But what about e-mail? IM? Interwebs? Facebooking? Really??? Buy a 2nd, low end PC, wirelessly connect it to the corporate network, and volia! Hell, you could even use a KVM for this purpose, if you'd rather not spring for the expensive $400 laptops. Don't take the easy approach of connecting the networks in a way that only allows for RDP sessions--a determined hacker with unlimited funds (e.g. state sponsors) would figure that one out.
But what about Adobe Cloud or whatever program needs to connect to the Internet? Most such programs have alternative options for air-gapped networks (e.g. a license server), and a company like Adobe could be brow-beat by a company like Sony into disabling phone home. For high-risk applications where you can't talk your vendor out of phone-home, it's time to look for a new vendor...
Demand Letter: http://krebsonsecurity.com/wp-...
I can hear Barbara Streisand's voice now... (Well, what I hear is "her" voice from the Mecha-Streisand "South Park" episode...)
I wouldn't be surprised if someone at Sony were responsible for sending this email as a false-flag operation.
False-flag operation or not, that's a crime. If someone within Sony (or hired by Sony--e.g. their cybersecurity contractor) sent such an e-mail, that person is doing the equivalent of "screaming 'fire' in a crowded theater, when there is no fire". Not protected by free-speech and that person should be criminally charged with a felony.
As has been proven by Stuxnet and this breach, unlimited state-sponsored funds ALWAYS beats "networks with layered protection". Big-name companies that spend shitloads of money on security still get breached. 15+ years of "breeding a culture of corporate security" also hasn't worked. But if you require the network to have a physical presence, then you've eliminated your primary attack vector.
I have to assume that data breaches are much worse cost... This one has lost sales, lost goodwill, lawsuits, potential government fines (e.g. HR data), network design changes, etc. Even a $10 million air-gapped network would have been a bargain compared to this mess...
I'm still waiting for a massive Salesforce data breach... That'll be interesting when it happens.
This has hit the point of absurdity. If you are working on military plane designs, working on your next corporate acquisition, or even making movies or music worth tens of millions of $$$, why would you put your prized, unreleased digital files on computers that have Internet access? What kind of batshit stupidity is that? What, so your employees can browse Facebook & check Outlook e-mail at the same time? Such an air-gapped network would easily become an island--one that doesn't need Windows Updates, can stay on an old service pack, gets no software updates that solves 2 problems and but makes a new one (e.g. we know the bugs), and the like. And if those employees really need their Outlook e-mail, IM, or the Inter-Webs where they work, they can have a 2nd very low-end PC, connected to the main network, with a KVM between the two. Might even increase efficiency, given the mind's inability to multitask well. Or give them freaking iPads on a wireless network that's not connected to their "sensitive" work computer.
It boggles the mind that given all these problems, which are increasing in frequency & cost every day, we still have little more than software firewalls & hardware routers between a company's most highly-sensitive assets (files & computers) and the big-bad-Wild-West-no-holds-barred-Internet.
Read up on the Therac-25 incidents of the 1980s... http://en.wikipedia.org/wiki/T...
Looking over the forums, this update breaks Avast Antivirus (forum discussion) and Classic Shell (forum discussion). Problems with Avast are particularly acute and may impact System Restore. Other prevalent issues include the inability to sleep or shutdown, issues with Internet Explorer and Control Panel, and inability to boot into Safe Mode to roll back the update. Some users have indicated that they need to reinstall Windows 8.1 completely. At least Microsoft learned the error of their ways after the April & August updates, and has made KB3000850 optional (for now)..."
Ultimately, this is a case of data getting lost within 30-years worth of mergers and system changes. Both the existence of this instrument and its terms are probably on some long-lost tape that may no longer be readable, or paper copies were shredded years ago. That being said, we entrust that our banks and regulators can dig up such historical information... So what happens when they can't? As was evidenced during the US mortgage crisis, banks are terrible at appropriate document retention, so how could they prove what was paid out and when? More importantly, how much of banks' historical / legacy accounts are complete guesses?"
Link to Original Source
Ultimately, this is a case of data getting lost within 30-years worth of mergers and system changes. Both the existence of this instrument and its terms are probably on some long-lost tape that may no longer be readable, or were shredded decades ago. That being said, we entrust that our banks and regulators can dig up this information historically... So what happens when they can't? More importantly, how much of banks' historical accounts are complete guesses?"
Following a wave of Dark Net arrests that brought down the famous anonymous drug market Silk Road 2.0, all eyes have turned to a marketplace called OpenBazaar that is designed to be impossible to shut down.
Described as the “next generation of uncensored trade” and a “safe untouchable marketplace,” OpenBazaar is fundamentally different from all the online black markets that have come before it, because it is completely decentralized. If authorities acted against OpenBazaar users, they could arrest individuals, but the network would survive.
"If you're thinking about OpenBazaar as Silk Road 3.0, you're thinking about it much too narrowly," Patterson said in an interview last night. "I actually think it's much more powerful as eCommerce 2.0."
Link to Original Source