Slashdot Mirror

← Back to Stories (view on slashdot.org)

Is it Just Me, Or Is Our Mainframe Missing?

Posted by timothy on from the or-is-it-an-ibm-commercial dept.

xnuandax writes "Here's a salient lesson for those system security personnel who spend their time fretting over the theoretical crack-ability of their 1024 bit encryption keys. Australian Customs have recently suffered a rather unfortunate set back in their "War Against Terror" with the admission that two of their secure mainframe servers have been wheeled out of the building by persons unknown. I'll bet my $2 that the root password on those boxes was 'trustno1'."

4 of 606 comments (clear)

  1. Physical security by HermanAB · · Score: 5, Interesting

    is more important than anything else. Some years ago, people stole from Harrods in london, by simply taking a whole cash register, while disguised as maintenance men.

    --
    Oh well, what the hell...
  2. Its not just what was taken... by PerryMason · · Score: 5, Interesting

    The big question has to be; what have they left behind? The guys who knicked the servers were floating around the Customs building for the better part of 5 hours. I'd bet a penny to a pound that they left backdoors open to get back in when they feel like it.

    From my perspective as a former sysadmin/security guy, how could someone not notice that 2 main fileservers were suddenly offline? Alarm bells should have been ringing the second they came offline. Where's the monitoring? I suppose at the very least that its a kick in the ass to anyone who thinks that physical security and good procedures are any less important than firewalls and network intrusion detection.

    --
    "I'm tired of all this 'Aren't humanity great' bullshit. We're a virus with shoes" - Bill Hicks
    1. Re:Its not just what was taken... by PerryMason · · Score: 5, Interesting

      [The representative] said the stolen servers did not contain sensitive information.
      Because you'd expect them to say anything different? Hell, the theft took place on the 27th of last month and since then the very woman whose job it is to ensure physical security of the site has been involved in a Parliamentary review of National security. She managed to appear a few times and didn't mention the theft once.

      The short answer is that they'll tell you nothing if they think they can get away with it, then tell a lie when caught out telling nothing and then when caught lying, they'll claim they had to lie for the protection of "National Security".

      --
      "I'm tired of all this 'Aren't humanity great' bullshit. We're a virus with shoes" - Bill Hicks
  3. they didn't need that server anyway by stray · · Score: 5, Interesting
    qouth the fa:


    Customs has been advised that the servers did not contain personal, business-related or national security information.

    So, the servers had neither personal nor business data on it. So what's left? The server must have been empty then, good riddance.