[aarmenaa]

Sony's network has been compromised something like a half dozen times over the last decade or so. They can't seem to secure their systems. Bad behavior aside, it's probably not a good idea to give them any sensitive information.

[rapsey]

Working in the security field it is my impression that Japan and really most asian countries in general, IT security is taken very lightly.

Case in point: https://www.washingtonpost.com/national-security/2023/08/07/...

[GuB-42]

It seems like security in general is taken lightly in Japan.

Probably because they tend to work on a honor system and are generally well behaved. I think the subconscious idea is "Why would people try to hack the system? It is wrong", because they wouldn't do it themselves, the threat is like an alien concept.

It works in a day-to-day life. In fact, it is a very pleasant experience and often one of the top things people say when you ask them what the like about Japan. But for IT security where the threat can come out of anywhere, it doesn't work.

[xwolfi]

Happening this month here in Hong Kong: https://www.thestandard.com.hk/breaking-news/section/4/20840...

[gascoigne]

What?!? You're telling me the weekly full disk virus scan that ruins 3 hours of work, the fortnightly security announcements from the poor schmuck chosen to be the security representative, and sending the password for a file in a separate email than the file.. all these don't really do much? the horror

[mnw21cam]

> sending the password for a file in a separate email than the file

Ok, I never got this one. What exactly is that supposed to achieve?

[bartekrutkowski]

Not in "another email", but can make some sense if done via "alternative communication channel". The idea is that the attacker obtaining some access to one device (let's say computer with email account containing the message with said file) doesn't have the full set of data required to open the file given password was sent with a different channel (say, text message via phone). Not the Final Word in security, but rather yet another layer of it.

[syockit]

Can't reply directly to bart because the thread is too deep, but really, they do send it another e-mail. Don't ask me what it's supposed to achieve. Purportedly, if you sent the attachment to the wrong person, then you can remove the recipient when sending the mail containing the password if you happen to realize the mistake. Well, the thing is, (1) they usually send the password e-mail right after the attachment mail, which means it is highly likely they won't check the recipient list, and (2) they don't bother to use AES256 (because other Windows Explorer won't be able to open them), so even without the password it's trivial to crack.