Slashdot Mirror


Schneier Explains How To Protect Yourself From Sony-Style Attacks (You Can't)

phantomfive writes: Bruce Schneier has an opinion piece discussing the Sony attack. He says, "Your reaction to the massive hacking of such a prominent company will depend on whether you're fluent in information-technology security. If you're not, you're probably wondering how in the world this could happen. If you are, you're aware that this could happen to any company." He continues, "The worst invasion of privacy from the Sony hack didn’t happen to the executives or the stars; it happened to the blameless random employees who were just using their company’s email system. Because of that, they’ve had their most personal conversations—gossip, medical conditions, love lives—exposed. The press may not have divulged this information, but their friends and relatives peeked at it. Hundreds of personal tragedies must be unfolding right now. This could be any of us." Related: the FBI has officially concluded that the North Korean government is behind the attack.

6 of 343 comments (clear)

  1. Official Conclusion by Anonymous Coward · · Score: 5, Insightful

    Nobody mentioned "The Interview" or North Korea until days after the attack, then it simply appeared from nowhere and asserted itself as the truth. The emails from the hackers are in the stash, and reputable sources who have time to read such things have reported that not a single email from GOP prior to the release mentioned The Interview, only demands for money.

  2. Re:You can stop those type of attacks by phantomfive · · Score: 5, Insightful

    Security is not easy, but it can be done

    Probably not. Do you think your Linux box has no vulnerabilities? (hint: it does). Even if you run OpenBSD (which still has vulnerabilities), are the employees at your company going to use a browser? That will have vulnerabilities, too.

    Which brings us to the biggest security vulnerability, employees. Remember that the most valuable information a company has isn't the root password, it's the documents and emails the employees are working on and have access to.

    So not only do you need to have a perfectly secure operating system (which doesn't exist), you're also going to need secure employees. Good luck at that.

    --
    "First they came for the slanderers and i said nothing."
  3. Re:Sure... by EndlessNameless · · Score: 5, Insightful

    If you air gap email and financial systems, you're stepping right back into the mid-1900s. Back when it took an entire office of secretaries to process correspondence, and another office full of accountants to handle billing and ledgers. Because if those systems are disconnected, someone will have to transfer reams of data in and out of them. That is no longer feasible.

    Your suggestion is so completely impractical, I wonder why you joined slashdog in the first place. You clearly have no understanding of modern IT.

    --

    ---
    According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  4. Re:Sure... by mythosaz · · Score: 5, Insightful

    No, foo. It's called basic common sense -- keeping confidential medical records, SSNs, and personnel files in paper format only, and not allowing them to be scanned or placed in a system connected to the general business intranet, or "the cloud".

    Oh man, you had me going there for a second. I almost thought you were serious.

    Let's all go back to using a typewriter to file our taxes, and when my small-town radiologist wants a consulting opinion on my X-ray, lets have a courier drive it into metropolis for him. He can use a quill to write down his diagnosis and seal the letter with wax and a stamp from his ring.

  5. Re:Sure... by Nutria · · Score: 5, Insightful

    Keeping your personnel files on paper and not the computer?

    Of course, there's always keep your personal shit off the company servers!!! And keep what you do write in company documents at a professional tone.

    That would sure have mitigated a whole lot of personal pain by these supposedly blameless Sony employees.

    --
    "I don't know, therefore Aliens" Wafflebox1
  6. Re:Sure... by DougOtto · · Score: 5, Insightful

    Unfortunately, security is a cost center, not a profit center. That doesn't sit well with the MBA types. Security does not support the success of a business in any obvious way - so we have to use metrics to show value.

    --
    Solving Unix problems since 1989...