[HN Gopher] Disney's Internal Slack Breached? NullBulge Leaks 1....
___________________________________________________________________
Disney's Internal Slack Breached? NullBulge Leaks 1.1 TiB of Data
Author : artninja1988
Score : 198 points
Date : 2024-07-13 18:05 UTC (4 hours ago)
(HTM) web link (hackread.com)
(TXT) w3m dump (hackread.com)
| postepowanieadm wrote:
| > leaked 1.1 TiB (1.2 TB)
|
| I don't know why but I find this funny.
| Jerrrrrrry wrote:
| Would you rather have three fingers and a thumb or seven
| fingers and a thumb?
|
| 70 million year old evolutionary technical debt rearing its
| head, yet again.
| Jerrrrrrry wrote:
| (humans have a number of fingers that isnt a base of two)
| robxorb wrote:
| Perhaps one day, we can return to the days when a KB was a KB
| and a MB was a MB. Those grand old days, when we all accepted
| kilo and mega stretch a little more for computers. Because in
| binary, base10 metric is a wee bit of a shoehorn. Just a bit.
| SoftTalker wrote:
| It all changed when "normal people" started using computers.
| 1 KB = 1024 bytes makes perfect sense except to 98% of the
| world.
| ssl-3 wrote:
| 98% of the world doesn't even know that details like this
| exist.
|
| They never have the opportunity to question the sensibility
| of one or the other.
| TheCleric wrote:
| I think it's also the SI standards pedants who can't
| imagine a kilogram might be a different context than a
| kilobyte.
| croes wrote:
| Quick, how many gibibyte are 1234567890 byte?
| ffsm8 wrote:
| Quick, how many blocks will 4096 bytes use on my storage
| device?
|
| The argument is that the base10 interval makes no sense
| with computers, because they're physically base2.
|
| You can't really have 10 without wasting 2, and that's
| why it made sense to use 1024 instead of 1000.
|
| Personally I feel the pushback against gibi/mibi/kibi
| overblown. It's ultimately better to be coherent
| everywhere and always specify everything with
| decimals/rounded over random context dependent decisions.
| But still, the original argument for 1024 made sense too.
| hn_go_brrrrr wrote:
| > Quick, how many blocks will 4096 bytes use on my
| storage device?
|
| 1 or 8, depending.
| akira2501 wrote:
| Are we doing our own ECC or are we relying on the
| controller to do it? If the controller is doing it, how
| big is that block actually?
| steve1977 wrote:
| The civilized world is also using kilometers for example.
| Kilo has its roots in Greek and literally means thousand.
| bobmcnamara wrote:
| Two kinds of countries out there. Those that use metric
| and those that have gone to the moon.
| pizza wrote:
| Let's compromise and go with kibigrams
| yyyfb wrote:
| No it all really changed when storage service manufacturers
| realized that they could market 1,000,000,000 bytes as "1
| gigabyte", to people who then saw their computer tell them
| that there was about 7% less than a gigabyte in there.
| Hikikomori wrote:
| I think that started before the gigabyte.
| Izkata wrote:
| Can't say when they started using it, but gigabyte
| external hard drives would be about when the gap got
| large enough normal people started to notice it.
| jltsiren wrote:
| It's a conflict between communications and storage. If you
| are doing data communications, you are probably dealing
| with phenomena measured in hertz. Those use SI prefixes, so
| it's natural to use them with bits as well.
|
| But if you are doing data storage, there are many natural
| power-of-two structures. Using 1024-based prefixes with
| them often leads to more convenient numbers.
| Buttons840 wrote:
| I know about 1 KB = 1024 bytes, _sometimes_. I 'm a
| computer nerd, grew up playing on computers and hacking on
| them, and I'm a programmer now.
|
| But, if someone asks me for a good explanation why 1 KB !=
| 1000 bytes, I don't have a good answer. I know about powers
| of 2, but why are powers of 2 more important than "kilo"
| meaning 1000 like it does in every other context?
|
| It's like if a kilometer wasn't 1000 meters, because of the
| way car odometers worked, or the shape of the tires or
| something. Why would technical details about a car change
| the meaning of "kilometer"?
| wizzwizz4 wrote:
| Addressing, at some point, always ends up with physical
| wires representing bits, so chips are manufactured with
| power-of-two sizes. It's like asking why we measure crude
| oil in barrels.
| Buttons840 wrote:
| Yes. I know. I've taken an architecture course in
| university, and I've completed the nand2tetris course and
| have conceptually build a computer from nand gates up. I
| ask again:
|
| > why are powers of 2 more important than "kilo" meaning
| 1000 like it does in every other context?
| wizzwizz4 wrote:
| Why are oil barrels more important than the SI units of
| volume we use in every other context?
| saagarjha wrote:
| [Insert American flag emoji here]
| Buttons840 wrote:
| I thought we were taking about SI units, their general
| meaning, and the technical details of computers. Barrels
| seem completely unrelated to those things, being neither
| a SI unit, nor having to do with computers.
|
| Like a lot of arguments, we're arguing over the
| definition of a word here ("kilobyte"), nothing more. I'm
| asking why technical details about a computer are so
| important they can override the generally understood (and
| well defined) meaning of that word.
| robxorb wrote:
| > I'm asking why technical details about a computer are
| so important they can override the generally understood
| (and well defined) meaning of that word.
|
| Because the technical details about a computer are
| important when describing its technical characteristics.
|
| In short, context matters, and we adapt the meaning of
| words by the context they're used in all the time. It's
| ordinary.
|
| In fact, it's so ordinary in this particular case, that
| all we humans did it for decades, before a weird group
| not representing the existing organic consensus came
| along and decided the terms absolutely must be changed,
| and presented us with extremely silly-sounding ones to
| replace the existing ones, that of course few adopted,
| leading to the situation we have today where the existing
| terms are used interchangably to mean both things, and
| there is now a greater ambiguity around them than existed
| before.
|
| It wasn't perfect before, but the "solution" made it
| worse.
|
| Therefore, it sucks in practice at meeting its goal, no
| matter how much sense it may make to the minority that
| thinks "gibibyte" is something anyone would ever want to
| say in public, other than in a funny voice to a dog or a
| baby.
| BHSPitMonkey wrote:
| In this analogy, it would be more like if "barrel" was a
| standardized unit of volume that everyone understood and
| used, but then in the oil industry specifically they used
| a slightly different volume and still just referred to it
| as a "barrel" because it's what they're used to.
|
| And, whenever pressed for clarification, the oil people
| admitted "yes, technically our unit should be noted as
| 'oil barrels' which are different from the normal kind,
| but we like to just say 'barrels' because it's easier".
| Izkata wrote:
| Real-world example: What weighs more, a pound of feathers
| or a pound of gold?
|
| Reflexive answer: gold (well obviously gold is heavier
| than feathers)
|
| Logical answer: neither (1 pound = 1 pound)
|
| Actual trick answer: feathers (precious metals used troy
| weights instead of the one just about everything else
| used, and 1 pound in the troy system weighs less than 1
| pound in the other one)
|
| https://en.wikipedia.org/wiki/Troy_weight
| wizzwizz4 wrote:
| That is indeed why I made the analogy.
| https://news.ycombinator.com/item?id=40956618
| tsimionescu wrote:
| It's not that powers of 2 are more important. It's that
| there will never be, for example, a RAM chip that has
| 32GB of RAM. They will have 34.36GB, which is an ugly
| number. But, they happen to have a very nice, round
| number of bytes if you look at them otherwise - they have
| 32GiB. And since these two numbers are pretty close, and
| the clean power of two one is far more natural for humans
| than the SI one in this context, it was natural to just
| call it GB.
| Buttons840 wrote:
| Does that hold up in practice though? Last I checked my
| USB drives and RAM bytes were not perfect powers of 2.
| One clear example that comes to mind is my GPU with
| approximately 12 GB of RAM. That's no power of 2.
|
| These numbers being a power of two seems pretty
| important, important enough that we redefine words to
| match powers of 2. Then, when we look at the exact number
| of bytes, it's not a power of 2.
| fragmede wrote:
| That's actually a better point than you realize because
| crude oil is another special case! Typically, the steel
| drum barrel that we're all familiar with is a 55-gallon
| (208L) drum, except that crude oil barrels are 47 gallons
| (159 L).
|
| So clearly the right thing to do here to clear up any
| confusion is to introduce the concept of computer-sized
| bytes, and metric bytes. Metric bytes would be 0.9765625
| of a regular computer byte, so 1000 MB would be 1000
| Metric Bytes, or 1024 * 0.9765625 = 1024 Bytes.
|
| Thus hard drives could be rated at 1,000 GMB, for 1,000
| giga metric bytes, which would really be a 1 TMB drive or
| 1 tera metric bytes, which is the same as 1024 giga
| regular-computer-sized-bytes, or 1024 GRCSB.
|
| Totally straightforwards and not confusing to anybody.
| Izkata wrote:
| > Totally straightforwards and not confusing to anybody.
|
| > GMB
|
| Gigamegabytes, perfectly reasonable.
| immibis wrote:
| They don't have to be.
| akira2501 wrote:
| At one point in history some machines used BCD, even for
| addressing, and there are magnetic core memory assemblies
| which have power of 10 sizes.
| mythhabit wrote:
| Because everything (except SSDs now a days) in a
| computer, on a fundamental level is either 0 or 1. So
| when you want something that maps to that, 2 to the power
| of 10 is exactly 1024 bits. Somewhere along the line,
| someone decided that accuracy of that mapping was more
| important than adherence to the exact meaning of kilo.
|
| The alternative, would have been to use something else
| than kilo, mega ect., that represented the base 2
| magnitudes. It would be awkward to say you have 8.306.688
| bytes of ram if you need to be exact.
| teaearlgraycold wrote:
| We have that alternative. KiB, MiB, etc.
| mythhabit wrote:
| We have that now. We did not for the formative years of
| the field.
| croes wrote:
| The bigger the storages get the bigger the discrepancy. 1
| pebibyte isn't 10^15 byte but more than 10% more.
| mlfreeman wrote:
| Even if we can't can we think of better names?
|
| "kibibyte" sounds like a dog treat not a unit of measurement.
| IshKebab wrote:
| I agree. I don't care how technically correct they are if I
| sound like an idiot when I'm saying it.
|
| The best I've seen is just to have the base as a subscript,
| like `kB_2` (2 is subscript) or `kB_10`. Though in practice
| I have yet to come across a situation where the difference
| a) matters and b) isn't clear from the context.
| viraptor wrote:
| You're just used to the common prefixes. Kibi is not any
| weirder than yotta, pico, or deci. They all sound silly
| if you think about it - so we just don't.
| IshKebab wrote:
| No it definitely is silly. Mebi is even worse.
| jdougan wrote:
| I always wanted to use Knuth's proposal of prefixing the
| base 2 variety with "long", analogous to tons.
|
| eg. Long Kilobytes, LKB or KKB
| Terr_ wrote:
| Another route might be inspiration from exponential math
| notation. Traditional kilo/mega/giga/tera-bytes are just 2
| to the power of 10, 20, 30, 40, etc.
|
| So perhaps a terabyte could be a "bin fourty", or a "two-
| to-fourty", etc. (Although as it linguistically relaxes
| into Tootafortie, it'll sound goofy too.)
| rvense wrote:
| I've honestly never been in a situation where I actually
| cared about the difference. Just nerd pedantry.
| shakow wrote:
| I remember in the 90's we used the prefix case to
| differentiate between SI (kB) and powers of 1024 (KB). Not
| sure how widespread it was though; no Internet to poll at the
| time :)
| fhars wrote:
| Yeah, the innumeracy is strong in that one.
| Tokkemon wrote:
| Alex has us covered:
| https://www.youtube.com/watch?v=TCTWyNstpD0&t=55s
| qup wrote:
| The built in video player on Reddit will say 2:21 in the
| preview, then the video will be 2:22 long
| 1231232131231 wrote:
| I wonder why there are so few articles considering this happened
| last night. Also, it's sad how the "insider" (who probably was
| hacked/RATed) had his SSN and other info leaked :/
| SoftTalker wrote:
| Again highlighting the unrecognized liability companies are
| taking on by logging every scrap of internal communication, no
| matter how informal or ill-conceived it may be.
| KerrAvon wrote:
| In a very large company like Disney there are often legal data
| retention requirements from ongoing litigation, which means
| Corporate Slack might be more complicated than the AT&T
| customer data breach.
| Zondartul wrote:
| With how big and aggressive Disney is I'd expect it to be
| under ongoing litigation 24/7/365.
| 05 wrote:
| Proper logging for retention would surely involve a point
| where you encrypt the data with a temporary key and then
| encrypt that key with the public key and only your top brass
| would have access to the HSM that could decrypt that blob..
| nyrikki wrote:
| Retention doesn't require it to be online.
|
| A tape sitting in Iron mountain would have a smaller attack
| surface and be compliant.
|
| Potentially this breach will allow litigation that was
| financially infeesable for some people.
|
| As a former WDIG employee I am not even suggesting anything
| concrete or that I have any knowledge of unlawful activity.
|
| But as someone who also worked in the electronic evidence
| discovery field, the cost of blind discovery has a chilling
| effect on lawsuits.
|
| Now that targeted discovery is possible, it will be within
| the budgets of more potential cases.
|
| The forever retention was a marketing differentiator for
| Slack, so this type of events were a risk you have to accept.
|
| But all about convenience and not compliance.
| 42lux wrote:
| With how many people in this thread don't see the problem
| with keeping all data always hot... we are fucked.
| xyst wrote:
| It may be a requirement or law depending on where the company
| does business.
|
| For example, the financial companies I used to work for had a
| "standard practice" of archiving all e-mails and internal chats
| for 7-8 years. Not sure if phone calls on company equipment
| were recorded or retained though (may be a YMMV case).
|
| This is why I separate work and personal assets. I never do
| work on personal devices nor do I use work devices for personal
| activities (ie, social media, e-commerce, shit posting). Also
| if I'm shit talking the boss's boss. It's never using work
| devices.
|
| Have been asked a few times to use personal devices for work
| but absolutely refused. I would be asked to install their
| invasive spyware and root kits so they can abide by their
| draconian corporate policies. So far, they haven't forced me
| otherwise I would have quit those companies long ago.
| exe34 wrote:
| or you buy a shitty phone for the company crapware and leave
| it at your desk when you go home.
| mwilliaams wrote:
| The company should pay for that phone
| talldatethrow wrote:
| Oh yes, just like a company pays for the boots a concrete
| layer buys or the tool belt a carpenter buys.
| ehPReth wrote:
| in some cases they do! a friend worked for a labour
| intensive job (X days on, Y days off) and they have a
| yearly use-it-or-lose-it allowance that he was allowed to
| claim expenses against for things like boots, jackets,
| safety gear, etc
| fragmede wrote:
| who keeps the boots if they lose the job?
| ehPReth wrote:
| the (former) employee keeps them (i imagine for a myriad
| of reasons like hygiene and various overheads it would
| take to track such)
|
| things like tools (wrenches, drills, bits, etc) are
| separately supplied by the company per department/work
| area (sort of like hot desking in the office world) and
| stay with the company at all times
| SoftTalker wrote:
| Does your company pay for the suit you have to wear to
| the office?
| JoshTriplett wrote:
| If your company _mandates_ wearing a suit, specifically,
| then they should.
| ben_w wrote:
| Who wears suits these days? I've only even interviewed at
| one place with so much as a dress code (Lockheed Martin,
| industrial year student 20 years ago, the Havant office
| is _ridiculously_ close to my parent 's house at the
| time, I didn't get the job anyway).
| bobmcnamara wrote:
| They paid for my labcoat, yes. Another paid for my chaps.
| beAbU wrote:
| Most of the rest of the western world where there is
| decent employee protections there is usually a clause in
| the local version of the Basic Conditions of Employment
| act that reads something like:
|
| "The employer shall provide the employee with all
| resources and materials necesary to complete the Work for
| which they have been employed."
| josho wrote:
| I've learned that's what's the law and what's done in
| practice are often quite different.
|
| Eg. A tool belt may not be necessary to get your job
| done, so the company won't provide one. However it may
| make the work experience a 100x better, so everyone is
| likely to have personally bought their own.
|
| Yes, we need better laws and better enforcement. For some
| reason the modern conservative movement detests anything
| like this somehow suggesting this is in the employee's
| interest because they now have more freedom.
| RobRivera wrote:
| The finance firm i worked for paid for my blackberry.
| mulmen wrote:
| How far do we take this? As an engineer should I be on
| the hook for the AWS bill?
| viraptor wrote:
| Requirement to log doesn't mean the record has to be in
| online storage though. It could easily get rotated into cold
| storage every month with only a unique offline password
| granting you access.
| JumpCrisscross wrote:
| > _Requirement to log doesn 't mean the record has to be in
| online_
|
| Banks are (or were) required, in America, to use write-once
| offline media for records [1].
|
| [1] https://en.m.wikipedia.org/wiki/Write_once_read_many
| idrios wrote:
| I think the word "easily" is carrying a lot weight here --
| for a company the size of Disney, keeping all internal
| communication records in secure offline storage sounds
| pretty hard from both a technical and operational
| standpoint. Certainly doable, but I doubt it'd ever happen
| unless it were required by law
| SilasX wrote:
| I guarantee you that large-cap, highly scrutinized public
| companies comply with much harder regulations and
| internal controls than this.
| viraptor wrote:
| There are various levels of offline. For example you can
| have an S3 bucket with write-only access. No, it's not
| perfectly offline. But it's isolated from both
| vulnerabilities and from hacked employees, which covers
| most common types of breaches. You can solve 99% of the
| offline storage features without having an actual
| physical location with tapes.
| KennyBlanken wrote:
| Setting (formally or informally) corporate policies which
| destroy or even prevent the creation of a record of internal
| communications, regardless of how formal those communications
| may be - is very well illegal depending on a variety of
| factors.
|
| The shining poster boy for this would be Google, who told staff
| to disable logging when discussing sensitive topics:
|
| https://www.techspot.com/news/102874-doj-alleges-google-dest...
|
| They also told employees to never use certain keywords, so that
| records of conversations would not be found by legal teams
| using search tools, but also they wouldn't be shown talking
| like monopolists:
|
| https://arstechnica.com/tech-policy/2023/09/google-hid-evide...
| SoftTalker wrote:
| Right, but not using Slack at all would not violate any laws.
| At least today, conversations at the water cooler or in the
| lunchroom are not required to be recorded.
| JumpCrisscross wrote:
| > _the unrecognized liability companies are taking on by
| logging every scrap of internal communication_
|
| Do any large companies not delete everything at the first
| opportunity?
| houseplant wrote:
| no, of course not. Especially not disney. they need every
| shred of everything, for liability's sake. If someone brings
| something to HR, they need to be able to tamp it down. They
| keep receipts of everything, all the time.
|
| I know a lot of these types of entertainment companies employ
| things like keyloggers or remote screen viewers in case an
| employee is working on a writing project or drawing/painting
| a picture during their lunch hour, because if they are,
| everything they make, write, sketch or even jot down belongs
| to disney exclusively... and if they, say, bring that script
| to prospective publishers outside the company a year later,
| or try to sell a print of the artwork they created, they can
| intervene and stop you.
|
| if you take a shit in their staff bathrooms, that turd
| belongs to them too.
| pylua wrote:
| Is it even legal to view that data ?
| falcor84 wrote:
| Why would it not be? What data is it illegal to view? Other
| than perhaps CSAM, which I would strongly hope Disney don't
| host on their Slack.
| aflag wrote:
| You just gave an example. There are loads of classified
| information out there. Though Disney will probably not be
| able to sue you for just reading the data necessarily, doing
| so is a big liability if you're a competitor or work for a
| competitor.
| pylua wrote:
| I don't know why it would be illegal, but it feels skeevy.
| Besides, Disney has a a good legal team -- I wouldn't be
| surprised if they could find a reason.
| falcor84 wrote:
| I'm not a lawyer, but I would assume that good lawyers
| would advise their clients against suing random people on
| the internet.
| kelseyfrog wrote:
| Viewing the data necessary copies it. The data is of course,
| all Disney IP in the sense that all employee output is the
| employers intellectual property. Copying Disney IP hasn't
| historically worked out for folks.
| contravariant wrote:
| I never liked that interpretation of copyright much.
| Clearly the person _publishing_ the data ought to be the
| one liable, if someone obtains the data they should be
| allowed to do whatever they want with it in private.
|
| I think at least some legal systems agree with my
| interpretation, but the U.S. is insane.
| wilg wrote:
| It's not publishright, it's copyright.
| houseplant wrote:
| every piece of writing, every sketch and illustration, and a
| lot of discussions about the process or development of
| shows/films/books/games/etc are copyrighted and under NDA.
|
| Have you ever worked in entertainment?
| falcor84 wrote:
| I have not worked at entertainment, so maybe that's the
| reason why I don't understand how an NDA could affect my
| ability to read something someone else wrote.
| raphman wrote:
| Train an LLM on it...
| pylua wrote:
| If someone did that, it would be copyright? As the consumer
| of the llm, would that breach copyright
| 486sx33 wrote:
| Seems like slack has a problem
|
| Maybe a dumping tool that uses a stolen api key? Rate limiting
| and monitoring on slack's part could help...
| kjkjadksj wrote:
| Hardly slacks fault. With so many clients and so much money
| behind that, theres such a big target on their back that
| shoring up defenses is fundamentally impossible. It's probably
| best to just consider such services from such large providers
| as already compromised, and keep sensitive data off them
| entirely.
| prng2021 wrote:
| Whether you're talking about enterprise file storage, email, or
| chat messaging software, they all have APIs and/or admin user
| interface to allow retrieving any and all data to support
| eDiscovery.
| scherlock wrote:
| All their APIs are rate limited. Disney would have a Grid and
| with Grids you get data dumps. The feature is normally used for
| litigation and you need pretty high admin access to get a dump.
| They either found an exploit or they compromised an Admins
| account.
| johndhi wrote:
| Can someone explain why hackers dump the files publicly rather
| than just tell the victim they got access? What's the point?
| beeboobaa3 wrote:
| techno-anarchism
| thegrim33 wrote:
| If you read the article, the answer to your question is in the
| fourth sentence. There's even an entire section under the
| headline "Who, Why, and How" that goes into motives.
| walterbell wrote:
| https://www.csoonline.com/article/565048/what-hackers-do-the...
| Financial motivations Nation-state sponsored/cyberwarfare
| Corporate espionage Hackivists Resource theft
| Gamer issues Financial theft and nation-state
| attacks are easily the largest portion of cybercrime. Decades
| ago, the lone, solitary youth hacker powered by junk food was
| an adequate representation of the average hacker. They were
| interested in showing themselves and others that they could
| hack something or create interesting malware. Rarely did they
| do real harm. Today, most hackers belong to
| professional groups, which are motivated by taking something of
| value, and often causing significant harm. The malware they use
| is designed to be covert as possible and to take as much of
| something of value as is possible before discovery.
| guerrilla wrote:
| You missed non-state political motivations. There are plenty
| of revolutionaries and so-called terrorists around.
|
| It appears that this is actually the case here, as it's
| supposedly about artist's rights.
| vondur wrote:
| Some people just like to watch the world burn?
| rexpop wrote:
| Disney is a cultural slash-and-burn enterprise, themselves.
| kjkjadksj wrote:
| Maybe they shorted the stock.
| KennyBlanken wrote:
| The motto of the group that leaked it is "A hacktivist group
| protecting artists' rights and ensuring fair compensation for
| their work", so my guess is that they're trying to give the
| press and researchers a look at what goes into the sausage,
| because the industry abuses the hell out of creative talent.
|
| One question is whether there is one massive slack, or multiple
| different ones. I'd certainly hope that sensitive stuff is
| limited to a separate slack, for extra insulation.
|
| They mention a name, and a google search shows that person
| works in Disney IT, so maybe their credentials were leaked and
| they had admin access to the slack. In that case, relying on
| slack permissions to limit the scope of a breach isn't really
| going to work.
| soupbowl wrote:
| Disney pissed off a lot of fans of marvel, starwars and most
| IPs they recently bought. The hackers dump the files publicly
| to be mined to shaming Disney. Maybe...
| karaterobot wrote:
| They should learn opsec from the Disney Vault.
| linuxdude314 wrote:
| As someone who literally used to own the digital version of the
| Disney vault I find this leak highly unlikely what it is
| claimed to be.
|
| Disney doesn't just use one Slack instance across the whole
| company and everyone knows to not put pre-release content on my
| public platforms.
|
| Maybe they compromised an instance owned by DTSS (Disneys
| centralized IT entity), but this would have little to do with
| Disney Studios like they imply.
|
| Its pretty standard in the industry to only store pre-release
| content on airgapped systems.
| doctorpangloss wrote:
| I don't know, the Sony hacks were pretty comprehensive. Why
| not Disney? Because of some aspirations about imagineers and
| giant corporations or whatever? They aren't software
| specialists. The software they sold to other people, like
| their games business, was kind of a disaster. They don't
| compete on software.
|
| > Its pretty standard in the industry to only store pre-
| release content on airgapped systems.
|
| Unreleased narrative content isn't actually valuable, so
| nobody actually cares. I mean of course they _say_ it 's
| valuable. But there are aspects of value that are objective,
| and I am saying objectively, not in some aspirational sense,
| it's not valuable. And anyway, surely, how did such pre-
| release content get on such airgapped systems? They have tens
| of thousands of vendors, and those people talk, and they have
| ordinary desktop computers. They make mistakes all the time.
| It doesn't really matter.
|
| Their business communications are valuable. So people hacked
| that.
|
| I understand there is a lot of gestural, performative
| security measures in the industry, I belong to it. At the end
| of the day, Disney (Hollywood) asks too much from IT for too
| little money, does not attract talent comparable to a middle-
| of-the-road Series A startup in San Francisco, and is led by
| people who don't value technology (on average).
| v3ss0n wrote:
| Thats for Ruining MCU!
| slowhadoken wrote:
| The spin from Disney is going to be entertaining.
| egypturnash wrote:
| I can't stop giggling at this group's name.
| roxy9006 wrote:
| Any news on the contents in terms of unreleased films?
| lopkeny12ko wrote:
| I don't understand the situation with the insider (Matthew J Van
| Andel). Is the implication that he was originally collaborating
| with the hackers to give them access, then regretted doing so and
| decided to cut off their access, and the hackers retaliated by
| doxxing him?
| omgwtfusb wrote:
| this video alleges that it might've been because he downloaded
| an infected mod for a game: https://youtu.be/ZGScvWIyw2E
|
| Not sure why they would dox him, maybe to throw him under the
| bus after he found out he got pwned and cut them off?
| drexlspivey wrote:
| I'd like to know if that's really how Kathleen Kennedy eats her
| Linguini.
| hd4 wrote:
| Anecdotally it feels like there has been an uptick in these high-
| profile hacks recently, maybe a result of more security people
| being laid off as a result of companies thinking they would
| replace everyone with AI?
| sva_ wrote:
| Perhaps even hybrid warfare
| layer8 wrote:
| If AI is a factor at all, then more likely on the hackers'
| side.
| christkv wrote:
| Disney seems to be just shooting themselves in the foot over and
| over again recently.
|
| It will be interesting to see what happens here. Information that
| leaks could actually impact share price.
| shrubble wrote:
| Considering the social and political controversies that Disney is
| unvolved in, I would expect a lot of scrutiny of the contents of
| this link.
| indus wrote:
| Dark side of API-based access to everything on SaaS where
| companies have no control.
|
| I can't guard the front door effectively.
|
| Nor, I can easily guard the back doors.
|
| Will data breaches like these: AT&T, Ticketmaster, and now Disney
| ---a nail in Security coffins for SaaS?
___________________________________________________________________
(page generated 2024-07-13 23:00 UTC)