Sony Hires Former Homeland Security Infrastructure Protection Chief 68
jmobley6030 writes with a bit in Gamer Gaia about Sony pulling out the big guns for their security infrastructure. Quoting: "Months after the great PlayStation network attack things are starting to get back to normal around the gaming world. While it doesn't seem like another hack attempt will take place anytime soon Sony is fearful that it could happen again. Sony announced today via their corporate news feed that they have hired Philip R. Reitinger, a former Homeland security official, as Chief Information Security Officer at Sony."
great (Score:3, Funny)
Now I won't be allowed to wear shoes when I sign on to PSN.
Re:great (Score:4, Insightful)
Re: (Score:2)
Yeah! Now they can prevent someone from crashing airliners into their datacenters! WIJNNING!@SONY!
Re: (Score:1)
Yeah...by informing their users of the impending crash in the hope that enough of them will throw themselves in the way to save the building...
Re: (Score:3)
Re: (Score:2)
But you'll have a choice of being x-rayed or having your crotch groped.
Considering the average PS/3 user, I'm pretty sure I know which option they'll choose.
Re: (Score:2)
It'll be a huge bureaucracy of amalgamated entities. The TSA will be there if you want to sign into PSN (take off your shoes, all electronics are subject to scanning, please use the full body scanner provided with your PS3, and all liquids must fit in a plastic baggie and contained in 1oz or
Great move ! (Score:1)
Sony + Government Security (Score:2)
They keep thinking it's about law enforcement (Score:2)
But it's not about law enforcement. It's about politics and just like you can't change people politically by mass arrests, you can't threaten to arrest hackers and expect that to stop an organization like Anonymous. These organizations see Sony as an existential threat.
You cannot solve a political problem with law enforcement. Sony if they were smart would hire some of the hackers in the hacker community. Adopt a new culture which accepts and embraces the hacker community, and over time their stock will ris
Re: (Score:2)
They're buying political cover. This man is showing up not to make them secure, but to make sure that they comply with all applicable Federal laws regarding data privacy. If they get hacked again, they will have legal cover against being sued because they will have implemented all of the relevant preventative measures that will then have been signed off by auditors, and Sony will be allowed to say, "We did our due diligence."
The hire has zero to do with addressing the underlying problems and everything to
Re: (Score:2)
Re: (Score:2)
If you're thinking along those lines, then consider this. Sony is being used by the United States government as a puppet to go after LulzSec. They put their man, the former DHS employee, at Sony so that they have an insider on the front lines. Sony is just a casualty in the war. They have nothing to gain by actively going after LulzSec and everything to lose. On the other hand, the United States government might want to nip LulzSec in the bud.
We don't live in such a police state that they can simply go
Re: (Score:1)
If you're thinking along those lines, then consider this. Sony is being used by the United States government as a puppet to go after LulzSec. They put their man, the former DHS employee, at Sony so that they have an insider on the front lines. Sony is just a casualty in the war. They have nothing to gain by actively going after LulzSec and everything to lose. On the other hand, the United States government might want to nip LulzSec in the bud.
We don't live in such a police state that they can simply go after people without cause. They would need a pawn like Sony. Sony has suffered "damages" due to LulzSec and therefore Sony can engage the Department of Justice to bring down the hammer on LulzSec.
I don't agree with that line of thinking, but if that is what was going on, it would be happening along those lines.
That's fine but who says LulzSec are Americans? What are American law enforcement types supposed to do if LulzSec is spread around the globe? My best information indicates they are mostly located in the UK, but once again what is the FBI going to do? Extraordinary rendition? And if LulzSec has any skill at all they'll be behind proxies making it even harder to track them down. Once again what is the FBI supposed to do?
But I do think your theory makes logical sense. It does seem like Sony is becoming a puppe
Re: (Score:2)
They could do the same thing that they do with the War on Drugs. They might either liaison with other intelligence agencies in the target country, or they will just work out of the embassy like the DEA does in Colombia.
Re: (Score:1)
They could do the same thing that they do with the War on Drugs. They might either liaison with other intelligence agencies in the target country, or they will just work out of the embassy like the DEA does in Colombia.
What does that mean for citizens, for human rights, civil rights, or just our rights online in general?
Re: (Score:1)
>hmmmm - so if a thief breaks into my home what I should do, by your logic, is build an addition on to my house and invite him to move in and several of his loser buddies over for tea so we can chat about life and all things illegal with the goal of me becoming friendly with him, his lifestyle, his friends and the illegal counterculture he resides in. Because the real problem and the real reason he broke into my home and stole all my shit is because I'm the asshole who his breaking down society and he and his friends lives with my aspirations of bringing products to market and having other people purchase them at a fair market price so that I can make a living and my customers can use their money to provide themselves some entertainment to hopefully escape the real world for a few hours.
If you were once a thief, and 10 or 20 years later you're in a position to help the next person so they don't have to do what you did, but instead you decide to say screw em, throw em all in jail, then you'd be like Sony and some of these corporations. Everyone started out as part of the counter culture. Whether you're talking about Steve Jobs who started out as a hippy, trying to invent the first personal computer, or Bill Gates trying to put Windows in every home, all of these people were doing the same s
Re: (Score:2)
DHS Official ... For Security? (Score:3)
Re: (Score:2)
Exactly the wrong guy. (Score:5, Insightful)
Sony is picking the sort of guy who wont know what hes doing, who seems to have no ties to the hacker community, who graduated from Yale so he's going to seem like another elitist. If you look at who he has worked for, he's connected to governments and law enforcement which goes to show what Sony's priorities are.
Sony should be hiring from within the hacker community. Hiring this guy wont accomplish a damn thing, while this guy might know about the community from the big brother pro government perspective it's very unlikely he will actually understand the community from the perspective of someone who was actually a part of it.
Sony and companies in this position need to start hiring some of these hackers. Look at the situation, you have thousands of young talented hackers. As the unemployment rate rises, they'll be easily recruited or much more likely to join organizations like Anonymous.
The best thing Sony could do is hire some of these people, the policy of arresting hackers is dumb. It's like arresting amateur scientists, or arresting mathematicians. The fact that they selected this guy shows me they are focused on arresting them and are going to treat it as a low enforcement problem rather than as a technical and cultural problem.
Sony's problems are technical and cultural. Technical because they design their products in a way so they can only make money with absolute control over how the products are used but then they don't even know how to maintain that control technologically, and second they typically take stances which go against the wishes of millions of people in the hacker community, the gaming community, etc. They simply don't care at all about the customer, the fan, the hacker, the people who buy their products. This lack of respect for the culture of those who buy the product is the main part of the problem.
And this new guy they hired does not seem to come from the sort of backround that most gamers, hackers, or fans come from. He's a hyper connected lawyer who happens to know computer science. When they should have found someone who knows computer science and who happens to understand the law, with connections to the hacker community as well as to the government. This guy is going to be seen as an outsider, a government suit and the hackers are going to attack Sony harder.
Re: (Score:2)
Re: (Score:1)
The problem with this guy is I don't think he really gets the details. I don't know enough about him to judge him completely, but his resume seems no better than the last guy they had. I don't see how this guy is special or different. Yes it's an administrative position, but there are plenty of hackers who also have been or are in administrative positions. Look at some of the other companies out there, and you'll see that some of these companies (especially the smaller companies) are actually run by hackers
Re: (Score:2)
Chief Information Security Officer is a manger job (Score:2)
Chief Information Security Officer is a manger job not a tech job while tech skills may help a hackers is better used at a more hands on level.
Re: (Score:1)
Chief Information Security Officer is a manger job not a tech job while tech skills may help a hackers is better used at a more hands on level.
I know what the job is. But Sony is a tech company. How are you going to be a Chief Information Security Officer at Sony and not have tech skills? I'm not saying this guy doesn't have tech skills, I'm just saying he seems to be focused on law and that's not going to help him deal with some of the type of problems which can only be solved technologically.
If he's the guy in charge, and we are using Microsoft as his gauge, once again he's associated with all the wrong companies in my view. It's nothing against
Re: (Score:2)
Corporate culture is the source of the problem. (Score:2)
This guy was hired to run their security. Hiring a hacker will be helpful for understanding your attackers, but a hacker will understand the corporate culture about as much as Mr Reitinger will understand the gamer/hacker/fan community. Hire former hackers a soldiers in your security arsenal but generals need to be able to survive the corporate ranks.
Corporate culture is what is causing Sony to be targeted. Sony is the target of hackers because their culture is so messed up, so authoritarian, that most hackers find it completely unacceptable and they try to spread their culture through their products with lockins, lock downs, and all kinds of bs. It's that culture which I advocate should be changed in order to save Sony.
Because if they keep their authoritarian corporate culture, sure they can hire this guy who might understand that culture but then they
Re: (Score:2)
Re: (Score:2)
The first time your Hypothetical Hacker gets rubbed the wrong way by corporate he'll torch Sony's security from the inside out. Sony's corporate culture may be antiquated but corporations are the antithesis of the hacker mentality. Sony doesn't want to change their ways - they just don't want to be p0wn'd on a regualr and continuing basis.
That's just not true at all. Not every hacker is like that. That's like saying every programmer on your development team, if you just piss the wrong one off he could write a virus and fuck the system up. Sure that's possible but that's why you don't hire just any random hacker, you hire the ones who are psychologically stable. If someone gets mad and sabotages the company that is because they are psychologically unstable, just like that guy who brought a gun to work and shot everyone up, that could happen t
Re: (Score:2)
Sony already has a Senior Executive (that is a hacker) working for them. Interestingly enough, his division actually took security seriously and was not breached. He's Senior Director of Sony PlayStation Worldwide Studios and in his free time runs that DefCon Network.
Re: (Score:3)
You want a hacker to run security? That's just stupid. You want a manager who knows how to hire people who have the right skill set to protect a network. And the whole concept of hiring hackers is a bit naive. Hacking in to Sony is fun. Protecting Sony from hackers on a day to day business is hard work. Of course, a hacker doesn't need to hack once they have internal access...so not too brilliant there either. There are security professionals out there who are equipped with the knowledge of how to ha
Re: (Score:1)
You want a hacker to run security? That's just stupid. You want a manager who knows how to hire people who have the right skill set to protect a network. And the whole concept of hiring hackers is a bit naive. Hacking in to Sony is fun. Protecting Sony from hackers on a day to day business is hard work. Of course, a hacker doesn't need to hack once they have internal access...so not too brilliant there either. There are security professionals out there who are equipped with the knowledge of how to hack in to and protect systems. Hiring hackers is one of those things that sounds good to the masses...like lower taxes...but there is more to it than just that.
You need a hacker AND a manager. We've seen how well it works to just hire a manager who knows nothing about the hacker community. The manager has to set good policies, and to do that the manager has to at least understand the nature of his attackers and I doubt this manager does. Sure if Sony hires hackers and they give good advice to the manager that could help but the problem Sony has had for a long time is Sony is always slow to change, resistant to change, and slow to adapt. They simply haven't been ab
Re: (Score:3)
Aside from the Law degree he got from Yale, which could prove he's an elitist (but at least not a complete idiot). He also graduated from Vanderbilt University with a Bachelor of Electrical Engineering and Computer Science degree.
So at least, he comes from a technical background if nothing else, so it's not all bad.
Sony is going with a law enforcement approach (Score:1)
And here is a quore from http://www.pcworld.com/article/11067/why_the_feds_fight_encryption.html [slashdot.org] himself.
U.S. law enforcement depends on its ability to search a suspect's computers to prosecute all kinds of crimes from terrorism to drug trafficking, child pornography, and fraud, Reitinger said at the conference, sponsored by the Smart Card Forum.
There's no worse feeling for a law enforcement official, Reitinger said, than finding that a confiscated computer is full of documents that have been sealed up by strong encryption.
The problem with this approach is it has a negative impact on the community itself. It's impact could mean the criminalization of the gaming community. This attitude is very similar to the war on drugs, it's a cultural disagreement with one side having and flexing political connections to strong arm the other side. What is or isn't criminal is determined by people at Sony who have no connection to the co
Re: (Score:2)
which goes to show what Sony's priorities are.
Precisely. That is why the chose him. It was a logical choice for Sony. They want someone with the political and law enforcement connections to make "examples" out of targets chosen by Sony in response to future attacks.
Sony should be hiring from within the hacker community.
After the rootkit fiasco and the GeoHot affair, very few in the hacker community would willingly become Judas for thirty pieces of Sony silver.
The fact that they selected this guy shows me they are focused on arresting them and are going to treat it as a low enforcement problem rather than as a technical and cultural problem.
This surprises you? Remember, this is Sony we're talking about here, they're like no other, remember?
This lack of respect for the culture of those who buy the product is the main part of the problem.
I would say that it's a lack of respect for the
That's just GREAT... (Score:2)
In all seriousness, maybe this guy actually has the chops to manage (as in not-hands-on running) the network security for Sony. They certainly picked a high-profile suit for the job. And that's the part that worries me. It feels like looks matter more than expertise. Doubtless there are many who are equally, or better, qualified for the job but whose resume's lack marquee
Ball groping, server blacklists (Score:1)
it sounds better when you put something into musical form doesnt it.
Re: (Score:2)
One frag, one grope. two frags, two gropes. server blacklists (at last yay !) and many, many mooooreee !!!
"You know, if one person, just one person does it they may think he's really sick and they won't take him. And if two people, two people do it, in harm-o-ny, they may think they're both faggots and they won't take either of them. And three people do it, three, can you imagine, three people walking in singing a bar of Alice's Restaurant and walking out. They may think it's an organization. And can you, can you imagine fifty people a day, I said fifty people a day walking in singing a bar of Alice's Restaur
Hire a PHB that will fix security (Score:2)
When security is bad due do not funding the costs needed to keep security up to date / staff it.
http://slashdot.org/story/11/05/05/1455249/Sony-Running-Unpatched-Servers-With-No-Firewall [slashdot.org]
http://yro.slashdot.org/story/11/06/24/1642247/Lawsuit-Claims-Sony-Canned-Security-Staff-Just-Before-Data-Breach [slashdot.org]
let's see no firewall, lagging updates and lay offing staff needed and you want that systems not to be hacked?
Come on, perfect fit! (Score:5, Insightful)
A movie company hiring the chief of Security Theater. What's wrong with having a merger of two largee entertainment forces?
Re: (Score:2)
Since I can develop for either, I really don't care. Why are you so fearful of the iPhone?
Sweet, i get groped when i log into eq2 now!!! (Score:2)
um, subject really says it all.
At least I'll get some action now.
Fits half the bill (Score:2)
Sony likely sees that they now have two problems: 1) lack of security and 2) perception of lack of security
If this guy can't help with #1 then there is a chance he fits the bill for helping with problem #2.
Logins require Groping your 14 yeard old child (Score:2)
Soooo.... (Score:2)
Um, so now, PlayStation Network will be even easier to crack?
I would have hired that network admin from San Francisco.
Sony is doomed (Score:2)
They're too big to go down quick but every move is as stupid as their last ignorant move. I don't understand how they got so damn big without any clue at all. This is just what they needed, a DHS guy. He'll fuck with their legitimate customers and piss them off while the guys he's supposedly going to stop from running through Sony's systems just laugh at him. I wonder if Sony will ever wake up.
Sony were hacked for being megacorp dickweeds (Score:2)
So their response is to ramp that up a notch by hiring Yaley McTrustfund there?
Why don't they just do a press release saying "All hackers are whiny pussies. P.S. your moms agreed while we were ass pounding them last night." and be done with it?
The problem isn't Sony (Score:2)
As of right now the "Infosec" industry is dominated by corporate and military pencil pushers and not much else. I'm not exactly sure how they got into that field other than the fact that they got direct training from the US Military security practices (this is also a big reason why the Infosec community