Jump to content

  • Welcome to AngelsWin.com

    AngelsWin.com - THE Internet Home for Angels fans! Unraveling Angels Baseball ... One Thread at a Time.

    Register today to comment and join the most interactive online Angels community on the net!

    Once you're a member you'll see less advertisements. Become a Premium Member today for an ad-free experience. 

     

IGNORED

Sony Cancels The Interview

nate

By nate
in The Official Hangout Forum

 Share

Recommended Posts

  • Replies 245
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

mtangelsfan
mtangelsfan

The point isn't if the movie sucks or not.  This is censorship pure and simple.  This is not a good precedent at all.  We are allowing an outside threat (maybe) to dictate freedom of speech.

mancini79
mancini79

Eff these hackers. Where were they when Dumb & Dumber 2 came out.

AngelsLongBall
AngelsLongBall

Before I weigh in, I need to know whether it's offensive to call North Koreans 'northies'

mp170.6 Just Drafted

mp170.6

Posted
Posted

You're missing my point, Brandon. 

 

HIPAA and other confidential data should not have been stored on common servers like everything else.  It's just like banking.  Just because the FDIC insures your deposits for up to $250,000 doesn't mean it's wise to keep all $250,000 of your money in one account at one bank.

Link to comment
Share on other sites
Brandon Hall of Fame

Brandon

Posted
Posted

But they aren't suppose to be hackable (my attempt at being a troll, let me know how I did)

Theoretically, nothing is suppose to be hackable which is why there are security measures.

MP, no, you're missing my point. I don't even know why you quoted my post to talk about something else.

Link to comment
Share on other sites
mp170.6 Just Drafted

mp170.6

Posted
Posted

Theoretically, nothing is suppose to be hackable which is why there are security measures.

MP, no, you're missing my point. I don't even know why you quoted my post to talk about something else.

 

Nothing is 100% non-hackable. 

 

I replied to you because you replied to Tank's question about HIPAA records. 

Link to comment
Share on other sites
Brandon Hall of Fame

Brandon

Posted
Posted

Nothing is 100% non-hackable.

I replied to you because you replied to Tank's question about HIPAA records.

Just stop.

That was my point.

Whether it's off an exchange server and on a private one doesn't matter, it can still be hacked. He asked why medical records are online, I answered, and you started rambling about different servers.

Link to comment
Share on other sites
gotbeer Hall of Fame

gotbeer

Posted
Posted

I think what Brandon is trying to say is that the files were never online.  They were stored properly behind a firewall and secure servers.  The hackers got behind the firewalls and into the secure servers.  Which is no small feat, unless there was a major security flaw or you had the keys.  Which points more likely to a disgruntled employee.  

 

Now this should be a lesson to all businesses to not trust firewalls and secure servers, and go one step further and encrypt sesitive documents.  It's a pain in the ass since you have to decrypt every time you access it, and it takes up a lot more server space.  But for all we know, they also could have been encrypted.  

Link to comment
Share on other sites
mp170.6 Just Drafted

mp170.6

Posted
Posted

Just stop.

That was my point.

Whether it's off an exchange server and on a private one doesn't matter, it can still be hacked. He asked why medical records are online, I answered, and you started rambling about different servers.

 

You still don't understand what I'm talking about then. 

 

Putting records in electronic format doesn't mean they have to be available via the internet like everything else.  Sony could have stored those records locally, out of the reach of outside hackers. 

Link to comment
Share on other sites
Stradling Hall of Fame

Stradling

Posted
Posted

You still don't understand what I'm talking about then.

Putting records in electronic format doesn't mean they have to be available via the internet like everything else. Sony could have stored those records locally, out of the reach of outside hackers.

And what you don't understand is that if they can access your account, they can probably access your hard drives. So if I create a document on my work computer about what I am buying everyone for Christmas, but I never send it out in an email or on social media, then it has never been exposed to the internet. That doesn't mean that the hackers can't access that Christmas list and call my son and let him know what he is getting for Christmas.

Link to comment
Share on other sites
Brandon Hall of Fame

Brandon

Posted
Posted

I think what Brandon is trying to say is that the files were never online. They were stored properly behind a firewall and secure servers. The hackers got behind the firewalls and into the secure servers. Which is no small feat, unless there was a major security flaw or you had the keys. Which points more likely to a disgruntled employee.

Now this should be a lesson to all businesses to not trust firewalls and secure servers, and go one step further and encrypt sesitive documents. It's a pain in the ass since you have to decrypt every time you access it, and it takes up a lot more server space. But for all we know, they also could have been encrypted.

I haven't followed the story much, so I don't know how they were stored. But dealing with this stuff on a daily basis, I can guess what happened.

The thing is hipaa is more for healthcare security and transparency of records. But I'm sure HR departments need to follow a compliance protocol. I know we have to encrypt everything.

Link to comment
Share on other sites
mp170.6 Just Drafted

mp170.6

Posted
Posted

I think what Brandon is trying to say is that the files were never online.  They were stored properly behind a firewall and secure servers.  The hackers got behind the firewalls and into the secure servers.  Which is no small feat, unless there was a major security flaw or you had the keys.  Which points more likely to a disgruntled employee.  

 

The documents are still online if they are accessible online.  Firewalls and encryption don't change that reality. 

 

I got access to a truly offline server one time.  It was in a fire proof, water proof, tornado proof, bomb proof vault with Bioscanners, cameras, and RFID tags that tracked your every move.  The only way to access the data was by physically visiting a computer terminal there.  A bioscan of your handprint was necessary to enter the building, another scan to enter the vault, and a final scan to use the computer. 

Link to comment
Share on other sites
mp170.6 Just Drafted

mp170.6

Posted
Posted

And what you don't understand is that if they can access your account, they can probably access your hard drives. So if I create a document on my work computer about what I am buying everyone for Christmas, but I never send it out in an email or on social media, then it has never been exposed to the internet. That doesn't mean that the hackers can't access that Christmas list and call my son and let him know what he is getting for Christmas.

 

That's exactly my point. 

Link to comment
Share on other sites
Thomas Just Drafted

Thomas

Posted
Posted

A (The?) basic tenant of computer security is that if a computer system is connected to any network, let alone the Internet, assume all your systems and data can and eventually will be compromised. Thus if it is remotely PII (Personal Identifiable Information) encrypt it. Sony got busted when PSN got breeched. They have been busted again.

 

Also clearly their cyber security training is lacking too if the employees send sensitive information over unencrypted emails. 

Link to comment
Share on other sites
Thomas Just Drafted

Thomas

Posted
Posted

I got access to a truly offline server one time.  It was in a fire proof, water proof, tornado proof, bomb proof vault with Bioscanners, cameras, and RFID tags that tracked your every move.  The only way to access the data was by physically visiting a computer terminal there.  A bioscan of your handprint was necessary to enter the building, another scan to enter the vault, and a final scan to use the computer. 

 

Any machine that has been physically accessed is of course considered compromised. A good example would be a stolen laptop. Encryption generally would be the only hope at that point.

Link to comment
Share on other sites
Stradling Hall of Fame

Stradling

Posted
Posted

That's exactly my point.

So, you want this stuff stored on a computer, that has ZERO access to the internet? You basically want a hard drive that is so secure, that it isn't part of any network? So when that file needs to be updated, they have to manually add each and every change, that sounds pretty inefficient.

Link to comment
Share on other sites
mp170.6 Just Drafted

mp170.6

Posted
Posted

So, you want this stuff stored on a computer, that has ZERO access to the internet? You basically want a hard drive that is so secure, that it isn't part of any network? So when that file needs to be updated, they have to manually add each and every change, that sounds pretty inefficient.

 

Convenience and security are mutually exclusive. 

Link to comment
Share on other sites
Stradling Hall of Fame

Stradling

Posted
Posted

Convenience and security are mutually exclusive.

It still comes down to risk versus cost. Are you the kind of guy that pays for every purchase in cash, just to make sure your information doesn't get stolen at the grocery store or at the fast food place? Do you use banks? There is always a risk. The company I work for has to jump through hoops and I literally have three different passwords at work, all because we except visa.

Link to comment
Share on other sites
mp170.6 Just Drafted

mp170.6

Posted
Posted

It still comes down to risk versus cost. Are you the kind of guy that pays for every purchase in cash, just to make sure your information doesn't get stolen at the grocery store or at the fast food place? Do you use banks? There is always a risk. The company I work for has to jump through hoops and I literally have three different passwords at work, all because we except visa.

 

The only reason I use credit cards so often is because fraudulent purchases are covered by the credit card companies.  If that protection ever goes away, I would likely reconsider.  Wouldn't you do the same?

 

I'm not saying we as individuals should disconnect from the internet and work from a vault like the corporate example I gave.  But in a corporate environment as big as Sony, there's no excuse for employees' personal information to be accessible without advanced safeguards.  Nobody needs virtual, instantaneous, access to medical records that have no bearing on my job.  Likewise, the only people who need my SSN are in payroll. 

 

That doesn't stop many companies from making the information remotely accessible outside the office. 

Link to comment
Share on other sites
mrwicked Rookie

mrwicked

Posted
Posted

I think what Brandon is trying to say is that the files were never online.  They were stored properly behind a firewall and secure servers.  The hackers got behind the firewalls and into the secure servers.  Which is no small feat, unless there was a major security flaw or you had the keys.  Which points more likely to a disgruntled employee.  

 

Now this should be a lesson to all businesses to not trust firewalls and secure servers, and go one step further and encrypt sesitive documents.  It's a pain in the ass since you have to decrypt every time you access it, and it takes up a lot more server space.  But for all we know, they also could have been encrypted.  

 

the answer is to not have a firewall be the end-all.

you want to have micro segmentation such that things are still protected even when the corporate firewall is breached (which is pretty easy to do these days).

Link to comment
Share on other sites
Tank Hall of Fame

Tank

Posted
Posted

It's the law.

Hipaa basically requires all health records to be stored electronically.

 

thanks for the info. it's making me wonder about my own info at work as we're going through our health insurance sign-ups this very week. hope things are safely stored there, along with payroll information.

 

didn't realize my question would set off such a long discussion, but it had a lot of good info (even from straddling the troll).

Link to comment
Share on other sites
Blarg Hall of Fame

Blarg

Posted
Posted

Don't worry Tank, your medical records including those pertaining to the New England Journal of Medicine report about your abnormally large manhood will be kept in the strictest of confidence provided you destroyed all the copies of that home video you made. You did remember to eject the last copy that was in the laptop before it was stolen?

Link to comment
Share on other sites
Tank Hall of Fame

Tank

Posted
Posted

Don't worry Tank, your medical records including those pertaining to the New England Journal of Medicine report about your abnormally large manhood will be kept in the strictest of confidence provided you destroyed all the copies of that home video you made. You did remember to eject the last copy that was in the laptop before it was stolen?

 

eject? wait, don't the discs just pop out all by themselves? great, now i'm probably going to be some kind of idol down in south america.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...