Sony Pictures Hacked - Corporates could be biggest SAFE users


#1

Read this short blog about today’s threat to Sony Pictures by GOP hackers and recall the endless massive hacks of banks and retailers (that will only increase), then consider what a boon to corporates SAFE could be.

Corporations like Sony Pictures could be massive adopters of a secure communications and storage system with the right mix of communications, file sharing and NoSQL services.


#2

And yet some of them wont like the transition. It forces on them the same type of trade of their power (unjust power in their case) that they have been forcing on populations. By joining they empower populations. Those getting hacked were likely targeted because they were against empowerment of ordinary people in the first place. So many of them seem to be in the crackdown club. They benefit from austerity and other fraudulent nonsense.


#3

More on this:

As the article mentions, due to the nature of this hack, with wiping of MBR and overwriting of files on all drives a part of the hack, forensic recovery is most likely impossible. At the same time all logins are being exposed so they could hardly even restart this network if they want to.

Even the author asks: “So, how does a company recover? Burn whatever’s left and build something entirely new and different?” - Id say it would be worth investigating. This could really be the case use example for a safe approach. But it will rely on the encryption of safe being exceptional also.

Of coarse since RSA was part of the encryption suite they used, and this has already shown to be broken by Snowden and others (the Boeing hack) they had already made some bad decisions.

As the security designed by the homeland evolves this almost looks like the first corporate espionage attack, it may even have been sanctioned. No other reason to make such effort to destroy the network.


#4

This should become the poster child of what happens when your organization is not on SAFE…doesn’t get higher profile than this in the Publics eye.


#5

But in the end SAFE could only have protected against the wiping, I think. It doesn’t necessarily protect you from login credentials being stolen and releasing confidential data.


#6

In this instance yes, if, as safe is intended to do, we write apps that link to safe natively then the possibility of access being granted to a signing key or similar is easier to manage and less prone to hack-ability (something like trezor). These have security beyond the RSA keys being currently used worldwide and they are source checkable.

Still Im not sure how this will scale to an organization of this size.