Film-Tech Cinema Systems
Film-Tech Forum


  
my profile | my password | search | faq & rules | forum home
  next oldest topic   next newest topic
» Film-Tech Forum   » Operations   » Ground Level   » Sony Hack Hits Home (Page 1)

 
This topic comprises 17 pages: 1  2  3  4  ...  15  16  17 
 
Author Topic: Sony Hack Hits Home
Jim Cassedy
Phenomenal Film Handler

Posts: 1661
From: San Francisco, CA
Registered: Dec 2006


 - posted 12-10-2014 05:08 PM      Profile for Jim Cassedy   Email Jim Cassedy   Send New Private Message       Edit/Delete Post 
Almost 99% of my work now involves various studio preview, press
& Academy screenings, as well as some 'invitation only' events for
film-makers & their guests.

For many of these events, I have to bill the studio/distributor directly.

I suppose by now, you've all read or heard about the big hacker attack
at SONY Pictures a week or so ago.

So, the other day I got an e-mail from SONY informing me that I will
have to re-submit all my invoices for the last several jobs I did for
them in November, and that there would most likely be "a bit of a delay"
in getting my paychecks cuz their accounting system "is still a mess."

Thank You, North Korea!

-->In case you have no idea what I'm talking about go here:

 |  IP: Logged

Dennis Benjamin
Phenomenal Film Handler

Posts: 1445
From: Denton, MD
Registered: Feb 2002


 - posted 12-10-2014 05:25 PM      Profile for Dennis Benjamin   Author's Homepage   Email Dennis Benjamin   Send New Private Message       Edit/Delete Post 
It wasn't the North Koreans.

 |  IP: Logged

Marcel Birgelen
Film God

Posts: 3357
From: Maastricht, Limburg, Netherlands
Registered: Feb 2012


 - posted 12-10-2014 05:34 PM      Profile for Marcel Birgelen   Email Marcel Birgelen   Send New Private Message       Edit/Delete Post 
Yeah, North Korea is a lame scapegoat for crappy security.

Sony has a history of not giving a flying f*ck about IT systems security. They should be banned from using computers ever again: From now on it's back to typewriters, large filing cabinets and homing pigeons.

 |  IP: Logged

James Westbrook
Phenomenal Film Handler

Posts: 1133
From: Lubbock, Texas, Usa
Registered: Mar 2006


 - posted 12-10-2014 05:43 PM      Profile for James Westbrook   Email James Westbrook   Send New Private Message       Edit/Delete Post 
North Korea makes a convenient target of blame as they did protest the release of The Interview and then the hacking occurs shortly after, from what I hear...

 |  IP: Logged

Joe Redifer
You need a beating today

Posts: 12859
From: Denver, Colorado
Registered: May 99


 - posted 12-10-2014 07:08 PM      Profile for Joe Redifer   Author's Homepage   Email Joe Redifer   Send New Private Message       Edit/Delete Post 
To me it almost seems like an attempt of viral marketing for The Interview. I have no evidence of this, of course. And I don't know why they'd try to market a comedy about North Korea that way. But I think they are trying to make the most of a bad situation by saying the hackers are demanding them to not release or delay The Interview.

 |  IP: Logged

Marcel Birgelen
Film God

Posts: 3357
From: Maastricht, Limburg, Netherlands
Registered: Feb 2012


 - posted 12-11-2014 03:55 AM      Profile for Marcel Birgelen   Email Marcel Birgelen   Send New Private Message       Edit/Delete Post 
Well yeah, I initially thought along the same lines. Rather coincidental and maybe just another marketing trick.

But, if you look at what actually leaked out of there, I doubt any company on earth would do this on purpose.

Amongst a lot of personal records of actual and former employees (including higher management functions) and some high profile movie stars amongst them, a lot of confidential internal communications, passwords, private encryption keys, some high quality DVD/Blu Ray screeners of recent titles (the most popular amongst them being Fury) were also leaked into the wild.

 |  IP: Logged

Eric Hooper
Jedi Master Film Handler

Posts: 532
From: Fort Worth, TX, USA
Registered: May 2003


 - posted 12-11-2014 04:39 AM      Profile for Eric Hooper   Email Eric Hooper   Send New Private Message       Edit/Delete Post 
I read that Japan is pretty pissed at Angelina Jolie also....

 |  IP: Logged

Leo Enticknap
Film God

Posts: 7474
From: Loma Linda, CA
Registered: Jul 2000


 - posted 12-11-2014 11:23 AM      Profile for Leo Enticknap   Author's Homepage   Email Leo Enticknap   Send New Private Message       Edit/Delete Post 
I was skeptical about North Korea, too. I mean, if they really have the capability to have been responsible for this, that would be inconsistent with the reports that it is a pretty primitive place.

Jim: I share your pain about studio invoicing. Because our place is a 501(c)(3), we have to invoice private rental clients for projectionist services separately from the venue rental (a non-profit can rent out its building and infrastructure without having to pay tax on the revenue, but not the services of its employees, so the two have to be kept separate in the accounting process) and it's my job to do the projectionist invoices. The big studios are the worst to deal with, by a long chalk. One (for political reasons I don't feel comfortable saying which one on a public website) requires every payee to register on their online accounting system, upload a ton of paperwork - invoice, W-9, etc. - in PDF form to exact specifications (which that system will reject if not followed to the letter), and then wait 45 days to be paid. Things have got to the stage that one of my co-workers now refuses to work private rental screenings for this studio. The others aren't as bad, but they still tie you up in red tape.

 |  IP: Logged

Marcel Birgelen
Film God

Posts: 3357
From: Maastricht, Limburg, Netherlands
Registered: Feb 2012


 - posted 12-11-2014 12:21 PM      Profile for Marcel Birgelen   Email Marcel Birgelen   Send New Private Message       Edit/Delete Post 
North Korea might be a very backward place for the average North Korean, but don't underestimate the considerable amount of resources and commitment they can put into such things. For what it's worth, they could also have hired a bunch of "hackers" from somewhere else.

Also, don't overestimate the complexity of the security systems of the average corporation. A simple Administrator password to a Windows domain of such a corporation will give you full access to about anything on many such networks.

Still, before you start blaming someone, first come up with some credible evidence and don't just pick an easy and obvious target as a lame excuse for your own failure to secure your systems appropriately. Because, in 95% cases of all security breaches it just boils down to incompetence from the side of the affected parties. You can easily blame the "other" party: It's THEY who hacked us, but maybe it's time to wake up. If you're a high profile, billion dollar company, you're always a potential target for those kind of things.

quote: Leo Enticknap
Because our place is a 501(c)(3), we have to invoice private rental clients for projectionist services separately from the venue rental (a non-profit can rent out its building and infrastructure without having to pay tax on the revenue, but not the services of its employees, so the two have to be kept separate in the accounting process) and it's my job to do the projectionist invoices.
There's probably a ton of stuff I'm overlooking here and I don't have all the details obviously. But this problem would essentially also arise here. If this would manifest on a regularly basis, I would have the non-profit organization incorporate a new (for profit) company which will then, in turn hire the projectionists on an hourly basis (essentially, it will just request services from the non-profit) and will then invoice the studios for their services. This way, there should be no need to do all the extra paperwork.

 |  IP: Logged

Jim Cassedy
Phenomenal Film Handler

Posts: 1661
From: San Francisco, CA
Registered: Dec 2006


 - posted 12-11-2014 12:59 PM      Profile for Jim Cassedy   Email Jim Cassedy   Send New Private Message       Edit/Delete Post 
Quoting excerpts from Leo's last post:
quote:
"Jim: I share your pain about studio invoicing...... . The big studios
are the worst to deal with, by a long chalk. One requires every payee
to register on their online accounting system, upload a ton of paperwork
- invoice, W-9, etc. - in PDF form to exact specifications
(which that system will reject if not followed to the letter),

Leo really has a good understanding of the situation.

You wouldn't believe the piles of paperwork and hoops of minutia I had to
jump through when first registering with each of the studios & distributors.

My favorite was one organization which required me to download, print
and fill out a form which then had to be hand-signed, using only BLUE
ink, and then sent back to them via US postal snail-mail.

I looked all over my house & couldn't find a friggin' blue ink pen.
All I had were black. I went to my neighbor across the hall, and
we dug through several kitchen & desk drawers, and she didn't
have a blue pen either. I wound up having to walk several blocks,
in the rain, to my local Walgreens to buy a blue pen. - - - and of
course I couldn't buy just one, I had to buy a pack of 8 or so.

. . and then I had to look all over my house for an envelope & a stamp.

Gimmieafrigginbreak!

Now that I'm 'registered' with everyone, it usually takes about 30-45
days for them to process my invoices, but that's pretty normal for
any buisness/billing cycle.
(Although a couple of distributors often pay me within 10-20 days.)

As for the Sony hack- I really don't givacrap who's responsible, I just
want my money! [thumbsup]

 |  IP: Logged

Mike Blakesley
Film God

Posts: 12767
From: Forsyth, Montana
Registered: Jun 99


 - posted 12-11-2014 01:34 PM      Profile for Mike Blakesley   Author's Homepage   Email Mike Blakesley   Send New Private Message       Edit/Delete Post 
quote: Jim Cassedy
a form which then had to be hand-signed, using only BLUE
ink, and then sent back to them via US postal snail-mail.

I looked all over my house & couldn't find a friggin' blue ink pen. All I had were black.

My mom was a banker and to this day it drives her crazy that blue pens are so rare. She always insisted that documents be signed in blue ink so it was easy to tell a copy from an original. (This was before color copiers became so common of course.)

 |  IP: Logged

Bobby Henderson
"Ask me about Trajan."

Posts: 10973
From: Lawton, OK, USA
Registered: Apr 2001


 - posted 12-11-2014 05:44 PM      Profile for Bobby Henderson   Email Bobby Henderson   Send New Private Message       Edit/Delete Post 
quote: Marcel Birgelen
Sony has a history of not giving a flying f*ck about IT systems security. They should be banned from using computers ever again: From now on it's back to typewriters, large filing cabinets and homing pigeons.
You said something earlier about not blaming someone without first coming up with credible evidence, not picking on an easy target, etc. How do you know the entire fault resides solely with Sony?

I'm not trying to defend Sony by any means, but the company did spend more than a billion dollars on systems upgrades after the Playstation Network hack. There's no doubt other victims of massive security breaches, such as Target and Home Depot, have spent a fuck-ton of money on computing systems and still got cracked anyway.

It's fairly likely some level of end user negligence or even maleficence took place within Sony's operations to make this hack possible.

However, the software engineers and other people who make decisions in how computer software and hardware sold to companies like Sony are also suspect. Both White Hat and Black Hat crackers have been breaking into computing systems and devices controlled by computers on an almost routine basis even despite diligence on the part of users to keep their devices secure.

The situation with computing security seems to be getting worse and worse. I think two things need to be done. First, the computing industry needs to provide a lot more incentive to White Hats to find security bugs before Black Hats do. Second, some way has to be found to bring computing criminals to justice. The first proposal is very do-able. But the second is probably impossible considering many of the Black Hats are in non-extradition treaty countries like Russia and China.

 |  IP: Logged

Louis Bornwasser
Film God

Posts: 4441
From: prospect ky usa
Registered: Mar 2005


 - posted 12-11-2014 06:00 PM      Profile for Louis Bornwasser   Author's Homepage   Email Louis Bornwasser   Send New Private Message       Edit/Delete Post 
The FCC logs at radio stations were supposedly to be typed or written with black ink. (because of old copier limitations.) I used red ink in my typewriters and blue ink. After checking all the regulations and finding nothing, I figured that there was no stated law against a small protest.

Later they eliminated any transmitter logging. (Guess I was right?)

 |  IP: Logged

Marcel Birgelen
Film God

Posts: 3357
From: Maastricht, Limburg, Netherlands
Registered: Feb 2012


 - posted 12-12-2014 04:37 AM      Profile for Marcel Birgelen   Email Marcel Birgelen   Send New Private Message       Edit/Delete Post 
quote: Bobby Henderson
You said something earlier about not blaming someone without first coming up with credible evidence, not picking on an easy target, etc. How do you know the entire fault resides solely with Sony?
I never said the ENTIRE fault resides solely with Sony. Still, if such a thing happens to you, you better be humble and go sit in the corner, ashamed, before you start pointing fingers at evil Kim Yong Un or whoever comes in handy. Because, even if it was *them* who did it, you f*cked up likewise.

The PSN hack actually triggered the replacement of two of my credit cards (one of those never worked because of reasons unknown, yet apparently ended up being stored in their system anyway) and my personal information got probably stolen. They never even dared to inform me about it personally, it was the credit card companies who did so.

If you read the many reports about what actually happened in the case of the PSN hack, it was clear security has always been an afterthought. So, Sony apparently spent a billion dollars on security upgrades. Great, now what? Do we need to feel sorry for them? They could have avoided the whole disaster by spending a fraction of that before the fact. Also, the rootkit incident from 2005, where Sony infected hundreds of thousands of machines with something that essentially was a Trojan via their half-baked DRM is also still not forgotten.

quote: Bobby Henderson
There's no doubt other victims of massive security breaches, such as Target and Home Depot, have spent a fuck-ton of money on computing systems and still got cracked anyway.
Seemingly they either still didn’t spent enough or they spent it wrong. Leaking MILLIONS of credit card accounts without getting noticed before it's too late... Sorry, but your security sucks. No excuses possible.

quote: Bobby Henderson
It's fairly likely some level of end user negligence or even maleficence took place within Sony's operations to make this hack possible.
Hacks are often at least partly caused by social engineering tactics or rogue employees. Still, this is no excuse for shitty security, especially at those kind of monster companies. You should know this can and will happen if you don’t take appropriate measures.

quote: Bobby Henderson
However, the software engineers and other people who make decisions in how computer software and hardware sold to companies like Sony are also suspect. Both White Hat and Black Hat crackers have been breaking into computing systems and devices controlled by computers on an almost routine basis even despite diligence on the part of users to keep their devices secure.
Yeah, both NSA and the Chinese government have been suspected of implementing backdoors in commonly used IT gear. In the end they might have caused more harm than any good with this kind of questionable behavior.

But honestly, if you look at the stuff out there, this hack was most probably far less sophisticated as other high profile hacks. It's most likely just the contents of one of their internal file servers. So, this has all the makings of just lame security and a failure of internal policies, not some secret North Korean uber-hacker-ninja-squad.

quote: Bobby Henderson
The situation with computing security seems to be getting worse and worse. I think two things need to be done. First, the computing industry needs to provide a lot more incentive to White Hats to find security bugs before Black Hats do. Second, some way has to be found to bring computing criminals to justice. The first proposal is very do-able. But the second is probably impossible considering many of the Black Hats are in non-extradition treaty countries like Russia and China.
Well, third, and probably most importantly: We need to drastically change our approach to this thing called "IT".

We blindingly continue with hooking everything together, from tablets, smartphones to refrigerators. All this, using half-assed, often unproven technology, which often randomly fails. We keep pushing ever more of our personal data into some kind of "cloud", often without even knowing or caring about the potential implications.

Vendors need to do their part too obviously, but it's primarily the fault of many of those companies out there, who just don’t take their IT and communication systems serious and are simply not putting in sufficient amount of efforts to secure them properly. IT systems security doesn’t come cheap and essentially doesn't add anything to the bottom line, so why care?

So, I think people should be mad if their personal information lands on the street, almost always due to incompetency and corner cutting at those corporations who caused the leaks. In this particular case, it wasn't so much the personal information of the lowly worker-class bee that became public knowledge, it squarely exploded in Sony's face. A simple sorry and some free credits won’t fix anything this time, they've been caught with their pants down.

Still, I'm simply unable to feel even remotely sorry for them, the only ones who I feel sorry for is those who are affected by it, like Jim for example.

 |  IP: Logged

Bobby Henderson
"Ask me about Trajan."

Posts: 10973
From: Lawton, OK, USA
Registered: Apr 2001


 - posted 12-12-2014 10:50 AM      Profile for Bobby Henderson   Email Bobby Henderson   Send New Private Message       Edit/Delete Post 
quote: Marcel Birgelen
We blindingly continue with hooking everything together, from tablets, smartphones to refrigerators. All this, using half-assed, often unproven technology, which often randomly fails.
The problem is that sounds like it's far more the fault of the people who made the actual damned products rather than the end users buying the products. They're the ones who engineered the hardware and software. They're the ones who didn't write the code well enough to plug any vulnerabilities.

Software companies are getting pretty damned cheap and greedy these days. They're outsourcing a lot of code work to Lord only knows where to save on labor costs and improve the company's stock price. And they're cobbling in lots of open source code too, some of which is also highly suspect. When you're writing software for free as a form of charity work just how diligent are you going to be in making sure the final "gold code" is secure? Despite all that cost savings work the software company is still going to charge as much as it can get away with for that end product.

It's not an end user's fault or IT guy's fault if some horrible zero day exploit is found in Microsoft Windows, Sun Java or whatever. That's on the heads of the people who created the software. End users and IT guys can only take action after the vulnerability is discovered.

That doesn't absolve end users from their own responsibility. I'll be the first to blame an end user for deliberately or ignorantly doing risky things with a computer. But the fact remains that a bunch of things are out of our control. Even the notion of buying a Mac or iOS device is no longer a guarantee of safety, as seen by some news-making hacks lately (like the Chinese government hacking iOS devices used by protesters in Hong Kong).

 |  IP: Logged



All times are Central (GMT -6:00)
This topic comprises 17 pages: 1  2  3  4  ...  15  16  17 
 
   Close Topic    Move Topic    Delete Topic    next oldest topic   next newest topic
 - Printer-friendly view of this topic
Hop To:



Powered by Infopop Corporation
UBB.classicTM 6.3.1.2

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.

© 1999-2020 Film-Tech Cinema Systems, LLC. All rights reserved.