Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is it Just Me, Or Is Our Mainframe Missing?

Posted by timothy on from the or-is-it-an-ibm-commercial dept.

xnuandax writes "Here's a salient lesson for those system security personnel who spend their time fretting over the theoretical crack-ability of their 1024 bit encryption keys. Australian Customs have recently suffered a rather unfortunate set back in their "War Against Terror" with the admission that two of their secure mainframe servers have been wheeled out of the building by persons unknown. I'll bet my $2 that the root password on those boxes was 'trustno1'."

2 of 606 comments (clear)

  1. My IT team did that once. by paganizer · · Score: 5, Informative

    My last contract at a bank we did that; I won't mention the city, but the bank owned the buildings all around it and used them for storage. We had a bunch of contractors coming in for a workstation rollout, and the first day on the job I had them wander around the building, without ID of any kind, and just grab random computers and haul them across the street, using whatever explanation for it they felt like.

    it was the NEXT DAY before any inquiries came in.

    Oh, they also used the signs on the buildings you could see through the windows as admin passwords.

    --
    Why, yes, I AM a Pagan Libertarian.
  2. How is this unusual? by bertok · · Score: 5, Informative
    I can relate to this with personal experience. One of my first IT contracting jobs was a two week Windows 2000 rollout at a 110 user company. My job was to pick up every desktop one by one, take it up to the IT cubicle, Ghost six of them at a time, then return the computers. I liased exlusively with the sole IT administrator there.

    It was only on the second last day that someone questioned my actions. Until then, nobody thought twice about an unfamiliar person sauntering up their desk, unplugging their desktop PC, and walking off. Because the old PCs were so dusty, I wasn't even wearing my normal business attire -- instead, I was wearing jeans and a t-shirt.

    This is by no means unusual. I've been to places where the IT employees did not know which servers do what, how many servers they actually have, or what the passwords are. In a place like that, a missing server may not be noticed for days!