Thu, 31 Jul 2008
More SF "Hacker" Stuff
Infoworld continues to have the best information on the Terry Childs case (new article)
(page 3) entering the VPN information into the court records made them public -- the San Francisco district attorney's office committed a significant security breach, opening up VPN access to anyone who cared to look at the document. Although the passwords alone were not enough to provide complete access to the city networks, they did constitute one part of the VPN's two-phase authentication configuration.And then later on the same page:
Nearly two days after the DA's office divulged these passwords to the public, DTIS changed all the passwords, locking everyone out of the city VPN services until they had reconfigured their client to the new passwords. Ironically, this was the first time the city network failed since Childs' arrest.
Also, until these court filings on the bail issue, the city had claimed it could not access the FiberWAN network's devices. But four days before that bail hearing, the city claimed it had scheduled a power outage at the 1 Market Street datacenter. That power outage would have affected routers and switches running the FiberWAN network. In the court filing four days later, the city contended that Childs had "booby-trapped" the network to collapse during this power outage by not writing the device configurations to flash on some number of routers. A local news report stated that "experts caught the problem in time and transferred data to permanent files, [Assistant DA Conrad] del Rosario said."
This statement contradicts the city's stance that it had no access to these routers, as there is no way it could have written those configurations to flash, or save them anywhere, on July 19 if it could not access the devices. By the city's own admission, it did not have that access until after midnight on July 21, two days after this shutdown was scheduled. Wow. The article is pretty good and has more info like the notion that it's possible that the city has undermined it's own case-- it's obvious they've overstated the danger. . .Throughout the court documents, the city offers very little of technical substance relative to Childs' actions. To those unfamiliar with the intricacies of network architecture and administration, many of their claims would seem to be clear evidence of wrongdoing, but in reality, are common practice in networks the world over.SF is the loser in this whole mess.
31 Jul 15:34 | /rants_and_raves | 0 comment(s)
Trackback
TrackBack ping me at:
http://www.kenneths.org/flog/rants_and_raves/sftech5.orlytrackback
