Security…Again

Posted · Add Comment

Edit: The attacker is NOT North Korea, geez, media needs to be sensible.

Again Sony is in the news about a serious hack to their networks. At this time details have not been made public but essentially is likely to be a very typical exploit The hackers took employee data including salary, pwc-sonybenefits amongst other things. Basically everything. Many of these items are popping up on websites  just like your stolen car radio and pawn shops etc…

Here’s the thing, after looking into networks and doing audits for specific groups I can say with certainty that pretty much all corporate networks are porous.  Like a kitchen sponge. 2839513075_34425c65ed_oThey are designed to suck everything in but keep very little out, and worse still is the fact that hackers are aware of that. It’s only getting worse in that (A) you are becoming more aware of it (B) it’s becoming more of a big player’s game. I advocate a different approach to networking for these corporate systems.

Wireless is a big problem in this context and has to be addressed with more sophistication. I have been providing some guidance to enterprises and carriers about this issue but the molasses speed at which this sort of change happens (based on management FUD) is a real problem, a hinderance to getting closer to the solution, because as you clean up specific networks, the interconnected ramifications eventually help everyone.

There’s no company or single product or solution that makes this go away. Although some of it is very ‘sexy.’ inter_attackThe OEMs would like you to believe this but it’s simply not true. Everybody needs to take responsibility and begin making the changes it will take to put this attack space back into it’s acceptable percentages (like loss at a retail store) vs the currently escalating situation in which every practically network you touch is stealing from you through your day to day interactions, on behalf of some bad actors.

Reach out to us if you need some more guidance…we have been designing radically different architectures to address the situation.

See post from one of my favs- Krebs on Security….

Sony Breach May Have Exposed Employee Healthcare, Salary Data

(Teaser)

The recent hacker break-in at Sony Pictures Entertainment appears to have involved the theft of far more than unreleased motion pictures: According to multiple sources, the intruders also stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including Social Security numbers, medical and salary information. What’s more, it’s beginning to look like the attackers may have destroyed data on an unknown number of internal Sony systems.

Screen shot from an internal audit report allegedly stolen from Sony.

Several files being traded on torrent networks seen by this author include a global Sony employee list, a Microsoft Excel file that includes the name, location, employee ID, network username, base salary and date of birth for more than 6,800 individuals.

(Full post)

Sony Breach May Have Exposed Employee Healthcare, Salary Data

(Business Insider)

The Sony Hack May Be Unprecedented, But The US Is Still Routinely Getting Hammered By Hackers

(LinkedIn->Scott Schober President/CEO/Cyber Security Expert Berkeley Varitronics Systems & Host at 2 Minute)

Sony Pictures Shut Down by Hack Attack