<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Dec 16, 2014 at 6:10 AM, Phill <span dir="ltr"><<a href="mailto:hallam@gmail.com" target="_blank">hallam@gmail.com</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word"><span class=""><div><div>On Dec 15, 2014, at 10:09 PM, Tom Mitchell <<a href="mailto:mitch@niftyegg.com" target="_blank">mitch@niftyegg.com</a>> wrote:</div><blockquote type="cite"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Mon, Dec 15, 2014 at 7:02 AM, Henry Baker <span dir="ltr"><<a href="mailto:hbaker1@pipeline.com" target="_blank">hbaker1@pipeline.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">FYI --<br>......<br></blockquote><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
GoP had details on every server and PC, as well as SPE’s “root” certificate.</blockquote><div> </div><div>Is there any evidence that new certificates have been generated and issued.</div><div><br></div><div>It seems that this is a prudent step.</div></div></div></div></blockquote><br></div></span><div>We don’t know if there was a breach yet.</div><div><br></div><div>The certificates aren’t published but they are not secret. They are used on the public network and were visible before the attack.</div></div></blockquote><div><br></div><div>We do not know, OK that makes sense.</div><div>Next does Sony know with 100% certainty? </div><div><br></div><div>And of the visible security bits do we have common tools to notice </div><div>a change intended or unintended. </div><div><br></div><div>This Sony infiltration seems extensive and exhaustive.<br>Locking it all down again seems difficult in the extreme.</div><div><br></div><div>Once locked down again changes and partitioning seem very necessary.</div><div><br></div><div>I recall the grumpy noises when friends at a famous large company</div><div>had to visit the home office to get the new keys when that company</div><div>locked down all their networks a lot tighter globally. <br><br>One problem with relocking Sony's networks and data is we do not know what flaws</div><div>were exploited. A side effect may be that we may begin to see richer patch tuesday and patch </div><div>submissions on many operating systems, routers and more. Understanding the </div><div>"more list" is interesting -- does it include Sony factories and supply chain links?<br><br>Again we may never know but are there flaws that a Never Say nutting TLA</div><div>might know that need to be disclosed to vendors? .. and how will secret</div><div>flaws be disclosed so the patch source is kept secure.<br><br>Sony is a vast company... interesting times.</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"> T o m M i t c h e l l</div></div>
</div></div>