jones_supa writes: A North Korean official said that the secretive regime wants to mount a joint investigation with the United States to identify who was behind the cyber attack against Sony Pictures. An unnamed spokesman of the North Korean foreign ministry was quoted by the country's state news agency, KCNA, describing U.S. claims they were behind the hack as "slander." "As the United States is spreading groundless allegations and slandering us, we propose a joint investigation with it into this incident," the official said, according to Agence France-Presse. Both the FBI and President Barack Obama have said evidence was uncovered linking the hack to to North Korea, but some experts have questioned the evidence tying the attack to Pyongyang. Meanwhile, reader hessian notes that 2600: The Hacker Quarterly has offered to let the hacker community distribute The Interview for Sony. It's an offer Sony may actually find useful, since the company is now considering releasing the movie on a "different platform." Reader Nicola Hahn warns that we shouldn't be too quick to accept North Korea as the bad guy in this situation: Most of the media has accepted North Korea's culpability with little visible skepticism. There is one exception: Kim Zetter at Wired has decried the evidence as flimsy and vocally warns about the danger of jumping to conclusions. Surely we all remember high-ranking, ostensibly credible, officials warning about the smoking gun that comes in the form of a mushroom cloud? This underscores the ability of the agenda-setting elements of the press to frame issues and control the acceptable limits of debate. Some would even say that what's happening reveals tools of modern social control (PDF). Whether or not they're responsible for the attack, North Korea has now warned of "serious consequences" if the U.S. takes action against them for it.

HughPickens.com writes: Victoria Shannon reports in the NY Times that fifty years ago was a good year for music, with the Beatles appearing on Billboard's charts for the first time, the Rolling Stones releasing their first album, the Supremes with five No. 1 hits, and Simon and Garfunkel releasing their debut album. The 50-year milestone is significant, because music published within the first half-century of its recording gets another 20 years of copyright protection under changes in European law. So every year since 2012, studios go through their tape vaults to find unpublished music to get it on the market before the deadline.

The first year, Motown released a series of albums packed with outtakes by some of its major acts, and Sony released a limited-edition collection of 1962 outtakes by Bob Dylan, with the surprisingly frank title, "The Copyright Extension Collection, Vol. I." In 2013, Sony released a second Dylan set, devoted to previously unreleased 1963 recordings. Similar recordings by the Beatles and the Beach Boys followed. This year, Sony is releasing a limited-edition nine-LP set of 1964 recordings by Dylan, including a 46-second try at "Mr. Tambourine Man," which he would not complete until 1965. The Beach Boys released two copyright-extension sets of outtakes last week. And while there's no official word on a Beatles release, last year around this time, "The Beatles Bootleg Recordings 1963" turned up unannounced on iTunes.

wiredmikey writes Just hours after the FBI and President Obama called out North Korea as being responsible for the destructive cyber attack against Sony Pictures, US-CERT issued an alert describing the primary malware used by the attackers, along with indicators of compromise. While not mentioning Sony by name in its advisory, instead referring to the victim as a "major entertainment company," US-CERT said that the attackers used a Server Message Block (SMB) Worm Tool to conduct the attacks. According to the advisory, the SMB Worm Tool is equipped with five components, including a Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning Tool. US-CERT also provided a list of the Indicators of Compromise (IOCs), which include C2 IP addresses, Snort signatures for the various components, host based Indicators, potential YARA signatures to detect malware binaries on host machines, and recommended security practices and tactical mitigations.

phantomfive writes: Bruce Schneier has an opinion piece discussing the Sony attack. He says, "Your reaction to the massive hacking of such a prominent company will depend on whether you're fluent in information-technology security. If you're not, you're probably wondering how in the world this could happen. If you are, you're aware that this could happen to any company." He continues, "The worst invasion of privacy from the Sony hack didn’t happen to the executives or the stars; it happened to the blameless random employees who were just using their company’s email system. Because of that, they’ve had their most personal conversations—gossip, medical conditions, love lives—exposed. The press may not have divulged this information, but their friends and relatives peeked at it. Hundreds of personal tragedies must be unfolding right now. This could be any of us." Related: the FBI has officially concluded that the North Korean government is behind the attack.

theodp writes: The idea of programming as a superpower was touched upon by CS teacher Alfred Thompson back in 2010, but it became a rallying call of sorts for the Hour of Code after Dropbox CEO Drew Houston described coding as "the closest thing we have to a superpower" in a Code.org video that went viral. And if the kids who learned to code with the President last week were dubious about the power of coding, this week's decision by Sony to scrap the release of the satirical film The Interview after a massive hack attack should put aside any doubts, especially after new revelations that Sony had reached out to the White House for help and screened the film for administration officials back in June. White House press secretary Josh Earnest said Thursday that the Obama Administration is viewing the Sony attack as a "serious national security matter" and is considering a range of possible options as a response, which could turn things into a contest of U.S. Superpower vs. Coding Superpower. In case it wasn't mentioned last week, remember to always use your coding superpower for good, kids!

Slate reports that even old movies are enough to trigger a pretty strong knee jerk: Team America, World Police, selected as a tongue-in-cheek replacement by Dallas's Alamo Drafthouse Theater for the Sony-yanked The Interview after that film drew too much heat following the recent Sony hack, has also been pulled. The theater's tweet, as reprinted by Slate: "due to circumstances beyond our control,” their Dec. 27 Team America screening has also been canceled." If only I had a copy, I'd like to host a viewing party here in Austin for The Interview, which I want to see now more than ever. (And it would be a fitting venue.)

rossgneumann writes North Korea may really be behind the Sony hack, but we're still acting like idiots. Peter W. Singer, one of the nations foremost experts on cybersecurity, says Sony's reaction has been abysmal. "Here, we need to distinguish between threat and capability—the ability to steal gossipy emails from a not-so-great protected computer network is not the same thing as being able to carry out physical, 9/11-style attacks in 18,000 locations simultaneously. I can't believe I'm saying this. I can't believe I have to say this."

schwit1 writes Speaking off the record, senior intelligence officials have told the New York Times, CNN, and other news agencies that North Korea was "centrally involved" in the hack of Sony Pictures Entertainment. It is not known how the US government has determined that North Korea is the culprit, though it is known that the NSA has in the past penetrated North Korean computer systems. Previous analysis of the malware that brought down Sony Pictures' network showed that there were marked similarities to the tools used in last year's cyber-attack on South Korean media companies and the 2012 "Shamoon" attack on Saudi Aramco. While there was speculation that the "DarkSeoul" attack in South Korea was somehow connected to the North Korean regime, a firm link was never published.

tobiasly writes The country's top five theater chains — Regal Entertainment, AMC Entertainment, Cinemark, Carmike Cinemas and Cineplex Entertainment — have decided not to play Sony's The Interview. This comes after the group which carried off a massive breach of its networks threatened to carry out "9/11-style attacks" on theaters that showed the film. Update: Sony has announced that it has cancelled the planned December 25 theatrical release.

schwit1 sends this report from The Verge: Most anti-piracy tools take one of two paths: they either target the server that's sharing the files (pulling videos off YouTube or taking down sites like The Pirate Bay) or they make it harder to find (delisting offshore sites that share infringing content). But leaked documents reveal a frightening line of attack that's currently being considered by the MPAA: What if you simply erased any record that the site was there in the first place? To do that, the MPAA's lawyers would target the Domain Name System that directs traffic across the internet.

The tactic was first proposed as part of the Stop Online Piracy Act (SOPA) in 2011, but three years after the law failed in Congress, the MPAA has been looking for legal justification for the practice in existing law and working with ISPs like Comcast to examine how a system might work technically. If a takedown notice could blacklist a site from every available DNS provider, the URL would be effectively erased from the internet. No one's ever tried to issue a takedown notice like that, but this latest memo suggests the MPAA is looking into it as a potentially powerful new tool in the fight against piracy.

An anonymous reader sends word that Apple's iTunes DRM case has already been decided. The 8-person jury took only a few hours to decide that the features introduced in iTunes 7.0 were good for consumers and did not violate antitrust laws. Following the decision, the plaintiff's head attorney Patrick Coughlin said an appeal is already planned. He also expressed frustrations over getting two of the security features — one that checks the iTunes database, and another that checks each song on the iPod itself — lumped together with the other user-facing features in the iTunes 7.0 update, like support for movies and games. "At least we got a chance to get it in front of the jury," he told reporters. ... All along, Apple's made the case that its music store, jukebox software, and hardware was simply an integrated system similar to video game consoles from Sony, Microsoft, and Nintendo. It built all those pieces to work together, and thus it would be unusual to expect any one piece from another company to work without issues, Apple's attorneys said. But more importantly, Apple offered, any the evolution of its DRM that ended up locking out competitors was absolutely necessary given deals it had with the major record companies to patch security holes.

goruka writes "Godot, the most advanced open source (MIT licensed) game engine, which was open-sourced back in February, has reached 1.0 (stable). It sports an impressive number of features, and it's the only game engine with visual tools (code editor, scripting, debugger, 3D engine, 2D engine, physics, multi-platform deploy, etc) on a scale comparable to commercial offerings. As a plus, the user interface runs natively on Linux. Godot has amassed a healthy user community (through forums, Facebook and IRC) since it went public, and was used to publish commercial games in the Latin American and European markets such as Ultimo Carnaval with publisher Square Enix, and The Mystery Team by Sony Computer Entertainment Europe.

SydShamino writes In an effort that may run afoul of the first amendment, Sony, through their lawyer David Boies (of SCO infamy), has sent a letter to major news organizations demanding that they refrain from downloading any leaked documents, and destroy those already possessed. Sony threatens legal action to news organizations that do not comply, saying that "Sony Pictures Entertainment will have no choice but to hold you responsible for any damage or loss arising from such use or dissemination by you."

retroworks writes Motherboard.vice offers an interesting scoop from the hacked Sony Pictures email trove. A plan championed by Polish marketing employee Magda Mastalerz was to upload false versions of highly-pirated Sony programming, effectively polluting torrent sites with false positives. For example, a "Hannibal"-themed anti-piracy ad to popular torrent sites disguised as the first episode. Sony Pictures legal department quashed the idea, saying that if pirate sites were illegal, it would also be illegal for Sony Pictures to upload onto them. There were plans in WW2 to drop phony counterfeit currency to disrupt markets, and I wonder why flooding underground markets with phony products isn't widespread. Why don't credit card companies manufacture fake lists of stolen credit card numbers, or phony social security numbers, for illegal trading sites? For that matter, would fake ivory, fake illegal porn, and other "false positives" discourage buyers? Or create alibis?

cpt kangarooski writes: Information has come to light (thanks to the recent Sony hack) that the MPAA and six major studios are pondering the legal actions available to them to compel an entity referred to as 'Goliath,' most likely Google, into taking aggressive anti-piracy action on behalf of the entertainment industry. The MPAA and member studios Universal, Sony, Fox, Paramount, Warner Bros., and Disney have had lengthy email discussions concerning how to block pirate sites at the ISP level, and how to take action at the state level to work around the failure of SOPA in 2012. Emails also indicate that they are working with Comcast (which owns Universal) on some form of traffic inspection to find copyright infringements as they happen.

HughPickens.com writes Lily Hay Newman reports at Slate that Sony is counterhacking to keep its leaked files from spreading across torrent sites. According to Recode, Sony is using hundreds of computers in Asia to execute a denial of service attack on sites where its pilfered data is available, according to two people with direct knowledge of the matter. Sony used a similar approach in the early 2000s working with an anti-piracy firm called MediaDefender, when illegal file sharing exploded. The firm populated file-sharing networks with decoy files labeled with the names of such popular movies as "Spider-Man," to entice users to spend hours downloading an empty file. "Using counterattacks to contain leaks and deal with malicious hackers has been gaining legitimacy," writes Newman. "Some cybersecurity experts even feel that the Second Amendment can be interpreted as applying to 'cyber arms'."

Trailrunner7 writes: Researchers have discovered a new version of the Destover malware that was used in the recent Sony Pictures Entertainment breaches, and in an ironic twist, the sample is signed by a legitimate certificate stolen from Sony. The new sample is essentially identical to an earlier version of Destover that was not signed. Destover has been used in a variety of attacks in recent years and it's representative of the genre of malware that doesn't just compromise machines and steal data, but can destroy information as well. The attackers who have claimed credit for the attack on Sony have spent the last couple of weeks gradually releasing large amounts of information stolen in the breach, including unreleased movies, personal data of Sony employees and sensitive security information such as digital certificates and passwords. The new, signed version of Destover appears to have been compiled in July and was signed on Dec. 5, the day after Kaspersky Lab published an analysis of the known samples of the malware.

An anonymous reader writes Hacker group Lizard Squad has claimed responsibility for shutting down the PlayStation Network, the second large scale cyber-attack on the Sony system in recent weeks. Although apparently unrelated, the outage comes just weeks after the much larger cyber-attack to the tech giant's film studios, Sony Pictures, which leaked confidential corporate information and unreleased movies.The group claiming to have taken down PSN today, Lizard Squad, first appeared earlier this year with another high-profile distributed denial of service attack on Xbox Live and World of Warcraft in August. The hacker collective claimed that this attack was just a 'small dose' of what was to come over the Christmas period.

angry tapir writes North Korea's government has denied any involvement in the attack on Sony Pictures, but in a statement indicated that it's not necessarily unhappy that it happened. In a statement, the country's powerful National Defence Commission, which controls North Korea's armed forces, said it had no knowledge of the attack. The latest reports indicate that the hackers worked from a hotel in Thailand.

MojoKid writes: Things are going from bad to worse when it comes to the recent Sony Pictures Entertainment breach. Not only has sensitive financial information been released — including the salaries of high-ranking Sony executives — but more damaging personal information including 47,000 Social Security numbers of employees and actors have been leaked to the internet. We're now learning some even more disturbing details, unfortunately. Guardians of Peace (GOP), the hackers claiming responsibility for infiltrating Sony's computer network, are now threatening to harm the families of Sony employees. GOP reportedly sent Sony employees an email, which just so happened to be riddled with spelling and grammatical errors, that read in part, "your family will be in danger."