven track records of being able to attack things and defend against counterattacks, and does their best to put them in jail and then bars them from ever working for the government.

    So we end up with an all-goody-goody, mostly Mormon government workforce whose main qualification for digital security is forwarding bulletins from other equally clueless government agencies to each other. They’re so shitty nobody even bothers to hack them.

  4. 4
    skerry says:

    Quoting Robert Reich:

    Sony Pictures is a division of the Sony Corporation, which isn’t an American company. It’s a Japanese corporation with world headquarters in Tokyo. And there’s still no clear evidence linking North Korea to the cyberattackers who hacked into Sony Pictures, stealing its intellectual property and emails. Yet the White House says it’s treating the cyberattack on Sony as a “serious national security matter,” and the National Security Council is considering a “proportionate response.” I agree we should guard America against cyberattacks, but why, exactly, is the attack on Sony our concern? Should we be protecting every global company?

  5. 5
    Belafon says:

    The internet was designed to be open.

    No system’s (natural or man-made) perfect, and attackers will always have an advantage – otherwise the flu would not exist – but we’re purposing the internet for something it wasn’t designed to do.

    And capitalism was never going to be prepared for this. Paying for security costs profits, and raises the price on TVs and game consoles.

  6. 6
    KG says:

    so, this is interesting… Oklahoma and Nebraska have filed a lawsuit, in the Supreme Court, against Colorado over Colorado’s weed legalization. The Supreme Court is a court of original jurisdiction for disputes between states, but they rarely actually act on that jurisdiction. But what’s funny to me is that Nebraska and Oklahoma are invoking the Supremacy Clause, saying that federal laws making weed illegal trumps Colorado’s law. There is irony there, states that have spent the last six years screaming “FEDERALISM” to undermine federal law regarding health insurance are now arguing “SUPREMACY CLAUSE!” to support federal law.

  7. 7
    CONGRATULATIONS! says:

    FWIW, FBI protestations notwithstanding, this attack was almost certainly not from North Korea. Just saying.

  8. 8
    eemom says:

    Fuck Sony, and its film, and for that matter, fuck this whole cybersecurity sideshow. Read this.

  9. 9
    JGabriel says:

    Tim F. @ top:

    When you are humiliated, more than anything else you want the story to fucking please go away already. Sony for example sent some very expensive lawyers on a futile quest to get the press to leave this story alone. Yet the story just. will. not. die. In part this has to do with Sony being an entertainment company.

    Thus birthing a new business aphorism: When you’re an entertainment company, beware of becoming the entertainment.

  10. 10
    Belafon says:

    @KG: I believe that would be “State’s righs for me, not for thee.”

  11. 11
    KG says:

    @skerry: Sony Pictures is actually an American subsidiary of Sony (which is a Japanese corporation), not a division. A “division” is part of the same company, a subsidiary is a separate company where the parent company owns at least a controlling interest of the company. So, Sony Pictures is an American company, and more importantly, the hack can be damaging to the wider economy because it provides a template for later attacks. Not to mention the fact that it sets a bad precedent if the hack was done by another country when it comes to nations seizing or otherwise disrupting the property of citizens in another country.

  12. 12
    Belafon says:

    @JGabriel: You would think an entertainment company would understand the Streisand effect.

    Edited, wrong word

  13. 13
    John Dillinger says:

    @CONGRATULATIONS!: I also question whether NK could do this on its own. The scarier notion is that there are free agents out there who would take money from NK to do this. I also want to see a comparison between money spent at Sony on e-security versus executive bonuses over the years.

  14. 14
    joeshabadoo says:

    Nothing is going to change because of this. Unless it is an almost guaranteed threat the money simply won’t go there.

    Personal humiliation for the boss won’t mean dick except for potentially more security on their personal shit.

  15. 15
    Amir Khalid says:

    @skerry:
    If North Korean hackers can attack a Japanese corporation, they can surely attack an American one. It’s not altogether inconceivable they might decide that, say, the F-35 programme isn’t fucked up enough and fuck it up some more for Lockheed Martin.

  16. 16
    MattF says:

    I had a problem a few days ago getting a ‘direct access’ connection to a financial account because the password I wanted to use was too long. Just think about that. A bank has implemented a policy of rejecting long passwords. So, no– I don’t think our security problems are anywhere near solution.

  17. 17
    gene108 says:

    @CONGRATULATIONS!:

    FWIW, FBI protestations notwithstanding, this attack was almost certainly not from North Korea. Just saying.

    My wild, wild guess is they threw some (relatively) big bucks for a hacker in some country, which actually has modern computer infrastructure to do this attack.

    @CONGRATULATIONS!:

    does their best to put them in jail and then bars them from ever working for the government

    Don’t know, if this is true or urban legend, but I thought those guys got jobs with private companies to internet security, once they got out of jail.

  18. 18
    CONGRATULATIONS! says:

    I also want to see a comparison between money spent at Sony on e-security versus executive bonuses over the years.

    @John Dillinger: I believe that information was released after the attack by the hackers. I do know for certain that Sony’s budget for security is far smaller than it should be for a business whose assets are all digital, and that pleas to increase that money have been met with a resounding “fuck off”.

    Probably they needed the money for Adam Sandler’s private jet. Paid for by Sony. Jesus, what a miserable joke of a company.

  19. 19
    gene108 says:

    @MattF:

    A bank has implemented a policy of rejecting long passwords.

    I bet there’s a substantial number of folks, who cannot keep track of their long passwords and will be calling customer service for password resets, since they also cannot remember their security questions to reset their passwords on-line.

    EDIT: Bank will waste its customer service resources on password resets, rather than on actual bank related matters that might generate revenue.

  20. 20
    Gin & Tonic says:

    a company that probably did a better job at securing its networks than you do

    Probably not. Sony has been known to be incomptetent at best, and bad actors at worst, going way back.

  21. 21
    cmorenc says:

    Perhaps the biggest threat to digital security in any organization is the understandable inclination of so many folks to choose easily hackable passwords, because they’re so much easier to choose and remember than longer, more randomized ones. It can be a challenging art to come up with passwords that are both sufficiently random and yet easily memorable.

  22. 22
    CONGRATULATIONS! says:

    Don’t know, if this is true or urban legend, but I thought those guys got jobs with private companies to internet security, once they got out of jail.

    @gene108: Not with a criminal record.

  23. 23
    Gin & Tonic says:

    @MattF: Not that I’m recommending them for this or any other reason, but HSBC uses two-factor authentication for its consumer accounts.

  24. 24
    JGabriel says:

    The Atlantic via eemom:

    It serves to buffer and obscure the sheer evil of a regime … building ski resorts, dolphinariums, and other luxury escapes for elites with funds that could feed its malnourished people for several years.

    Umm … is that North Korea or the US they’re talking about? While there’s plenty of sheer evil to criticize in North Korea, I’m not sure we Americans are in a position to criticize anyone’s else’s conspicuous consumption while others go hungry. It just looks a little hypocritical. Of course, we’re not in a position to criticize anyone over torture anymore either …

  25. 25
    kindness says:

    I loved Spaceballs. Kinda reminds me of what I expected The Interview to be. Stupid and funny.

  26. 26
    MattF says:

    @JGabriel: But North Korea has a ruling dynasty! That’s as politically backwards as you can get, right?

  27. 27
    Lavocat says:

    @CONGRATULATIONS!: Yeah, I’m not buying North Korea either. Looks more like a false flag operation by the Chinese or the Russians. Shit, at this point, knowing how amoral, unethical, and nihilistic the CIA/NSA/etc. have become, I wouldn’t put this past America’s own various agencies as some sort of sick way to beta-test corporate readiness to defend against hackers, while pointing the finger at The Regular Suspects. It’s all good.

  28. 28
    Tree With Water says:

    It’s a crazy world. Seventy years ago during WW2, Sony was (probably) a pillar of Imperial Japan’s war machine. A war machine then in occupation of all Korea. Today, its misfortune is construed by some as being no less than an incipient assault on the vitals of American national security. Banzai!

  29. 29
    Villago Delenda Est says:

    I don’t know about Sony worldwide, but Sony’s American operations are run by serious MBA fucktards who frankly have demonstrated that they do nothing but consume oxygen and return nothing.

  30. 30
    Villago Delenda Est says:

    @MattF: Well, yes, very politically backwards. See Bush Crime Family for details.

  31. 31
    Tommy says:

    Somewhat off topic, but I think both interesting (I hope) and funny at the same time. One of the tech geeks/VCs I follow on Twitter this morning said:

    I just wish Sony had some device in millions of homes they could stream the movie too.

    Of course, he was talking about PS3s/PS4s gaming consoles. I am a Sony “guy” and I also have two Sony Blu-ray players hooked up as we speak. You can stream to them as well. Look I bought a lot of Sony “gear” since I got my first Sony CD player around 1985. Parents paid a ton (I think around $900) for it, and it still WORKS. Never had a SINGLE problem with any of their products from CD players to laptops, gaming systems, speakers, receivers. Heck my PS2 is both still hooked up and functional.

    I always thought their mid-level stuff, not the lowest of the low (and they are making some pretty cheap shit these days) was like a “poor rich man’s A/V gear.” Not great, but good quality for the money paid.

    Outside of the fact their IT infrastructure is crap, I can’t believe they backed down. I mean come on “the communist terrorist have won.” Not sure I will buy much more of their stuff.

    My move had started before this. Last laptop. Sony. New laptop Samsung. Last DVD player Sony. Newest Samsung. Samsung via my phone and tablets have shown me they can fill the “void” left by Sony. BYE!!!

  32. 32
    MattF says:

    @Villago Delenda Est: Well, they do emit carbon dioxide. That’s something.

  33. 33
    Woodrowfan says:

    @kindness: ahah, so YOU’RE THE ONE! :)

  34. 34
    Lee says:

    I agree that it takes a large and/or persistent attack to make any company take notice of their network security.

    I work for a telecom company that is a subsidiary of very large, old Japanese company. We have constant attacks from China. Not too long ago we had a department set up an unsecure femtocell. They used that to attack our network and brought everything to a screeching halt. Luckily they we not able to carry out large amount of data the same way they gained access (not sure why).

  35. 35
    I'mNotSureWhoIWantToBeYet says:

    @Lavocat: Meh.

    Reuters

    In 2013, South Korea blamed the North for crippling cyber-attacks that froze the computer systems of its banks and broadcasters for days.

    More than 30,000 computers at South Korean banks and broadcast companies were hit in March that year, followed by an attack on the South Korean government’s web sites.

    An official at Seoul’s defense ministry, which set up a Cyber Command four years ago, said the North’s potential to disrupt the South’s infrastructure with cyber-attacks is an emerging threat but declined to give details.

    South Korea’s intelligence agency declined to comment on networks that remain vulnerable to North Korean hacking. Its national police, which runs an anti-cyber crimes operation, also did not have comment.

    But officials at the country’s gas utility and the operator of 23 nuclear reactors that supply a third of the electricity for Asia’s fourth largest economy said contingency plans are in place to counter infiltration.

    “We have been more vigilant since last year’s hacking on banks,” an official at the state-run Korea Hydro & Nuclear Power Co Ltd said. “We have separated networks for internal use from the outside.”

    An official for Korea Gas Corp, the world’s largest corporate buyer of liquefied natural gas, said it has been working with the National Intelligence Service against potential cyber threats.

    But highlighting the vulnerability to hacking, the network of Korea Hydro & Nuclear Power was recently compromised, resulting in the leak of personal information of employees, the blueprints of some nuclear plant equipment, electricity flow charts and estimates of radiation exposure on local residents.

    It doesn’t take much for a country to be good at cyber, if it wants to be…

    Cheers,
    Scott.

  36. 36
    geg6 says:

    @CONGRATULATIONS!:

    Please, feel free to tell us all who it almost certainly was then.

  37. 37
    Villago Delenda Est says:

    @skerry:

    Should we be protecting every global company?

    We should protect all Mammon worshiping entities, everywhere on this planet.

  38. 38
    JGabriel says:

    @Villago Delenda Est:

    I don’t know about Sony worldwide, but Sony’s American operations are run by serious MBA fucktards who frankly have demonstrated that they do nothing but consume oxygen and return nothing.

    That’s not fair. Serious MBA fucktards don’t just consume oxygen. They steal too!

  39. 39
    Belafon says:

    @Tommy: Right now, Samsung is eating everyone’s lunch.

  40. 40
    Valdivia says:

    lol Obama just totally mocking Politico at the Press Conference.
    Love that he is out of fucks to give.

  41. 41
    Lee says:

    @Lavocat:

    The last rumor I heard was that they had a large layoff of IT people over the summer & one of them left a backdoor operational.

  42. 42
    Tommy says:

    @cmorenc: Social engineering is #1, #2, #3 and you could go on and on. Easier to get into a system by that method then brute force attack or hacking. Once in, well ….

    Now I am not saying stupid passwords are not an issue. Of COURSE they are.

    I’ve worked with a few top-level info security firms and they are not fearing of direct attacks. They worry about “social engineering.” That the executive assistant of a senior level person is “gamed” to give out some info. That info is used to move up the ladder.

    Then access to the system. Once in, well gosh knows what will happen.

  43. 43
    Amir Khalid says:

    @Tree With Water:
    Sony was actually not part of the Japanese war machine. Per Wikipedia, it was founded in 1946, and originally made transistor radios and tape recorders.

  44. 44
    esc says:

    My husband works in security for a large corporation. It was shocking to me when he started because it is a huge business handling an enormous number of transactions at locations all over, but they have very, very few full time staff of their own. It’s his job to prod the people who have been contracted to do the real work into actually doing what they are being paid tens of millions of dollars to do and to know when they are totally full of shit (which is all the time). It has been enlightening to say the least. He won’t let me use anything but cash at Home Depot even now if we’re together.

  45. 45
    srv says:

    @JGabriel:

    dolphinariums

    TIL. How could anyone be against dolphinariums?

  46. 46
    JohnC says:

    @Tree With Water:

    Sony was founded in 1946, after the war ended.

  47. 47
    gene108 says:

    @JGabriel:

    While there’s plenty of sheer evil to criticize in North Korea, I’m not sure we Americans are in a position to criticize anyone’s else’s conspicuous consumption while others go hungry.

    Going hungry in North Korea is a fucking improvement of orders of magnitude over where they were in the 1990’s, when people fucking STARVED TO DEATH!!!

    You know why more people didn’t starve to death? The USA sent in grain shipments and other food stuffs, that were often pilfered by the North Korean Army to be sold on the black market or for their own personal use…WHILE PEOPLE STARVED TO DEATH!!!

    The only reason North Korea is even able to feed its people is because of international charity, but they still spend money on launching intermediate range missiles, a nuclear weapons program and other shit that does most folks no good.

    The U.S.A. is much better than so many places in the world, which is one reason so many people still want to immigrate here every day of every year.

    Sometimes I think there’s a kernel of truth, when right-wingers accuse liberals of being America haters. There’s no fucking way America, warts and all, is even in the same galaxy of reprehensible behavior as North Korea.

  48. 48
    drkrick says:

    @joeshabadoo:

    Nothing is going to change because of this. Unless it is an almost guaranteed threat the money simply won’t go there.

    I wouldn’t be so sure. I was working at a Federal agency in 2001, and while the list of potential projects, security and non-security related, didn’t change much in mid-September of that year, the ordinals on the priority list sure did. After this, there’s no question of a direct threat.

    But it’s also true that Sony Pictures was known to be pretty slipshod about IT security. Although Lockheed Martin has been hacked, not all defense contractors have been. It’s a little like the old story about the bear: unless there’s specific motivation, you often don’t have to be impervious to hacking, you just have to be noticeably harder to crack than other potential targets

  49. 49
    Bill Arnold says:

    @cmorenc:
    Passphrases are better but are hard to type.
    My employer (large corporation) has been tightening the security screws for the last couple of years. In general it’s a good thing, though it can cost time (sometimes easily an hour a day navigating security barriers e.g. when working with a couple of VPNs in a path, etc.). FWIW, the computer/network security people appear to have access to the ears of the top management.

  50. 50
    beth says:

    Interesting that all the journalists the President has called on in this press conference have been women. We’ve come a long way baby.

  51. 51
    Lavocat says:

    @Lee: Now THAT would be some funny shit that – if made into a movie – I would pay to go see. Of course, that person would probably be looking @ a lifetime inside a Supermax.

    However, as and for a working title, let’s call it “The Payback”. Works for me.

  52. 52
    tybee says:

    @Tommy:

    yup, passwords are much more likely to be given up voluntarily than “guessed” by brute force attacks.

  53. 53
    Tommy says:

    @beth: Darn right. You go ladies! Now just let us pay you* the same and get the heck off your bodies and focus on things you might care about. But wait on one thing, that rape thing and the fear to report. We need to correct that yesterday.

    *I am 45. Four of my five bosses have been women. And by bosses I mean they owned the company I worked for. d

  54. 54

    @Tree With Water:

    Seventy years ago during WW2, Sony was (probably) a pillar of Imperial Japan’s war machine.

    Don’t say “probably” when it’s easy to look up. A quick check on Wikipedia shows that Sony was founded shortly after WWII.

  55. 55
    Villago Delenda Est says:

    @Roger Moore: Mitsubishi, on the other hand, WAS a pillar of the Imperial Japanese war machine.

  56. 56
    srv says:

    Why don’t you liberals start a Boycott Regal movement?

    Philip Anschutz, whose investment fund owns about 47 percent of Regal’s shares, has all the makings of a major-league boogeyman of the left—like a Rupert Murdoch or a Koch brother. He presides over a sprawling media and sports empire that spans from the Lakers to The Chronicles of Narnia. He has donated generously to conservative (and anti-gay) causes and candidates, including Rick Santorum, both Bush presidents, John McCain, and Mitt Romney. Last year, Regal Entertainment Group slashed some workers’ hours down to 30 per week, blaming Obamacare. And Media Matters, the liberal media-watchdog group, labeled Anschutz, “the other right-wing media mogul you should worry about” in 2009.

  57. 57
    Bill Arnold says:

    @Lavocat:

    Yeah, I’m not buying North Korea either.

    I’m buying North Korea. It’s hard to tell from the details provided in the press but I’m guessing that Sony Pictures was unusually porous due to egos, not spending enough on security, etc, and that the attack was probably not especially sophisticated.

  58. 58
    Villago Delenda Est says:

    @gene108: If the 1% of the US thought they could get away with starving people for their personal profit, they would.

  59. 59
    Belafon says:

    @srv: That’s pretty easy: The ones near me closed.

  60. 60
    Bill Arnold says:

    @esc:
    I slipped and used my debit card rather than cash or credit card at a Home Depot, just days before the security breach was announced. Saw the breach announcement on the hacker boards and I went to the bank that day and got new a new ATM card/pin. Very irritating.

  61. 61
    D58826 says:

    It’s probably going to take a greater level of government/private sector co-operation and regulation. It will also take greater government and private sector spending All of which are anathema to the GOP/free marketeers so not much will change. Newtie is running his mouth about an act of war but he also wants to reduce the size of government to what can be drowned in a bath tub. You can’t have it both ways even though talking out of both sides of your mouth seems to have no downsides for the GOP.

  62. 62
    Cervantes says:

    @gene108:

    Don’t know, if this is true or urban legend, but I thought those guys got jobs with private companies to internet security, once they got out of jail.

    One of them received tenure at MIT less than twenty years after perpetrating his hack.

  63. 63
    eemom says:

    @JGabriel:

    um, I’m the last person to be an apologist for the US, but North Korea is really in a class by itself. Read the article, and its links.

    Facile comparisons like yours, like that POS film, trivialize the unspeakable horror of that place.

  64. 64
    Tommy says:

    @srv: I did (many years ago), of all movie theaters, when I realized if I waited 9-12 months I could OWN the same movie for less on DVD by a few factors then I paid for the ticket, a soda, and popcorn.

    I often joked I lived my movie life a few months, or even a year behind. Why I have 500 DVDs in my house and I went to see like three movies in the last two decades. You saw the movie, I own it.

  65. 65

    @Tommy:

    Of course, he was talking about PS3s/PS4s gaming consoles.

    The problem for that is that Sony is not at all monolithic as a company. For example, the branch of Sony that makes image sensors has long had a better relationship with Nikon than they have with their own camera division, with Nikon getting customized versions of their sensors that perform better than the ones in Sony cameras. More to the point, there’s been a long-term dispute between Sony’s hardware and entertainment divisions about DRM and other technical attempts to protect copyright. There’s no guarantee that Sony Pictures will want to deal with the Playstation people as part of a content delivery system.

  66. 66
    gene108 says:

    @Villago Delenda Est:

    If the 1% of the US thought they could get away with starving people for their personal profit, they would.

    And yet, we’ve made changes to how we operate as a society that keeps that from happening.

    North Korea not so much…

  67. 67
    VFX Lurker says:

    …and then, adding insult to injury, Sony becomes the goat for pulling the movie. Put me in the place of a senior executive at some other business or utility and I will do two things, basically right away. First I will look hard at who I might piss off and how I can avoid it. Like that reaction or not but you better learn to live with it. Power has moved around some since days when America’s most dangerous neighbors were Canada, Mexico and sharks. Nowadays the walls around your castle are only as secure as a password, and most passwords are shit. Nobody with a corner office and a Bentley wants to sacrifice himself for your principles.

    The act of pulling films under outside pressure predates Sony.

    …Hollywood has always been cowardly. As novelist Raymond Chandler said seventy years ago, “The Hollywood big shots, they’re terrified of losing all that fairy gold.” Which of course explains why, in the fifties, studios and labor unions could be bullied by the House of Un-American Activities Committee and Red Channels into black-listing artists and writers who didn’t toe the “True American” line as defined by HUAC and Red Channels.

    The fear of losing big bucks; it’s a fabulous motivator, no? What’s one movie, more or less? What’s a pack of lousy movie actors and writers?

    North Korea and/or its agents are simply the latest bully boys to show up in show business’s neighborhood demanding that a movie they don’t like be pulled. It’s not really much different than those earlier power brokers’ demands that creators with impure thoughts be banished from the creative landscape. Seeing Hollywood get rolled by thugs with brass knuckles is as old as the movies.

    The only thing different this time is the newer technology being employed.

  68. 68
    Cervantes says:

    @Tree With Water:

    Seventy years ago during WW2, Sony was (probably) a pillar of Imperial Japan’s war machine.

    Well, it was founded after the war ended. One of the founders came from a long line of soy-sauce makers. The other worked for a company that developed film (as in movies). Both founders had served in the Japanese armed forces during the war.

  69. 69

    I’m head of the IT department at a community bank, and what bothers me about the Sony hack is nobody is telling me how the hackers got in. I can find out a lot about the malware used to wipe data (it’s off-the-shelf) but the information I need is not available.

    What I have seen is that the hackers were in Sony’s network for some time, which also concerns me. Again, I don’t know what signs (if any) Sony’s network people saw to tell them that somebody was snooping around.

  70. 70

    @tybee:

    yup, passwords are much more likely to be given up voluntarily than “guessed” by brute force attacks.

    Or recovered through password recovery systems intended to help people who can’t remember 14 characters of random gibberish that has to change every 3 months. Passwords are simply not a good way of protecting information against a motivated attacker; computers are simply better at cracking passwords than people are at generating and remembering them. We really need some kind of two-factor authentication.

  71. 71
    NonyNony says:

    @srv:

    Why don’t you liberals start a Boycott Regal movement?

    Don’t need to – the Regal Cinemas around here have shut down because they couldn’t compete with the other chains.

  72. 72
    sm*t cl*de says:

    This is what happens when you turn government agencies designed to protect us from foreignors into domestic spying factories.

    What srv said in the first comment. What you need is an agency tasked with helping US businesses and govt. departments improve the security of their communications and information storage… providing unbreakable encryption, that sort of thing. You could call it the National Agency for Security or something like that.

  73. 73
    Gin & Tonic says:

    @Cervantes: The Morris worm wasn’t really a hack.

  74. 74
    Lee says:

    @Chris Gerrib:

    I’m not in security, but the security guys sit right around me and we kibitz.

    The best things you can do are:

    Keep everything patched

    Close off all ports that you don’t explicitly need.

    Run Anti-virus and anti-malware on every machine (even servers)

  75. 75
  76. 76
    tybee says:

    @Roger Moore:

    i disagree. a 10 or 12 character password that is changed every 90 days or so combined with account lockouts for 3 to 5 missed password attempts is a damn tough thing to break. do the math on a brute force attack. now add in a lockout for an hour after every 3 wrong guesses. it ain’t gonna get broken in your life time.

    unless some idiot gives out not only their password but their account name due to some socially engineered phish.

  77. 77
    Mike in NC says:

    This time of year is, of course, especially bad for identity theft. I’ve twice had a bank account hacked into and a lot of money stolen electronically.

  78. 78
    Grumpy Code Monkey says:

    Here’s the problem as I see it:

    1. Internet protocols are not secure. They weren’t designed to be. We keep bolting on security at the application and transport layers, but that functionality really needs to be in the network layer, all the way down to the hardware.

    2. A lot of Internet infrastructure is built on the C programming language, which doesn’t protect against people looking at or poking memory that doesn’t belong to them; this makes C programs fast (among other benefits), but it also makes them prime targets for malware. Everything from the Morris worm back in ’88 to the Heartbleed bug this past year have exploited the same goddamned weakness in the language.

    3. Most network security practices rely on human (specifically end-user) behavior. This is pretty much a recipe for failure. We need to migrate as much of that upstream from the user as possible.

    Of course, none of that can be fixed without basically rebuilding the whole internet from the ground up. I know there are experimental networks being used that address some of these concerns, but switching the world over to new networking protocols and applications will be painful.

    We need to bake security into the hardware and the tools, not just the applications.

  79. 79
    boatboy_srq says:

    @MattF: Too long; uses complex (i.e. non-alphanum) characters; etc etc. We are only as secure as our providers allow us. Banks, utilities, ISPs – all have constraints that keep user passwords far simpler than anyone in security thinks is minimal.

    THIS is why every time I hear how The Cloud is the Next Great Thing for IT, I shudder.

  80. 80

    @Lee: Which we do.

    The problem is, I don’t know if Sony was doing all of that stuff and got beat by really good hackers or if Sony was just half-assing it and got the results you’d expect. In this case, it’s easy to assume that “we (my company) won’t get hacked like that.”

  81. 81
    JohnK says:

    Sigh. Gonna start huffing glue early today.

    Max just called. He wants you to take him and Sammy for playtime in the park where they can chew ears and grab some tail.

  82. 82
    Tommy says:

    @Chris Gerrib: I don’t mean this to be rude, but they would they? Not there jobs.

  83. 83
  84. 84
    Villago Delenda Est says:

    @gene108: The 1% is working on it. See the brothers Koch, for example.

    The evil is there. It’s just held in check…for now.

  85. 85

    @Tommy: It may not be their job, but part of getting people to get serious about security is pointing out specific gaps in security coverage.

  86. 86
    Bill Arnold says:

    @Roger Moore:

    computers are simply better at cracking passwords than people are at generating and remembering them

    This is true, but people can manage passphrases. Would need to be generated, else people would make a sport of using mangled quotes. I can remember e.g. happyoatmealcamelparty22.

  87. 87
    kc says:

    I wish some of these hotshot hackers would go after some of the financial actors who are screwing American citizens into the ground, instead of some inconsequential entertainment assholes, or a bunch of actresses taking selfies.

  88. 88
    CONGRATULATIONS! says:

    Please, feel free to tell us all who it almost certainly was then.

    @geg6: I do not know, as Sony, for some reason, hasn’t been at all forthcoming with their data. The axiom “always look inside first, especially at anyone who has left in the last year” has rarely steered me wrong.

    I don’t believe it was North Korea simply because not one piece of evidence has been provided to back the accusation. If it was, they could easily provide such evidence.

    Not only that, but it’s an explanation that gets Sony off the hook for a lot of liability.

  89. 89
    Howard Beale IV says:

    @CONGRATULATIONS!:

    My day job is network security. Sony is not going to be the wakeup call, because others will simply think they’re different, and it can’t happen to them.

    It will take either a major months-long disabling attack on an electrical or water grid, or a major attack on a financial system (you wake up and your bank account, and a few million others, are zeroes) for companies and citizens to finally take this shit seriously.

    Here’s the scary part: There’s really only two security paradigms: Unix and Windows (I’m ignoring the mainframe as it’s footprint is very small, and its outer edge is Unix-based anyway.)

    Even worse-security was never built-in from the start but was bolted-on.

    The lessons of Multics were never learned.

  90. 90
    Lavocat says:

    @Bill Arnold: Let’s say that you’re correct. If so, I think the PERFECT proportionate response would be to turn loose upon North Korea some highly-specific malware (read: Stuxnet) to target their various ballistic missile projects, thereby paying them back in full for the cyber-attack by also pro-actively shutting down their other noxious, proto-nuclear program. Kill no one while potentially saving millions of lives down the road. Sort of a thinking-man’s revenge.

    I also find it rather chilling that this is what war is now like in the 21st century. And, make no mistake, despite the fact that anyone has yet to be killed or maimed, this looks to me to be war by any other name.

  91. 91
    sm*t cl*de says:

    identity theft

    I hate that phrase. It generally means that a bank’s money has been stolen and they are trying to re-define the fraud as your problem, and your responsibility to stop it happening again.

  92. 92
    Tree With Water says:

    @Cervantes: Thanks for the interesting information. That’s why I wrote ‘probably’, because I knew I didn’t know. The fact it was born and prospered in postwar Japan, which lay absolutely shattered by that war’s end, must be an amazing story in its own right.

  93. 93
    Mike J says:

    @Howard Beale IV:

    The lessons of Multics were never learned.

    ITS solved one problem Multics had by adding the KILLSYSTEM command. Took all the challenge out of crashing the machine.

  94. 94
    Jeffro says:

    Just going to chime in and say I that I love, LOVE, Demotivators and have for a long time. The best one is “Sacrifice” – a picture of a Mayan temple at dawn with the phrase, “All that we ask here is that you give us your heart”.

    I have “Compromise” in my office, too!

  95. 95
    Jeffro says:

    @eemom: Or read “The Orphan Master’s Son”.

  96. 96
    Howard Beale IV says:

    @Mike J: At least Multics had a long operational life. Last Multics instance went off line back at Ford in the mid 1990s.

    \f

  97. 97
    lou says:

    The senate had the opportunity to force businesses and industry to upgrade their security and guess who put the kabash on that?

    And judging from the headline, the news industry shows its sucky tendency to not understand “filibuster.” I’ll be willing to bet they’ll suddenly have an epiphany once the Republicans are in charge and Dems try to block things.

    There would be a wee bit of schadenfreude that Lieberman was screwed over by BFF John McCain, but this could be really dangerous to the nation. The Senate report was pretty frightening.

  98. 98
    Mike J says:

    @lou: The EFF was against that bill. That, combined with the fact Lieberman wrote it, means it probably really, really, really sucked.

  99. 99

    @Bill Arnold:

    Also the fact that it was an attack on a Japanese-owned company and not a US-based one. If nothing else, it kills two birds with one stone and embarrasses both the US and Japan in one step.

  100. 100
    Tree With Water says:

    @Mnemosyne (iPhone): Which goes to show some asians are wilier than others, I guess.

  101. 101
    D58826 says:

    @lou: Staples is reporting a security breach affecting a million or more customers. Of course we would not want to burden corporate America with additional regulations as the GOP stated in the linked article.

  102. 102
    Mike in NC says:

    @Jeffro: I also really enjoy those posters, though I’m pretty sure 90% of the managers I ever had would ban them from the workplace.

  103. 103
    Mike G says:

    I’m guessing that Sony Pictures was unusually porous due to egos

    In which case, the vast majority of corporate America is like swiss cheese.
    You can’t teach anything to people who are paid huge amounts of money to uphold the conceit that they know everything and never make mistakes.

  104. 104
    Howard Beale IV says:

    @boatboy_srq:

    THIS is why every time I hear how The Cloud is the Next Great Thing for IT, I shudder.

    +1

  105. 105
    Cervantes says:

    @Tree With Water:

    The fact it was born and prospered in postwar Japan, which lay absolutely shattered by that war’s end, must be an amazing story in its own right.

    Complicated story — the war cleared the field, in some ways — but yes, certainly impressive.

  106. 106
    mclaren says:

    @CONGRATULATIONS!:

    My day job is network security. Sony is not going to be the wakeup call, because others will simply think they’re different, and it can’t happen to them.

    It will take either a major months-long disabling attack on an electrical or water grid, or a major attack on a financial system (you wake up and your bank account, and a few million others, are zeroes) for companies and citizens to finally take this shit seriously.

    Then you’re a scammer and you need to get your ass fired, fast.

    There will never be any “months-long disabling hacks” on power grids or any other delusional nightmare scenario dreamed up by con artists like you to squeeze cash out of gullible corporations and government agencies.

    The entire cybersecurity field is a 100% scam, right up there with the non-working explosives detectors bought by the TSA and then warehoused when it was shown they didn’t work.

    You and con artists like you need to be flushed from American society like waste. You’re the IT equivalent of Wilhelm Reich’s orgone energy or the Dianetics scam.

    Ignorant incompetent clowns like the above poster foolishly and cluelessly conflate cyberwarfare ( a 100% fraud, no such thing exists, it’s all fantasy and national-security-hype bullshit) and cubersecurity, which basically amounts to avoiding embarassing info leaks and financial data breaches.

    Incidentally, all financial data breaches have very little affect. Banks that get hacked to the tune of “millions of credit card numbers” merely deactivate the numbers and issue new credit cards. It’s a non-issue.

    But you’d never know that from the hysterical ridiculous post made by our resident con artists, the “cybersecurity day job” clown.

    The War Party never sleeps: there are always new variations of war propaganda coming ’round the bend. With the coming of the internet, the latest manufactured “threat” to rear its head is “cyber-warfare,” which is now being touted by the Obama administration and its media fan club as the Next Big Scary Thing – but what are the facts?

    The first fact we need to integrate into our analysis is that “cyber-security” isn’t a science, it’s an industry: that is, the entities issuing alarming reports of this lurking threat are for profit companies mainly if not exclusively concerned with selling a product. And while the “threat landscape,” as the jargon phrases it, is potentially very diverse, with a number of countries and non-state actors potential combatants, our cyber-warriors have targeted China as the main danger to our cybernetic security – the Yellow Peril of the Internet Age. They’re stealing our technology, our secrets, and infiltrating our very homes! This is largely baloney, as Jeffrey Carr, founder of Project Grey Goose and Taia Global, a cyber-security firm, and author of Inside Cyber Warfare, points out:

    “[I]t’s good business today to blame China. I know from experience that many corporations, government and DOD organizations are more eager to buy cyber threat data that claims to focus on the PRC than any other nation state. When the cyber security industry issues PRC-centric reports like this one without performing any alternative analysis of the collected data, and when the readership of these reports are government and corporate officials without the depth of knowledge to critically analyze what they’re reading (i.e., when they trust the report’s authors to do the thinking for them), we wind up being in the position that we’re in today – easily fooled into looking in one direction when we have an entire threat landscape left unattended. We got into that position because InfoSec vendors have been left alone to define the threat landscape based upon their product offerings. In other words, vendors only tell customers to worry about the threats that their products can protect them from and they only tell them to worry about the actors that they can identify (or think that they can identify). This has resulted in a security awareness clusterfuck of epic proportions.”

    Source: “The Great Cyber-Warfare Scam”, 20 Feburary 2013.

    The only difference this time? Instead of the usual breathless hysteria blaming the People’s Republic of China, this time we get breathless hysteria blaming the North Koreans. The plain fact of the matter is that no one knows who did this hack. Since the FBI said it was the North Koreans, that means that whatever else we can say about this incident, it was certainly not perpetrated by the North Koreans. Probably some 14-year-old kid, but at this point, no one knows.

    We now return you to our regularly schedule idiocy and hysteria designed to turn Americans into pants-wetting babies eager to hand over their tax dollars and all their civil rights to incompetent sociopaths like Dick Cheney who promise to “keep America safe.”

  107. 107
    mclaren says:

    @kc:

    I wish some of these hotshot hackers would go after some of the financial actors who are screwing American citizens into the ground, instead of some inconsequential entertainment assholes, or a bunch of actresses taking selfies.

    This never happens because there are no “hotshot hackers.” There are no imaginary legion of North Korean computer geniuses sitting up illuminated by their LCDs late at night feverishly working to destroy America’s infrastructure. They don’t exist. It’s all a bullshit fantasy dreamed up by the cybersecurity industry to extort dollars from gullible corporations in a bad economy.

    These hacks are all perpetrated by teenagers and that’s why they always target the same ridiculous targets: actresses’ nude selfies, unproduced scripts from Sony, and other trivia.

  108. 108
    Cervantes says:

    @mclaren:

    Instead of the usual breathless hysteria blaming the People’s Republic of China, this time we get breathless hysteria blaming the North Koreans.

    Chinese involvement and Russian involvement have been suggested as well.

    Nothing has been confirmed, of course.

  109. 109
    Cervantes says:

    @Gin & Tonic:

    If you were on the MIT campus on November 2, 1988 and still don’t think what Morris did was a hack, then so be it.

    Anyhow, for completeness, note that a jury convicted Morris of violating 18 USC 1030 (a) (5) (A), which statute made it illegal to intentionally access a Federal interest computer without authorization, to alter information in such a computer, and to prevent authorized use of such a computer, thus causing measurable loss to one or more others.

  110. 110
    Jeffro says:

    @Mike in NC: True, true. I think at least half of my getting away with it was that most people didn’t get the reference. The other half probably had to do with me being a principal – it was in my office, not the teachers’ lounge, so, a smart principal

  111. 111
    mclaren says:

    @Cervantes:

    Nothing will ever be confirmed because it’s all horseshit.

    What do the experts say about this alleged “North Korean cyberattack”?

    “The Evidence That North Korea Hacked Sony Is Flimsy,” Wired magazine, 17 December 2014.

    Of course that hasn’t stopped the national security wardheelers and parasites from trumpeting this minor incident as another cyber-9/11:

    “The cyber-attack against Sony Pictures Entertainment was not just an attack against a company and its employees,” Homeland Security Secretary Jeh Johnson said in a statement today. “It was also an attack on our freedom of expression and way of life.” (..)
    President Barack Obama said the U.S. will respond to North Korea’s cyber-assault on Sony Pictures Entertainment “in a place and time and manner that we choose…”

    Source: “Obama Vows U.S. Response to North Korean Hacking Attack on Sony,” Bloomberg News, 19 December 2014.

    Yes, Americans have turned to jelly and lost their will to fight global terorrism now that we know Sony executives don’t think much of Adam Sandler’s acting.

    U.S. troops will now undoubtedly throw down their weapons and defect to the enemy in Afghanistan, screaming “The Waterboy was a bad film!”

    Meanwhile, the president of the United States will surely order stealth B2 bombers to unleash the full fury of American wrath on North korea by bombarding Pyongyang with millions of DVDs of every single Adam Sandler film ever made.

    Holy shit.

    Am the only person on this forum who realizes this is a complete and utter horseshit example of a gigantic mountain being made out of trivial molehill, a total con job perpetrated by the Washington Beltway Eternal War party (one party with two wings, Democratic and Republican) in order to mooch for more cash for the military-industrial complex and provide a flimsy pretext for bombing yet another helpless innocent third-world country (probably Tierra del Fuego by this time, since we’ve run out of all other real enemies)?

    “North Korea’s actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves,” the FBI said in the statement. “Such acts of intimidation fall outside the bounds of acceptable state behavior.” [op. cit.]

    Yes, because revealing all those bad scripts from upcoming Sony films is going to shake American society to its very foundations.

    The Sony attack was carried out by “cyber terrorists, bent on wreaking havoc,” Chris Dodd, chairman and chief executive officer of the Motion Picture Association of America Inc., said in an e-mailed statement today.

    “This situation is larger than a movie’s release or the contents of someone’s private e-mails,” Dodd said. [op. cit.]

    Barricade your windows! Nail your doors shut! Stock up on canned food and water!

    There’s going to be pandemonium, people rioting in the streets once they read those bad Sony scripts, I tell you, pandemonium!!!

    Gimme a goddamn fucking break.

  112. 112
    J R in WV says:

    @KG:

    There is also a clause in the constitution that requires all states to give “full faith and credit” to laws and records of the other states:

    Section 1

    Full Faith and Credit shall be given in each State to the public Acts, Records, and judicial Proceedings of every other State. And the Congress may by general Laws prescribe the Manner in which such Acts, Records and Proceedings shall be proved, and the Effect thereof.

    Section 2

    The Citizens of each State shall be entitled to all Privileges and Immunities of Citizens in the several States.

    One way of reading this is to require Nebraska and Oklahoma to respect the right or privilage of Coloradoans to possess and consume marijuana, is it not?!

  113. 113
    Enhanced Voting Techniques says:

    @eemom:

    Fuck Sony, and its film, and for that matter, fuck this whole cybersecurity sideshow. Read this.

    and I did

    This film is not an act of courage. It is not a stand against totalitarianism, concentration camps, mass starvation, or state-sponsored terror. It is, based on what we know of the movie so far, simply a comedy, made by a group of talented actors, writers, and directors, and intended, like most comedies, to make money and earn laughs

    And then the writer goes on to explain that the movie “The Great Dictator” by Charley Chaplin is completely different, because SHUT UP, that’s why. ROFL

    That article is so Hipster, it hurts.

    They are times when it fills me with rage the intertubes have turned most of the population into a bunch of reptilian hind brain driven louts who would rather die than take a step back and think about anything, (I mean seriously, how does someone maintain full on ‘tard rage while writing a short essay?) other times it’s the best comedy one could ask for.

  114. 114
    joeshabadoo says:

    It looks like companies did learn a lesson by the canceled Hollywood projects, don’t make fun of a North Korea. Not the lesson you wanted though.

  115. 115
    Bill Arnold says:

    @Mike G:

    In which case, the vast majority of corporate America is like swiss cheese.

    Not a uniquely American problem.

  116. 116
    rusty says:

    @mclaren: There will never be any “months-long disabling hacks” on power grids or any other delusional nightmare scenario dreamed up by con artists like you to squeeze cash out of gullible corporations and government agencies. … The entire cybersecurity field is a 100% scam, right up there with the non-working explosives detectors bought by the TSA and then warehoused when it was shown they didn’t work.

    I just switched jobs after working 10 years for one of the largest IT companies – oh what the fuck, it was IBM. I’m not going to preface this by listing any credentials in security because I really have none. But what I do have insight on are customers’ approaches to security and the consultant’s suite of products and services to enable those approaches. From my perspective, I agree with most if not all of what @mclaren is stating. I would offer one extended observation and that is the security game that customers and consultants play seems to mainly involve cover your ass actions. IBM sells and customers buy a suite of products, services, procedures and compliance schemes that allow the customers to pass security audits. If anything ever goes wrong, the customer can always point back to these audits and claim that they did everything right.

  117. 117
    Bill Arnold says:

    @Lavocat:

    I think the PERFECT proportionate response would be to turn loose upon North Korea some highly-specific malware (read: Stuxnet) to target their various ballistic missile projects, thereby paying them back in full for the cyber-attack by also pro-actively shutting down their other noxious, proto-nuclear program.

    I’m rooting for a KJu sex tape. Sony Pictures can help.

  118. 118
    Vanya says:

    Even back in the 1990s we had it drummed into our heads by our bosses that you never put anything in an email you wouldn’t want revealed in public.

  119. 119
    Enhanced Voting Techniques says:

    @CONGRATULATIONS!:

    My day job is network security. Sony is not going to be the wakeup call, because others will simply think they’re different, and it can’t happen to them.

    Allegedly the passwords were on some unprotected file. Something that obvious and basic wasn’t a corporate policy thing, it was the all to typical lazy half-arsed IT guy who was to busy playing World of Warcraft at work thing. And I will bet dollars to doughnuts that same IT guy was sending out a stream of corporate wide e-mails accusing the rest of the staff at Sony of fucking up on password protecting confidential information.

Comments are closed.