Feds finger Norks in Sony hack, Obama asks: HOW DO YOU SOLVE A PROBLEM LIKE KOREA?

for Sony, its not the first time its been hacked - and this year alone they laid off almost 10,000 staff...

http://www.huffingtonpost.com/2011/06/24/sony-hack-layoffs-lawsuit_n_883788.html

I wonder if any in this tranche were Snowden level domain admins this time?

Just sayin

Here's what you do.

Three easy steps.

1. Count the number of countries NK army is active in around the world.

2.Count the number of countries US/UK army is active in around the world.

3. Shut the fuck up.

No it wasn't

It's hacker humour. Break in just for the hell of it. Not looking for money or to make a political statement just for shits and giggle and bragging rights over their hacking mates. Then when they've finished exploring every nook and cranny of their IT drop the format bomb and release the goods.

Then the general press - who don't understand the IT angle and have no idea how to report it to an IT illiterate audience - they take the 'what do we understand angle' and talk about films being the cause and then make an unimaginative leap to saying the people attacked in the movie must be so upset so as to have caused it! Clearly this is ridiculous. And it's at this point the hackers fun really starts - this is comedy gold - so they play to the gallery by going along with this nonsense.

It's not just me who thinks this 'the norks did it' is so ridiculous - check out Radio 4 PM news programme today with the interview with the main guy at F-Secure http://www.bbc.co.uk/programmes/b04v5xys about 32 mins in

It is just a coincidence

that it occurred just as a special representative of Kim Jong has been in Moscow discussing the construction of a gas pipeline through NK to SK.

Alternatively

How do you solve a problem like the US, given its obnoxious tendency to impose its will on others.

Proportional response.

People seem confused by this.

What it means is travel restrictions and frozen overseas accounts of select Nork dignitaries and military. If that isn't spectacular enough for you, tough titties, because that's what you'll get.

Oh all right then, I'll throw in an international arrest warrant for the team which flew to Thailand to do the actual hacking.

A quick and easy solution.

Sony and MPAA share the financial hit and the movie is released on the internet, unencrypted and free for all to download and enjoy - far too many targets for the WORKS to do anything about it.

Good for Obama.

He says it's unacceptable that a dictator in one country can censor what citizens in another country can see.

So, does that mean he's going to stop going after the whistleblowers then?

Pardons all round for Assange and Snowden et al.?

No, didn't think so.

WHAT I THINK

I think the only way to secure your network is to close bugs and not through backdoors and "prevention".

Security can not be done as 100% but you can minimize it by true code auditing and closing bugs and stop relaying on closed source systems. Free software is the only way to be secured against this kind of threats, rather than relaying on Microsoft for example. The government should be promoting free software and code auditing if they really want a better "cyber world". Otherwise is the same bullshit like "we have to put backdoor here to protect all of you". Think defense, not offense. Otherwise, one will come down at the same ignorance level of terrorists and guess what, that's what they want ...

WAKE UP!

Whilst the blame game is providing amusement for those addicted to conspiracy theories, the real issue is being overlooked.

Whoever may have been responsible for this attack, the fact that it is possible for an organisation to be so comprehensively compromised through its IT should be ringing alarm bells.

The world is increasingly dependent on IT; both in scope (the internet of everything) and scale. Yet dependability and security seem to rank FAR behind novelty as the focus of technology "progress".

Re. WAKE UP!

Sony releasing the movie on the Net for free would certainly be karma.

Just include a "Donate" button, problem solved.

GCHQ's answer to Fort Meade's solution ..... Try again, ...

... but this next time in these strange times, with SMARTR Beta Intelligence. The Great Game and ITs Rules for Reign are Changed, don't you know, by the WAI

America would have to work with other states to rethink how the internet was run and managed so that these kind of attacks could not take place again. "The internet and cyber is the Wild West right now," he [President Obama of the Clueless and Renegade to Renaissance] opined.

That would/should/could be as a foil and counter to an Exotic Erotic East with a CyberIntelAIgent Weapons Arsenal of Enlightened Entertaining EMPowerment and NEUKlearer HyperRadioProActive IT, the Wild Wacky West, with alien type tech and hot bot methodologies replacing crass cowboy and abused injun culturing. Although whenever dumb, would that be a dumber move too if IT would create a competition and opposition rather than reinforced support and clear guidance to Beta Future Paths of IntelAIgent Travel for Global Operating Devices exercising Creative Command and CyberSpace Control of Communications and Computers for Shared Absolute Power in Virtual Machine Man Management.

The abiding persistent problem for present systems of SCADA administration is that systems are being programmed badly to cater for human failings rather than being designed and rebuilt for virtual machines with perfectly clear understanding and smarter transparent intentions ….. which is surely what it is in IT and AI to be, to be a Great Human Being?

And all that it takes with IT Command and Control and CyberSpace Savvy for that revolutionary evolutionary adjustment with titanic course corrections, is already shared and most recently registered again here

IT and Media Manipulation of the Future to be Presented as a Portfolio of Accepted Facts from Fiction to be Followed and Believed Unquestionably as Gospel and Oracle, Sony Pictures Presents: the Propaganda Model It and IT and Associated Shenanigans is not rocket science, it is way more simply complex and surreal than than ……. and do it and IT badly and well for all the best of wrong reasons is catastrophically damaging and personally revealing.

Take care out there, for there is no hiding space for sharp and smart tools who would be no more than mega rich and metadata poor fools in that place.

Defence Defence Defence!

From the little bits of information we get it would have been trivial to prevent or at least contain that infection to a small part of the company.

Just use the usual best practices for clients. Harden your operating systems, use application servers whenever possible, do not have persistent OS partitions between boots, etc. Notice that secure boot would have not helped in this situation at all.

The sensible thing to do would be to invest in actual security. Let's do code reviews, let's make our software simpler. Let us teach assembler before C in universities so people learn how to avoid buffer overruns.

Unfortunately the industry has little interest in secure systems. They want to continue to sell closed source software, they want to continue to use DRM, which means that they will always want to have ways to distribute binary code software which opens the gates to malware.

Over thinking the situation

Why would Obama go to war (at any level) over this? I saw a video of the conference at http://bit.ly/obama-made-a-mistake and in no way what so ever did he seem confident in what he was saying.

This seems like its nothing more than adding fuel to the fire. The movie was going to bomb and the scandal skyrocketed the interest people had in Rogen and Franco's horrible acting. The movie will be released and will be an instant hit; being remembered as an "American Hero" thingy where America never bowed down. Its a bloody Japanese production leave it be!

"North Korea’s actions were intended to inflict significant harm on a US business and suppress the right of American citizens to express themselves," the FBI concludes . . ." - I did not know Sony was American, learn something new everyday.

The thing is, IT security IS a cost centre, in basically the same way as health and safety building regulations/procedures, environmental protection etc. And you should invest in it for basically the same reasons - if you don't, you're going to be hit with a big-ass bill when something goes wrong.

The other areas have improved over the years, and they've been doing it longer than IT sec, but plenty of places still think they can pull a fast one on safety measures to widen their profit margins. Capitalism, how do we love thee? Let us count the ways.

British Universities at risk

Are they targeting us now?

Roehampton.ac.uk has been offline for 18hours - what's going on!!