Thank you Chris Dodd
The web is buzzing with contempt over a statement by Motion Picture Association of America (MPAA) Chairman and CEO Chris Dodd to Fox last Thursday:
“Those who count on quote ‘Hollywood’ for support need to understand that this industry is watching very carefully who’s going to stand up for them when their job is at stake. Don’t ask me to write a check for you when you think your job is at risk and then don’t pay any attention to me when my job is at stake.”
As pointed out on the MPAA web site, Dodd is also a former US Senator from Connecticut. Surely he understood the implications of publicly confirming what we have always expected — that Hollywood spends a lot of money on politicans and expects a return on their investments. Rather than condemn him, perhaps we should be thanking him for putting this out in the open.
The movie industry, like many others, is facing a harsh new reality — one that, for the most part, they appear to be in denial about. Pushing for draconian, ill-informed legislation such as the Stop Online Piracy Act (SOPA) and the Protect IP Act isn’t the solution. Perhaps it’s time that Hollywood stop trying to purchase politicians and apply some creativity to their business model instead.
Regretsy: Do as we say, not as we do
Thursday I wrote about the alleged destruction of a violin, based in part upon a letter posted on Regretsy. I also created an account on Regretsy to post a comment that included a note to the original author of the letter asking her to contact me via my web site and a link to my article.
Apparently the folks at Regretsy don’t like what I have to say: They deleted my account and removed my comment.
The mob at Regretsy are very quick to jump on what they perceive to be heavy-handed behaviour by PayPal, but it appears that they don’t apply the same standards to themselves. And in failing to do so, they call the credibility of the original post and the balance of comments into question. It leaves me wondering if I should Regretsy using them as a source.
Regretsy did not respond to my email inquiry.
Don’t take photos you don’t want people to see
According to E!Online, Scarlet Johansson is “fighting mad” over some nude pics of her that ended up online. Let me offer some simple security advice:
If you don’t want people to see something, don’t photograph it.
If you have a look at the pics (Links: photo1 photo2) you’ll note that she appears to have taken them herself using her mobile phone. While I certainly don’t have any inside knowledge of the case, my bet would be that the sender or recipient’s email account was compromised, not the phone itself. Of course for that to be the case, she would have had to email the images to someone, which bring us to my next bit of advice:
Don’t email photos that you don’t want people to see.
Of course there’s always the publicity angle. Leak nude pics of yourself. Benefit from the exposure, but deny intent. Then play up the victim angle, collect some sympathy votes, and keep the story alive. Ah, Hollywood.
Added 2011-09-20: I linked to the photos in the original article because of their relevance to the story — they showed her holding the camera herself. I did not copy the images to avoid a copyright infringement. It appears that they have been taken offline or access blocked.
I’m sick of HBGary
I’ll admit it. I spoke about the HBGary hacks during a guest lecture I gave at Carleton University last week. But in all honesty I’m getting sick and tired of hearing about them. Journalists keep focusing on the wrong issues and people need to understand that many decisions – even in so-called security companies — are often not made by security professionals. Just because the company employs “security experts” doesn’t mean they consult them on internal matters. In my experience the opposite is often the case and the shoemaker’s children proverb applies.
From a technical perspective, the root cause of the initial security breach was poor software design, poor implementation, and inadequate testing. It’s an industry-wide problem that won’t change until customers demand better software and are willing to pay for it. Things got worse because the folks at HBGary appear to have ignored basic and well understood best practices with regard to passwords.
However, let’s not ignore the other root cause. While it doesn’t justify criminal behaviour, let us not forget that HBGary, in an apparent attempt to obtain publicity for themselves, allegedly did the cyber equivalent of visiting the nearest biker hangout to announce, “Just want to let you know we’re going to screw with you in the media tomorrow, but don’t worry, we’re only going to screw with you a bit.” Or, if you prefer a different analogy, they kicked the hornet’s nest without wearing the customary protective equipment.
As security pros dealing with people allegedly responsible for hacking and denial of service attacks on major companies, HBGary must have expected probes of their systems and at minimum a distributed denial of service attack. They reportedly kicked the hornet’s nest deliberately and intentionally. It leaves me wondering if becoming a victim was part of their publicity strategy. Getting yourself hacked would certainly be an bold publicity stunt for a security company, but it wouldn’t be the stupidest thing I’ve seen either.
Keep in Touch
Kudos
Recent Comments