Slashdot Mirror
Sony Hires Former Homeland Security Infrastructure Protection Chief
jmobley6030 writes with a bit in Gamer Gaia about Sony pulling out the big guns for their security infrastructure. Quoting: "Months after the great PlayStation network attack things are starting to get back to normal around the gaming world. While it doesn't seem like another hack attempt will take place anytime soon Sony is fearful that it could happen again. Sony announced today via their corporate news feed that they have hired Philip R. Reitinger, a former Homeland security official, as Chief Information Security Officer at Sony."
Now I won't be allowed to wear shoes when I sign on to PSN.
They should put a signs that read:
"No infiltrations in the last N days"
This guy is so unknown he had to post his own story?
Considering the success that was achieved by homeland security in regard to preventing terrorism within united ............. oh wait .......
Read radical news here
There must be a hidden synergy in there somewhere.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
They hired a former DHS official for help with their security? Are we sure he's not going to be a liaison between Sony's IP and Washington DC lawmakers?
Sony is picking the sort of guy who wont know what hes doing, who seems to have no ties to the hacker community, who graduated from Yale so he's going to seem like another elitist. If you look at who he has worked for, he's connected to governments and law enforcement which goes to show what Sony's priorities are.
Sony should be hiring from within the hacker community. Hiring this guy wont accomplish a damn thing, while this guy might know about the community from the big brother pro government perspective it's very unlikely he will actually understand the community from the perspective of someone who was actually a part of it.
Sony and companies in this position need to start hiring some of these hackers. Look at the situation, you have thousands of young talented hackers. As the unemployment rate rises, they'll be easily recruited or much more likely to join organizations like Anonymous.
The best thing Sony could do is hire some of these people, the policy of arresting hackers is dumb. It's like arresting amateur scientists, or arresting mathematicians. The fact that they selected this guy shows me they are focused on arresting them and are going to treat it as a low enforcement problem rather than as a technical and cultural problem.
Sony's problems are technical and cultural. Technical because they design their products in a way so they can only make money with absolute control over how the products are used but then they don't even know how to maintain that control technologically, and second they typically take stances which go against the wishes of millions of people in the hacker community, the gaming community, etc. They simply don't care at all about the customer, the fan, the hacker, the people who buy their products. This lack of respect for the culture of those who buy the product is the main part of the problem.
And this new guy they hired does not seem to come from the sort of backround that most gamers, hackers, or fans come from. He's a hyper connected lawyer who happens to know computer science. When they should have found someone who knows computer science and who happens to understand the law, with connections to the hacker community as well as to the government. This guy is going to be seen as an outsider, a government suit and the hackers are going to attack Sony harder.
Now we (well, PSN subscribers anyway) will be subjected to months worth of daily updates - informing us what color of alert we're under.
In all seriousness, maybe this guy actually has the chops to manage (as in not-hands-on running) the network security for Sony. They certainly picked a high-profile suit for the job. And that's the part that worries me. It feels like looks matter more than expertise. Doubtless there are many who are equally, or better, qualified for the job but whose resume's lack marquee value. If I were picking a throat to choke if my network every got boned like that again, I'd be going for the talent and not the name.
Coming into a multiplayer Flag near you. One frag, one grope. two frags, two gropes. server blacklists (at last yay !) and many, many mooooreee !!!
it sounds better when you put something into musical form doesnt it.
Read radical news here
When security is bad due do not funding the costs needed to keep security up to date / staff it.
http://slashdot.org/story/11/05/05/1455249/Sony-Running-Unpatched-Servers-With-No-Firewall
http://yro.slashdot.org/story/11/06/24/1642247/Lawsuit-Claims-Sony-Canned-Security-Staff-Just-Before-Data-Breach
let's see no firewall, lagging updates and lay offing staff needed and you want that systems not to be hacked?
A movie company hiring the chief of Security Theater. What's wrong with having a merger of two largee entertainment forces?
"There is more worth loving than we have strength to love." - Brian Jay Stanley
um, subject really says it all.
At least I'll get some action now.
Be seeing you...
Chief Information Security Officer is a manger job not a tech job while tech skills may help a hackers is better used at a more hands on level.
Sony likely sees that they now have two problems: 1) lack of security and 2) perception of lack of security
If this guy can't help with #1 then there is a chance he fits the bill for helping with problem #2.
I think you underestimate just how much I just dont care.
But it's not about law enforcement. It's about politics and just like you can't change people politically by mass arrests, you can't threaten to arrest hackers and expect that to stop an organization like Anonymous. These organizations see Sony as an existential threat.
You cannot solve a political problem with law enforcement. Sony if they were smart would hire some of the hackers in the hacker community. Adopt a new culture which accepts and embraces the hacker community, and over time their stock will rise in the hacker community and then they could have better security by working with their hacker community ties. The problem is they are going entirely authoritarian, which is exactly the wrong direction to go politically if they want any sort of political cover or to not be seen as the most evil. I mean to hire the head of some government agency, a guy who if you look at his resume and record seems to have absolutely no experience with the hacker community, the gaming community, nothing whatsoever. He went to school for computer science and then went to Yale of all possible schools for law.
What is this man's backround? What are his political beliefs? Is he just another law and order government robot type who wants to make arrests and solve crimes? If that's all he is, he's exactly the wrong sort of person. What is his technical skill level? Does he have any skill outside of the classroom? Once again the government types usually think anything can be learned in the classroom setting, and that this setting can make up for the lack of actual experience in the hacking community. I'm talking about the IRC channels, the knowledge of the various groups, but most importantly knowing who is what.
I will assume since this guy headed a government agency that he either would know the hacker community inside out or he should have a connection to someone who does. The problem is if the only thing he plans to do is outlaw their activities and then find ways to arrest them, this isn't going to be very popular. More lawsuits? More arrests? More busts? That is more potential talent that goes to waste sitting in prison or in jail.
Sony has a cultural problem. Sony as a corporation has an authoritarian culture. A culture where Sony must have absolute control over everything in order to make a profit. This culture has to change, and it's more important to change this culture than to simply arrest all the anti-authoritarian hackers who don't share that culture. It's also more efficient to hire some of these hackers than to just arrest. And of course the guy they choose to solve all their problems at least from his backround and resume, looks to be another authoritarian type.
I can hope that he's different but given Sony's history, and given his resume, he's exactly the sort of character that Anonymous is going to gobble up. This could actually cause Sony to get attacked more frequently. Sony likely was thinking that this guy has connections to the feds, has at least some backround in computer science, and has a law degree from Yale with plenty of experience working for X amount of companies. This is all well and good but if this guy were serious, and were a part of the community, he would be giving an interview with Slashdot.
I'm sure PSN members are in for all sorts of joyful changes and invasions of privacy.
There is no right to feel safe thru security vaudeville at the expense of everyone's freedom, privacy and tax money.
Chief Information Security Officer is a manger job not a tech job while tech skills may help a hackers is better used at a more hands on level.
I know what the job is. But Sony is a tech company. How are you going to be a Chief Information Security Officer at Sony and not have tech skills? I'm not saying this guy doesn't have tech skills, I'm just saying he seems to be focused on law and that's not going to help him deal with some of the type of problems which can only be solved technologically.
If he's the guy in charge, and we are using Microsoft as his gauge, once again he's associated with all the wrong companies in my view. It's nothing against the guy, he might know what he's doing.
Um, so now, PlayStation Network will be even easier to crack?
I would have hired that network admin from San Francisco.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
This guy was hired to run their security. Hiring a hacker will be helpful for understanding your attackers, but a hacker will understand the corporate culture about as much as Mr Reitinger will understand the gamer/hacker/fan community. Hire former hackers a soldiers in your security arsenal but generals need to be able to survive the corporate ranks.
Corporate culture is what is causing Sony to be targeted. Sony is the target of hackers because their culture is so messed up, so authoritarian, that most hackers find it completely unacceptable and they try to spread their culture through their products with lockins, lock downs, and all kinds of bs. It's that culture which I advocate should be changed in order to save Sony.
Because if they keep their authoritarian corporate culture, sure they can hire this guy who might understand that culture but then they run the risk of not understanding the hacker culture or wider internet culture in general which is the source of all their problems. They need to hire a sociologist or an anthropologist because they just have not been able to adapt to the internet age at all.
So it is fair then to look at the last time he "managed" a "security org".
Honestly, I think people get that, that is the point. The DHS and particularly their idiot step-child the TSA... which is more theater organization or acting troupe than "security".
If this is a management job then, so far, unless he can claim "leaving the DHS" as a good decision, then there is good reason to question this one.
Still crying over Android destroying your piece of shit iPhone?
Are you going to snuff yourself when your cult leader Jobs takes a dirtnap loser?
First off hiring criminals to fight crime is stupid, as much as the criminals might think it's a great idea. Makes good TV, and lousy reality. So what if they can close the security holes, they are the types that will help you secure all your data, while they make a few persona copies and post your internal memos onto wikileaks?
Secondly You refer to him as a hyper connected lawyer? Did you read the article, or google him?? He's an computer science and electrical engineering guy. A VERY appropriate resume for the job.
They're too big to go down quick but every move is as stupid as their last ignorant move. I don't understand how they got so damn big without any clue at all. This is just what they needed, a DHS guy. He'll fuck with their legitimate customers and piss them off while the guys he's supposedly going to stop from running through Sony's systems just laugh at him. I wonder if Sony will ever wake up.
They already have someone working for their conglomerate who is way more qualified. Not going to name names but you know who you are. This is a public relations appointment and the people who matter aren't impressed. Missed your target Sony. Congratulations, now you're an even bigger one.
And here is a quore from http://www.pcworld.com/article/11067/why_the_feds_fight_encryption.html himself.
U.S. law enforcement depends on its ability to search a suspect's computers to prosecute all kinds of crimes from terrorism to drug trafficking, child pornography, and fraud, Reitinger said at the conference, sponsored by the Smart Card Forum.
There's no worse feeling for a law enforcement official, Reitinger said, than finding that a confiscated computer is full of documents that have been sealed up by strong encryption.
The problem with this approach is it has a negative impact on the community itself. It's impact could mean the criminalization of the gaming community. This attitude is very similar to the war on drugs, it's a cultural disagreement with one side having and flexing political connections to strong arm the other side. What is or isn't criminal is determined by people at Sony who have no connection to the community and who don't care about the culture. Reitinger is a law enforcer, and he's good at fighting crime, but this isn't a problem which will be solved by simply arresting a bunch of people.
Just like drug dealing didn't stop after all those arrests, neither will file sharing, or hacking, or anything else. The difference here is hacking is mostly a political crime, at least the sort of hacking that affects Sony. If we remove politics from the equation then everyone can agree that the hackers are the bad guy, the problem with Sony is Sony has become the bully, and the bad guy to the customers (the community) as much as the hackers have and thats the problem I'm talking about addressing.
Sony ultimately is a technology company not a crime fighting company. If they want to become a copyright crime fighting company they can go ahead, but their political positions and take no prisoners crime fighting mentality has led to them suing file sharers, tinkerers and others who are punished merely for finding bugs in their system or their business model. And rather than change their business model or come up with a different solution, such as how Google would do or Microsoft would do, instead they sue and arrest, creating the most political environment possible and dividing the gaming, hacker, and other communities in such a way that when they do get hacked their own customers cheer the hackers. This is the essence of their problem.
If they needed a law enforcement guy, did they have to get the head of the DHS? Out of every guy they could have picked it had to be a guy coming from the DHS? I'm sure there were other guys who could have done the job but who didn't have that kind of political baggage.
This doesn't add up.
If said Mr. Philip R. Reitinger IS actually a frm DHS employee and an "Official" then he can not disclose any information regareding Depatment of Homeland Security or else face charges of Treason punishable by death.
That is just a "snipet" of the Rules.
So, if this Reitinger was "some kind of" an Offical at DHS, then the story does not hold water ... FBI and DIS are watching him with the greatest of specifisity.
Rather, this Mr. Reitinger was a "student intern" at DHS then it is clear.
You have to understand that even today, companies in Japan like Sony et al. do not absoultly NOT question the resume of a potential employee ... for them its just not proper.
This is why fmr Diet Elected Officials and employess have claimed to have various degrees from University's in North America only to be discovered to be fruads ... and worse ... when called out and then take NHK "in tow" to UCLA to "discover" no records of enrollment! What a scam. But this IS what they do, time and time again.
People like Reitinger are preditors, knowing that Sony nor any other company IN JAPAN would ever question the validity of their outreagous resumes.
What would I do, if I were the resume examing official of Sony?
I for one would ask Mr. Reitinger out for some drinks at a bar that I know, close to Tokyo Station.
Afterward I would lead him to a back alley near Tokyo Station, very noisy, and kill him without thinking about it or even caring about it and not even feeling any remorse about it. Just Do It. And I do it. He never deserved to live ... I'd say. I would not even take what ever small change was in his walet. I check .. .then laugh. He already hurt too many. Justice served.
I guess I've lived in Japan too long. Doumo arigatou minnasan. This story gives life to me again. I remember who I am. Please give me more stories just like this ... more life.
Ja ne
So their response is to ramp that up a notch by hiring Yaley McTrustfund there?
Why don't they just do a press release saying "All hackers are whiny pussies. P.S. your moms agreed while we were ass pounding them last night." and be done with it?
If you were blocking sigs, you wouldn't have to read this.
He never asked for this
So this brings up an interesting point since it's something I had discussed with a person from the hacking community trying to join ISC2 (@wimremes) and bring more technical aspects to the "Infosec" industry.
As of right now the "Infosec" industry is dominated by corporate and military pencil pushers and not much else. I'm not exactly sure how they got into that field other than the fact that they got direct training from the US Military security practices (this is also a big reason why the Infosec community is very heavily US dominated).
But the core reality is that these people, for all intents and purposes, are not technical in nature and have no idea what they're getting into as far as the civilian "wild wild west" internet mentality.
On the other side of the fence is the far less professional, less formal group of "hackers". These guys aren't really taken seriously by the professional community, but in general are the source of the kinds of things that Lulzsec and Anonymous does.
I know Wim had talked about wanting to try and come up with a solution to help bring both communities together not only at a professional level but a certification level. I'd recommend any ISC2-certified individuals to nominate him so we can try to bridge the gap.