US Lawmaker Asks Sony For Details On Data Breach

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Lawmakers want to know about Sony's cybersecurity practices? Ummm, how about they sucked? There you have it, now go make a new law about security practices that blow ass. :rolleyes:

A senior U.S. lawmaker wants Sony Pictures Entertainment to provide details about its recent data breach and its cybersecurity practices, saying the information will help Congress decide whether new laws are needed.
Click to expand...
 
Like somebody in Congress would have any clue about cyber security practices.

Besides, any new laws coming out of congress would likely be obsolete before they even passed.
 
Like the jackasses in Congress will understand a damn thing Sony may tell them. WTF is the point?
 
Scythe said:
Like the jackasses in Congress will understand a damn thing Sony may tell them. WTF is the point?
Click to expand...

I'd like to hear the truth which is very likely to be one of two scenarios:

1. Sony's IT team is underfunded, understaffed, and did their best with limited resoruces whilst cries for help and warnings of potential threats were ignored by upper management for years.

OR

2. Their IT leadership doesn't know what they're doing.
 
chenw said:
What laws can they make?
Click to expand...

Scythe said:
Like the jackasses in Congress will understand a damn thing Sony may tell them. WTF is the point?
Click to expand...

The questions need to be asked, but yeah, it's pretty tough to keep up with this shit.

If these companies want to collect all of this data, there needs to be standards for security and penalties for failure. That's hard to put in place.
 
Ultima99 said:
I'd like to hear the truth which is very likely to be one of two scenarios:

1. Sony's IT team is underfunded, understaffed, and did their best with limited resoruces whilst cries for help and warnings of potential threats were ignored by upper management for years.

OR

2. Their IT leadership doesn't know what they're doing.
Click to expand...


In other words, nothing some new laws can't fix.

/sarcasm
 
I'm still skeptical that this had anything at all to do with North Korea's government, but that aside asking Sony to advise on security policy is like asking Kato Kaelin what to do about household alarms.
Sony's network failed to be secure, folks got in and trashed their servers. Sony is going to suggest that the perpetrators face harsher penalties if they're caught, which doesn't do a thing to actually prevent future attacks.
One thing to bear in mind is that this attack affects Sony and literally no one else, unless you count the lack of The Interview to the moviegoing public. Their loss is a direct result of a failure of their own security and the illegal actions of persons unknown. By any measure, this is less a Congress issue and more a "Maybe we should listen to our IT department more often" issue. (Possibly, if we give their security people credit, a "Well, we did all we could do" issue instead.)
And let's also be frank here, Sony's history of cyber security isn't stellar, lest we forget the frequent PSN hacks among others. These are also the people who thought it was worth distributing malware along with audio CDs in order to curtail music piracy. Their attitude towards security seems to be to ignore it unless it's to their advantage. These aren't the people who should be writing policy. So at the end of the day we've got the clueless asking the equally clueless for help. This doesn't end well.
 
I'm sure McAfee "Security Engineers" will be right there to help the Congressman interpret what the data means. I am also sure that the new law will somehow require McAfee products. I am also sure those products will not be free and will probably require constant updates and will probably be subscription based.
 
From the healthcare IT perspective the HIPAA HITECH ACT and other similar federal laws are great. Mandates and penalties, encourage security etc. However a majority of the law ends up being "best practices, we recommend" and not "we require, this is law".

For instance its recommended you change your passwords every so often for users but not mandated. Its recommended to encrypt laptops/mobile devices but not required. However if you do follow their recommendation you are not liable for a breach.

The healthcare law if you are for or against it... what was nice is it gave timelines and mandates, and did it in phases. If they did the same with HITECH ACT "recommendation by 2016, required by 2020" it would at least steer the whole country in the right direction.

I could hack a majority of hospitals in the country's user passwords with about 10 passwords.
 
Scythe said:
Like the jackasses in Congress will understand a damn thing Sony may tell them. WTF is the point?
Click to expand...

918746d1370961072_another_scandal_hillary_sex_dr.jpg
 
nutzo said:
Like somebody in Congress would have any clue about cyber security practices.

Besides, any new laws coming out of congress would likely be obsolete before they even passed.
Click to expand...

Won't even bring it to the floor Harry is gone in January. I suspect your complaint will reverse. But no worries Obama will find his veto pen and nothing will still happen.
 
The more and more that comes out of this, the more and more I think it was an inside job.
 
Okay, I don't think that any of you understand that this "f'ing bozo lawmaker" is only trying to protect us. First, remember that most of them are attorneys, and attorneys think that they can understand anything in a few minutes.

So, this person that lacks any knowledge of the Internet, or pretty much anything else other than how to extort funds out of constituents, wants to help us by passing a law that they could never understand.

Fortunately, they have helpers that give them money and ideas, like the MPAA and RIAA to name a couple. Come on people, support your local hero. :(
 
chenw said:
What laws can they make?
Click to expand...

Standards are sometimes a good thing. I've worked for contractors that wouldn't even let you bring a calculator into the building, but the DoD would let its dumbass people do whatever they wanted. Then they would wonder why their networks kept getting hacked.
 
I hope this was some massive marketing ploy by Sony so the U.S government can tell them to go F*** them selves for wasting time and money.
 
Ultima99 said:
I'd like to hear the truth which is very likely to be one of two scenarios:

1. Sony's IT team is underfunded, understaffed, and did their best with limited resoruces whilst cries for help and warnings of potential threats were ignored by upper management for years.

OR

2. Their IT leadership doesn't know what they're doing.
Click to expand...

Or option 3:

Sony knew "The interview" was going to be a 40 million dollar flop and needed a way to drum up some quick hype about it to retain relations with two large actors. As with any film they got some threats (every movie gets them) so they used it as an opportunity to drum up the PR for the film running the whole "Merica doesn't hide from threats" concept.

Issue was somewhere during this someone internally at sony that had a bone to pick did a mass dump of info and of course Sony can't just go "Oh well we were doing a PR stunt but this is real" so they had to roll with it while they started headhunting internally for the source of the email leak.

As the entire thing started to snowball Sony couldn't just admit they did it as a stunt or face some serious backlash on all levels and started doing damage control and covering it up.

That was basically my take on this entire thing from day one, North Korea will jump on any chance to show they pulled one off on the US and so for them to go "Nope not us" instead of "This was a test of our glorious cyber warfare unit" tossed up a red flag and just how things have been handled on a PR front really is making me believe that this is a big PR ploy to keep from ending the year on a big flop in theaters.
 
You must log in or register to reply here.
Back
Top