|
|
 
|
|
Author
|
Topic: Sony Hack Hits Home
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Leo Enticknap
Film God
Posts: 7474
From: Loma Linda, CA
Registered: Jul 2000
|
posted 12-11-2014 11:23 AM
I was skeptical about North Korea, too. I mean, if they really have the capability to have been responsible for this, that would be inconsistent with the reports that it is a pretty primitive place.
Jim: I share your pain about studio invoicing. Because our place is a 501(c)(3), we have to invoice private rental clients for projectionist services separately from the venue rental (a non-profit can rent out its building and infrastructure without having to pay tax on the revenue, but not the services of its employees, so the two have to be kept separate in the accounting process) and it's my job to do the projectionist invoices. The big studios are the worst to deal with, by a long chalk. One (for political reasons I don't feel comfortable saying which one on a public website) requires every payee to register on their online accounting system, upload a ton of paperwork - invoice, W-9, etc. - in PDF form to exact specifications (which that system will reject if not followed to the letter), and then wait 45 days to be paid. Things have got to the stage that one of my co-workers now refuses to work private rental screenings for this studio. The others aren't as bad, but they still tie you up in red tape.
| IP: Logged
|
|
Marcel Birgelen
Film God
Posts: 3357
From: Maastricht, Limburg, Netherlands
Registered: Feb 2012
|
posted 12-11-2014 12:21 PM
North Korea might be a very backward place for the average North Korean, but don't underestimate the considerable amount of resources and commitment they can put into such things. For what it's worth, they could also have hired a bunch of "hackers" from somewhere else.
Also, don't overestimate the complexity of the security systems of the average corporation. A simple Administrator password to a Windows domain of such a corporation will give you full access to about anything on many such networks.
Still, before you start blaming someone, first come up with some credible evidence and don't just pick an easy and obvious target as a lame excuse for your own failure to secure your systems appropriately. Because, in 95% cases of all security breaches it just boils down to incompetence from the side of the affected parties. You can easily blame the "other" party: It's THEY who hacked us, but maybe it's time to wake up. If you're a high profile, billion dollar company, you're always a potential target for those kind of things.
quote: Leo Enticknap
Because our place is a 501(c)(3), we have to invoice private rental clients for projectionist services separately from the venue rental (a non-profit can rent out its building and infrastructure without having to pay tax on the revenue, but not the services of its employees, so the two have to be kept separate in the accounting process) and it's my job to do the projectionist invoices.
There's probably a ton of stuff I'm overlooking here and I don't have all the details obviously. But this problem would essentially also arise here. If this would manifest on a regularly basis, I would have the non-profit organization incorporate a new (for profit) company which will then, in turn hire the projectionists on an hourly basis (essentially, it will just request services from the non-profit) and will then invoice the studios for their services. This way, there should be no need to do all the extra paperwork.
| IP: Logged
|
|
Jim Cassedy
Phenomenal Film Handler
Posts: 1661
From: San Francisco, CA
Registered: Dec 2006
|
posted 12-11-2014 12:59 PM
Quoting excerpts from Leo's last post:
quote:
"Jim: I share your pain about studio invoicing...... . The big studios
are the worst to deal with, by a long chalk. One requires every payee
to register on their online accounting system, upload a ton of paperwork
- invoice, W-9, etc. - in PDF form to exact specifications
(which that system will reject if not followed to the letter),
Leo really has a good understanding of the situation.
You wouldn't believe the piles of paperwork and hoops of minutia I had to
jump through when first registering with each of the studios & distributors.
My favorite was one organization which required me to download, print
and fill out a form which then had to be hand-signed, using only BLUE
ink, and then sent back to them via US postal snail-mail.
I looked all over my house & couldn't find a friggin' blue ink pen.
All I had were black. I went to my neighbor across the hall, and
we dug through several kitchen & desk drawers, and she didn't
have a blue pen either. I wound up having to walk several blocks,
in the rain, to my local Walgreens to buy a blue pen. - - - and of
course I couldn't buy just one, I had to buy a pack of 8 or so.
. . and then I had to look all over my house for an envelope & a stamp.
Gimmieafrigginbreak!
Now that I'm 'registered' with everyone, it usually takes about 30-45
days for them to process my invoices, but that's pretty normal for
any buisness/billing cycle.
(Although a couple of distributors often pay me within 10-20 days.)
As for the Sony hack- I really don't givacrap who's responsible, I just
want my money! ![[thumbsup]](graemlins/thumbsup.gif)
| IP: Logged
|
|
|
|
Bobby Henderson
"Ask me about Trajan."
Posts: 10973
From: Lawton, OK, USA
Registered: Apr 2001
|
posted 12-11-2014 05:44 PM
quote: Marcel Birgelen
Sony has a history of not giving a flying f*ck about IT systems security. They should be banned from using computers ever again: From now on it's back to typewriters, large filing cabinets and homing pigeons.
You said something earlier about not blaming someone without first coming up with credible evidence, not picking on an easy target, etc. How do you know the entire fault resides solely with Sony?
I'm not trying to defend Sony by any means, but the company did spend more than a billion dollars on systems upgrades after the Playstation Network hack. There's no doubt other victims of massive security breaches, such as Target and Home Depot, have spent a fuck-ton of money on computing systems and still got cracked anyway.
It's fairly likely some level of end user negligence or even maleficence took place within Sony's operations to make this hack possible.
However, the software engineers and other people who make decisions in how computer software and hardware sold to companies like Sony are also suspect. Both White Hat and Black Hat crackers have been breaking into computing systems and devices controlled by computers on an almost routine basis even despite diligence on the part of users to keep their devices secure.
The situation with computing security seems to be getting worse and worse. I think two things need to be done. First, the computing industry needs to provide a lot more incentive to White Hats to find security bugs before Black Hats do. Second, some way has to be found to bring computing criminals to justice. The first proposal is very do-able. But the second is probably impossible considering many of the Black Hats are in non-extradition treaty countries like Russia and China.
| IP: Logged
|
|
|
|
Marcel Birgelen
Film God
Posts: 3357
From: Maastricht, Limburg, Netherlands
Registered: Feb 2012
|
posted 12-12-2014 04:37 AM
quote: Bobby Henderson
You said something earlier about not blaming someone without first coming up with credible evidence, not picking on an easy target, etc. How do you know the entire fault resides solely with Sony?
I never said the ENTIRE fault resides solely with Sony. Still, if such a thing happens to you, you better be humble and go sit in the corner, ashamed, before you start pointing fingers at evil Kim Yong Un or whoever comes in handy. Because, even if it was *them* who did it, you f*cked up likewise.
The PSN hack actually triggered the replacement of two of my credit cards (one of those never worked because of reasons unknown, yet apparently ended up being stored in their system anyway) and my personal information got probably stolen. They never even dared to inform me about it personally, it was the credit card companies who did so.
If you read the many reports about what actually happened in the case of the PSN hack, it was clear security has always been an afterthought. So, Sony apparently spent a billion dollars on security upgrades. Great, now what? Do we need to feel sorry for them? They could have avoided the whole disaster by spending a fraction of that before the fact. Also, the rootkit incident from 2005, where Sony infected hundreds of thousands of machines with something that essentially was a Trojan via their half-baked DRM is also still not forgotten.
quote: Bobby Henderson
There's no doubt other victims of massive security breaches, such as Target and Home Depot, have spent a fuck-ton of money on computing systems and still got cracked anyway.
Seemingly they either still didn’t spent enough or they spent it wrong. Leaking MILLIONS of credit card accounts without getting noticed before it's too late... Sorry, but your security sucks. No excuses possible.
quote: Bobby Henderson
It's fairly likely some level of end user negligence or even maleficence took place within Sony's operations to make this hack possible.
Hacks are often at least partly caused by social engineering tactics or rogue employees. Still, this is no excuse for shitty security, especially at those kind of monster companies. You should know this can and will happen if you don’t take appropriate measures.
quote: Bobby Henderson
However, the software engineers and other people who make decisions in how computer software and hardware sold to companies like Sony are also suspect. Both White Hat and Black Hat crackers have been breaking into computing systems and devices controlled by computers on an almost routine basis even despite diligence on the part of users to keep their devices secure.
Yeah, both NSA and the Chinese government have been suspected of implementing backdoors in commonly used IT gear. In the end they might have caused more harm than any good with this kind of questionable behavior.
But honestly, if you look at the stuff out there, this hack was most probably far less sophisticated as other high profile hacks. It's most likely just the contents of one of their internal file servers. So, this has all the makings of just lame security and a failure of internal policies, not some secret North Korean uber-hacker-ninja-squad.
quote: Bobby Henderson
The situation with computing security seems to be getting worse and worse. I think two things need to be done. First, the computing industry needs to provide a lot more incentive to White Hats to find security bugs before Black Hats do. Second, some way has to be found to bring computing criminals to justice. The first proposal is very do-able. But the second is probably impossible considering many of the Black Hats are in non-extradition treaty countries like Russia and China.
Well, third, and probably most importantly: We need to drastically change our approach to this thing called "IT".
We blindingly continue with hooking everything together, from tablets, smartphones to refrigerators. All this, using half-assed, often unproven technology, which often randomly fails. We keep pushing ever more of our personal data into some kind of "cloud", often without even knowing or caring about the potential implications.
Vendors need to do their part too obviously, but it's primarily the fault of many of those companies out there, who just don’t take their IT and communication systems serious and are simply not putting in sufficient amount of efforts to secure them properly. IT systems security doesn’t come cheap and essentially doesn't add anything to the bottom line, so why care?
So, I think people should be mad if their personal information lands on the street, almost always due to incompetency and corner cutting at those corporations who caused the leaks. In this particular case, it wasn't so much the personal information of the lowly worker-class bee that became public knowledge, it squarely exploded in Sony's face. A simple sorry and some free credits won’t fix anything this time, they've been caught with their pants down.
Still, I'm simply unable to feel even remotely sorry for them, the only ones who I feel sorry for is those who are affected by it, like Jim for example.
| IP: Logged
|
|
Bobby Henderson
"Ask me about Trajan."
Posts: 10973
From: Lawton, OK, USA
Registered: Apr 2001
|
posted 12-12-2014 10:50 AM
quote: Marcel Birgelen
We blindingly continue with hooking everything together, from tablets, smartphones to refrigerators. All this, using half-assed, often unproven technology, which often randomly fails.
The problem is that sounds like it's far more the fault of the people who made the actual damned products rather than the end users buying the products. They're the ones who engineered the hardware and software. They're the ones who didn't write the code well enough to plug any vulnerabilities.
Software companies are getting pretty damned cheap and greedy these days. They're outsourcing a lot of code work to Lord only knows where to save on labor costs and improve the company's stock price. And they're cobbling in lots of open source code too, some of which is also highly suspect. When you're writing software for free as a form of charity work just how diligent are you going to be in making sure the final "gold code" is secure? Despite all that cost savings work the software company is still going to charge as much as it can get away with for that end product.
It's not an end user's fault or IT guy's fault if some horrible zero day exploit is found in Microsoft Windows, Sun Java or whatever. That's on the heads of the people who created the software. End users and IT guys can only take action after the vulnerability is discovered.
That doesn't absolve end users from their own responsibility. I'll be the first to blame an end user for deliberately or ignorantly doing risky things with a computer. But the fact remains that a bunch of things are out of our control. Even the notion of buying a Mac or iOS device is no longer a guarantee of safety, as seen by some news-making hacks lately (like the Chinese government hacking iOS devices used by protesters in Hong Kong).
| IP: Logged
|
|
|
|
All times are Central (GMT -6:00)
|
This topic comprises 17 pages: 1 2 3 4 ... 15 16 17
|
Powered by Infopop Corporation
UBB.classicTM
6.3.1.2
The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion
and agrees to release the authors from any and all liability.
|
Home
Printer-friendly view of this topic