Just read this which is quite worrying: http://home.bt.com/tech-gadgets/tech-news/sony-kept-passwords-in-a-folder-called-passwords-11363948248105


Sorry about the spelling of major in the title by the way!

CCNA Edit I fixed it, it was bugging me...

Thankyou CCNA it was bugging me too!

They literally kept all of their passwords in a folder on their system labeled "Passwords"? I've felt bad for Sony before for these things, and no one deserves to get hacked like that, but... Come on Sony, that's just a dumb decision lol.

I get the impression they're hiring their security experts from the local circus, you know the ones with the red noses and huge shoes!

That's like hiding your pormography in the "Not pormography" folder.

Lets just hope they havn't got all their clients bank details in a file marked " clients bank details" as well.

Seriously? Is like I saying that my old Facebook password is You shall not pass in Italian.

Meh, as long as it's properly encrypted, i don't see a problem. If it takes a hundred years to crack the encryption, they could post the folder on their website with a huge flashing title "ALL OUR CUSTOMERS PASSWORDS ARE HERE". Would probably be bad for business, though

That's just it, it was not encrypted, it was right there for anyone browsing the directory.

It does not matter how good your locks are if you hang the key from the doorknob.

Is Sony really being honest because that is hard to believe. I don't buy that. They're leaving something out.

They almost have to own up to things like this. Liability for one, if they knew about a security breach where passwords were compromised and did not tell anyone, that could make them liable. The Target CEO lost his job because he sat on news of their breach for a couple of months. Also if you know you have to give out bad news, it is better to take the bull by the horns and initiate it, rather than scramble around after the fact trying to explain both what happened and why they did not tell people their security was compromised.

In the world of public perception, the first press release sets the tone. While bad news, at least Sony has more control over the dissemination rather than trying to come up with a way to explain it.

Finally, because they are a publicly traded company, there could also be SEC reasons as to having to own up to bad news that could potentially affect the stock price.

This is like the third time this has happened. I mean, they're always getting hacked.

Is this because of careless mistakes like this than?

I mean, wow.

I find it kind of amusing that the blame was pointed at North Korea for this, to try to stop Sony from releasing "The Interview." When asked, North Korea just replied "Wait and see."

Also it's being reported that around 100TB of data was taken. If that is true....how does a network admin or Incident Response team not see that much traffic going to an unknown destination.

Edit- Also it's important to note that this was Sony pictures, the movie side of Sony, not the gaming side of Sony.

Edit 2- Sony probably fired all of their network security guys and hired an army of lawyers to replace them.

I you had dozens or hundreds of people trying to break into your house every night, they would find a way in eventually. Security is a never ending process. Some times it can be from a trojan that got attached to an email that opens up a TCP port, or even a TCP port from some software they run that allows entry into their network. It takes a dedicated team working 24/7/365 to protect any computer network that is attached to the internet.

If you want to find out how bad it is, turn off your firewall and connect your PC directly to the internet on a public IP. It will be infested or probed in minutes and this is just from bot programs going out there and "rattling the locks" to see who is vulnerable. Which is why having a router that hands out private 192.168.x.x addresses to your internal machines and mapping that to the public IP is so paramount to having a secure machine. There are still ways around this, but the people who know how to do that are not bothering with Joe Schmoe's PC. Or they use email or malicious websites to gain entrance.