[Update] Security Lesson – Sony PlayStation Breach

Weeks later, Sony still in trouble: Read Sony yet to fully secure its networks: expert | Reuters



For the past week, rumors about a potential breach of all customer information in the vast online PlayStation world has turned from ‘maybe’ to the worst possible situation. Read the Krebs On Security report for details: 

Millions of Passwords, Credit Card Numbers at Risk in Breach of Sony Playstation Network — Krebs on Security

While not directly associated with digital cinema, it shows the extent that hackers are able to cleverly exploit nuances of sophisticated code that even the largest corporations attempt to keep secure. One of the basic rules of encryption is that anyone can create a secure system that they themselves can’t breach.

One of the strengths of Open Source software is that a world community is able to research code to find and fix problems. This is the path that DCI and SMPTE tried to follow, using international standards such as AES and ___ for the packaging, transport and playout, to protect the intellectual property that we are all given to play to our customers.

It appears that the transition from PlayStation 2 to PlayStation 3 allowed some glitches into the code. These were apparently discovered when hackers worked to allow PlayStation 2 users to enter the online system that had cut them off. Code in the PlayStation 3 developers kit provided the tools. Where Sony didn’t use enough outside help to give oversight by “White Hat Hackers”, “Black Hat Hackers filled the gap. Now, only as an after thought post-catastrophe, outside help is being asked to help secure a newly designed system.

This is relevant to the DCienma world as we transfer from Series I to Series II projectors, external to internal media blocks (IMBs to the cognoscente) and maintaining InterOp format deliver while transferring to SMPTE compliant formats and equipment. 

The lesson is: Learn more. Pay Attention. The other basic rule of security is Constant Vigilance, which requires a trained staff from top to bottom. That includes corporate executives, local management, chief techs, chief projectionist and each person in the stream who touches a security key.

Good luck to us all. The studio personnel are not the top of this chain. The artists, the producers, the writers and their lawyers are the top of the chain who are trusting us to keep their materials secure. As a professional in the industry, don’t let your name be on the list of defendants in a lawsuit for breach of duty.

Leave a Reply