Saturday, January 03, 2015
“We don't like North Korea anyway, so guilty or not a few sanctions that sound good but don't really mean much makes it look like we're retaliating.”
The Obama administration doubled down on Friday on its allegation that North Korea’s leadership was behind the hacking of Sony Pictures as it announced new sanctions on 10 senior North Korean officials and several organizations.
… “It’s a first step,” one of the officials said. “The administration felt that it had to do something to stay on point. This is certainly not the end for them.”
… The more immediate impact of the announcement may be that the administration is not backing down on Mr. Obama’s announcement on Dec. 19, hours before leaving for his Hawaii vacation, that “North Korea engaged in this attack” on Sony Pictures. The president’s statement touched off an escalating debate between skeptics who said the attack came from inside Sony and government officials who said it could be traced to North Korea.
Unfortunately, I think most big entertainment companies would do pretty much the same thing. I doubt they will ever read this article.
Sony’s ‘Holiday Thank You’ Completely Misses the Point
In response to Lizard Squad’s massive attack against PlayStation Network and Xbox Live that brought each service offline for days, Sony has just offered players a five day extension of their PlayStation Plus memberships and a 10% coupon to be used in the PlayStation Store. It’s an offer that rings hollow and completely misses the point of what was so distressing about the outage.
PlayStation Network has never had a great track record. Its in-game performance is often spotty, and its download speeds are slow. It has lagged behind Xbox Live and Steam in basic functionality for years. It goes down frequently for “routine maintenance.” It was taken offline for 23 days in 2011 after the personal details of 77 million user accounts were stolen during a hack so dramatic it earned its own Wikipedia page and Sony had to answer to the US House of Representatives. That’s why it was so significant during Sony’s February 2013 reveal of the PlayStation 4 that it promised to improve its network. The “fastest gaming network in the world,” it vowed. It had learned from the failings of the PlayStation 3, of the network hack, of the superior service offered by competitors. It’s just too bad that, like most of the features promised during that reveal, Sony has failed to follow through.
Here’s the problem with Sony’s statement: It is completely oblivious to the valid concerns its customers have. Sony has still, thus far, not even officially recognized Lizard Squad’s attack as the cause of the downtime, which flies directly in the face of the 2011 network hack when Sony was widely criticized for taking so long to inform its customers of the network compromise. It was irresponsible then, and it’s irresponsible now not to own up to the true cause of the outage. Instead, all we get is a vague admission that “access to PlayStation Network was impacted during the holidays.” But that’s not the only problem.
From top to bottom, the entire statement reads like it had been written 20 minutes prior, full of unclear terms and indefinite timelines. In regards to the free five days of PlayStation Plus, Sony writes, “We will post additional information here on PlayStation.Blog when the extension becomes available.” Players who do not already have a Plus account will get their five days “once the extension becomes available (we will notify you when).” As well, the 10% off coupon for the PlayStation Store will be available “sometime this month.” It’s baffling that Sony would put out a statement with so many uncertainties and speaks volumes to Sony’s level of commitment to improving its network.
I’ve had a PlayStation Plus subscription for three years now. I’m not interested in a five-day extension. That does nothing for me. I didn’t even get a chance to play anything during the Christmas outage, so it didn’t affect or inconvenience me at all. And frankly, I find a 10% limited discount code to be actually insulting. Why should I reward Sony for not being prepared for an attack threatened weeks in advance by spending money in its store?
What I want, and what we as gamers should demand, is that Sony finally make good on its promises from almost two years ago, that in exchange for mandating a paid subscription to access multiplayer on PlayStation 4, it would deliver a truly fast, reliable, and safe network. I still maintain that the blame for the attacks should be on Lizard Squad, but that by no means excuses Sony for its lackluster network.
For my Ethical Hackers. Sound familiar?
A Hacker's Hit List of American Infrastructure
On Friday, December 19, the FBI officially named North Korea as the party responsible for a cyber attack and email theft against Sony Pictures.
… Technology journalists were quick to point out that, even though the cyber attack could be attributable to a nation state actor, it wasn’t particularly sophisticated. Ars Technica’s Sean Gallagher likened it to a “software pipe bomb.” [Love that phrase! Bob]
But according to cyber-security professionals, the Sony hack may be a prelude to a cyber attack on United States infrastructure that could occur in 2015, as a result of a very different, self-inflicted document dump from the Department of Homeland Security in July.
Here’s the background: On July 3, DHS, which plays “key role” in responding to cyber-attacks on the nation, replied to a Freedom of Information Act (FOIA) request on a malware attack on Google called “Operation Aurora.”
Unfortunately, as Threatpost writer Dennis Fisher reports, DHS officials made a grave error in their response. DHS released more than 800 pages of documents related not to Operation Aurora but rather the Aurora Project, a 2007 research effort led by Idaho National Laboratory demonstrating how easy it was to hack elements in power and water systems.
I wonder if there was a sudden rush to “un-friend” the boss of if they had already created a “for the boss” version of their Facebook page and didn't need to change anything?
Jim Matheny reports:
Now that 2015 is here, the new year means lots of new laws take effect in Tennessee. That includes a change that protects employees’ private information on Facebook, Twitter, and other social media accounts from nosy bosses.
“The new law says an employer cannot force you to tell them your social media passwords or login to let them see what you’re doing. That seems obvious to most people. But what an employer also cannot do anymore is tell an employee or applicant, I need you to ‘friend’ me on Facebook, or I need you to friend me on Instagram, or follow me on Twitter. That way I can see what you’re doing,” said Chris McCarty, a Knoxville attorney who specializes in employment law.
Read more on WBIR.
It's all about the technology.
The Future of Getting Arrested
Even the most straightforward arrest is built upon an incredibly complex foundation: the moment the handcuffs go on is the moment some of our society’s most hotly contested ideas about justice, security, and liberty are brought to bear on an individual. It’s also a moment that’s poised to change dramatically, as law-enforcement agencies around the country adopt new technology—from predictive-policing software to surveillance cameras programmed to detect criminal activity—and incorporate emerging research into the work of apprehending suspects.
How They’ll Know a Crime Is Taking Place
Devices designed to detect questionable activity are proliferating.
How They’ll Find Their Suspects
Usually predictive policing refers to feeding reams of city data into a computer and dispatching extra officers to areas that are deemed to be at high risk of future crime. There’s potential, though, for predictive policing to be less passive.
How They’ll Actually Arrest Someone
Confronting suspects and taking them into custody should become safer for police officers, thanks to so-called real-time crime centers staffed by analysts who can transmit information to officers en route to a crime scene—the criminal histories of the people who live at that address, say, or floor-plan details, or intelligence gathered from surveillance cameras.
Talking the talk? By now, courts should have plenty of experience with automated systems and (one can only hope) with security.
… As a first step, many legal documents will be made available online as the court transitions to making electronic filings the official avenue for parties to submit documents, Chief Justice John Roberts announced in his year-end report released Wednesday night. The system would accept petitions, briefs and all other motions.
… Roberts said the court has been purposely slow to adopt new technology or embrace the “next big thing” because of its role. He cited a number of reasons, from the appropriations and procurement process to making sure that every member of the public — and not just the “most tech savvy” — can access the records.
He also touched on the specter of court records being hacked into, noting the sensitivity of some documents.
“Courts understandably proceed cautiously in introducing new information technology systems until they have fairly considered how to keep the information contained therein secure from foreign and domestic hackers, whose motives may range from fishing for secrets to discrediting the government or impairing court operations,” he wrote.
An article for both my Data Management and my Business Intelligence classes.
Boards Dissatisfied With Cyber, IT Risk Info Provided by Management
… directors want changes in how risk oversight responsibilities are allocated. More than half of them believe this should be the province of the full board, rather than an audit committee alone.
In addition to being dissatisfied about the quantity of information management provides on cybersecurity and IT risk, some 36 percent said they are also unsatisfied with the quality of that information.
A giggle or two every week. Who could ask for more?
Hack Education Weekly News
… Georgia state lawmakers have passed legislation to reform lobbying, but have created a loophole so that they can still get freebies like college football tickets. Because ethics.
… “One bad tweet can be costly to a student athlete” as more schools monitor what students and recruits do online.
I'm all about learning to talk gooder!
A new word for the overworked: 'al desko'
The Oxford English Dictionary added "al desko" in 2014. It can be used as an adjective or an adverb and is kind of a cruel play on the Italian term "al fresco," meaning in the fresh air.