I kind of want to live in the world where World War 3 was started because of Seth Rogen and James Franco
right before I succumb to radiation poisoning I will think "at least I couldn't have died for anything stupider"
Yes because North Korea are militarily capable of doing much besides bombing parts of South Korea for a few days before being shut down completely by outside interests what with their battered Vietnam War era Soviet surplus equipment and arms and starving army.
I think you'll find the best Christmas movies can be found on the TV channels that rebrand to feature the word 'Christmas' in their name when it gets to December.
Only if they show Die Hard on Christmas Eve, followed by National Lampoons Christmas Vacation on Christmas Day.
I think you'll find the best Christmas movies can be found on the TV channels that rebrand to feature the word 'Christmas' in their name when it gets to December.
Only if they show Die Hard on Christmas Eve, followed by National Lampoons Christmas Vacation on Christmas Day.
HAH! It's not a Christmas movie unless it contains 'wish', 'miracle', or 'secret' in the title.
I hope that at least one chain still shows the movie because I love Franco/Rogen movies and I don't want this to slow down their ability to make movies.
I'm sure tim league will still have it at the drafthouse or something.
I doubt itll hurt Rogen or Franco. Sony might have some issues
It's weird, you'd think after psn that sony's cyber security would have been top of the line across the board. I guess the different divisions probably don't talk to each other much, and there's never been an entire multibillion dollar company held captive like this before.
I have more trouble feeling sorry for media conglomerates than I do for the creators. I do hope that the guys working 9 to 5 don't get completely fucked as a result of this, but the execs should have been smarter about it in a lot of ways, from security to greenlighting the project without changing to a fictional dictator.
I just picture Sony, after that first big PSN hack, just bringing in some guys "security-expert" brother-in-law who just installed Norton on everything and sent them a bill.
As Kashmir Hill reported, there were only 11 people on the Sony information security team at the time of the hack:
“The real problem lies in the fact that there was no real investment in or real understanding of what information security is,” said the former employee. One issue made evident by the leak is that sensitive files on the Sony Pictures network were not encrypted internally or password-protected.
Hackers found a file with Sony usernames and passwords called “Usernames&Passwords.”
From the sounds of it, they might be getting him back (or at least get to use him) anyway
the news on that was that it didn't happen, i thought.
There's apparently a Spidey summit in January where the Sony bigwigs are going to discuss what to do about him
But latest word on the street is that Feige will be in attendance and feels good about it, though I think that's from a different source than the leaks
Sony Director of Information Security Jason Spaltro even gave an interview in 2007 whose whole point was to revel in Sony’s security loopholes: “it’s a valid business decision to accept the risk” of a security breach. “I will not invest $10 million to avoid a possible $1 million loss,” he said at the time.
Sony Director of Information Security Jason Spaltro even gave an interview in 2007 whose whole point was to revel in Sony’s security loopholes: “it’s a valid business decision to accept the risk” of a security breach. “I will not invest $10 million to avoid a possible $1 million loss,” he said at the time.
fuck you
Yeah I'd say they're wayyyyy out more than $10m now.
Why even have a separate file with all of that exported to it isn't that just built into AD?
Yes, typically
There are maybe some arguments to be had for an admin having a list of all users and their passwords immediately at hand, and storing them separately isn't inherently a vulnerability, but the way this was done is so insanely lazy
1) password protect the file
2) rename the file something innoccuous
3) use ACL or GPO to restrict access or even viewing of the file only to admins
4) store them hashed
like, a normal user shouldn't even be aware that file exists, and from what I understand they just used a trojan to get basic access
Should've just called the file "untitled rob schneider project.avi".
Even the hackers would have left it alone.
Rhylith - <Shambler Milk> Horde Chogall
+5
LuvTheMonkeyHigh Sierra SerenadeRegistered Userregular
Well anything running a UNIX/Linux derivative (usually) wouldn't be attached to AD, so keeping auth credentials separately is necessary a lot. That said, jesus there's 20 different ways to do that shit securely.
And that dude's quote about risk assessment is right in theory, his problem is wildly fucking undervaluing the risk to Sony. And probably overvaluing the cost to mitigate too.
Well anything running a UNIX/Linux derivative (usually) wouldn't be attached to AD, so keeping auth credentials separately is necessary a lot. That said, jesus there's 20 different ways to do that shit securely.
And that dude's quote about risk assessment is right in theory, his problem is wildly fucking undervaluing the risk to Sony. And probably overvaluing the cost to mitigate too.
even then they could have used shadow password in about 20 seconds, or any other of a ton of ways as you said
and yeah the idea that a security breach would only cost sony 1$ million is absolutely hilarious
Raijin QuickfootI'm your Huckleberry YOU'RE NO DAISYRegistered User, ClubPAregular
Not only would you think a company like that would know better but Sony already went through this once before..
Of all people they should have some of the toughest security at this point.
I really, really wish they go through with that Phil Lord, Chris Miller Spider-Man movie.
Also, someone somewhere suggested Edgar Wright as the new director for a live-action Spider-Man. I didn't know how badly I wanted that until I read it. Ultimately though, Sony needs to stop meddling with the making of the film and just give the director some room to breathe. I think I read that Marc Webb had the same experience as Sam Raimi did on his third Spidey in terms of studio interference.
Oh, and as long as we're wishing for things that are too good to come true, someone somehow please get Greg Weisman and his entire team back together to continue Spectacular Spider-Man from where they left off and see their plans for the series through.
0
WeaverWho are you?What do you want?Registered Userregular
I wonder how much of Sony not being willing to put any money into their information security was because of this attitude you see in lots of places where IT gets underfunded and treated like shit because they aren't a profit-generating division.
0
LuvTheMonkeyHigh Sierra SerenadeRegistered Userregular
I wonder how much of Sony not being willing to put any money into their information security was because of this attitude you see in lots of places where IT gets underfunded and treated like shit because they aren't a profit-generating division.
Probably a lot
Even in the coding world, IS is often undervalued
I have been paid to go to perform vulnerability testing on a site where the engineer told his team to let me perform the tests and then ignore the results because the only thing that mattered was the code working and he didn't care about security
Posts
Yes because North Korea are militarily capable of doing much besides bombing parts of South Korea for a few days before being shut down completely by outside interests what with their battered Vietnam War era Soviet surplus equipment and arms and starving army.
Big difference between this situation and WW1.
Only if they show Die Hard on Christmas Eve, followed by National Lampoons Christmas Vacation on Christmas Day.
HAH! It's not a Christmas movie unless it contains 'wish', 'miracle', or 'secret' in the title.
If sony pictures falls apart will marvel likely get Spider-Man back?
Also thanks iphone for getting correctly autocorrecting Spider-Man.
I just picture Sony, after that first big PSN hack, just bringing in some guys "security-expert" brother-in-law who just installed Norton on everything and sent them a bill.
I'm curious how they got in
the news on that was that it didn't happen, i thought.
oh lord if that is true
http://techcrunch.com/2014/12/16/hack-sony-twice-shame-on-sony/
ONE PERSON should get that done
also 11 people on a network of that size is completely, utterly insane
There's apparently a Spidey summit in January where the Sony bigwigs are going to discuss what to do about him
But latest word on the street is that Feige will be in attendance and feels good about it, though I think that's from a different source than the leaks
my team is 8 people
we do qa for the actual implementation team
on a network WAY smaller than sonys
holy shit
"So you know all about how to use the googles, right?"
"Do you know the wifi password? I can't pull up the HR page."
"You can just keep a list of passwords so if I forget it you can just tell me what it is instead of resetting it?"
I figured it out.
I think we have a mouse problem guys.
Now everyone please put on these tinfoil hats.
fuck you
Yeah I'd say they're wayyyyy out more than $10m now.
30 seconds of someones time
Why even have a separate file with all of that exported to it isn't that just built into AD?
Yes, typically
There are maybe some arguments to be had for an admin having a list of all users and their passwords immediately at hand, and storing them separately isn't inherently a vulnerability, but the way this was done is so insanely lazy
1) password protect the file
2) rename the file something innoccuous
3) use ACL or GPO to restrict access or even viewing of the file only to admins
4) store them hashed
like, a normal user shouldn't even be aware that file exists, and from what I understand they just used a trojan to get basic access
Even the hackers would have left it alone.
And that dude's quote about risk assessment is right in theory, his problem is wildly fucking undervaluing the risk to Sony. And probably overvaluing the cost to mitigate too.
even then they could have used shadow password in about 20 seconds, or any other of a ton of ways as you said
and yeah the idea that a security breach would only cost sony 1$ million is absolutely hilarious
was it merely the assumption that such a large corporation would surely have its shit together and be very difficult to hack
I genuinely don't know this
Its weird
Of all people they should have some of the toughest security at this point.
https://www.amazon.com/gp/registry/wishlist/1JI9WWSRW1YJI
They may nit have even known they were hacked!
Also, someone somewhere suggested Edgar Wright as the new director for a live-action Spider-Man. I didn't know how badly I wanted that until I read it. Ultimately though, Sony needs to stop meddling with the making of the film and just give the director some room to breathe. I think I read that Marc Webb had the same experience as Sam Raimi did on his third Spidey in terms of studio interference.
Oh, and as long as we're wishing for things that are too good to come true, someone somehow please get Greg Weisman and his entire team back together to continue Spectacular Spider-Man from where they left off and see their plans for the series through.
Probably a lot
Even in the coding world, IS is often undervalued
I have been paid to go to perform vulnerability testing on a site where the engineer told his team to let me perform the tests and then ignore the results because the only thing that mattered was the code working and he didn't care about security
So far the only ones I can find that I haven't seen are Sint, Rare Exports:A Christmas Tale, and Christmas Cruelty.
Christmas Cruelty might be too much though based on the synopsis.
https://www.amazon.com/gp/registry/wishlist/1JI9WWSRW1YJI
it... might be the best one?
It's not a field with a lot of competition