Slashdot Mirror
Is it Just Me, Or Is Our Mainframe Missing?
xnuandax writes "Here's a salient lesson for those system security personnel who spend their time fretting over the theoretical crack-ability of their 1024 bit encryption keys. Australian Customs have recently suffered a rather unfortunate set back in their "War Against Terror" with the admission that two of their secure mainframe servers have been wheeled out of the building by persons unknown. I'll bet my $2 that the root password on those boxes was 'trustno1'."
is more important than anything else. Some years ago, people stole from Harrods in london, by simply taking a whole cash register, while disguised as maintenance men.
Oh well, what the hell...
The big question has to be; what have they left behind? The guys who knicked the servers were floating around the Customs building for the better part of 5 hours. I'd bet a penny to a pound that they left backdoors open to get back in when they feel like it.
From my perspective as a former sysadmin/security guy, how could someone not notice that 2 main fileservers were suddenly offline? Alarm bells should have been ringing the second they came offline. Where's the monitoring? I suppose at the very least that its a kick in the ass to anyone who thinks that physical security and good procedures are any less important than firewalls and network intrusion detection.
"I'm tired of all this 'Aren't humanity great' bullshit. We're a virus with shoes" - Bill Hicks
Hey, why all the hassle ?
A good sysadmin has all important stuff backed up. And if you do it properly the backup is sent to a offsite location. Isn't it easier to steal those backup tapes or discs? If you are lucky the outsourced company doesn't even notice the theft or someone who does not want to loose his job does not tell anyone.
So my question is: Do *you* encrypt your backups?
So, the servers had neither personal nor business data on it. So what's left? The server must have been empty then, good riddance.
Terrorists are like Jewish people in Nazi Germany in these days (dont mean to offend the Jewish). If you screw up just blame it on them. Ill bet it was just some punk kids and the security guy is just too affraid to admit it.
If I wanted easy I wouldnt be an engineer or a patriot.
Heh. I had friends who used to do A/V work at various hotel ballrooms for conventions and the like. Even when they weren't working, they could put on black t-shirts, throw a wrapped up extension cord over a shoulder, and waltz in through the service entrance, straight through the kitchen, and nab a LARGE drum of Hagen Daas from the freezer without breaking a problem.
This sig intentionally left justified.
Just so people dont think we are complete nutters down here....
No mainframes were taken... they were two win32 computers taken from a semi secure? area.
I'm a little happy that they didnt leave a bomb in place of the two bombs that they took.
And a word of praise for the IT support staff. They had our systems back up in no time at all.
I usda be a computer tech at a girls school (nice job for a geekboy if you can get it) and they not only gave many of their staff (myself included) a copy of the master key the very first day they began working there.. they also had spares that they'd just leave out for any repair people that came in to fix something. These keys would open anything on campus. Classrooms, server rooms, shower rooms, girls dorms, etc. I can't imagine being that trusting. If the wrong person got ahold of that key they could not only damage or steal property but could rape, kidnap, or kill students. Brilliant security.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
If I call up my IT help department to reset a password, they check 1) what extension I'm calling from, 2) they ask for my employee ID number, and 3) they CHECK whether they match up!
After that, they will reset a password for me, which I am *required* to change upon my next log in.
If I'm not calling from my own extension (which requires physical access to my office), they won't reset anything until one of their people meets me and confirms my identity.
It always amazes me when I hear how sloppy some places are.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
It was in a central room, which had one door and no windows. The door opened to a hallway. From that hallway, you could either go out past the receptionist, past one of the company founder's office, to get out the front door, or you could go the other way, past my office, and the offices of a couple other programmers.
We noticed the machine missing at noon. It had last been used at 11am. Between that time, the receptionist had been on duty, the founder had been at work in his office with the door open, and four programmers had been at work with their doors open, facing the hallway.
There had been the usual bathroom breaks, trips to the printer, and stuff like that, but still...it seems like it would require amazing timing to find an opportunity in there to sneak the thing out...and there was no vantage point outside the building from which one could see that the route would be clear.
At a previous employer, one of our customers had their main Netware server stolen during the working day.
Two men dressed as couriers wandered into the reception, said that had a faulty machine to pick up, were let into the machine room, and walked out with the 3000 file server.
It took the network admin over an hour to realise that the server had been taken - they had even logged a fault call with us stating that users were having problems accessing their data.
True, in a previous job the office was broken into at night and a few computers were stolen: took us about a week before we discovered that one of the obscure, rarely used Mac servers was among them.
Reminds me of that ATM machine that was stolen from Snow Hall on military base, they didnt find it for 2 years until a long dry spell let a pond get real low.
For those that dont know Snow Hall is a tech training center and has 24 hour security and video cameras. The machine was quite large and bolted to the floor and since it was the day before payday it was full also. 250k was in it I believe.
Only bank robbers I know of that got away with it AFAIK.
"I could just bring a person a drink and their food and probably get by with saying 20 words or less."
That'd suit me just fine. I worked as a waiter all through university, and made GREAT tips - but I never expected to get one, and never treated a customer any differently whether they tipped me or not. On second thoughts - we had a compulsory service charge for parties of 8 or more, but they were pretty rare, and a LOT of extra work. A waiter's job is to be a waiter, if they don't like their terms and conditions of employment it's their problem - get another job. If the minimum wage is too low, raise the minimum, the whole tipping culture is fucked up and thrives on people over tipping and tips not being taxed as income properly. It's probably one of the starkest differences between American and European ideas of capitalism.
That was classic intercourse!
Long ago, I worked on a military project. One of the people in the same office was an army officer. He had a picture of himself in the full uniform of his rank - in the KGB. He had the uniform made up, and a pass - right colour, right photo, but otherwise entirely in Russian. He walked right into a highly securre area and went, in full KGB uniform, to tell the Head of Security what he thought of the security precautions.
Consciousness is an illusion caused by an excess of self consciousness.
Screw a server, we're talking probably a quarter million dollars in equipment, given how the military does business.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
As far as flight attendants are concerned, their main role is to assist in emergencies. They do the food and beverage thing on the side. That's why they get insulted if you tip them, and it's also why they would rather you call them flight attendants instead of stewardesses (or stewards).
I also tip at fast food places, I get a 7-layer burrito and a bean burrito every night and I tip 1 dollar which brings it to $3.56. The only taco bell within 20 miles ( I live in the middle of no where) is notorious for firing people before they are supposed to get raises, accusing men randomly of sexual harrasement so they can hire cute girls when college gets back in town, and other nefarious business practices. I have talked to people there on multiple occasions about starting a union to no avail, hard to convince 19-21 year old girls of anything of substance.
An Education is the Font of All Liberty