Lieberman Software

PRIVILEGED IDENTITY MANAGEMENT NEWS LINE
May 2011

Top of Mind

5 Ways Consumers Can Protect Against Another Sony Breach

Philip  Lieberman
President & CEO
Lieberman Software


“The shot heard ‘round the world”…  Sony has admitted that hackers broke into its PlayStation Network making off with the personal information of more than 77 million members. The breach is being called the fifth largest data breach in history, according to Datalossdb.org, and is making headlines everywhere.

So what is the impetus for the attack? According to threatpost.com, speculation is that Anonymous, a collective of hackers, targeted Sony as retaliation for the company’s legal actions against individuals who cracked content protection technology for the PS3 and other products.

My take: striking a a hornet’s nest with a baseball bat is never a good idea. Sony’s heavy-handed approach to defending its intellectual property has triggered the “nuclear option” with those that it engaged. Perhaps Sony could learn a few lessons from Microsoft in how it has handled XBOX 360 and Kinect intellectual property.

Turning my attention to the 70 plus million people whose personal information has been compromised, here are my suggestions for ways everyone can protect themselves moving forward:

1)  Don’t provide your true DOB or other personal
     information to this type of vendor (i.e. online
     games).

2)  Use a throwaway email account.

3)  Use an anonymous payment card for these
     types of online transactions; many card
     issuers provide these temporary “virtual
     account numbers” online.

4)  Use a unique password for every site.

5)  Always assume that the company gathering
     your personal information is incompetent at
     securing the data; consider what you share
     with them and how you are going to recover
     your personal identity after they lose your
     information.

The Sony breach is a clear example of what is wrong with the cloud – too much data centralized into a single point and the total lack of transparency of the internal security used to protect it. This is a clear warning that all consumers can expect their most sensitive information to be compromised due to the incompetence of those who seek to reduce costs through haphazard cloud deployments. You’ll hear more from me about cloud security in the future.

What are your recommendations for consumers and what do you think Sony’s next move should be? 

Email me at: phil@liebsoft.com. You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.

You can also read a version of this article in The Wall Street Journal.

 

Tech Tip of the Month

Securing ASP.NET Privileged Account Credentials

Did you know that Enterprise Random Password Manager (ERPM) can help continuously strengthen the security of your ASP.NET applications? Learn more.


  Follow us on Twitter!
 
What's New in Identity Week

Featured commentary on our
Identity Week blog this month includes:
  • Fallout from WordPress Root Level Attack Not as Bad as it Could Have Been. Reports that hackers gained root-level access to the servers of WordPress.com means that the popular blog publishing platform has now joined the long list of companies whose portals have been hacked. But, had it not been for a sensible IT security approach at the company, the fallout could have been a lot worse...

Events / Press / Analysts
  • Interview: Philip Lieberman, CEO and founder of Lieberman Software. InfoSecurity.com. Infosecurity’s Drew Amorosi caught up with Phil Lieberman at last month’s Infosecurity Europe show in London to discuss how security – and his company – have changed over the last decade plus, and the challenges facing the market going forward.
  • Are auditing standards a help in keeping cloud deployment safe? CloudPro. The SAS70 auditing standard for third-party providers is a massive fraud, says Phil Lieberman of the eponymous Lieberman Software. SAS 70 is widely used in the US as an indicator of the reliability of service providers and is beginning to be used in the UK – although it is early days over here and the standard doesn’t have the same degree of recognition.
  • Private information of 25 million additional Sony customers compromised. SecurityPark.net. Phil Lieberman, CEO and founder of Lieberman Software gave his viewpoint on the Sony PSN hack and how to protect yourself from similar breaches: "Taking a baseball bat to a hornet’s nest is never an advisable strategy. Sony’s strategy in defending its intellectual property was heavy handed and has triggered the “nuclear option” with those that it engaged.
  • Sony Data Breach Tally Rises to 101 Million Users. eWEEK.com. There are “no consequences” for companies that “under-invest” in security, Phil Lieberman, CEO of Lieberman Software, told eWEEK. As such, users should “always assume” that companies asking for personal information are “totally incompetent at securing the data,” Lieberman said.
  • Sony Says PlayStation Credit Card Data Was Encrypted. InformationWeek. Security experts believe that the lack of details around this announcement shows that consumers may still be at risk of this data being used by whoever hacked Sony. Word of the hack came earlier this week. "They're not certain credit card data wasn't lost," says Phil Lieberman, CEO of Lieberman Software. "The only statement they made was that credit card data was encrypted, which is a requirement of PCI." 
  • It's a Long Road to a Secure Cloud. Cloud-Strategy Magazine. When it comes to cloud computing, the security and compliance landscape is riddled with pitfalls and continues to shift. During the recent RSA Conference in San Francisco this viewpoint seemed to dominate the conversations between IT professionals, industry analysts and others who study the security industry.
  • Birth Control Problems for World Wide Cloud. IT Pro Portal. The World Wide Cloud (WWC) will have to overcome a number of challenges before it can be proper entity.  Many are predicting that the World Wide Cloud will be the next disruptive technology building on the World Wide Web. 

Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy. You are receiving this email because you have granted us permission to contact you. If you do not wish to receive email messages from Lieberman Software in the future, please click here.
Lieberman Software Corporation
1900 Avenue of the Stars, Suite 425
Los Angeles, CA  90067
                 Liebsoft.com    |    (01) 310-550-8575  |   newsletter@liebsoft.com