
Phishing Site Found on a Sony Server - ot
http://www.f-secure.com/weblog/archives/00002160.html
======
patio11
Much of the Fortune 500 is one intern away from this happening. They have
large web surface areas. Say you're a large bank, not like a Bank of Canada,
but a bank kind of like that. You operate in a hundred different lines of
business. Some twenty-something guy with a degree in business in your wealth
management group figures out that it takes six months to get a new site spun
up through IT versus like ten minutes to upload Wordpress on one of the
servers that they had lying around from a promotion two years ago.

Two weeks later, foo.notbankofcanada.com now hosts a phishing site.

~~~
cube13
This is entirely IT's fault, though. Why did they allow a rogue server on to
the production farm in the first place? Why did the idiot have access to them?

While the blame should still be entirely on the idiot, it's still IT's job to
make sure that the production environment is secure and functioning. They
should have as much control of the environment as possible to ensure that they
can ensure that. If they are unable to do that, then they are simply not doing
their job right, and should be pushing management for more resources or
training.

~~~
patio11
Without addressing whose fault it is, let's just say that in the last ten
years _one hundred thousand different people_ have worked for Bank of Not
Canada. They run the spectrum from "Could give talks at Black Hat" to "Could
possibly be allowed to put on a hat without killing themselves, if carefully
supervised at all stages of haberdashery."

All it takes is one guy screwing up one decision on his worst day six years
ago.

~~~
pacaro
I agree entirely, and I like your spectrum, however...

"A haberdasher is a person who sells small articles for sewing, such as
buttons, ribbons, zips, and other notions" [1]

A hatmaker is a "milliner".

I know that these two ancient and noble professions are frequently confused in
modern English speech, but it's rather like saying "designer" when you mean
"developer"...

[1] <http://en.wikipedia.org/wiki/Haberdasher>

------
eof
I am so glad I am not upper management at Sony right now... heads must be
rolling.

Regardless of whether or not Sony can make it out of all this intact and
actually fix the underlying problems in both their architecture and
philosophy; I think companies will forever take user-privacy and user-rights a
bit more seriously.

~~~
yalogin
Well this level of incompetence cannot just be blamed on the upper management.
It looks very bad for the devs and IT people at Sony too.

~~~
DrJokepu
It can always be blamed on upper management. It's ultimately their
responsibility to ensure that the company is employing competent people.

~~~
mirkules
My former manager told me once: "When my employees do a good job, it is their
success. When my employees do a bad job, it's my failure."

~~~
owenmarshall
The world needs more managers like that.

------
grandalf
I realized the other day that once about 10 years ago I got a Sony Vaio
laptop. It was horribly designed garbage. It's no surprise that Sony is having
all these security problems considering how sloppy the engineering was on the
Vaio.

~~~
monochromatic
Sure, that makes lots of sense. If they're bad at one thing, they're probably
bad at another, totally unrelated, thing.

~~~
danilocampos
I feel as though you're being sarcastic but I'm not sure I understand why.
Profound organizational mediocrity is very rarely confined to a single scope
of operations, in my experience.

~~~
aorozco
That's ad hominem. (Or "ad _companem_ "?)

~~~
maw
I think I'd go with _ad negotium_. Otherwise, I agree.

