Headline FeedsTechNewsWorld Talkback
|
|
Re: Renegade Sysadmin Gives Up Secret Passwords to SF Mayor
Posted by: Renay San Miguel 2008-07-24 03:15:07
See Full Story
Usually, it's a mayor who hands out the key to his or her city to residents deserving special recognition. In San Francisco's case, it was Mayor Gavin Newsom who took back the key to his city's computer network from the man who held it hostage for more than a week. The only positive recognition system administrator Terry Childs is likely to get from his escapade is credit for alerting other cities to take a second look at their information technology security practices.
DTIS Disaster Recovery website
Posted by: Incompetence 2008-08-16 11:42:20 In reply to: Renay San Miguel
DTIS Disaster Recovery website, created by the City's "Enterprise Engineer" William Goldberg. The site has been publicly exposing the VPN password to and other sensitive information about the City's offsite disaster recovery network for months.
http://dtisdr.org/Lists/Announcements/DispForm.aspx?ID=35
http://dtisdr.org/Lists/Announcements/DispForm.aspx?ID=35
..."Childs may have been driven to enact his cyber-sabotage plan "...
He is not charged with any act of sabotage. City officials made statements to the effect that Childs had configured some of the routers without saved copies of the configuration. One potential problem with doing so is that the configuration would be lost if power to the unit were to be turned off. A potential problem with saving the configurations is that the routers were located in various public buildings around the city where thousands of people could gain physical access to the routers and could modify the saved configuration to bypass network security and the router would then continue to function after its security had been completely breached. The network administrator (Terry Childs) chose to configure the routers in such a way that any attempt to tamper with the configuration would result in the loss of the current configuration and the router would not continue to function as it had. At which point, it would be the duty of the network administrator (again, Terry Childs) to connect to the router and re-establish the configuration.
In short, while some city officials had portrayed this configuration as evidence of sabotage, it can also be considered evidence of a network administrator securing the routers from potential abuse and unauthorized access.
Terry Childs has not been charged with any act of sabotage. The network has functioned under his care for years and continued to function even after he was arrested.
He is not charged with any act of sabotage. City officials made statements to the effect that Childs had configured some of the routers without saved copies of the configuration. One potential problem with doing so is that the configuration would be lost if power to the unit were to be turned off. A potential problem with saving the configurations is that the routers were located in various public buildings around the city where thousands of people could gain physical access to the routers and could modify the saved configuration to bypass network security and the router would then continue to function after its security had been completely breached. The network administrator (Terry Childs) chose to configure the routers in such a way that any attempt to tamper with the configuration would result in the loss of the current configuration and the router would not continue to function as it had. At which point, it would be the duty of the network administrator (again, Terry Childs) to connect to the router and re-establish the configuration.
In short, while some city officials had portrayed this configuration as evidence of sabotage, it can also be considered evidence of a network administrator securing the routers from potential abuse and unauthorized access.
Terry Childs has not been charged with any act of sabotage. The network has functioned under his care for years and continued to function even after he was arrested.
..."Childs was jailed July 13 after he changed crucial passwords to the city's wide area network ."...
It was and had been Terry Childs job, for years, to administer the routers including setting passwords to limit access to the administrative functions of the routers. It remains to be seen who, if anyone, other than Terry Childs was actually authorized to have such access and it was part of his job, specifically, to change the passwords in the routers.
He has not been charged with changing passwords but rather with not providing a password with which DTIS managers could gain administrative access to the routers. We do not know specifically what they asked him, nor specifically what his answers were. We do know that he did answer them and that DTIS managers were (for some reason) unable to test the password while he was present and that they claim the password he supplied did not allow them the access they had sought.
It was and had been Terry Childs job, for years, to administer the routers including setting passwords to limit access to the administrative functions of the routers. It remains to be seen who, if anyone, other than Terry Childs was actually authorized to have such access and it was part of his job, specifically, to change the passwords in the routers.
He has not been charged with changing passwords but rather with not providing a password with which DTIS managers could gain administrative access to the routers. We do not know specifically what they asked him, nor specifically what his answers were. We do know that he did answer them and that DTIS managers were (for some reason) unable to test the password while he was present and that they claim the password he supplied did not allow them the access they had sought.
..."freezing the city's computer network"...
The network remained functional for normal use. The city's DTIS department claimed that they were not able to administer the routers on the network, not that the network was at any time rendered non-functional or "frozen". In addition they claimed that they chose not to reset the routers because the configuration information in some of the routers might be lost and they apparently did not know how to reconfigure them.
The network remained functional for normal use. The city's DTIS department claimed that they were not able to administer the routers on the network, not that the network was at any time rendered non-functional or "frozen". In addition they claimed that they chose not to reset the routers because the configuration information in some of the routers might be lost and they apparently did not know how to reconfigure them.
..."it was Mayor Gavin Newsom who took back the key to his city's computer network from the man who held it hostage for more than a week."...
It was actually Terry Childs who asked his attorney to offer the password to the mayor. It remains to be seen whether or not the password (which worked) is the same password Terry gave to DTIS managers on July 9th, 2008 prior to his arrest. We still don't know exactly what he was asked by DTIS, nor exactly what his response was. We do know that he did respond on July 9th to the satisfaction of SF police inspector James Ramsey who had told Childs that he would arrest him if he didn't answer. We also know that DTIS managers later claimed that they were unable to get the password to work and that they had been unable to test it during the meeting with Childs and that he had been allowed to leave.
It was actually Terry Childs who asked his attorney to offer the password to the mayor. It remains to be seen whether or not the password (which worked) is the same password Terry gave to DTIS managers on July 9th, 2008 prior to his arrest. We still don't know exactly what he was asked by DTIS, nor exactly what his response was. We do know that he did respond on July 9th to the satisfaction of SF police inspector James Ramsey who had told Childs that he would arrest him if he didn't answer. We also know that DTIS managers later claimed that they were unable to get the password to work and that they had been unable to test it during the meeting with Childs and that he had been allowed to leave.
