Sunday, December 07, 2014

Something is very strange here. Why no real information? Is there a tool or technique here that renders everyone vulnerable? I doubt it. So why not disclose what Sony failed to do?
Investigator says Sony cyber attack was 'unparalleled'
Forensics experts hired by Sony Corp to investigate the massive cyber attack at its Hollywood studio said the breach was unprecedented, well-planned and carried out by an "organized group," according to an email obtained on Saturday.
… They are among the first details of the investigation to be made public, yet they do not discuss what people are most interested in knowing: The extent of the damage to the studio's network or whether investigators had any leads in determining who was behind the campaign, the most destructive cyber attack reported to date against a company on U.S. soil.
… Mandia, whose forensics firm has probed some of the biggest and most sophisticated cyber attacks known to date, told Lynton in his email that "The scope of this attack differs from any we have responded to in the past, as its purpose was to both destroy property and release confidential information to the public."
He added in the email that "The bottom line is that this was an unparalleled and well planned crime, carried out by an organized group, for which neither SPE nor other companies could have been fully prepared."
FBI spokesman Joshua Campbell said the agency concurred with Mandiant's analysis that the attack was conducted using techniques that went undetected by standard antivirus software.

(Related) Clearly dis-information. North Korea has neither supporters nor sympathizers.
North Korea denies hacking Sony but calls the breach a ‘righteous deed’
North Korea has denied hacking Sony Pictures’ computer systems in retaliation for its movie “The Interview,” which revolves around a plot to assassinate North Korea’s leader, Kim Jong Un. But the secretive state has called the crippling cyberattack a “righteous deed” and has suggested its “supporters and sympathizers” might be taking revenge on its behalf.

The Chieftain article suggests the passwords were assigned by school, apparently in a non-random manner.
KRDO reports:
Pueblo City School District 60 is increasing security after a student found a way to access other students’ accounts.
The Pueblo Chieftain reports that a student demonstrated how simple it was to access other students’ accounts since the username and password are almost identical on Infinite Campus, the program students use that has grades, attendance records, missing assignments, class schedules, immunization records, grade-point averages, home addresses, telephone numbers, names of family members, and assessment scores.
Read more on KRDO.
Related: Password changes on tap (Pueblo Chieftain)

Coming soon to a company near you!
Germany Examines Ban on Employees Checking Work Emails at Home
German employees could soon have legal protection preventing them from dealing with work-related phone calls and email traffic after hours and on weekends.
Labor Minister Andrea Nahles is contemplating introducing "anti-stress" regulations in Europe's economic powerhouse.
She told the Rheinische Post newspaper that it is "indisputable that there is a connection between permanent availability and psychological diseases."

No comments: