“We
don't like North Korea anyway, so guilty or not a few sanctions that
sound good but don't really mean much makes it look like we're
retaliating.”
The
Obama administration doubled down on Friday on its allegation that
North
Korea’s leadership was behind the hacking of
Sony Pictures as it announced new sanctions on 10 senior North Korean
officials and several organizations.
…
“It’s a first step,” one of the officials said. “The
administration felt that it had to do something to stay on
point. This is certainly not the end for them.”
…
The more immediate impact of the announcement may be that the
administration is not backing down on Mr. Obama’s announcement on
Dec. 19, hours before leaving for his Hawaii vacation, that “North
Korea engaged in this attack” on Sony Pictures. The president’s
statement touched off an escalating debate between skeptics who said
the attack came from inside Sony and government officials who said it
could be traced to North Korea.
Unfortunately,
I think most big entertainment companies would do pretty much the
same thing. I doubt they will ever read this article.
Sony’s
‘Holiday Thank You’ Completely Misses the Point
In
response to Lizard Squad’s massive attack against PlayStation
Network and Xbox Live that brought each service offline for days,
Sony has just
offered players a five day extension of their PlayStation Plus
memberships and a 10% coupon to be used in the PlayStation Store.
It’s an offer that rings hollow and completely misses the point of
what was so distressing about the outage.
PlayStation
Network has never had a great track record. Its in-game performance
is often spotty, and its download speeds are slow. It has lagged
behind Xbox Live and Steam in basic functionality for years. It goes
down frequently for “routine maintenance.” It was taken offline
for 23 days in 2011 after the personal details of 77 million user
accounts were stolen during a hack so dramatic it earned its
own Wikipedia page and Sony had to answer to the US House of
Representatives. That’s why it was so significant during Sony’s
February 2013 reveal of the PlayStation 4 that it promised to improve
its network. The “fastest gaming network in the world,” it
vowed. It had learned from the failings of the PlayStation 3, of the
network hack, of the superior service offered by competitors. It’s
just too bad that, like most of the features promised during that
reveal, Sony has failed to follow through.
Here’s
the problem with Sony’s
statement: It is completely oblivious to the valid concerns its
customers have. Sony has still, thus far, not even
officially recognized Lizard Squad’s attack as the cause of the
downtime, which flies directly in the face of the 2011 network hack
when Sony was widely criticized for taking so long to inform its
customers of the network compromise. It
was irresponsible then, and it’s irresponsible now not
to own up to the true cause of the outage. Instead, all we get is a
vague admission that “access to PlayStation Network was impacted
during the holidays.” But that’s not the only problem.
From
top to bottom, the entire statement reads like it had been written 20
minutes prior, full of unclear terms and indefinite timelines. In
regards to the free five days of PlayStation Plus, Sony writes, “We
will post additional information here on PlayStation.Blog when the
extension becomes available.” Players who do not already have a
Plus account will get their five days “once the extension becomes
available (we will notify you when).” As well, the 10% off coupon
for the PlayStation Store will be available “sometime this month.”
It’s baffling that Sony would put out a statement with so many
uncertainties and speaks volumes to Sony’s level of commitment to
improving its network.
I’ve
had a PlayStation Plus subscription for three years now. I’m not
interested in a five-day extension. That does nothing for me. I
didn’t even get a chance to play anything during the Christmas
outage, so it didn’t affect or inconvenience me at all. And
frankly, I find a 10%
limited discount code to be actually insulting. Why should I reward
Sony for not being prepared for an attack threatened weeks in advance
by spending money in its store?
What
I want, and what we as gamers should demand, is that Sony finally
make good on its promises from almost two years ago, that in exchange
for mandating a paid subscription to access multiplayer on
PlayStation 4, it would deliver a truly fast, reliable, and safe
network. I still maintain that the
blame for the attacks should be on Lizard Squad, but that by no
means excuses Sony for its lackluster network.
For
my Ethical Hackers. Sound familiar?
A
Hacker's Hit List of American Infrastructure
On
Friday, December 19, the FBI officially
named North Korea as the party responsible for a cyber attack and
email theft against Sony Pictures.
…
Technology journalists were
quick to point out that, even though the cyber attack could be
attributable to a nation state actor, it
wasn’t particularly sophisticated. Ars
Technica’s
Sean Gallagher likened
it to a “software pipe bomb.” [Love
that phrase! Bob]
But
according to cyber-security professionals, the Sony hack may be a
prelude to a cyber attack on United States infrastructure that could
occur in 2015, as a result of a very different, self-inflicted
document dump from the Department of Homeland Security in July.
Here’s
the background: On July 3, DHS, which plays “key
role” in responding to cyber-attacks on the nation, replied to
a Freedom of Information Act (FOIA) request on a malware attack on
Google called “Operation
Aurora.”
Unfortunately,
as Threatpost writer Dennis
Fisher reports, DHS officials made a grave error in their
response. DHS released more than 800 pages of documents related not
to Operation Aurora but rather the Aurora Project, a 2007 research
effort led by Idaho National Laboratory demonstrating how easy it was
to hack elements in power and water systems.
Oops.
I
wonder if there was a sudden rush to “un-friend” the boss of if
they had already created a “for the boss” version of their
Facebook page and didn't need to change anything?
Jim
Matheny reports:
Now that 2015 is here, the new year means lots of new laws take
effect in Tennessee. That includes a change that protects employees’
private information on Facebook, Twitter, and other social media
accounts from nosy bosses.
“The new law says an employer cannot force you to tell them your
social media passwords or login to let them see what you’re doing.
That seems obvious to most people. But what an employer also cannot
do anymore is tell an employee or applicant, I need you to ‘friend’
me on Facebook, or I need you to friend me on Instagram, or follow me
on Twitter. That way I can see what you’re doing,” said Chris
McCarty, a Knoxville attorney who specializes in employment law.
Read
more on WBIR.
It's
all about the technology.
The
Future of Getting Arrested
Even
the most straightforward arrest is built upon an incredibly complex
foundation: the moment the handcuffs go on is the moment some of our
society’s most hotly contested ideas about justice, security, and
liberty are brought to bear on an individual. It’s also a moment
that’s poised to change dramatically, as law-enforcement agencies
around the country adopt new technology—from predictive-policing
software to surveillance cameras programmed to detect criminal
activity—and incorporate emerging research into the work of
apprehending suspects.
How
They’ll Know a Crime Is Taking Place
Devices
designed to detect questionable activity are proliferating.
How
They’ll Find Their Suspects
Usually
predictive policing refers to feeding reams of city data into
a computer and dispatching extra officers to areas that are deemed to
be at high risk of future crime. There’s potential, though, for
predictive policing to be less passive.
How
They’ll Actually Arrest Someone
Confronting
suspects and taking them into custody should become safer for police
officers, thanks to so-called real-time crime centers staffed by
analysts who can transmit information to officers en route to a crime
scene—the criminal histories of the people who live at that
address, say, or floor-plan details, or intelligence gathered from
surveillance cameras.
Talking
the talk? By now, courts should have plenty of experience with
automated systems and (one can only hope) with security.
…
As a first step, many legal documents will be made available online
as the court transitions to making
electronic filings the official avenue for parties to submit
documents, Chief Justice John Roberts announced in his
year-end
report released Wednesday night. The system would
accept petitions, briefs and all other motions.
…
Roberts said the court has been purposely slow to adopt new
technology or embrace the “next big thing” because of its role.
He cited a number of reasons, from the appropriations and procurement
process to making sure that every member of the public — and not
just the “most tech savvy” — can access the records.
He
also touched on the specter of court records being hacked into,
noting the sensitivity of some documents.
“Courts
understandably proceed cautiously in introducing new information
technology systems until they have fairly considered how to keep the
information contained therein secure from foreign and domestic
hackers, whose motives may range from fishing for secrets to
discrediting the government or impairing court operations,” he
wrote.
An
article for both my Data Management and my Business Intelligence
classes.
Boards
Dissatisfied With Cyber, IT Risk Info Provided by Management
…
directors
want changes in how risk oversight responsibilities are allocated.
More than half of them believe this should be the province of the
full board, rather than an audit committee alone.
In
addition to being dissatisfied about the quantity of information
management provides on cybersecurity and IT risk, some 36 percent
said they are also unsatisfied with the quality of that information.
A
giggle or two every week. Who could ask for more?
Hack
Education Weekly News
…
Georgia
state lawmakers have passed
legislation to reform lobbying,
but have created a loophole so that they can still get freebies like
college football tickets. Because ethics.
…
“One
bad tweet can be costly to a student athlete”
as more schools monitor what students and recruits do online.
I'm
all about learning to talk gooder!
A
new word for the overworked: 'al desko'
The
Oxford English Dictionary added "al desko" in 2014. It can
be used as an adjective or an adverb and is kind of a cruel play on
the Italian term "al fresco," meaning in the fresh air.