Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Network PlayStation (Games) Security Games

Sony Hires Former Homeland Security Infrastructure Protection Chief 68

jmobley6030 writes with a bit in Gamer Gaia about Sony pulling out the big guns for their security infrastructure. Quoting: "Months after the great PlayStation network attack things are starting to get back to normal around the gaming world. While it doesn't seem like another hack attempt will take place anytime soon Sony is fearful that it could happen again. Sony announced today via their corporate news feed that they have hired Philip R. Reitinger, a former Homeland security official, as Chief Information Security Officer at Sony."
This discussion has been archived. No new comments can be posted.

Sony Hires Former Homeland Security Infrastructure Protection Chief

Comments Filter:
  • great (Score:3, Funny)

    by demonbug ( 309515 ) on Tuesday September 06, 2011 @05:14PM (#37321162) Journal

    Now I won't be allowed to wear shoes when I sign on to PSN.

    • Re:great (Score:4, Insightful)

      by Dunbal ( 464142 ) * on Tuesday September 06, 2011 @05:15PM (#37321172)
      You just won't be able to log in. Instead you'll get a screen saying "The System Worked!"
    • Which shouldn't bother you if you don't have any gross ingrown toenails or foot fungus to hide from the eyetoy.
    • Now I won't be allowed to wear shoes when I sign on to PSN.

      But you'll have a choice of being x-rayed or having your crotch groped.

      Considering the average PS/3 user, I'm pretty sure I know which option they'll choose.

      • by tlhIngan ( 30335 )

        Now I won't be allowed to wear shoes when I sign on to PSN.

        But you'll have a choice of being x-rayed or having your crotch groped.

        Considering the average PS/3 user, I'm pretty sure I know which option they'll choose.

        It'll be a huge bureaucracy of amalgamated entities. The TSA will be there if you want to sign into PSN (take off your shoes, all electronics are subject to scanning, please use the full body scanner provided with your PS3, and all liquids must fit in a plastic baggie and contained in 1oz or

  • Considering the success that was achieved by homeland security in regard to preventing terrorism within united ............. oh wait .......
  • There must be a hidden synergy in there somewhere.
    • But it's not about law enforcement. It's about politics and just like you can't change people politically by mass arrests, you can't threaten to arrest hackers and expect that to stop an organization like Anonymous. These organizations see Sony as an existential threat.

      You cannot solve a political problem with law enforcement. Sony if they were smart would hire some of the hackers in the hacker community. Adopt a new culture which accepts and embraces the hacker community, and over time their stock will ris

      • by dave562 ( 969951 )

        They're buying political cover. This man is showing up not to make them secure, but to make sure that they comply with all applicable Federal laws regarding data privacy. If they get hacked again, they will have legal cover against being sued because they will have implemented all of the relevant preventative measures that will then have been signed off by auditors, and Sony will be allowed to say, "We did our due diligence."

        The hire has zero to do with addressing the underlying problems and everything to

        • by Ruke ( 857276 )
          I'm not so sure about that. They're buying a political insider; who's to say that they don't intend to apply his knowledge offensively? Who knows better than a DHS employee about how to bypass the regular legal system by abusing poorly-designed laws intended to be used against intenational terrorists? If Sony wants to get LulzSec declared a terrorist cell, they've bought the right man.
          • by dave562 ( 969951 )

            If you're thinking along those lines, then consider this. Sony is being used by the United States government as a puppet to go after LulzSec. They put their man, the former DHS employee, at Sony so that they have an insider on the front lines. Sony is just a casualty in the war. They have nothing to gain by actively going after LulzSec and everything to lose. On the other hand, the United States government might want to nip LulzSec in the bud.

            We don't live in such a police state that they can simply go

            • by elucido ( 870205 )

              If you're thinking along those lines, then consider this. Sony is being used by the United States government as a puppet to go after LulzSec. They put their man, the former DHS employee, at Sony so that they have an insider on the front lines. Sony is just a casualty in the war. They have nothing to gain by actively going after LulzSec and everything to lose. On the other hand, the United States government might want to nip LulzSec in the bud.

              We don't live in such a police state that they can simply go after people without cause. They would need a pawn like Sony. Sony has suffered "damages" due to LulzSec and therefore Sony can engage the Department of Justice to bring down the hammer on LulzSec.

              I don't agree with that line of thinking, but if that is what was going on, it would be happening along those lines.

              That's fine but who says LulzSec are Americans? What are American law enforcement types supposed to do if LulzSec is spread around the globe? My best information indicates they are mostly located in the UK, but once again what is the FBI going to do? Extraordinary rendition? And if LulzSec has any skill at all they'll be behind proxies making it even harder to track them down. Once again what is the FBI supposed to do?

              But I do think your theory makes logical sense. It does seem like Sony is becoming a puppe

              • by dave562 ( 969951 )

                They could do the same thing that they do with the War on Drugs. They might either liaison with other intelligence agencies in the target country, or they will just work out of the embassy like the DEA does in Colombia.

                • by elucido ( 870205 )

                  They could do the same thing that they do with the War on Drugs. They might either liaison with other intelligence agencies in the target country, or they will just work out of the embassy like the DEA does in Colombia.

                  What does that mean for citizens, for human rights, civil rights, or just our rights online in general?

    • I believe what you are looking for is called rampant incompetence. With this new hire Sony will be able to show what true ineptness looks like while making all the fraud and corruption in D.C. look like child's play.
  • by WrongSizeGlass ( 838941 ) on Tuesday September 06, 2011 @05:22PM (#37321228)
    They hired a former DHS official for help with their security? Are we sure he's not going to be a liaison between Sony's IP and Washington DC lawmakers?
  • by elucido ( 870205 ) on Tuesday September 06, 2011 @05:27PM (#37321274)

    Sony is picking the sort of guy who wont know what hes doing, who seems to have no ties to the hacker community, who graduated from Yale so he's going to seem like another elitist. If you look at who he has worked for, he's connected to governments and law enforcement which goes to show what Sony's priorities are.

    Sony should be hiring from within the hacker community. Hiring this guy wont accomplish a damn thing, while this guy might know about the community from the big brother pro government perspective it's very unlikely he will actually understand the community from the perspective of someone who was actually a part of it.

    Sony and companies in this position need to start hiring some of these hackers. Look at the situation, you have thousands of young talented hackers. As the unemployment rate rises, they'll be easily recruited or much more likely to join organizations like Anonymous.
    The best thing Sony could do is hire some of these people, the policy of arresting hackers is dumb. It's like arresting amateur scientists, or arresting mathematicians. The fact that they selected this guy shows me they are focused on arresting them and are going to treat it as a low enforcement problem rather than as a technical and cultural problem.

    Sony's problems are technical and cultural. Technical because they design their products in a way so they can only make money with absolute control over how the products are used but then they don't even know how to maintain that control technologically, and second they typically take stances which go against the wishes of millions of people in the hacker community, the gaming community, etc. They simply don't care at all about the customer, the fan, the hacker, the people who buy their products. This lack of respect for the culture of those who buy the product is the main part of the problem.

    And this new guy they hired does not seem to come from the sort of backround that most gamers, hackers, or fans come from. He's a hyper connected lawyer who happens to know computer science. When they should have found someone who knows computer science and who happens to understand the law, with connections to the hacker community as well as to the government. This guy is going to be seen as an outsider, a government suit and the hackers are going to attack Sony harder.

    • I would think most the hacking community would be potentially great at the details, but pretty mediocre at setting the general policies and running the department. This is essentially an administrative position. While I'm sure there are hackers out there that can do both the grunt work and admin work, most just aren't.
      • by elucido ( 870205 )

        The problem with this guy is I don't think he really gets the details. I don't know enough about him to judge him completely, but his resume seems no better than the last guy they had. I don't see how this guy is special or different. Yes it's an administrative position, but there are plenty of hackers who also have been or are in administrative positions. Look at some of the other companies out there, and you'll see that some of these companies (especially the smaller companies) are actually run by hackers

      • Somehow I doubt this guy will be any better than what Sony had, and clearly Sony's policies and admin were broken before. I think they hired Reitinger more to look like they were doing something than anything else.
    • Chief Information Security Officer is a manger job not a tech job while tech skills may help a hackers is better used at a more hands on level.

      • by elucido ( 870205 )

        Chief Information Security Officer is a manger job not a tech job while tech skills may help a hackers is better used at a more hands on level.

        I know what the job is. But Sony is a tech company. How are you going to be a Chief Information Security Officer at Sony and not have tech skills? I'm not saying this guy doesn't have tech skills, I'm just saying he seems to be focused on law and that's not going to help him deal with some of the type of problems which can only be solved technologically.

        If he's the guy in charge, and we are using Microsoft as his gauge, once again he's associated with all the wrong companies in my view. It's nothing against

    • This guy was hired to run their security. Hiring a hacker will be helpful for understanding your attackers, but a hacker will understand the corporate culture about as much as Mr Reitinger will understand the gamer/hacker/fan community. Hire former hackers a soldiers in your security arsenal but generals need to be able to survive the corporate ranks.
      • This guy was hired to run their security. Hiring a hacker will be helpful for understanding your attackers, but a hacker will understand the corporate culture about as much as Mr Reitinger will understand the gamer/hacker/fan community. Hire former hackers a soldiers in your security arsenal but generals need to be able to survive the corporate ranks.

        Corporate culture is what is causing Sony to be targeted. Sony is the target of hackers because their culture is so messed up, so authoritarian, that most hackers find it completely unacceptable and they try to spread their culture through their products with lockins, lock downs, and all kinds of bs. It's that culture which I advocate should be changed in order to save Sony.

        Because if they keep their authoritarian corporate culture, sure they can hire this guy who might understand that culture but then they

        • The first time your Hypothetical Hacker gets rubbed the wrong way by corporate he'll torch Sony's security from the inside out. Sony's corporate culture may be antiquated but corporations are the antithesis of the hacker mentality. Sony doesn't want to change their ways - they just don't want to be p0wn'd on a regualr and continuing basis.
          • by elucido ( 870205 )

            The first time your Hypothetical Hacker gets rubbed the wrong way by corporate he'll torch Sony's security from the inside out. Sony's corporate culture may be antiquated but corporations are the antithesis of the hacker mentality. Sony doesn't want to change their ways - they just don't want to be p0wn'd on a regualr and continuing basis.

            That's just not true at all. Not every hacker is like that. That's like saying every programmer on your development team, if you just piss the wrong one off he could write a virus and fuck the system up. Sure that's possible but that's why you don't hire just any random hacker, you hire the ones who are psychologically stable. If someone gets mad and sabotages the company that is because they are psychologically unstable, just like that guy who brought a gun to work and shot everyone up, that could happen t

      • Sony already has a Senior Executive (that is a hacker) working for them. Interestingly enough, his division actually took security seriously and was not breached. He's Senior Director of Sony PlayStation Worldwide Studios and in his free time runs that DefCon Network.

    • by brkello ( 642429 )

      You want a hacker to run security? That's just stupid. You want a manager who knows how to hire people who have the right skill set to protect a network. And the whole concept of hiring hackers is a bit naive. Hacking in to Sony is fun. Protecting Sony from hackers on a day to day business is hard work. Of course, a hacker doesn't need to hack once they have internal access...so not too brilliant there either. There are security professionals out there who are equipped with the knowledge of how to ha

      • by elucido ( 870205 )

        You want a hacker to run security? That's just stupid. You want a manager who knows how to hire people who have the right skill set to protect a network. And the whole concept of hiring hackers is a bit naive. Hacking in to Sony is fun. Protecting Sony from hackers on a day to day business is hard work. Of course, a hacker doesn't need to hack once they have internal access...so not too brilliant there either. There are security professionals out there who are equipped with the knowledge of how to hack in to and protect systems. Hiring hackers is one of those things that sounds good to the masses...like lower taxes...but there is more to it than just that.

        You need a hacker AND a manager. We've seen how well it works to just hire a manager who knows nothing about the hacker community. The manager has to set good policies, and to do that the manager has to at least understand the nature of his attackers and I doubt this manager does. Sure if Sony hires hackers and they give good advice to the manager that could help but the problem Sony has had for a long time is Sony is always slow to change, resistant to change, and slow to adapt. They simply haven't been ab

    • Aside from the Law degree he got from Yale, which could prove he's an elitist (but at least not a complete idiot). He also graduated from Vanderbilt University with a Bachelor of Electrical Engineering and Computer Science degree.

      So at least, he comes from a technical background if nothing else, so it's not all bad.

    • which goes to show what Sony's priorities are.

      Precisely. That is why the chose him. It was a logical choice for Sony. They want someone with the political and law enforcement connections to make "examples" out of targets chosen by Sony in response to future attacks.

      Sony should be hiring from within the hacker community.

      After the rootkit fiasco and the GeoHot affair, very few in the hacker community would willingly become Judas for thirty pieces of Sony silver.

      The fact that they selected this guy shows me they are focused on arresting them and are going to treat it as a low enforcement problem rather than as a technical and cultural problem.

      This surprises you? Remember, this is Sony we're talking about here, they're like no other, remember?

      This lack of respect for the culture of those who buy the product is the main part of the problem.

      I would say that it's a lack of respect for the

  • Now we (well, PSN subscribers anyway) will be subjected to months worth of daily updates - informing us what color of alert we're under.
    In all seriousness, maybe this guy actually has the chops to manage (as in not-hands-on running) the network security for Sony. They certainly picked a high-profile suit for the job. And that's the part that worries me. It feels like looks matter more than expertise. Doubtless there are many who are equally, or better, qualified for the job but whose resume's lack marquee
  • Coming into a multiplayer Flag near you. One frag, one grope. two frags, two gropes. server blacklists (at last yay !) and many, many mooooreee !!!

    it sounds better when you put something into musical form doesnt it.
    • by Thing 1 ( 178996 )

      One frag, one grope. two frags, two gropes. server blacklists (at last yay !) and many, many mooooreee !!!

      "You know, if one person, just one person does it they may think he's really sick and they won't take him. And if two people, two people do it, in harm-o-ny, they may think they're both faggots and they won't take either of them. And three people do it, three, can you imagine, three people walking in singing a bar of Alice's Restaurant and walking out. They may think it's an organization. And can you, can you imagine fifty people a day, I said fifty people a day walking in singing a bar of Alice's Restaur

  • When security is bad due do not funding the costs needed to keep security up to date / staff it.

    http://slashdot.org/story/11/05/05/1455249/Sony-Running-Unpatched-Servers-With-No-Firewall [slashdot.org]

    http://yro.slashdot.org/story/11/06/24/1642247/Lawsuit-Claims-Sony-Canned-Security-Staff-Just-Before-Data-Breach [slashdot.org]

    let's see no firewall, lagging updates and lay offing staff needed and you want that systems not to be hacked?

  • by SuperKendall ( 25149 ) on Tuesday September 06, 2011 @05:34PM (#37321326)

    A movie company hiring the chief of Security Theater. What's wrong with having a merger of two largee entertainment forces?

  • um, subject really says it all.

    At least I'll get some action now.

  • Sony likely sees that they now have two problems: 1) lack of security and 2) perception of lack of security

    If this guy can't help with #1 then there is a chance he fits the bill for helping with problem #2.

  • I'm sure PSN members are in for all sorts of joyful changes and invasions of privacy.
  • Um, so now, PlayStation Network will be even easier to crack?

    I would have hired that network admin from San Francisco.

  • They're too big to go down quick but every move is as stupid as their last ignorant move. I don't understand how they got so damn big without any clue at all. This is just what they needed, a DHS guy. He'll fuck with their legitimate customers and piss them off while the guys he's supposedly going to stop from running through Sony's systems just laugh at him. I wonder if Sony will ever wake up.

  • So their response is to ramp that up a notch by hiring Yaley McTrustfund there?

    Why don't they just do a press release saying "All hackers are whiny pussies. P.S. your moms agreed while we were ass pounding them last night." and be done with it?

  • So this brings up an interesting point since it's something I had discussed with a person from the hacking community trying to join ISC2 (@wimremes) and bring more technical aspects to the "Infosec" industry.

    As of right now the "Infosec" industry is dominated by corporate and military pencil pushers and not much else. I'm not exactly sure how they got into that field other than the fact that they got direct training from the US Military security practices (this is also a big reason why the Infosec community

"The Computer made me do it."

Working...