<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><br></div><div>One unstated component of the Sony attack is that the day before the release</div><div>there was no clue (public) that the attack had gained any data and traction.</div><div>That presents a question... "Who is next?"</div><div><br></div><div>I think this is important because Sony is only one company. </div><div>Canary in the coal mine perhaps. </div><div><br></div><div>An attack like this involved a collection of attack tools as well</div><div>as some specific attention to apply them and gather information.<br>Not the work of one individual that is sure and some funding</div><div>is implicit. </div><div><br></div><div>The collection of attack tools still has viability and with little more </div><div>motivation beyond curiosity or arrogance could be employed</div><div>again and again.</div><div><br></div><div>Sony is a smart company at many levels and it is difficult for me</div><div>to believe that IT at Sony was any less capable than IT at any</div><div>of the top 5000 companies in the world or any of the IT departments</div><div>of the 190+ nations of the United Nation. </div><div><br></div><div>Side doors need to be locked and strengthened.</div><div>Known bugs need to be fixed (large and small).</div><div>OS design and economics should not nurture a virus removal </div><div>and detection industry that then depends on customers to purchase</div><div>and install after market "stuff". </div><div><br></div><div>Bug reporting bounties are just too small and engineering management ethics with</div><div>regard to bug fixes broken.</div><div><br></div><div>The inability to repair software by the end user community is also a problem.</div><div>I should save problem that for another day.</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>