How Hollywood Got Hacked: Studio at Center of Netflix Leak Breaks Silence (variety.com) 79
Earlier this year, hackers obtained and leaked the episodes of TV show Orange Is the New Black. In a candid interview, Larson Studios' chief engineer David Dondorf explained how the audio post-production business allowed the hacker group to gain access to the Netflix original content. Dandorf says the company hired private data security experts to find how it was breached. The investigation found that the hacker group had been searching the internet for PCs running older versions of Windows and stumbled across an old computer at Larson Studios still running Windows 7. From the report: Larson's employees just didn't know all that much about it. Having a computer running an ancient version of Windows on the network was clearly a terrible lack of oversight, as was not properly separating internal servers from the internet. "A lot of what went on was ignorance," admitted Rick Larson. "We are a small company. Did we even know what the content security departments were at our clients? Absolutely not. I couldn't have told you who to call. I can now." It's a fascinating story about how the hacker group first made contact and tried to threaten Larson Studios' president and his wife, and how they responded. Worth a read.
Windows 7 is now considered old? (Score:5, Insightful)
Re:Windows 7 is now considered old? (Score:5, Insightful)
No kidding. Especially if you're trying to run commercial-grade audio production software. Windows 7 doesn't mean a thing for security unless it's the original release without updates.
Re: (Score:2)
Re: (Score:3)
No kidding. Especially if you're trying to run commercial-grade audio production software. Windows 7 doesn't mean a thing for security unless it's the original release without updates.
Not only that, but it would have had to have been directly connected to the internet without a firewall for someone to "search the internet for computers running older versions of Windows"
More fake news. Welcome to current_year.
Re:Windows 7 is now considered old? (Score:4, Insightful)
i call this bullshit
Windows 7 is old, just not obsolete.
Windows 7 was released in October 2009, which makes it almost 8. Windows XP was released in 2001 and didn't have a suitable successor until October 2009. By that time scale, Win7 is nearing the end of it's life. As long as M$ can create a decent OS after the abortion of Windows 8 and the ad-tastic Windows 10.
In the terms of OS's, 8 is positively ancient. I remember using Android in 2009, anyone who didn't see the evolution of Android wouldn't believe it was the same OS compared to today. MS has kept it updated, but that doesn't change the fact that it was released many years ago.
Re: (Score:3)
It's debatable whether it ever had one.
Re: (Score:1)
Windows is old, and obsolete.
FTFY :-D
Re: (Score:3, Informative)
Windows 7 was released in October 2009, which makes it almost 8.
Maybe if you've never updated it in those 8 years. On the other hand, my version of Windows 7 is running code that was just released probably only weeks ago.
By that time scale, Win7 is nearing the end of it's life.
Nope, it will continue to get security updates until 2020.
Re: (Score:2)
...Windows 7 is old, just not obsolete....
In spite of your failed attempt to justify the article, I still note that you've still not, and neither has the article, pointed to an underlying cause for Windows 7 being considered "insecure" in this instance. I still am of the opinion that there was another cause that allowed the break-in, one that is too embarrassing to reveal.
Re: (Score:2)
...Windows 7 is old, just not obsolete....
In spite of your failed attempt to justify the article, I still note that you've still not, and neither has the article, pointed to an underlying cause for Windows 7 being considered "insecure" in this instance. I still am of the opinion that there was another cause that allowed the break-in, one that is too embarrassing to reveal.
In spite of your failed attempt to read my post, I wasn't, in fact I said MS were keeping Windows 7 updated.
I never said Windows 7 was inherently insecure, I said it's been almost 8 years since it's release (RTM was Oct 09). The article implied the systems were insecure, but I read that as unpatched. And yes, a Win7 box that is not up to date is insecure. Same as a Win 10, Linux or Mac box that isn't kept up to date.
Re:Windows 7 is now considered old? (Score:4, Insightful)
Windows 7 is old, just not obsolete.
It's mature, not old.
As of May this year, Windows 7 has 49.5% market share, with Windows 10 only having 26.8%. If anything, that tells you that Windows 10 is immature, not that Windows 7 is old.
TFA makes absolutely no sense. If they meant MacOS 7, I can understand it. But Windows 7 is still what pretty much every business has as standard, and the 26.8% Windows 10 users being mostly home users who either gave up on the GWX barrage and installed the downgrade, or have bought a new PC where it is pre-installed.
Re: (Score:2)
Windows 7 is old, just not obsolete.
It's mature, not old.
Pretty much what I meant. However I think the article has been quoted out of context. When I read "old version of Windows" I usually read that as one that is not up to date with patches. Very few bad vulnerabilities hit with no warning. Wannacry for example, patches were out for months before that hit. Long enough for any semi-competent attempt at patch management to get it deployed to production at the very least.
Most drive-by infections can be avoided simply by keeping your OS and software up to date (
Re: (Score:2)
"The company spent an estimated six figures on new security measures, some of which were recommended by the studios."
Wow six figures. I guess they got a corporate Firewall?
Re: (Score:3)
"The company spent an estimated six figures on new security measures, some of which were recommended by the studios."
Wow six figures. I guess they got a corporate Firewall?
Six figures per year is what a security minded sysadmin costs. That's peanuts compared to what marketing and legal guys cost, and a much better investment.
Re: (Score:2)
why was a Windows 7 box exposed directly Internet
Because it was supporting a business that doesn't have extensive expertise in IT security and was unaware of the business risks that this created.
They're now aware.
I'd still like the Dark Overlord to be tracked down and invited to retain that name in jail.
Re: Windows 7 is now considered old? (Score:1)
Re: (Score:2)
This is a "social engineering" article. The intent is to change perception. In this case, the idea is that you should be on Windows 10 so that there is no ability for you to escape having your internal dialogue be monitored as well as can be done through an operating system.
In other words, the "content" of the article (what it is ostensibly about) is actually irrelevant. What is relevant is that the public's perception of Windows 7 is altered, even if just by a little. I see this a lot. There is a LOT of s
Ancient version of Windows (Score:5, Insightful)
any by ancient, they mean supported until 2020
Re: (Score:1)
Re: (Score:1)
I don't pay MS and still get updates for my Windows 7 install.
Takeaway: Blackmailers no longer reliable (Score:5, Insightful)
I actually read through the whole thing, and what I got out of it was that while paying off the ransom in the past used to result in the outcome you were paying for, you can no longer rely on that to be true.
So keep good backups and if you get hacked send the attackers the middle finger instead of bitcoin and just let them do whatever, but they can continue to do whatever fed by frozen 7-11 burritos instead of your hard-earned money.
I do think even after the ransom was paid, they should have let clients know what happened immediately... that is the other big learning point I'd hope other companies take away from this. People understand computers get hacked, they will be sympathetic towards you as long as you are very open about what happened and when and tell everyone as soon as you know.
Re: (Score:1)
If I was really lucky, it would be a group of 4 guys, one older grey haired leader dude who is a tactical genius, one crazy pilot, one huge black guy wearing tons of gold, and one con artist...
Re: (Score:2)
You just hired an undercover cop...guess what happens next?
Hint: * becomes O
Re: (Score:1)
Reminds me of the argument that double-crossers ironically are doing the most good possible in that segment of the underworld. Sure law enforcement can chase down ransomers but there are multitudes out there to replace them who think 'they won't be so stupid that they'll get caught'. And given their numbers it doesn't even matter if they are right or not.
However double-crossers what they do is destroy that sordid ecosystem. First they take down vulnerable targets before they can get ransomed and get it thro
Re:Takeaway: Blackmailers no longer reliable (Score:4, Insightful)
All good thoughts, but they weren't hit with file-encrypting ransomware, they were hit by people who illegally copied new episodes of a show and threatened to leak said shows if ransom wasn't paid.
Re: (Score:2)
Same difference really, I just put in the but about the backups in case it was the ransomware kind of attack - which it easily could have been.
Even if it's not ransomeware though, after a hack like this you have to assume that the hackers may have well inserted some content just for the LOLs. SO you'd want to either inspect it super carefully or roll back (or both).
Re: (Score:2)
No one has done anything for the LOLs, or even the lols, for 10+ years. You do it for the keks [youtube.com] these days. Do try to keep up with the kids on your lawn.
Re: (Score:1)
To the contrary; I am on the cutting edge of resurgence of the term. All things come around again in time.
Also there are no kids on the lawn because I had long ago replaced it with xeriscaping... I sit in a pocket outside time itself, and the world keeps up with me.
Re: (Score:2)
Very Zen man, very Zen.
Re: (Score:2)
So keep good backups and if you get hacked send the attackers the middle finger instead of bitcoin and just let them do whatever
Agreed. Because you have zero assurance that they'll do anything except take your money and release the data anyway.
It's not unlike when kidnappers ransom somebody, take the money, and then kill the victim.
Ancient version of Windows? (Score:3)
Re: Ancient version of Windows? (Score:1)
Spear fishing most likely. Always embarrassing to admit you gave the key to a rando.
Reminds me of this cartoon... (Score:2)
Win 7? That is all? (Score:2)
Re: (Score:2)
It's in Variety. You expect an entertainment magazine to understand and report on the technical details? They'd get them wrong anyway.
From the sounds of it, the hacker group was simply port scanning and got lucky in finding that Windows 7 box that had a hole. Once on that machine, they had complete access to the internal network.
Re: (Score:2)
It is not simply having a win7. Someone did something dumb. Click on something or opened a booby trapped file.
Re: (Score:2)
I guess MS will be going out of Business since I will never advise any of my Clients to use Windows
You just go ahead and keep thinking you drive the market. Isn't that special.
Re: (Score:2)
Windows 10 is the same codebase with just a few UI changes here and there. There might be a few new vulnerabilities, but of the vulnerabilities that are found lately most affect Windows versions as far back as XP.
Fuck Windows 10 (Score:3)
This "article" is horseshit. Windows 7 is still supported and still receiving patches, despite Microsoft's efforts. It is not ancient.
Fuck you MS, and fuck Windows 10. Windows 10 has had nearly as many vulnerabilities as Windows 7 in recent months, and far more issues with the actual patches, driver updates, and the update process.
Re: (Score:2)
Source: MS download servers, my wsyncmgr.log files, the emails MS sends me every month about the CVEs and the affected software, etc.
Re: (Score:1)
"Windows 7 is still supported and still receiving patches"
I do question the latter on a lot of win7 systems, as there seems to be a bug with the updater where at some point it just chokes and refuses to install further updates without manual installation of certain intermediate patches. I've seen this on longer-running win7 systems as well as a fresh-from-disc install, where the updater can sit overnight and still not manage to install a single patch.
Now this might not be the case with corporate hosts using
Re: (Score:2)
Windows Update on Windows 7 simply doesn't work if you don't have enough RAM. There's a hotfix for it.
Even with the hotfix and plenty of RAM, typical behavior is for Windows Update on a fresh install is to fail or just hang on "checking for updates". At that point you can shutdown the service and start it up again, or just reboot, and then check for updates again. I don't remember the last time I had to deal with it (probably around 2 years ago), but the update service eventually completes. The detectio
Re: (Score:2)
The best thing to do when you encounter such a system is to manually download and install the latest convince rollup which includes most updates up to t
Ok, probably just say you took it up the ... (Score:3, Insightful)
Re: (Score:2)
Never attribute to malice....Look, have you seen the editing on this site lately? This article is from Variety.
Re: WTF is with the Slashdot agenda pushing Window (Score:1)
Ediwhat now?
Proofreading needed (Score:1)
I had to stop reading right there..
Re: (Score:2)
Yeah, because that's what's wrong with this article.
Re: (Score:2)
No, they meant 'on premise'. It's a valid term in common usage and helps immediately in classifying IT infrastructure.
Some people shorten it to 'on prem', if you really want to twang your knicker elastic.
Post Production Studios Run Much Older Than 7 (Score:5, Interesting)
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
It's bitztream - the autism-hating, custom EpiPen-hating, Musk-hating, Qualcomm-hating Slashdot troll!
Score:-5, Pwned (Score:1)
Witness BitZtream getting pwned! [slashdot.org]
So? (Score:2)
So... (Score:2)
...someone at Microsoft's marketing department saw an opportunity here?