[Spktyr]

This aspect of the Sony fail hack doesn't seem to have gotten a lot of coverage.

Also, amusing picture of an apparently very upset Angelina Jolie with the idiot Sony executive lady whose liberal hypocrisy in emails has been exposed at the source link.

[Gene Eric]

>> Ironically, the security evaluation was released in the hack group’s last data dump.

Ironic.

[Travis McGee]

Michael Lynton's password was sonyml3.

http://www.newsfactor.com/news/Sony--A-Studio-Ripe-for-Hacking/story.xhtml?story_id=103003JX4B3L

The stolen files expose lax Internet security practices inside Sony such as pasting passwords into emails, using easy-to-guess passwords and failing to encrypt especially sensitive materials such as confidential salary and revenue figures, strategic plans and medical information about some employees. Experts say such haphazard practices are common across corporate America.

"Most people who say they're not doing that are lying," said Jon Callas, co-founder and chief technology officer for Silent Circle Inc., a global encrypted-communications service.

The emails show CEO Michael Lynton routinely received copies of his passwords in unsecure emails for his and his family's mail, banking, travel and shopping accounts, from his executive assistant, David Diamond. Other emails included photocopies of U.S. passports and driver's licenses and attachments with banking statements. The stolen files made clear that Diamond was deeply trusted to remember passwords for Lynton and his family and provide them whenever needed.

[Bob]

So, the Republicans pulled off this hack??? :=)

[ImJustAnotherOkie]

How ironic. Management always wants to be “On the Line”. It’s free!!! Well it ain’t free. Anyone here think management will get the message?

[usconservative]

Months before the hacker intrusion on Sony Pictures' network, analyst firm PricewaterhouseCoopers (PWC) performed an analysis on the company's security, and found it lacking. More than 100 devices were found to be unmonitored by corporate security following an incomplete transition from a private security firm to an in-house team. As a result, any Sony response to network intrusion would be, in the words of the auditors, "slow, fragmented, and incomplete, if it would even happen at all." However, corrective actions proposed by PWC seemingly went undone, which left the doors to the company open, sometimes literally, facilitating the attack.

Said on another thread that I'd bet the farm that Sony's internal Computer Information Systems Security/Data Security was woefully lacking/practically non-existant. Honestly it didn't take much to make that statement and know it's true.

BTW: PWC has an EXCELLENT Information Security Audit team and they literally find EVERYTHING that can possibly go wrong up to and including something as simple and basic as having a written InfoSec security policy.

Any actor or ANYONE for that matter who works for Sony and has had their personally identifiable information (PII) exposed should sue the living daylights out of Sony, and at this point Sony truly deserves to go out of business.

[SengirV]

This aspect of the Sony fail hack doesn't seem to have gotten a lot of coverage.

Of course it hasn't. Because the same thing could be said of just about every company in the US. If the media points their finger at Sony, they will also be setting themselves up for criticism. Do not expect this to be touted at all.

The simple truth is that this could happen to any and all companies.