As my two or three regular readers know, I’ve long said that the internet is a public place and that those who forget that do so at their peril.
In addition, there is no such thing as absolute security. If someone wants to break into any ole house, your good security system will send them to your neighbor’s house. If he or she absolutely positively wants to break into your house regardless of the cost, your house is breached.
Before I get to my list of links, I must remind you that Sony has a history of poor security practices and incompetent response to the resulting breaches. They have also attempted to infect their customers’ computers with malware. As regards security, note that “big” and “bumble” both start with “b.”
The last reminder is this: Don’t believe the gee-whiz reportage on network security from the establishment press. For all their good will (and sometimes their lack thereof), most of those folks know nothing about how networks work and are not competent to evaluate the statements of the persons they interview. If some bozo in a three-piece suit were to tell them that Uncle Fester’s phase-lock loop light bulb represented the next breakthrough in physics, they would report it without question.
I’ve rounded up some posts about the Sony kerfuffle from persons who usually know what they are talking about.
Bruce Schneier, preeminent network security expert, says it’s important to know who you are dealing with. A snippet:
Your reaction to the massive hacking of such a prominent company will depend on whether you’re fluent in information-technology security. If you’re not, you’re probably wondering how in the world this could happen. If you are, you’re aware that this could happen to any company (though it is still amazing that Sony made it so easy).
To understand any given episode of hacking, you need to understand who your adversary is. I’ve spent decades dealing with Internet hackers (as I do now at my current firm), and I’ve learned to separate opportunistic attacks from targeted ones.
China Hand (I don’t know who he is, but he seems to be a reasonable sort of guy) is skeptical of the North Korean connection; he’s suspects it’s a knee-jerk reaction (more at the link):
Unfortunately, cyberattacks don’t lend themselves to quick attribution or, for that matter, even ultimate attribution. And for a government that does not want to make a spectacle of its impotence, waiting on due process and evidentiary niceties to produce the conclusion, “Well, the circumstances argue this, but we could never prove it in a court of law” doesn’t really cut it.
I have a suspicion that the United States has an app for that: blame somebody, preferably somebody unpopular, as quickly and categorically as possible.
George Smith thinks that Sony didn’t know when to hold them, didn’t know when to fold them and has composed a ditty in Sony’s honor.