I actually don't think this will hurt Netflix at all. Part of the value Netflix provides is ease of use. It's just there ready to go. Maybe if you are a hardcore fan you'll download the new season but most people will just wait. Why? Because people are lazy and are willing to pay for convenience. If the hacker somehow put up all the episodes on a site and it was just one click to stream then maybe I'd go for it. But overall I'd say it might actually be a net positive for Netflix (more press!)
As long as you don't unsubscribe from Netflix they actually save money (not taking into account the minimal new subs lost due to people watching the pirated version and hence not signing up).
I doubt anyone was waiting to sign up to get non-first season of a single show, and now wouldn't sign up. Especially with the type of show where you'd be lost or at least miss half the context by not watching the earlier seasons.
At best, this person would be signing up for a month then cancelling after finishing the season, and Netflix had a one month free trial, so I'm having a hard time seeing how Netflix is materially impacted here at all.
Though it's not like it's the first season of a new show, so people who love the show likely still have Netflix or their own way of watching the show. If it was some show they've yet to release that would be potential subscribers lost maybe. Although it is no secret that people will find their ways of not paying for Netflix.
I wouldn't be surprised to see Netflix release it this week (it was supposed to be June), but you're right, piracy is about access not price, and it's still easier to access OINTB via a Netflix app than it is to torrent it
And I wonder how many TV customers are doing what I do, where I subscribe to Netflix and go months without watching it (and my in-laws do); my in-laws have a cable subscription that my wife uses to watch stuff online; I can find the stuff I want to watch through torrents.
The other thing to note is that this is an audio facility, which is usually the last, or second to last point before release. It also by default has the whole film/show in one place, which outside of finishing and distribution is quite rare.
Not necessarily post production but the security at Discovery Channel was pretty poor when I worked there. Massive open directory where everyone tossed files. Didn't want to snoop around and get in trouble but I heard from some people there it's pretty laughable. It didn't even require a login...
IANAL, but I would never leave such a comment under a nickname that is tied to my real name - you are kind of disclosing their internal security procedures or lack thereof in a public forum.
Bah it's the Internet. Someone somewhere on the internet said something that could or could not be true. Because no one ever lied on the internet for fake credibility. I think that should be suitable defense enough.
The mpaa arent technology people. Their security wants are laughable, thier audits toothless. The contracts are scary to read but that's all they are. The film/tv industry is an open book for hackers. Password remain active forever. Accounts never close. Projects are extended and moved without thought to security. The average porn production studio is more secure against hackers than the average mpaa-contracted entity. The porn studio at least turns thier machines off when not in use.
>>> "inside people" or drunk/coked producers leaving non-compliant laptops on planes.
As I said, toothless. That such practices are allowed to persist demonstrates how inept their security is. Non-compliant laptops shouldn't exist. The audits miss them. For a group that champions DRM, they cannot keep track of who has access to what within their own houses.
Sorry I should have been more clear, The people that leaked are not employees of the post house. They were people attached to the film it's self. The clients if you will.
The security drive has been exceptionally effective in london and vancouver, not sure about LA.
> “It didn’t have to be this way, Netflix,” the message said. “You’re going to lose a lot more money in all of this than what our modest offer was.”
The only money netflix could potentially lose here is the small cross section of people who only subscribe for a single month to watch this show along with people who know how to use bittorrent.
And in fact from the additional attention that Netflix has gotten from this leak I would expect that they get more new subscribers than they would have if the series wasn't leaked.
This reminds everyone that a new season is coming out. The larger the news story the more people who will watch, the more subscriptions netflix gets.
Kinda surprised netflix hasn't gone for a strategy where they post the first three episode of a series online for free and then require a subscription for the rest.
This is a criminal act, and of course I don't condone it, but at the same time I do hope that some good comes out of it - particularly with regards to the attention which all organisations given to IT security.
Most organisations wouldn't feel comfortable with:
a) Not having locks on their buildings
b) Having known-defective locks on their building
c) Not doing regular audits of the locks their using vs. what criminals can crack
d) Not having reasonable organisation-wide policies to make sure the locks are used properly and kept secure
Yet I don't think that there is quite enough attention given to IT security. It still seems like primarily a "box ticking" exercise, or a case of throwing rules and regulations at the problem which make sense at face value, but are inherently flawed.
In the US at least a lot of organizations and most homes have piss-poor locks that are a lot easier to pick than their IT security is to crack. I'm not saying you're wrong, but it's not the best analogy.
We lost the key for the bedroom window the GF seemed positively shocked when I took a small flat-headed screwdriver and 'picked' (I use quotes because it wasn't really picking since I only had to push in two places and the lock popped) it in under 90s.
A lot of security is visual deterrent and to make legal clarity in the instance of "Did you enter the room or break the lock then enter the room?" since former doesn't imply criminal intent, the latter does.
But that's commensurate with the apparent risk. You don't have someone walking up to your office or home door and trying to bump the lock every 30 seconds like you have on, say, your SSH port.
If there were as many offline crime attemptps as there were cyber crime attempts, you would definitely see more investment in physical security.
Furious agreement that locks aren't a great analogy. I'd hazard that for most organisations locks are actually to remove temptation from employees; and the quality of the lock is largely irrelevant.
A lock is only as good at stopping someone entering as the windows and doors are resistant to being removed. The advantages to locking something are:
* There is evidence that the door was forced after the event
* Very clear signaling of who is and isn't supposed to have access to a room.
Unless serious money is spent, I would expect that locks are delaying access by a matter of maybe up to hours. If IT security were that poor, the world would look different. A better analogy would be spending the money on security guards.
I locked myself out of the house one day and called a locksmith. It took him less than thirty seconds to pick the lock on my front door.
You're right about the signaling aspect, though. You can't very well pretend you didn't know you were supposed to be in a room if you had to get past a locked door to get in.
Except when organizations decide it would be too much of a security risk to give every authorized person keys/cards, or doesn't do so in a timely manner. Then the one designated key-holder is too busy/important to personally let everyone in, so the "secure" door gets propped open and/or opened in response to a knock from anyone, authorized or not. When low-level but authorized staff need access to further secure spaces, they start by tracking down someone with higher access privileges to borrow a card from. People with high-privileged access then start to reflexively toss their credentials to anyone who asks, because most of the time the request is necessary.
Super common with event venues during rehearsals and preparation (below the level of production value where there's a security desk checking IDs).
My locksmith didn't pick my lock. He asked if I wanted a show of lock picking or my door open. I said open. He turned the doorknob, held it on the stop, leaned on the door, slid in a thin plastic shim, and turned the doorknob the rest of the way.
Yeah, a total amateur can learn enough to pick the locks on most homes and padlocks with a grand total of about $3 worth of tools and an hour or two of experimentation.
Now, some businesses use better stuff - Abloy or Medeco stuff, but many still don't.
Security is sadly an afterthought because good security is expensive and the penalties or repercussions for being breached are generally inconsequential.
I'm interested in what you used to host the RDP sessions? Windows Server? A separate VM for each user? Something else? I'd like to apply that approach for my own personal uses and cloud computing but am having difficulties learning about the proper way to setup a thin-client architecture with RDP.
Doesn't even the relatively small amount of latency introduced over RDP make things like video/audio editing difficult and dealing with things like audio sync impossible?
Or were/are they doing something where the actual video/files/apps are on the local machine, but any outside access is via RDP only?
With those kind of stringent controls, how do you think they could have gotten in?
I only have experience with Visual effects, the post house that was "hacked" was an audio place.
They are much smaller, and have much less engineering staff to deal with this sort of thing.
If I was a hacker, I'd be targeting the FTP/aspera server, or the cinesync machine(its a way of showing what work you've done without having to move the data, like logmein, but colour correct, and with doodling features.)
Or they might have just walked in dressed as a runner and stole a bunch of drives.
I would tend to agree with you, especially because the season is supposed to have more than 10 episodes (13 or so).
Also, probably a very tiny fraction of people already paying for Netflix would choose to go the pirating route.
Not that I am necessarily disagreeing with your conclusion, but wouldn't Netflix be more concerned about failing to sign up non-customers who would have otherwise signed up, had it not been not for the leak?
Who would sign up just to watch the fifth season? If someone was swayed by the marketing he'd probably want to watch from season one.
We are left with a minority that has watched the first four seasons but left Netflix sometime in the last year and were planning to come before season 5 but with the leak would decide to pirate it instead.
I'm guessing the number of people who haven't yet signed up for Netflix _and_ who will download the pirate episodes _and_ were going to sign up were it not for the leak is rather small
Isn't odd that: "The Federal Bureau of Investigation learned of the episode at Larson Studios in January but did not start notifying the content companies until a month ago."?? As one other poster here noted about companies like netflix staggering their releases for more evenly distributing their content throughout the year, I can not see why the fbi would want to stagger the release of their notifications and other such "releases". Doesn't make sense.
I think the reason for Netflix to release Orange is the New Black in June is to have fresh new contents space out for the year.
Seeing how Netflix pivoting into a content creator and content provider is second (gonna be distant second because of Hulu). I think the spacing/pacing between contents is a good think for them.
Hulu is own by several production companies btw so they're eating into Netflix as a content provider.
Also Amazon and HBO is adding pressure to Netflix.
It's interesting because Netflix is always on that tight path and one misstep will cost them very big.
If they pay, it gives them more reasons to come back next year to another studio and go for another round, thus it becomes part of a yearly recurring expense every studio must account for in their balance sheets lol
> This specific breach highlights a risk posed by the weak security practices in the postproduction studios that manage the release of proprietary entertainment content. While companies like Netflix and Fox might invest in state-of-the-art cybersecurity defense technology, they must also rely on an ecosystem of postproduction vendors, ranging from mom-and-pop shops to more sophisticated outfits like Dolby and Technicolor, which may not deploy the same level of cybersecurity and threat intelligence.
I'm guessing that "they must also rely on" means that they outsource to non-union shops to cut expenses.
Audits are hardly perfect, nor are they intended to be.
One could argue that the fact that a leak of this scope and scale hasn't happened before (OITNB is just one of possibly dozens of shows leaked) is evidence supporting that the policies and audits are working.
