0

While the full story behind San Francisco city government computer engineer Terry Childs hasn't yet come out, one thing is certain: the mainstream media is ignorant about technology.

Moreover, either the city government and prosecutors are deliberately painting things in as negative a light as possible in order to force Childs out -- as he had reportedly claimed -- or they are as ignorant as his defense team is portraying them.

This is not to condone Childs' actions; obviously, he should not have been the only one with a password to the network, and he should have given the password to his superiors when they asked him, even if he did fear what they might do to "his" network. But some of the newspaper coverage of his actions has bordered on the ridiculous.

For example, reportedly he kept the configuration information in short-term memory that might not be saved in the event of a power outage, because he wanted to keep other employees from gaining access to it. This is certainly not on the list of best practices for network administrators. However, in the hands of the local newspaper, this became evidence for a booby trap: "the ultimate revenge on his bosses, prosecutors say -- the meltdown of the city's computer network at the flick of a switch," the San Francisco Chronicle reported breathlessly.

Similarly, one of the other things Childs was criticized for was that he "had created an ability to track anyone who tried to get into the system." Eek! I would hope any network administrator worth his salt would do the same.

"Investigators say they are still worried about the [estimated 1,100] modems hidden away in locked filing cabinets in public buildings around the city." Um, where should they be? In plain sight? Do they really think the guy was so paranoid he stashed 1,100 modems around just in case he needed to break into the system? And say, maybe one could track such misuse? Perhaps by using "an ability to track anyone who tried to get into the system"?

A new director of security -- something the department obviously sorely needed -- reportedly locked herself in an office out of fear of Childs. His crime? He took her picture with his cellphone -- which his attorneys claimed was because she was going through his things and taking things that did not belong to her. The article also said he was upset that she was doing an audit of the system without having told him; apparently "people skills" weren't on her resume either.

"Childs' attorney maintains Childs is being scapegoated by incompetent officials resentful of his abilities in computer network management." It's not difficult to see how he reached that conclusion -- and it's unfortunate that in the tech-heavy Bay Area, the Chronicle didn't have a reporter capable of calling the prosecutors on some of their more outlandish claims.

2
Contributors
1
Reply
2
Views
9 Years
Discussion Span
Last Post by Major Major
0

Apparently he had recently been persuaded to keep the router configuration in flash. he then set the routers to disable password recovery as a security measure because now there was a permanent record of everything.

I don't know but I think that the punishment for the 'crime' is completely out of proportion to the act. what is he guilty of? Not giving up a password to a superior who, this is the murky bit, may or may NOT have had the clearance for it.

Is that a fireable offence? Sure. Is it a crime? not really (imo ianal).

Of course before you fire the guy make sure someone else knows the passwords. In IT these 'bottleneck' people are all over the place, the guy that really knows what the 40 000 line perl app does and where to change it. or the guy that really knows how the network is put together ans where all the sentinels and firewalls are.

Terry probably feared the opposite. Too many people knowing the password. This situation is worse than no-one knowing the admin passwords because changes are made and you don't know who did them because everyone logs in as admin (*twitches*). We had that situation where I work, there were two development teams sharing the same server and each kept changing the environment, new active perl install was the latest debacle. which completely broke the other website. That was fun. and no one wants to point to the big white elephant in the room, if only the server guys had the passwords to the box this wouldn't have happened. But since we're so short staffed we don't have time to administer all the boxes so the decision was made to give local admin to the devteams with the result that we were scrambling to figure out what had happened while SLAs were being waved in our faces.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.