I frequently had papers rejected as "not new" without citation and then accepted elsewhere where they told me on request that they checked carefully and found the content was indeed new and interesting. My take is that this may also quite often be "reviewers" that are envious or trying to compete by putting others down, not only ones that are incompetent. Fortunately, I had nothing stolen by reviewers (after they rejected it) but I know people that had this happen to them. As the peer-review system is set up at this time, the best and the brightest need longer to get their things published, need much longer to get PhDs and have significantly lower chances at an academic career as a result. Instead those that publish a lot of shallow and/or meaningless incremental research get all the professorships, while barely qualifying as scientists. The most destructive result of this is that many fields have little or no real advancement going on as new ideas are actively squashed. After all, new ideas would show how abysmally bad at science the current position-holders are. But this is not new. Cranks like Newton had research by others squashed or suppressed, because it was better than his stuff. This is also the reason most scientific discoveries take about one research-career-length to go into actual use. The thing is that the perpetrators of the status-quo have to retire before their misconceptions and mediocre approaches can be replaced. Exceptionally stupid, but all too human.

Personally, I am now in an interesting industrial job, and I still do the occasional paper as a hobby. But I would strongly advise anybody bright against trying for an academic career. Wanting to do research right reliably ensures that you will not be able to do an academic career at all. The core ingredients for a scientific career are mediocrity, absence of brilliance, hard work and a lot of political maneuvering. Oh, and you must not care about doing good science!

Which should tell you something about the actual purpose of law enforcement and "the law". Hint: It is not about truth, honesty or integrity.

You said "no level". Ever talked to somebody that handles highly classified data in some TLAs? No, did not think so. Sure, it is expensive, but you can keep any and all types of attackers out if you invest enough and have the right people defining processes and implementing controls, except for those attackers that can come to you and break down your door or those that can plant people with you long-term. This "there is no way to protect yourself" meme is just BS for the uninformed and has nothing to do with professional risk-management.

What Schneier is talking about is the setting of a large, commercial enterprise that must be profitable. And even there you can keep all that would find your data commercially valuable out, you just need to understand the business aspects of security. True, against resourceful fanatics, that may not be enough. But Sony did clearly not even have the basic level of protection they needed in place. My take is this was some random group of big-ego-mediocre-skill hackers that got lucky and that are now grand-standing. Remember LulzSec? If they were still active, this would be right up their alley.

That is a big "if" there at the end.

Many people that have nothing important to do in their lives are always in a hurry. That servers to project the image of "success". It is a beginner's mistake, but one frequently made.

I really do not care how _you_ waste your time. While it may be true you are in a dead-end job that you do not enjoy and "working" on you phone is your escape from it, I do enjoy my work and I like being efficient at it. I do realize that professional quality-level tools are not the right fit for most people and please, by all means, stick with your toy. As long as BB survives and puts out an actually useful phone now and then, I am fine. You cannot dominate the market with something that is actually really good, people are just too stupid for that.

There is people that understand what is going on, and then there is people like you. Pathetic. But keep pushing your lies, you are just getting more and more obvious every time.

The funny thing is that you are way off. Statistics about gamers show that they have significant disposable income, often families and the "basement dweller" type basically does not exists. I think people with your broken "understanding" of things have become entirely obsolete.

While even that is not really true, who said these attackers where high-skill? That they copied terabytes of data points squarely into the low-skill area, as this is an activity with an extreme risk of being noticed.

There are no useful metrics for black-swan events. That is why messing this up must come with a huge personal risk for those in charge.

No. Really not. They messed up to an extreme degree. They do not deserve any "slack", they deserve to be crucified. Sure, they have large data-flows, but these need to go via controlled channels that look at what gets transferred. Transferring thousands of emails? If that does not raise several red flags, then they either have nothing in place or what they have is fundamentally broken.

Nonsense. You have no clue.

Remember RSA labs that kept the master keys to SecureID on their network? There is nothing simple or easy here and, of course, security costs money and in capitalism you only spend money if there is an expected gain. Unless people high up in management go to prison or the company is fined heavily on such events, nothing is going to change.

This is the right question to ask! IT security st Sony must have been exceptionally bad. Large flows of data from inside to outside is what is most interesting. Competent attackers will only export the minimal amount of data needed, because data export ("data leakage") is the activity with by fas the highest risk of being detected. That "terabytes" were exported shows that there basically was no working security in place and also that the attackers were not very good at this as they did some very risky things.

All you need is security good enough to keep the attackers out. The trick is to find what level that requires. Asking for "absolute security" just shows that you have no clue how security works.