The UpStream (Page 151)

Sony Pictures Data Breach Worse Than Expected

posted Sunday Dec 7, 2014 by Nicholas DiMeo

Sony Pictures Data Breach Worse Than Expected

Last week, Sony Pictures had their servers attacked again, with hacker group Guardians of Peace walking away with other 100 terabytes of data. While the 40 GB sample that GOP released contained an large amount of highly-sensitive information, including unreleased movies and scripts, the entire backlog of data was released shortly after and its contents are remarkable.

On the surface it didn't seem like the end of the world. Sure there were Outlook .pst files, internal financial reports and passwords to the payroll, FTP and security services for many countries, but the release of the entire package makes this go from bad to worse. In its entirety, the data grabbed also holds background checks, salary consideration letters, doctors' letters, other medical records and social security numbers. It would appear the simple days of taking usernames and passwords of customers are over.

With the nature of the attack so severe, there is a lot of speculation as to who is actually behind all of this. Rumors floated around that it could've been internal or that North Korea could somehow be involved, but now investigators might have gotten closer to the source. New information has come in that has led officials to believe the Sony Pictures data breach originated from a room at the St. Regis, a five-star hotel in Bangkok, Thailand. Further, the individuals responsible are said to be tied with DarkSeoul, a hacker group based out of North Korea. It is unknown at this time whether or not this was carried out from a common area or a guest room, but web traffic logs point to St. Regis' Wi-Fi.

Could James Franco and Seth Rogen have really caused this level of outrage within North Korea, to the point where the country hired cyber assassins to take out Sony? So far North Korea has publicly denied all allegations but called the act a "righteous deed" and that it may have been done by "supporters and sympathizers (sic)" of the country.

Cheap Tablets Purchased on Black Friday Contain Severe Security Vulnerabilities

posted Sunday Nov 30, 2014 by Nicholas DiMeo

If you ever needed another reason to avoid the cheap $40 tablet from a drug store, here's one that should put your desire to own shoddy hardware to bed. Researchers at Bluebox Labs picked up twelve different budget tablets on Black Friday and have discovered that most of them shipped with exploits, vulnerabilities and security bugs.

The devices purchased were:

$49.99 DigiLand from Best Buy

$39.99 RCA Mercury from Target

$39.99 Mach Speed Xtreme from Kmart

$49.99 Polaroid from Walgreens

$49.99 Zeki from Kohl's

$39.99 Mach Speed JLab Pro from Staples

$49.99 Craig 7 from Fred's Super Dollar

$49.99 Pioneer 7 from Walmart

$49.00 Nextbook from Walmart

$49.99 Ematic from Walmart

$69.99 RCA from Walmart

$47.32 Worryfree Zeepad from Walmart

Bluebox Labs posted its findings on the company blog,

Bluebox Labs purchased over a dozen of these Black Friday 'bargain' Android tablets from big name retailers like Best Buy, Walmart, Target, Kmart, Kohl's and Staples, and reviewed each of them for security. What we found was shocking: most of the devices ship with vulnerabilities and security misconfigurations; a few even include security backdoors. What seemed like great bargains turned out to be big security concerns. Unfortunately, unsuspecting consumers who purchase and use these devices will be putting their mobile data and passwords at risk. We recommend that you avoid conducting online banking, making purchases or storing sensitive data on these devices - if you do, you will be putting your data at risk.

Essentially, these things should be used for two purposes: Bing searching and as a paperweight. So what's the details in the security leaks? Well, according to the results, some of the tablets contained little flaws, like sending information that's supposed to be encrypted as unencrypted. Others, however, still shipped with the Heartbleed vulnerability. Bluebox says that there is a free guide you can use to help fix some of the issues in these cheap tablets, but it won't solve devices that are completely insecure, like the Polaroid tablet at Walgreens.

In the end, so goes the old addage, "you get what you pay for." Did you buy any of these tablets on Black Friday or in the past? Are you planning on still giving them out as gifts or are you heading back to the store for a return? Let us know in the comments section.

FAA to Propose New Rules for Commercial Drone Use

posted Sunday Nov 30, 2014 by Nicholas DiMeo

FAA to Propose New Rules for Commercial Drone Use

Drones are a new and scary thing, at least for the government. It's such a feared technology that the FAA is going to put the kibosh on any plans for online retailers to have same-hour drone delivery in the future.

New federal laws are expected to be passed to restrict the operation of a commercial drone. While nothing is actually official yet, several people who are tied in with the committee for these rules have given out some information on what those rules might be. For starters, operators of these drones will have to have a license to pilot manned aircraft. Flights will be limited to daytime hours only, you must keep the aircraft below 400 feet and, here's the kicker, the drone must remain within the sight of the operator. I'd be curious to know if being able to see the drone through an Internet-based camera would suffice as being within sight of the operator.

Sources also said that identifying the type of aircraft would be key to restricting which drones fall into which categories. For instance, the FAA is rumored to group every drone under 55 pounds into one category and one set of guidelines. This would put the super-tiny drones under 3 pounds in with the bigger guys.

Of course, privacy concerns and other hang-ups are the topic of discussion when it comes to these devices, however many argue that the rules could be too restrictive and yet again step on the innovation in this space. Add to that the requirement that one must have a license in manned aircraft and it severely limits who can operate these devices. Again, these rules would be for commercial drones only, but they could also be used as a stepping stone to more restrictions on personal use of the same aircraft.

It is being said that the FAA should be a proposal by the end of the year and a public period for comments and concerns would follow that, similar to what we saw with Net Neutrality.

Sony Pictures Dealt Critical Hit in Massive Data Breach and Outage

posted Sunday Nov 30, 2014 by Nicholas DiMeo

Sony Pictures Dealt Critical Hit in Massive Data Breach and Outage

Sony Pictures has yet again been targeted for a data breach. Amidst rumors of Sony Mobile's database being hacked, which turned out to be untrue, Sony Pictures has suffered its second data breach in under two years.

Employees of Sony Pictures logging onto their computers this week were welcomed with the image you see on the right. The Guardians of Peace, or GOP, is taking credit for the attack and has watermarked the image to prove it. Employees were unable to access information on their computers or their email, and after some time, the entire system shut down. For almost an entire day, Sony Pictures were unable to restore their servers and other devices to a working state and instead resorted to landline phones and fax machines.

The image on the computers said this,

Hacked By #GOP


We've already warned you, and this is just a beginning.

We continue till our request be met.

We've obtained all your Internal data, Including your secrets and top secrets.

If you don't obey us, we'll release data shown below to the world.

Determine what will you do till November the 24th, 11:00 PM (GMT).

GOP made some demands per the image and displayed links to what data was stolen from Sony. Among that data included usernames and passwords, which appeared to have been stored in Excel files sorted by country. There is also "private key" files titled "Sony - Workday" and "ADP SSH Private Key" in GOP's list. The group also says it has several .zip files that it thinks Sony Pictures wouldn't like out in the wild, like internal financial reports, FTP passwords and Outlook .pst files.

Since then, Sony has done some interesting things. First, the initial response from the company was that it is "investigating an IT matter." Sony has gone on record to say it may take "weeks" until everything is fully restored. Sound familiar? Now, Sony Pictures is investigating whether or not North Korea is behind this attack. While this may sound crazy up front, Sony has caught a lot of flack from the country ahead of the release of The Interview, which stars James Franco and Seth Rogen as journalists who are hired by the CIA to kill Kim Jong-un.

Beyond that, several Sony Pictures titles have been leaked to the web this week, too. Four of them have not been released yet and one of them, Fury, is still shown in movie theaters. While the GOP has not taken credit for this, it does seem a bit coincidental and furthers the damage done to Sony as a whole. Can Sony Pictures rebound from this crucial blow?

Reed Hastings Speaks About Nielsen's Plans for Measuring Viewership

posted Sunday Nov 30, 2014 by Scott Ertz

Reed Hastings Speaks About Nielsen's Plans for Measuring Viewership

Earlier in the month, the Wall Street Journal reported that Nielsen had plans to start measuring streaming viewership. This was a big deal for the producers of content, which have had a lot of trouble knowing exactly how their content is doing on streaming services. This is especially problematic for the producers of programs like Orange Is the New Black, which is available exclusively through streaming. It could also be important for the streaming services themselves, as an independent count of streaming can help with negotiations.

The program will run in a similar manner to how standard Nielsen ratings work: specific people's viewing habits will be averaged to a national number. The content's audio will be parsed as it is played, similar to how Shazam and Cortana identify music, and the viewings will be logged. There is a problem with the program however, as Reed Hastings points out,

It's not very relevant. There's so much viewing that happens on a mobile phone or an iPad that (Nielsen won't) capture.

The inability to count mobile views is a big problem. For me, a lot of my viewing happens on a tablet or phone, and I know that I am not the exception. Losing independent rating of mobile content will make the numbers a little less than useful for Netflix, Hulu or Amazon. That is, unless Netflix can show a correlation between home and mobile numbers on their own servers, and convince content producers that the numbers are accurate.

This is a difficult task, as trusting a company's own numbers on a topic which is vital to the company's existence and can't be corroborated can be dubious. The desire to play with said numbers can be overwhelming, and companies in broadcasting, which streaming technically fits into, have been known to do just that. This is where Nielsen comes normally comes in with broadcast, cable and satellite, though all of those views are counted equally.

Hastings also had something to say about traditional television,

It's kind of like the horse, you know, the horse was good until we had the car. The age of broadcast TV will probably last until 2030.

While he was referring specifically to broadcast television, we have had conversations in the past about the end of the appointment television era as a whole, and we believe that this prognosis is fairly accurate. The biggest hurdle will be getting Nielsen to count all views, not just home.

Bing and Yahoo Implement Right to be Forgotten Support in EU

posted Saturday Nov 29, 2014 by Scott Ertz

Bing and Yahoo Implement Right to be Forgotten Support in EU

After Google's loss to the European Union earlier in the year, they were forced to implement an ability for EU citizens to have search results removed from the index. That system was released to the public in June and has seen an incredible number of requests. In fact, the request count has been high enough that the EU is now considering requiring that this index removal be expanded to the rest of the world.

This week, Google, as well as other search providers, were dealt a new blow, as the drafted search breakup resolution was passed through the European Parliament. While the resolution is far from binding or legal, it does indicate the direction of the EU. Clearly they are concerned about the influence search providers have on the general population.

In a likely related move, Microsoft and Yahoo have both implemented the same Right to be Forgotten index scrubbing that Google was forced to implement in June. Neither company has gone into detail about their plans, but both released statements about their intents.


We will carefully evaluate each request with the goal of balancing the individual's right to privacy with considerations of the public's right to information.


While we're still refining that process, our goal is to strike a satisfactory balance between individual privacy interests and the public's interest in free expression.

Microsoft has received 699 requests, and has rejected 79. 77 of those rejections were requests for Microsoft to remove content from a social network, which it clearly cannot do. Those individuals were directed to contact said network. Google and Yahoo has not been as open about their rejection numbers, or the reasons for said rejections.

We're live now - Join us!



Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats