Is it Just Me, Or Is Our Mainframe Missing?
xnuandax writes "Here's a salient lesson for those system security personnel who spend their time fretting over the theoretical crack-ability of their 1024 bit encryption keys. Australian Customs have recently suffered a rather unfortunate set back in their "War Against Terror" with the admission that two of their secure mainframe servers have been wheeled out of the building by persons unknown. I'll bet my $2 that the root password on those boxes was 'trustno1'."
... when you don't do retinal scans on pizza delivery people.
*starts looking for cheap parts on ebay*
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
Isn't that how they always did it on Josie and the Pussycats cartoon? They'd dress up as "computer repairmen" and then wheel the computer out the door, which would then infuriate the bad guy and they'd have the chase scene set to a song.
I kept saying that's how I'd get my SGI Onyx that way, but it never seemed to work out. Anybody that steals a mainframe is either looking to part it out and sell it on Ebay, or they are going to melt it down for the valuable metals.
If telephones are outlawed, then only outlaws will have telephones.
The men, described as being of Pakistani-Indian-Arabic appearance
Thats PC for terrorist isnt it ?
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
Like for ages IBM's mainframes has a standard privileged technician account with the password "musigate", very useful when some BOFH expired my accounts. Ooops, you mean it's still musigate now?
Ceci n'est pas une signature
Sysadmin: "HA! I have patched all my software, yelled at all the users with weak passwords, locked down every possible port and continously monitor the allowed ones, and with this keystroke I will enable UNBREAKABLE encryption on every critical data file!"
*slams hand down to hit Enter key*
*hits bare desk*
...
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
In the last 24 months:
:-)
Afganistan: Australia's Special Air Service was there, saved a few yanks in a downed helicopter. The American soldiers seemed to thing these Aussies were all right.
Iraq: Australia sent 3 boats and about 2000 special forces personell. Did a lot of (if not all of) the ground based reconisance, plus about half the search and rescue missions.
East Timor: Liberated the poor little country from the Indonesians and wiped out the resistance. Free elections were held for the first time.
Indonesia: Sent Federal Police over who "helped" with the investigation into the recent Bali Bombing.
North Korea: We'll Be There!
Iran: Be a walk in the park!
Saudi Arabia: Hey, we all like cheap petrol!
Plus there's the fact we're all reasonably well off here in Aus, excellent education and health systems, great democratic political system, fair moral sense.
So you can see there's a few reasons the terrorists might not like us, although, if they do come here, we can easily melt their hearts with our koala bears, or melt their skin with our radiant sun
It was the just RIAA removing a couple of infringing servers
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
The fastest way to look like someone important: Carry a clipboard.
Really? Then what the hell were they for?
They say
"They would have personal internal email accounts, probably the passwords for those accounts, and any information harboured within them.
hmm. 'personal email' sounds like personal information, and probably business and security related too. But then say:
The Australian Customs Service has admitted the security blunder, but told customs officers in an email that no sensitive operational information was lost.
So I guess they're just using their mainframes to advertise penis enlargement pills
"Customs officers use the accounts to communicate volumes of sensitive operational material and intelligence to each other, including information from other agencies such as AFP and ASIO. This would be at risk."
I give up.
Now we know how Telstra will save all that money...
Imagine a beowolf cluster of-- FUCK, they're gone!!!!/I>
You need a FREE iPod Nano
Customs has been advised that the servers did not contain personal, business-related or national security information.
Okayy.... So just what was on them, then?
They were completely empty. Completely. They never were used to and never inteded to be used, ever. Ever. Seriously. They were shut off since they were bought in 1982 and never, never, ever used for anything secret or anything. Especially not for anything secret at ALL... I SWEAR! This is a complete non-story, please stop asking about it. Nothing to see, nothing to write about, just normal EDS maintence contract gone wrong on some completely unused servers, pretty standard stuff. Here, look at the monkey.
"You just gave out my root password! "
Liar. I've seen your password. It's eight asterisks.
"Derp de derp."
(Google for heist60.mpeg if above if slashdotted)
Oh, I think the thieves mentioned in the article did.
It's just been replaced by this little linux server over here.
-pyrrho
This reminds me of a story...
I live and work in a certain large Far Eastern city, which has quite a few major financial institutions.
Several of these institutions use Sun hardware.
One of these institutions found that on Monday morning, their production system didn't work.
A bit more investigation found that the CPUs (8, IIRC) had all been removed. Apparently, someone walked in over the weekend and then walked out with several thousand dollars worth of UltraSPARC IIs under his arm.
They made a bit of fuss about this, boosted their security, and bought a bunch of new CPUs.
Then, a couple of months later, they found that their production system wasn't working on a Monday morning...
Obligatory Simpson quote :
"If something goes wrong, blame the guy who doesn't speak English"
...you can get in *anywhere* with them if you frown hard enough
Oh, they also used the signs on the buildings you could see through the windows as admin passwords.
Oh, great! Thanks a pant-load there, Chet. You gave away my secret to unforgettable passwords. Now I'm gonna have to go and change my admin passwords back to my dog's birthday or something.
Of all the possible password attacks mentioned in my favourite cryptography book the rubber hose method is my favourite.
The rubber hose method consists of kidnapping someone who knows the password and beating him with a rubber hose till he tells you the password.
Guess this could be called the wheel out method.
Sindri Traustason.
Encrypted root filesystem.
This is your sig. There are thousands more, but this one is yours.
Not in quite the same league as walking out the building with a server, but it still took a special brand of stupidity to forget to put a door in the new wall... :)
Fortunately, he had a change of heart later, though. The world would be a much riskier place with more people like him around, I think.
By the way, I kindof wonder just what my kid is learning in 2nd grade, nowadays. Some of those Dr. Seuss' Crime for Kids series are a little extreme, don't you think?
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
No, no, no, you've got it all wrong.
This is what really happened to them.
(That's a link to a 5MB mpeg, please be gentle, mirror and post a link!)
I am not allowed to change my password! Seriously!
I'm just waiting for _the_ major security incident...
I imagine he'd say, "Crikey! My last name starts with an I, not an E!"
Then he'd problably add, "Crocs rule!"
Virg
A friend of mine used to get into amusement parks with his College ID, a labcoat, and a clipboard.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
I live in Perth, Australia. Remote place.. in most cases, the cost of shipping an oldish SGI out of here is more than they're worth. Somehow tho, I seem to have become known as the old-sgi-man. People come to me and say "Don Alex, I have these old SGIs that need to be gone", I take them, then mysteriously others come to me and say "Don Alex, my poor family needs an SGI". I charge and take no money for this service. Mostly they've gone to students who are after some non-intel hardware to play with a unix on. Indys run Linux particularly well.
In the last 6 months, I think I've helped dispose of about 40 unwanted SGIs to good or better homes. Mostly Indys (about 30), but some O2s and Indigos as well. i'm working on the Onyx still...