Speaking as someone who had to wipe several computers and reinstall the operating system because the Sony/BMG rootkit disabled the DVD drive, I need to say I am deriving some satisfaction from this: Lulzsec has hit Sony. Again. For like the, what, 10th incident in the last couple months? I’m not an anarchist and I am not cool with the vast majority of espionage, credit card fraud, hacking, and defacement that goes on. I pretty consistently come down on the other side of the fence on all that stuff. In fact I spend most of my time trying to teach people how to protect themselves from those intrusions. But just this once – and I am not too proud to admit it – I have this total case of schadenfreude going. And not just because Sony intentionally wrote and distributed malware to their customers – it’s for all the bad business practices they have engaged in. Like trying to stop the secondary market from reselling video games. It’s for spending huge amounts of engineering efforts to discourage customers from customizing PlayStations. It’s for watermarking that deteriorated video and audio quality. It’s for the CD: not the CD medium co-developed with Phillips, but telling us it sounded better than anything else. It’s for telling us Trinitron was better – and charging more for it – when it offered inferior picture quality. It’s for deteriorating the quality of their products while pushing prices higher. It’s for trying to make ‘ripping’ illegal. Sony has been fabulously successful financially, not by striving to make customers happy, but by identifying lucrative markets and owning them in a monopoly or bust model – think Betamax, Blu-ray, PlayStation, Walkman, etc.
So while it may sound harsh, I find it incredibly ironic that a company which tries to control its customer experience to the n th degree has completely lost control of its own systems. It’s wrong, I know, but it’s making me chuckle every time I hear of another breach.
Before I forget: Rich and I will be in San Jose all next week for the Cloud Security Alliance Certification course. Things are pretty hectic but I am sure we could meet up at least one night while we are there. Ping us if you are interested!
On to the Summary:
Mike Rothman: Understanding and Selecting a File Activity Monitoring Solution. Interesting new technology that you need to understand. Read it.
Adrian Lane: A Different Take on the Defense Contractor/RSA Breach Miasma.
Adrian Lane: Botnet Suspect Sought Job at Google. I can only imagine the look on Dmitri’s face when he saw this – innocent or not.
Mike Rothman: BoA data leak destroys trust. But at what scale? Are customers rushing for the door because their bank was breached? Since there are no numbers people just assume they do. As a contrarian, that’s a bad assumption.
Rich Mogull: Clouds, WAFs, Messaging Buses and API Security…
Understanding and Selecting a File Activity Monitoring Solution.
React Faster and Better: New Approaches for Advanced Incident Response.
Measuring and Optimizing Database Security Operations (DBQuant).
An Anatomy of a Boy in the Browser Attack. Usually, stay away from vendor blogs, but Imperva has had some good posts lately.
Lulzsec has hit Sony. Again. For the, what, 5th10th breach in the last couple months?
PBS Totally Hosed by Lulzsec. They got just about every single database. Ouch. Where do they find the time to post funny Tupac articles?
Apple Malware Patch Defeated And by the time you read this there will probably be a new patch for the old patch.
Android Users Get Malware. It’s a feature.
No favorite comment this week.