• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Question about sony pictures attack

I

iamgenius

Senior member
Hello guys. This is just a general question out of interest about sony's recent unfortunate massive internet attack they suffered days ago.

Why would they have all their contents and productions on the internet? What's the real need for that? I mean if they work from a central location, they can do their production work in their isolated LAN's in their HQ. Or is it like they have many geographically distant locations for which they have to have their all contents online so they can be accessed from anywhere in the world?
 
Last edited:
According to the latest Security Now podcast it was either make it easier to communicate with each other or better security.
I'm over simplifying what was said about it though.

Check it out here
https://www.grc.com/securitynow.htm
Episode #485 - Expensive Lessons
The Sony stuff starts about halfway thru.
 
One of the attack methods used (according to an article I read) was against SMB (Server Message Block, basically Windows file sharing services), which strongly suggests that this was a server sitting on an internal network which has an Internet connection. They probably did something silly like rely solely on a basic broadband router's NAT and basic firewall to keep their internal network safe.
 
mikeymikec said:
One of the attack methods used (according to an article I read) was against SMB (Server Message Block, basically Windows file sharing services), which strongly suggests that this was a server sitting on an internal network which has an Internet connection. They probably did something silly like rely solely on a basic broadband router's NAT and basic firewall to keep their internal network safe.
Click to expand...

Unbelievable !
 
I just heard on the news that it could have been RUSSIA that hacked Sony and NOT the DPRK. ROFL! So we took the DPRKs Internet down for nothing and Sony was all "we won't show this movie now." MORONS!

The Playstation network was down for a few hours too. Maybe Russia again?
 
John Connor said:
I just heard on the news that it could have been RUSSIA that hacked Sony and NOT the DPRK. ROFL! So we took the DPRKs Internet down for nothing and Sony was all "we won't show this movie now." MORONS!

The Playstation network was down for a few hours too. Maybe Russia again?
Click to expand...

http://marcrogers.org/2014/12/18/why-the-sony-hack-is-unlikely-to-be-the-work-of-north-korea/

http://marcrogers.org/2014/12/21/why-i-still-dont-think-its-likely-that-north-korea-hacked-sony/
 
iamgenius said:
Hello guys. This is just a general question out of interest about sony's recent unfortunate massive internet attack they suffered days ago.

Why would they have all their contents and productions on the internet? What's the real need for that? I mean if they work from a central location, they can do their production work in their isolated LAN's in their HQ. Or is it like they have many geographically distant locations for which they have to have their all contents online so they can be accessed from anywhere in the world?
Click to expand...

There is always a tension between ease of use and security. Sony chose ease of use.

Information security is poorly understood and most security teams are poorly led.

For example:
The executive director of information security at Sony Pictures, Jason Spaltro, told CIO Magazine in a 2007 interview that it may be “a valid business decision to accept the risk” of a security breach, depending on the cost of investing in security and the cost of a successful attack.
Click to expand...

The reality is that Sony didn't have good security because they didn't care.
“Sony’s ‘information security’ team is a complete joke,” one former employee said. “We’d report security violations to them and our repeated reports were ignored.”

Just 11 people are assigned to the information security team out of a company of 7,000 employees, according to leaked files discovered by Fusion. Only three people on the team are not managers or directors.
Click to expand...

Sony's own internal reports show that they had major vulnerabilities. For example:
Earlier this year, Sony Pictures released one hell of an internal IT assessment. The report showed that not only was the company ignoring basic security protocol, its IT security was plagued with unmonitored devices, miscommunication, and a lack of accountability.
Click to expand...

Sony wasn't secure. They knew that. They just didn't care.

Uno
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top