Sony’s Hard Lessons | TechSNAP 196

Sony’s Hard Lessons | TechSNAP 196

We reflect on the lessons learned from the Sony Hack & discuss some of the tools used to own their network.

Plus a overview of what makes up a filesystem, a run down of the Bacula backup system & much more!

Thanks to:




Direct Download:

HD Video | Mobile Video | MP3 Audio | OGG Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:


— Show Notes: —

Schneier: Lessons from the Sony Hack

  • Bruce Schneier, a noted security researcher, discusses the things we can all learn from the Sony hack
  • An attack like this can happen to anyone, but that doesn’t mean Sony didn’t make it easy for the attackers
  • One of the first things to think about when looking at a hack is: Was this an opportunistic attack, or a targeted attack?
  • “You can characterize attackers along two axes: skill and focus. Most attacks are low-skill and low-focus — people using common hacking tools against thousands of networks world-wide. These low-end attacks include sending spam out to millions of email addresses, hoping that someone will fall for it and click on a poisoned link. I think of them as the background radiation of the Internet.”
  • “High-skill, low-focus attacks are more serious. These include the more sophisticated attacks using newly discovered “zero-day” vulnerabilities in software, systems and networks. This is the sort of attack that affected Target, J.P. Morgan Chase and most of the other commercial networks that you’ve heard about in the past year or so.”
  • “But even scarier are the high-skill, high-focus attacks­ — the type that hit Sony. This includes sophisticated attacks seemingly run by national intelligence agencies”
  • That is not to say that all high-skill high-focus attacks are committed by governments, the attacker just needs to be highly motivated
  • “This category also includes private actors, including the hacker group known as Anonymous, which mounted a Sony-style attack against the Internet-security firm HBGary Federal, and the unknown hackers who stole racy celebrity photos from Apple’s iCloud and posted them. If you’ve heard the IT-security buzz phrase “advanced persistent threat,” this is it.”
  • “The hackers who penetrated Home Depot’s networks didn’t seem to care much about Home Depot; they just wanted a large database of credit-card numbers. Any large retailer would do”
  • “Low-focus attacks are easier to defend against: If Home Depot’s systems had been better protected, the hackers would have just moved on to an easier target. With attackers who are highly skilled and highly focused, however, what matters is whether a targeted company’s security is superior to the attacker’s skills, not just to the security measures of other companies. Often, it isn’t. We’re much better at such relative security than we are at absolute security.”
  • “We know people who do penetration testing for a living — real, no-holds-barred attacks that mimic a full-on assault by a dogged, expert attacker — and we know that the expert always gets in. Against a sufficiently skilled, funded and motivated attacker, all networks are vulnerable.”
  • “For those worried that what happened to Sony could happen to you, I have two pieces of advice. The first is for organizations: take this stuff seriously. Security is a combination of protection, detection and response. You need prevention to defend against low-focus attacks and to make targeted attacks harder. You need detection to spot the attackers who inevitably get through. And you need response to minimize the damage, restore security and manage the fallout.”
  • Additional Coverage
  • Investigators believe a newly identified SMB (Server Message Block, mostly used in Windows file sharing and networking) worm was involving in the Sony hack
  • “The SMB worm propagates throughout an infected network via brute-force authentication attacks, and connects to a command and control (C2) infrastructure with servers located in Thailand, Poland, Italy, Bolivia, Singapore and the United States, the advisory said”
  • The worm had 5 major components: Listening Implant, Lightweight Backdoor, Proxy Tool, Destructive Hard Drive Tool, and Destructive Target Cleaning
  • US-CERT Advisory

Norse identifies 6 individuals they believe behind Sony hack, including Ex-employees

Twitter date bug confuses many client applications.

  • Many Twitter clients, including the popular client TweetDeck, showed tweets during the last week of the year as being from a year ago
  • Many users then found that, even with the official app, they were not able to login anymore
  • Turns out the problem was that Twitter’s servers had been sending the incorrect date for all HTTP responses from the API
  • The incorrect date format variable was used, strftime(3) defined 2 different ways to express the year
  • The most common one: %Y – is replaced by the year with century as a decimal number
  • It seems that a programmer at Twitter chose the first one in the man page that mentioned the year:
  • %G – is replaced by a year as a decimal number with century. This year is the one that contains the greater part of the week (Monday as the first day of the week).
  • So, this went undetected because it would return the correct year, except in the case of the last week of the year, if that week happens to fall more within the new year than within the current year
  • So December 30th 2014, was reported was December 30th 2015, which is a year in the future

FreeNAS – up and running!


Round Up:

Question? Comments? Contact us here!