

The Sony Hack: Why We Know Its an Inside Job - uaygsfdbzf
http://haydenjames.io/sony-hack-inside-job

======
mschuster91
Multiple insiders have pointed out that IT security was basically not existing
at Sony, so I doubt that they had a login notifier.

Furthermore, there are a number of ways of logging in which would not trigger
such a notifier - e.g. by uploading a "webshell" and going to root from there
using su with the password. Or using passwordless sudo or bad SETUID programs
(I have seen a couple of systems with passwordless sudo, set up by REPUTABLE
companies!).

~~~
nthcolumn

      Multiple insiders have pointed out that IT security was basically not existing at Sony, so I doubt that they had a login notifier.
    

Or at haydenjames.io it would appear

Please add "PermitRootLogin no" to /etc/sshd_config and gain root access after
you login if you need it.

tsk tsk.

