Monday, July 28, 2008

Lawyers - a security threat?

Seems so, at least if they work for San Francisco.
San Francisco prosecutors have put the city's network at further risk by placing access passwords and usernames on the public record as part of their case against Terry Childs, the sysadmin alleged to have hijacked the city's wide area network.
Sheesh. When they let a "Rogue system administrator" basically shut down their network? Seems he was the only one who knew the password.
Meanwhile his former bosses were unable to access San Francisco's new multimillion-dollar FiberWAN (Wide Area Network). The network provides access to confidential databases including payroll files and law enforcement documents.

Childs allegedly created a password that gave him exclusive access to the system. Pass codes he gave to police failed to work.
So, what have we learned? If you hire jerks who won't tell you the passwords, you're screwed. If you hire lawyers who blab all the passwords over the internet, you're screwed.

The common theme? You've got no steenkin' security.

Got to love the PR flacks, tho:
After initially declining to comment, a spokeswoman for the DA's office said that "the court files have been amended".
I'll bet they have.

No comments: