[Prev][Next][Index][Thread]
Re: Perl Co-inventor Convicted
Sean Donelan (sean@sdg.dra.com) wrote:
: In article <3vj0pp$h9c@pith.uoregon.edu>, bmoore@cie-2.uoregon.edu (Zump) writes:
: > And, of course, as a contracted admin at Intel it was Randal's JOB to
: > check security. He demonstrated quite well the 'web of trust' concepts
: > that SATAN guesses at.
: Well, I would be a tad upset if I discovered a security guard I had
: hired was picking locks on the building he was supposed to be guarding.
: However, I think it is a bit extreme to claim any "damages" include the
: money and time I spent on replacing the locks on the building with "unpickable"
: locks after I fired the security guard.
Being a sysop of a network of computers that is part of a larger
network of computers puts the burdon on you that you shouldn't close
your eyes for the holes in other "nearby" systems.
If I were a sysop, I'd be rather mad when a co-sysop didn't inform me
of a gaping hole in my system. Sure it's my responsibility, but two can
find more than one. Moreover some people are very good at user-problem-
solving, while others are more gifted in finding security holes.
Promote team work, so that the whole works better than the parts.
A sysop here told "the world" that he would "strangle with his own hands"
anybody cracking his systems. Just about at the time that I was walking
over to him to tell him that his system was wide open for the world.
His statement frightened me to keeping the information to myself.
This is not the right deterrent. He should've added an export list
to his /etc/exports file. He shouldn't have left his system open for
a year longer. Who knows who gained access (unnoticed) through this
easily remedied configuration problem?
As I read the Randal Schwartz description of what happened it seems to
me that he did exaclty what I'd have done. The fact that everything
was done overtly, which is not denied by Intel, proves to me that he
seriously didn't want to get into any other system unnoticed.
Anything, like "crack running on a machine at his home",
"crack running under executable name 'spice'" or "a log of him logging
into the cracked accounts (and thus possibly browsing files)" would
make me more suspicious.
If I were a sysop or manager at the intel site I'd make sure that he'd
get a warning: "good work. Thanks. But don't hesitate again in informing
the proper authorities when next time you find holes".
The Email gateway he installed seems to be a dispute about "explaining"
the formal rules. As a sysop you are responsible for implementing at
least some of them. Mistakes are human. Interpreting an English text
differently from someone else wouldn't even classify as a mistake in
my opinion. This is so very common.
If the difference of opinion is large enough Intel might conclude
"well if we give him some simple rules, he interprets them so radically
different from what we intended, that we don't feel we can work with
him any longer." I think this is too harsh a conclusion.
Off course, in the current situation I can understand that Randal is
sufficiently pissed at Intel, to no longer want to work there. Similarly
being Intel I wouldn't want to have someone who possibly might be pissed
working on the inside. Not that it matters much. If sufficiently
motivated any network, even if correctly firewalled, is penetratable.
Especially for someone who is knowledgable of how some of the internals
work.
Roger Wolff
-- Software specialist
-- Replacing Sysop
-- Always security conscious.
--
* legal notice: Microsoft Network is prohibited from redistributing this *
* work in any form, in whole or in part without a license. License to *
* distribute this work is available to Microsoft at $499. Transmission *
* without permission constitutes an agreement to these terms. *
*------------------------------------ Modified from Felix von Leitner ---*
** EMail: R.E.Wolff@et.tudelft.nl ** Tel +31-15-783643 or +31-15-137459 **
*** <a href="http://einstein.et.tudelft.nl/~wolff/">my own homepage</a> ***
References: