Slashdot Mirror
Is it Just Me, Or Is Our Mainframe Missing?
xnuandax writes "Here's a salient lesson for those system security personnel who spend their time fretting over the theoretical crack-ability of their 1024 bit encryption keys. Australian Customs have recently suffered a rather unfortunate set back in their "War Against Terror" with the admission that two of their secure mainframe servers have been wheeled out of the building by persons unknown. I'll bet my $2 that the root password on those boxes was 'trustno1'."
... when you don't do retinal scans on pizza delivery people.
*starts looking for cheap parts on ebay*
Quid festinatio swallonis est aetherfuga inonusti?
Africus aut Europaeus?
Isn't that how they always did it on Josie and the Pussycats cartoon? They'd dress up as "computer repairmen" and then wheel the computer out the door, which would then infuriate the bad guy and they'd have the chase scene set to a song.
I kept saying that's how I'd get my SGI Onyx that way, but it never seemed to work out. Anybody that steals a mainframe is either looking to part it out and sell it on Ebay, or they are going to melt it down for the valuable metals.
If telephones are outlawed, then only outlaws will have telephones.
is more important than anything else. Some years ago, people stole from Harrods in london, by simply taking a whole cash register, while disguised as maintenance men.
Oh well, what the hell...
The men, described as being of Pakistani-Indian-Arabic appearance
Thats PC for terrorist isnt it ?
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
yeah, that's unfortunate, but i'm sure that the fault lies with their security gaurd not the admin's
You just gave out my root password!
Let this be a lesson...
When you're caught being grossly negligent and incompetant, blame terrorists.
Simple security procedures.
Didn't anyone learn anything from losers like Kevin Mitnick?
Deography Photoblog
we thought you'd arranged it. they were wearing overalls.
overalls!?
My last contract at a bank we did that; I won't mention the city, but the bank owned the buildings all around it and used them for storage. We had a bunch of contractors coming in for a workstation rollout, and the first day on the job I had them wander around the building, without ID of any kind, and just grab random computers and haul them across the street, using whatever explanation for it they felt like.
it was the NEXT DAY before any inquiries came in.
Oh, they also used the signs on the buildings you could see through the windows as admin passwords.
Why, yes, I AM a Pagan Libertarian.
The big question has to be; what have they left behind? The guys who knicked the servers were floating around the Customs building for the better part of 5 hours. I'd bet a penny to a pound that they left backdoors open to get back in when they feel like it.
From my perspective as a former sysadmin/security guy, how could someone not notice that 2 main fileservers were suddenly offline? Alarm bells should have been ringing the second they came offline. Where's the monitoring? I suppose at the very least that its a kick in the ass to anyone who thinks that physical security and good procedures are any less important than firewalls and network intrusion detection.
"I'm tired of all this 'Aren't humanity great' bullshit. We're a virus with shoes" - Bill Hicks
I read this a few hours ago on ABC's site (abc.net.au), and I nearly laughed my nuts off.
This is customs right, the organisation responsible for stopping all those nasty things like guns, drugs, WMD's, cheap CD's and region 1 DVD's getting in and harming the general population. And they lost two servers.
Reminds me of an old project with up to 100 of us on it before go live. They left the project manager and a few others there to wrap up after go-live and the support period. By the time IT came to collect 100 of the newest PC's in the company, they were shells. No CPU, RAM, HDD, Vid etc.
Anyway, aparrently I had better get back to sheep shagging. I suppose I should move to Montana, they say the sheep there don't fight back.
Stopping myself...Abort (core dumped)
Australia has been dealing with terrorism a hell of a lot longer than the U.S. has.
I don't know what exactly a bunch of Indonesian communists would want with a mainframe though.
Watch out. Someone will be getting the boot.
Outsourcing is a great idea. From the sites I have seen it at, they would continue charging for the lost servers...and the replacement until the contract comes up for renewal.
Stopping myself...Abort (core dumped)
This just reminds us what the greatest risks are to any secure system: social engineering and inside men. If you look authoritative and dress up in a serviceman's outfit, very few people will question your actions. You can steal furniture, computers, machinery, tools, whatever by just looking important. By imporsonating a sysadmin on the phone, you can easily talk passwords out of gullible people. With a fake service order "signed" by the right people, the odds are endless.
On the same note, people inside an organization are often responsible for hacks, stolen information, and other things since they have the keys already!
It just goes to show the weakest portion of any system is the people.
I wonder what devices the states have in place to stop this "terrorism"? Come on they walked out with a friggin mainframe, how is that non-cosure.
Come get some....
Like for ages IBM's mainframes has a standard privileged technician account with the password "musigate", very useful when some BOFH expired my accounts. Ooops, you mean it's still musigate now?
Ceci n'est pas une signature
Sysadmin: "HA! I have patched all my software, yelled at all the users with weak passwords, locked down every possible port and continously monitor the allowed ones, and with this keystroke I will enable UNBREAKABLE encryption on every critical data file!"
*slams hand down to hit Enter key*
*hits bare desk*
...
Dunno if this is a troll but...
Australia sent SAS troops to Afghanistan and Iraq.
We were targeted by Jamaar Islamir in the Bali Bombing.
Yeah, it's probable Australia is a potential target for terrorists...
Tempus fugit sub anesthesia.
I must say, that was one of the funniest, best written story summaries I've ever read here. I'm still chuckling. I'm afraid that in this case, actually reading the article would only be a let down. What a gem.
"...all the labours of the ages, all the devotion, all the inspiration, all the noonday brightness..." yada yada
Australia has been involved in a lot of things that would piss of extremist Muslims.
Our army seems extremely professional. First rate SAS troops, a reasonable knack for peace-keeping and even some cool (if obvious in hindsight) gun technology.
Boffoonery - downloadable Comedy Benefit for Bletchley Park
TWW
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
Hey, why all the hassle ?
A good sysadmin has all important stuff backed up. And if you do it properly the backup is sent to a offsite location. Isn't it easier to steal those backup tapes or discs? If you are lucky the outsourced company doesn't even notice the theft or someone who does not want to loose his job does not tell anyone.
So my question is: Do *you* encrypt your backups?
The Australian Customs Service has admitted the security blunder, but told customs officers in an email that no sensitive operational information was lost.
As we can see it's a well-planned action, and there's almost no way to sell the two mainframe for good profit. The major cost center of a mainframe lies mainly in the operational and maintanence, which are not applicable to stolen hardware.
Obviously, their target is the data within. If the authority do not start investigating what information the thieves are looking for and the possible use of the information within the stolen hw, the consequence might be very serious.
No more official BS. Do something before too late.
So, the servers had neither personal nor business data on it. So what's left? The server must have been empty then, good riddance.
In the last 24 months:
:-)
Afganistan: Australia's Special Air Service was there, saved a few yanks in a downed helicopter. The American soldiers seemed to thing these Aussies were all right.
Iraq: Australia sent 3 boats and about 2000 special forces personell. Did a lot of (if not all of) the ground based reconisance, plus about half the search and rescue missions.
East Timor: Liberated the poor little country from the Indonesians and wiped out the resistance. Free elections were held for the first time.
Indonesia: Sent Federal Police over who "helped" with the investigation into the recent Bali Bombing.
North Korea: We'll Be There!
Iran: Be a walk in the park!
Saudi Arabia: Hey, we all like cheap petrol!
Plus there's the fact we're all reasonably well off here in Aus, excellent education and health systems, great democratic political system, fair moral sense.
So you can see there's a few reasons the terrorists might not like us, although, if they do come here, we can easily melt their hearts with our koala bears, or melt their skin with our radiant sun
... that my closet is more physically secure than the Customs department of the country of Australia? Next you're going to be telling me that it has more illeg^H^H^H^H^Hperfectly legal music too!
Australia has sent peacekeepers to East Timor in 1999, and may have been involved, under rather shadier circumstances, in a 1975 "intervention" as well. Indonesia itself has played host to several terrorist groups, some with separatist intentions and others with anti-Western ideologies. And of course, paranoia can elevate the perceived risk of even the most marginal organizations.
How are secure mainframes for national security without any top secret data. Do the Aussies allow their public officals to play Quake on govt machines? Come on, everything is clasified because it leads to something else! Maybe it only had names and addresses of terrorists [better yet, just the non-terrorist on the "list"] on it. After all, that wouldn't be to secret...they should know who they are?
Why is this a troll. I assumed he was an average merkin cizen.
The Community and Public Sector Union, which represents customs officers, has asked for guarantees that none of its members is at risk as a result of the theft.
They've got to be kidding.
IMHO there should be some investigation into this level of incompetence. Procedures should be in place and followed. If procedures were followed, the person responsible for security (and the procedures) should be put out on their arse with zero chance of another job in security. If procedures weren't followed, the staff that didn't follow them should get their arses kicked.
To know that you know what you know, and that you do not know what you do not know, that is true wisdom. --Scooby Doo
Customs has been advised that the servers did not contain personal, business-related or national security information.
Okayy.... So just what was on them, then? Somebody's pr0n collection?
-- Alastair
It was the just RIAA removing a couple of infringing servers
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
Just so people dont think we are complete nutters down here....
No mainframes were taken... they were two win32 computers taken from a semi secure? area.
I'm a little happy that they didnt leave a bomb in place of the two bombs that they took.
And a word of praise for the IT support staff. They had our systems back up in no time at all.
(here goes my karma)
An Ausie was on holiday in NZ. One day he was visiting a local farm when he heard a strange noise coming from the barn. Curious as to what it was,he entered the barn and was presented with the spectacle of a Kiwi farmer shagging a sheep. When the farmer looked up he turned away and said,"you know,in Australia we shear are sheep". The indignant Kiwi responded,"well,I'm not sheer-ring this sheep with anybody!".
==== Warning:this poster contains subject matter that may be offensive. Flaming discretion is advised.
2. Meet with people. Hire everyone (especially Austrailian Customs agents). Wear a fake mustache. Give each person a different assignment. "You are to go in to our bank/store/house/hospital/police station and using any uniform/disguise and verbal means, physically take our hardware. Do not get caught. If you do, hand them this card - they know this card as Phsyical Security test E8T-m3 - we are contracted with them to to this test."
3. Promise bonuses for high-priced items. Take items, have them load your (rented) car. Congratulate them on their first day. Hand them a schedule for next week & note high performers. Leave.
3a. If your employee gets caught, remove mustache and look nonplussed. Walk away.
4. Profit!!!
Customs has been advised that the servers did not contain personal, business-related or national security information.
so those were just porn/game servers. no big threat to security, national or otherwise.
It was only on the second last day that someone questioned my actions. Until then, nobody thought twice about an unfamiliar person sauntering up their desk, unplugging their desktop PC, and walking off. Because the old PCs were so dusty, I wasn't even wearing my normal business attire -- instead, I was wearing jeans and a t-shirt.
This is by no means unusual. I've been to places where the IT employees did not know which servers do what, how many servers they actually have, or what the passwords are. In a place like that, a missing server may not be noticed for days!
Really? Then what the hell were they for?
They say
"They would have personal internal email accounts, probably the passwords for those accounts, and any information harboured within them.
hmm. 'personal email' sounds like personal information, and probably business and security related too. But then say:
The Australian Customs Service has admitted the security blunder, but told customs officers in an email that no sensitive operational information was lost.
So I guess they're just using their mainframes to advertise penis enlargement pills
"Customs officers use the accounts to communicate volumes of sensitive operational material and intelligence to each other, including information from other agencies such as AFP and ASIO. This would be at risk."
I give up.
Only a true New Zealander would know the actual number of sheep both in his country, and others :-)
I hate to give MS any credit, but even they figured that one out. Check out their Ten Immutable Laws of Security. -- "Law #3: If a bad guy has unrestricted physical access to your computer, its not your computer anymore."
Don't forget to pay $699 on the way out.
Be wary of any facts that confirm your opinion.
Now we know how Telstra will save all that money...
Imagine a beowolf cluster of-- FUCK, they're gone!!!!/I>
You need a FREE iPod Nano
Biometrics will help, but I'm afraid there will be some bizarre head'n'thumb-cutting activities in the future...
http://www.smh.com.au/articles/2003/09/05/10625490 00698.html
(Remove the space between the two zeros in the URL - Don't know, some slashdot phenomenon
I think. Does this mean I don't get to keep them?
... it still scares the shit out of me.
"Derp de derp."
[Cut to picture of an empty server rack] "Missing" You get the rest...
Correction... we have a record defecit, our kids can't read and write (my parents are teachers), our health system has been gutted (hospitals a plenty, but no nurses to staff them!!), a hybrid political system bastardised from the brits designed to maintain our corporate slavery to the crown (do some digging), and a general hatred for anybody who looks or smells different. Remember, tolerance is not acceptance. Tolerance is hatred with a smile.
You can always make a good thing better, sure. But compared to "terrorist nation's?"
PS. I don't mind be subservient to the crown. I think as far as rulers go, the Queen is pretty dammed good. She doesn't even tell us what to do!
(Google for heist60.mpeg if above if slashdotted)
So i reserve the right through inter-tasmin rivalry to say...
Typical Aussies
joke its just a joke..
If I were a terrorist I'd mainly be afraid of drop bears. Because at the moment, I'm mainly afraid of drop bears, and I can't really see why that would change.
If, as described, they were actual mainframes, the Customs people's statement that no sensitive info was lost/stolen might not be too far from the truth. In servers & other high end systems, it's not uncommon for the hard drives in the computer to contain only the OS & applications. The data used/created by the applications would be on a RAID attached to the computer. If that was the setup of the systems, the only actual data would system passwords and possibly temp data currently in use at the time of shutdown.
If, however, one or more of the systems was a RAID or some such data storage system, then the Custom's people are (as expected) lying through their teeth. The next question would be whether or not some form of encryption was in use (fs or application level).
yo
:-)
So I guess they're just using their mainframes to advertise penis enlargement pills
No go, that would be business related then
Thats why they took both mainframes...they wanted the backup in case the first one broke...
My usual thought when I hear of stories such as this one is that there are accomplices at the location. There's no way that total outsiders could have pulled out such a theft.
The usual suspects are the cleaning personnel, but I'd also add the security guards. At my workplace and other locations, there have been thefts of electronic hardware during the night by someone who had the keys. Who goes around the offices at night when nobody's there? The guards.
In this case, those who stole the hardware are probably outsiders extensively briefed by insiders about the location of the systems and the security procedures in place.
Sometimes, hardware containing sensitive information is stolen by people who are only interested in the resale value of the hardware and are not aware of the presence of this information. In this case, isn't it preferrable to keep a low profile and refrain from discussing possible breaches of security in the public?
Hah hah! That so tipifies Aussie optimism and enthusiasm! :)
Go you big red fire engine!!!
Pinky: "What are we going to do tomorrow night Brain?"
Brain: "I would tell you Pinky but this 120 char limi
Seen any dingos in the area?
They might also be carrying a baby...
"Life's funny sometimes." "And sometimes it isn't." --Cat's Cradle
It's just been replaced by this little linux server over here.
-pyrrho
OK to quote from the article:
After supplying false names and signatures, they were given access to the top-security mainframe room. They knew the room's location and no directions were needed.
Inside, they spent two hours disconnecting two computers, which they put on trolleys and wheeled out of the room, past the security desk, into the lift and out of the building.
Nowhere does it say that two mainframe computers left the building, only that tey got access tothe mainframe room. All the mainframes I ever worked on had their own wheels they were so big.
This is just typical lazy and/or sensational reporting by the original journalist.
Someone should read these before they get posted here. The Story is about lax access for the computer room - not about mainframes being stolen.
It was in a central room, which had one door and no windows. The door opened to a hallway. From that hallway, you could either go out past the receptionist, past one of the company founder's office, to get out the front door, or you could go the other way, past my office, and the offices of a couple other programmers.
We noticed the machine missing at noon. It had last been used at 11am. Between that time, the receptionist had been on duty, the founder had been at work in his office with the door open, and four programmers had been at work with their doors open, facing the hallway.
There had been the usual bathroom breaks, trips to the printer, and stuff like that, but still...it seems like it would require amazing timing to find an opportunity in there to sneak the thing out...and there was no vantage point outside the building from which one could see that the route would be clear.
perhaps they were, it took 2 hours to get the things ready to wheel out the building
...at my former computer science department, a whole room of SUN server equipment was emptied over a long holiday weekend in 1998.
One does wonder who steals servers and where these stolen goods end up later.
------------------
You may like my a cappella music
This reminds me of a story...
I live and work in a certain large Far Eastern city, which has quite a few major financial institutions.
Several of these institutions use Sun hardware.
One of these institutions found that on Monday morning, their production system didn't work.
A bit more investigation found that the CPUs (8, IIRC) had all been removed. Apparently, someone walked in over the weekend and then walked out with several thousand dollars worth of UltraSPARC IIs under his arm.
They made a bit of fuss about this, boosted their security, and bought a bunch of new CPUs.
Then, a couple of months later, they found that their production system wasn't working on a Monday morning...
It is entirely believable, knowing how journalists tend to exaggerate things.
to access your data, I have to know your publicly available ID and I have to have access to the phone in your (unlocked) cubicle.
How well does your company pay their cleaning/janitorial staff? Suppose a coworker went into your cubicle and called IT from your phone -- how would security find out who did it?
I would assume that they would need to see your ID (as well as you) before resetting your password. If that is too burdensome, then have a system in which you contact your manager or HR. One of these can then log in through a secure connection and file a password reset request with your ID to the remote IT support site. The fact that they are logged in (with their password) at least ensures there is a starting point for an audit, and the odds of impersonation are less likely.
When in doubt, have a man come through a door with a gun in his hand.
If I recall, something even worse than this happened about 15 years ago in Nevada. A couple of people posing as computer technicians came in to a casino/hotel in Lake Tahoe with a large canvas covered box and left it right under the nose of security personnel. It turned out to be a large bomb that they had left for ransom. A couple of days later it went off. Though no one was hurt (the casino and half the town had long been evacuated) it still blew the side off the multi story building, destroying it. I'll bet that despite tighter security, you could do this all over again. There's a saying that those who can't learn from mistakes are destined to repeat them. I guess it remains true post 9/11.
Here we have a state of the art server room, with security and all ...
... The server rack isn't even closed.
Guess where our servers are standing now ? Right there in the storage room, no keys on the door
At least they close the front door at night.
Linux hosting for $2.50/mo
url is you friend.
Screw the CPU boxes, they don't have any|much local storage, just a bunch of I/O lines and Engines. The data lives in attached storage (DASD) hardware. Did they take that? Was one box the CPU and the other the DASD?
:/
And why the hell didn't all kinds of monitoring tools go balistic?!? I can't even reboot my own server at work without some support person calling me - "Hey, we noticed that your server rebooted. Do you want us to take a look at it?".
KangarooBox - We make IT simple!
The Ozzies always have to do things that bit bigger, don't they? UK intelligence services has laptops with sensitive information stolen (well, left in a pub after a drinking binge and then stolen), so the Ozzies have to get a mainframe stolen.
...you can get in *anywhere* with them if you frown hard enough
Of all the possible password attacks mentioned in my favourite cryptography book the rubber hose method is my favourite.
The rubber hose method consists of kidnapping someone who knows the password and beating him with a rubber hose till he tells you the password.
Guess this could be called the wheel out method.
Sindri Traustason.
Encrypted root filesystem.
This is your sig. There are thousands more, but this one is yours.
I use this rule-of-thumb mainly to set limits on my own paranoia...
The Web is like Usenet, but
the elephants are untrained.
Also, koalas aren't bears... they're marsupials, females having a pouch in which their young first develop. Their pouch faces the rear and has a drawstring like muscle that the mother can tighten. They are the sole member of the family Phascolarctidae (and yes, it does really bug me when people call them bears).
All generalisations are wrong... including this one.
Iraq: Australia sent 3 boats and about 2000 special forces personell
I think it's safe to say that the Australian military know a hell of a lot more about crawling around roasting hot deserts than most too.
Dave
I write a blog now, you should be afraid.
at least we'll be able to identify the perpetrators on sight: they'll be dragging their gigantic balls behind them as they walk.
pr0n - keeping monitor glass spotless since 1981.
You obviously have a lot of faith in IT data security and it's possiblities, but judging from the rest of the article, these servers were probably backed up onto floppy disks, which were then left lying on top of the cabinets.
At a previous employer, one of our customers had their main Netware server stolen during the working day.
Two men dressed as couriers wandered into the reception, said that had a faulty machine to pick up, were let into the machine room, and walked out with the 3000 file server.
It took the network admin over an hour to realise that the server had been taken - they had even logged a fault call with us stating that users were having problems accessing their data.
Considering we (Australia) doesnt actually *have* 2000 SAS personnel, but only around 300 at last count... We deployed deployed 80 ATCers, 16 WMD location personnel, ~75 "security" personnel doing explosives ordinance and VIP protection, 6 guys to train IDF (iraqi defence force) after the war, 3x CPA reps, 3x light armoured vehicles + crew, comms and logistics guys and a bunch of Military cops. Add to this 2x C130 plus crew and support (totalling 140), 1x "military liason" *cough* ASIS *cough*, 3 blokes from Office of Reconstruction and Humanitarian Assistance, ~90 "Army HQ" staff. Also making an appearence were HMAS Sydney + support group, HMAS Kanimbla, HMAS Newcastle and 2x P3 Orion aircraft for a total of 270 Naval personnel and 160 for the orions + support elements. We also sent over a gaggle of F-18's, though I can't find any mention of numbers for these. Last but not least, our SAS deployement. Being SpecForces there isn't much information running around, but best guesses put the number at somewhere between 60 and 130 deployed in total. So, while we had a total of almost 2000 troops in Iraq over the past six months or so, most of them were definately NOT SAS.
Janie took my gun...
This is proof that even without running network services and without a bunch of lusers with accounts on it, a mainframe still isn't secure.
;)
I can't wait to see what IBM's patch for this little security problem is, heh.
--
Send us your Linux Programming articles
Geeky modern art T-shirts
If this really was a mainframe, then the thieves essentially just got the CPU and no sensitive data was taken. Unlike a Win32 machine, a mainframe does NOT have any data (beyond configuration information) stored inside the box. All data exists on external DASD or tape devices. Unless the thieves wheeled those out, too, they didn't get anything sensitive.
Buzzing the information Superhighway at Warp speed
Reminds me of that ATM machine that was stolen from Snow Hall on military base, they didnt find it for 2 years until a long dry spell let a pond get real low.
For those that dont know Snow Hall is a tech training center and has 24 hour security and video cameras. The machine was quite large and bolted to the floor and since it was the day before payday it was full also. 250k was in it I believe.
Only bank robbers I know of that got away with it AFAIK.
300,000 volt step-up transformer that smacks anyone who attempts to unplug the machine without entering the 32 character password while dancing on one foot singing "mary had a little lamb".
soooo sooo reasuring, hee heee, isn't it nice to know customs is being looked after by such competent people, :-D, Good job lads. lol
in my life God comes first.... but Linux is pretty high after that
Francis Smit
East Timor: Liberated the poor little country from the Indonesians and wiped out the resistance. Free elections were held for the first time.
ROFL!!!!!
It takes a special talent to say that after decades of active cooperation with Indonesia and diplomatic support to Indonesia's position. Australia liberated East-Timor the same way Hitler liberated Belgium.
They presented themselves to the security desk as technicians sent by Electronic Data Systems, the outsourced customs computer services provider which regularly sends people to work on computers after normal office hours.
Another reason you should be damn careful about how you outsource, who you outsource with, and the security involved. People need to know who they're really dealing with and how to check.
"The Sage treasures Unity and measures all things by it" - Lao Tzu
Manager: "Where is the mainframe?"
..
IT Guy: ".. Uh..."
Manager:
IT Guy: "No wait...."
Both the Manager and the IT Guy peer throught the window to see both of the mainframes duking it out in the parking lot (one with treds attached to the bottom the other with 12 rover wheels attached) with the rest of the IT staff and programmers standing in a large circle around with cash in their hands throwing down bets.
just to blatantly steal a good IT commercial i can't remember who did it...
Who makes you Sig?
Implementing stricter airport security standards - $800,000
After hours security guards - $2,000
2 Mainframes - $2,000,000
Having your machines wheeled out by Islamic terrorists - Priceless
As more and more companies outsource their IT services, this type of activity will become more frequent. Companies that care about their IT systems should keep trusted people in-house to maintain their data security.
-ted
And after all the political speechs, the fanfare, the total information awareness programs, the $ billons spent of defence about how our freedom is being sacrificed in the name of increased security measures to protect us from terrorist attacks.
Yet this sort of this thing goes on when a bit of time spent on the security policy could have stated "No computer equipment should be removed from its place without written authorization from the head of secuirty" or something to that effect.
Its not really that difficult, it just requires a bit common sense.
CRICKEY!
Note to Australians, Us yanks know that Steve Erwin does not represent all of the population of Australia. But he's just so cool.
Sig it.
Completely unrelated to the tipping issue, isn't the idea of 16 hours of jet lag contradictory? One it's more than 12 hours, aren't you just getting closer to your "base" time?
Infectress
It was actually quite an engaging story, dealing with bio-terror, AI, the global police state, the middle east, etc..
Fortunately, he had a change of heart later, though. The world would be a much riskier place with more people like him around, I think.
By the way, I kindof wonder just what my kid is learning in 2nd grade, nowadays. Some of those Dr. Seuss' Crime for Kids series are a little extreme, don't you think?
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
I had to visit the data center for a major financial center in Jersey City, NJ shortly after WTC. (A lot of the big iron is across the river from Manhattan... for price reasons more than security) Because of the sudden lack of available downtown office space, every available empty space in Jersey City was suddenly rented out.
So... I walked into see my customer. I was surprised a the new security in place. I showed my company badge, signed in, and was lead to a desk under a sign marked "High Value Transactions". Plopped me right down in front of a terminal. I was really confused. The setup was totally different than what I was expecting from previous visits. So I started looking around for people I knew, etc... After about 10 minutes I realized I was in the data center for the WRONG company!
So I got up and left. I have no idea how long I could have stayed there, or what I could have done. I suspect that if I had gotten out a screwdriver, I could have likely started shopping for hardware.
Moral of the story: chaos breeds insecurity, and an "official" plastic badge with your picture on it is shockingly powerful.
... wanted the Customs to lose some important data? For example, if they were to lose all records of a certain recent import ...
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
all they really need are the machines that go PING
-Cnik
Okay... encrypting backups is a Good Thing(tm) but if the backups came from is reasonably high-end, then you still have a problem. Big-iron doesn't sit around at the local Fry's. The lead time required to buy a million dollar server is substantial. And this assumes you have the capital to do so... And what do you say in the mean time? "We're sorry, Customs is closed for 6-8 weeks. Our new server is in the mail".
I'm not bashing your point, the number of people burned by lacking backups is a LOT larger than the number burned by someone walking (rolling) out with a mainframe. Backups are good. Encrypting them is better. But losing hardware, especially hard-to-replace hardware, is pretty stupid.
Ahh yes, but you forget that they can just cut the power to building. Granted that in order to do this they would have to cut the power for 27 city blocks... and of course you will have 5 minutes and 13 secods to get the mainframe out of there before the backup systems come online, but hey it can happen, right?
How about a spell checker for slashdot, or even more impressive, a spell checker for strings in C-Code? Use lint! -DG
You wanna know how it is? I'll tell you how it is. Giant sucking sound, that's how it is. When two servers disappear, it doesn't happen without a sound. Nosir, there's a giant sucking sound. I'll tell you, cause I've got big ears, that it's a conspiracy. Conspiracy, that's what is. When they send people to invade your daughter's wedding, and watch her, why, that's a conspiracy. And when they send three men in, claiming to be EDS, my own company, I built that company from scratch, why that's a conspiracy.
(Ross Perot)
Actually, now that that's done, I have to say, (1) I actually respect the guy on every count, and (2) I strongly suspect that there *was* a conspiracy involving his daughter's wedding and the Bushes; but I don't know. Knowing the rest of the history of the Bushes as it has appeared in the news, though, I don't discount the possibility.
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
If they're talking a real "sure-it-can-run-CICS" mainframe, they must've gotten some help from the security staff to move them...I've never seen any mainframe that weighed less than 300lbs. Even the IBM zSeries is the size of a couple of fridges lashed together.
Lovely quote from The Register:
An MP was wanting to know why Customs representatives hadn't mentioned this incident when reporting to a Parliamentary inquiry into government IT security. A customs agent said:
That is quite impressive. She seems to be implying that police were hoping that the thieves would think the machines hadn't been missed and therefore the thefts weren't being investigated, and that admitting the thefts to Members of Parliament would let the cat out of the bag that sharp-eyed customs agents had in fact got round to noticing that the machines were gone.Video footage of the aftermath.
The Heist
-Well, you know how it goes.
I'll try to have them back tomorrow. Are you open Saturdays?
-FL
No, no, no, you've got it all wrong.
This is what really happened to them.
(That's a link to a 5MB mpeg, please be gentle, mirror and post a link!)
Heist
I am not allowed to change my password! Seriously!
I'm just waiting for _the_ major security incident...
Arabs are bound by the language they speak, rather than their "looks" or race. So, when you talk about physical appearence of Arabs, which arabs are you talking about ? North Africans or people from the middle east ? Palestinian arabs look no different from Israeli jews. But they look quite different from "typical" Indians or Pakistanis.
Interestingly, Arab Americans were apparently told to chose "white" as their race in US census (http://www.allied-media.com/Arab-American/census. html).
Arabic is a semitic language like Hebrew. North Indian languages are closer to German than Arabic, since they belong to Indo-European family of languages. They don't practice the same religion. Culturally too they are very different ... just listen to the music or see their traditional dresses.
If you say Pakistanese and Indians belong to the same ethnic group, there would be a some truth to that.
karma : former act as leading to inevitable results
Never underestimate the ability of a pickup truck to plow right through your firewall.
You will find that a set of scrubs, a lab coat, and the trademark surgery-resident scowl will set you in far better stead (particularly if you're too young to be an attending). Also, if you carry a stethoscope, you'll need a very well-worn stethoscope... nobody but a med student carries a brand new Cardiology II (many attendings, particularly surgeons, don't carry one at all... they just borrow one)
i ke-a-baby look...
Just cultivate the I'm-so-tired-I-could-kill-you-gut-you-and-sleep-l
If you're in resident disguise, avoid the nurses... some of them delight in giving residents a hard time. Ironically, they forget that residents remember those slights when they actually become staff... and some nurses have the gall to wonder why the attending surgeon is such a curmudgeon to the nurses. As the saying goes, paybacks are a bitch).
You will learn all of this in time.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
When I was in college I worked for the computer lab. One day we set out to upgrade all the PCs. What we had to do first was get the old ones out of the way. We backed an unmarked white van up to the computer lab, opened the doors to the lab, and started taking the machines. It was during a school day. Students and faculty were walking by watching us. Occasionally one would even lend a hand (hold a door open a bit more, pick up a dropped mouse, etc... ) No one questioned us. Not even the student worker running the lab. We had not even made conversation with the worker during the entire time. After we loaded up the 20+ PCs and headed out our boss decided to call the lab and 'warn them against people stealing PCs'. The worker freaked! He said he was there when it was happening but since "they looked like they knew what they were doing so I didn't question them." The boss then let him in on the real story.
The key: just look like you know what you are doing.
"If you are on fire you can just stop, drop, and roll. If you fall into Lava you are just dead." - my 5yr old daughter
Unattended boot
pretty dumb thieves.. next time just copy the content of the hard disks and you can pull the trick over and over, since now the security desk guys know your familiar face
Where I used to work, we had a case where somebody walked in with a delivery person uniform... struggling with a heavy box for "Joe XXX".
He got the security personnel to card the elevator so that he could get up to the floor wher "Joe XXX" worked. In a short while, he came back down... Joe wasn't there to sign so he said he'd left a note, and was bringing the supplies back to the office.
He got one of the security people to help him move the heavy box outside.
What's wrong with this story? Well, it turns out that the box was fairly light when it came in... think about it for a second.
Perhaps the reason no one questioned you is because they got a memo the week before detailing what was going to happen.
They outsourced maintenance on a computer with top-secret data? That sounds extremely stupid.
Rather, stop at the nearest police officer you see; and if you don't see a police officer before you see a bank or a government building with security, go into the building and ask them to call the bomb disposal squad for you. Rip off your shirt to prove it, and say "I'm going out to the parking lot. This isn't a bank robbery, but someone wants it to be; and if I don't get help quick, I'm going to die."
The problem with that scenario is that it probably would mean you and the police die, since the real bank robber would be watching you and ready to detonate the device remotely if you deviated from his plan. Alternately, it would be possible for mr evil terrorist bank robber to rig a device with a gps such that if you deviated from a preset course mr bomb blows up and kills you.
While all security problems should be addressed, one should be realistic in assessing the kinds of attacks likely to be faced. While someone could certainly brave our cheap security system to steal our computers in a night time raid, such an action is not worth spending a lot of time worrying about - our data/hardware is just not valuable enough that many would take the risk of being caught.
We, and many other businesses, should continue to focus our security efforts mainly on preventing by-wire attacks from random outsiders, simply because the lack of personal commitment/risk makes these attacks the most likely to be faced.
Let's not stir that bag of worms...
There is no spoon. Security is an illusion.
You can never be secure because you can't afford the resources it would require, ever. You need a person to monitor a system physically as well as virtually at all times. And even then there are ways to transmit data that are not obvious. So unless you are God you are not secure.
Just when you think you have a system locked down someone walks it right out your front door with a big smile on their face. Social engineering perhaps is the cause of this insecurity as Kevin Mitnick pointed out in his latest book. Its like trying to hold a dam together as more and more holes sprout open. You run out of fingers, then toes, then what do you do? Do you still believe you can be secure? Ha!
we have a lot of unused SGIs around here too. I wonder what percentage of them are just sitting there unused?
Does anyone have one they use?
> "TOO MANY CASTERS" (referring to how they wheeled the servers out?)
Yes!
You win the prize, a decrypted 8-bit character!
Here you go: @
And everyone's right about the moderators. They screwed the pooch on this one. Metamods, go remove their mouse fingers.
This is proof that even without running network services and without a bunch of lusers with accounts on it, a mainframe still isn't secure. ;)
;-)
I can't wait to see what IBM's patch for this little security problem is, heh.
--
The patch is simple: We just go back to mainframes that take several rooms of space, weight tons, and are impossible for 2 people to move without taking many many days and knocking out walls. It needs to be big enough to take more than a weekend to remove.
Freedom is merely privilege extended unless enjoyed by one and all.
Dude... Where's my mainframe?!
When I was working for the tech department for my university, one of my many jobs was to go through and perform routine matinence and such. Being a college kid, jeans and a t-shirt was my usual attire, and whenver I was in a sensative area ("important research") someone always made a call down to my boss to verify that I was supposed to be there and wasn't just some stupid kid pulling a prank.
What I always found amusing though, was what would happen on the days when I was required to wear my ROTC uniform to work. Nothing big, just your standard BDUs (cammos) and the cadet rank pins (which are not the same as official rank pins). No matter where I went on those days, I was always allowed in without a hitch or a second glance. People are far too trusting of nice clothes.
T Money
World Domination with a plastic spoon since 1984
Dude, where's my mainframe?
I imagine he'd say, "Crikey! My last name starts with an I, not an E!"
Then he'd problably add, "Crocs rule!"
Virg
al-Qaeda or Jemaah Islamiah are the proud new owners of a customs mainframe. Can't imagine what they are planning to get out of that data. Maybe they are just looking for some nice boxen to run their CRM and ERP systems on?
TallGreen CMS hosting
Hell, let them go swimming the wrong time of year and let the jellies get them. Or let them play with some of your spiders :)
So why not?
We are the 198 proof..
If this is a mainframe, then the data (DASD) is probably elsewhere. I didn't catch anywhere exactly what was taken, but unless one was a Shark or EMC box, there's no data in danger. It's like someone stealing your motherboard.
Thanks,
Aaron
Actually, I was thinking that this story would make a good rebuttal for that ad. Just run a similar ad and at the end add a "The same evening" screen and show two guys wheeling out the mainframe much more easily than if they had had to get dozens of Wintel servers out.
"The obvious mathematical breakthrough would be development of an easy way to factor large prime numbers." Bill Gates,
After we got out of the cab (yes, AFTER) I leaned in and gave him exact change. Then I told him that I wasn't tipping him because of what he said to the cyclist.
I wish I could have stuck around to listen to the impressive string of incoherent cussing he yelled at me, but I was busy hustling my wife into the restaurant before she got scared. I just might have tipped him for an impressive performance.
I've found that my posts don't format quite right w/o a sig.
It would be all too easy for one of the girls to suggest that you might have been up to something inappropriate, and there you are with the motive (assuming you're not gay) and the means.
Aha! So, if I am ever accused of rape, sexual assault, or sleeping with some other man's wife, I'll just claim to be gay and flounce away scott free. Time to brush up by watching "Queer Eye" on Bravo!
+1 Insightful! Why didn't *I* think of this?
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
========
Together, we will drive the rats from the tundra.
Man, that takes real balls.
I've found that my posts don't format quite right w/o a sig.
I have one of these these "mainframes on a card". I asked around the office if anyone had one, and a mainframe developer in Harrisburg wanted to get rid of one for a couple of years. So I drove out and picked it up. It runs OS/2 and has a real S/390 chip on a microchannel card. He had it way tweaked, and now I need to find out how to reload VM on it :( I got the installation media from someone at work, but he said it was for a newer version and would not work on the original P/390 I have.
It is a *totally* different kind of beast, but I really need to learn it.
Does anyone have a version 1 P/390 based on the PC Server 500, not the 330 with installation media? TiA
Intelligent Life on Earth
... Congress did some hearings a few years ago on entire ships that have been lost. One of the congressman had a large photo of an entire ship that is listed in the Navy's inventory but nobody knows where it is.
I've found that my posts don't format quite right w/o a sig.
http://www.theregister.co.uk/content/5/18265.html
ehintz
Even better, how about you become the "close friend" of the bank robber and stick to him like glue until he gets nervous and disarms the bomb. What's he going to do, blow you up?
Eating out in the US is on average enormously cheaper than in any other first world country. Yeah, sure, there are some expensive restaurants, but in general the menu prices are far lower than in other countries with comparable standard of living, and the prices remain competitive even with the tip factored in.
The whole reason menu prices are so low in this country is because the tipping system works.
Now why does this help, you might ask? After all, don't you always "have" to pay the tip? Well, that's the thing: you don't always have to. For example, most restaurants accept take out orders, and you're not generally obliged to tip for take out orders. I'm not exactly suggesting that everyone rely on take out from now on, but it sure is nice to have the option.
It's like price discrimination, except that the customer gets to choose the price. We should be propping up this system, because it's very advantageous from our point of view to be able to choose our own price.
That has not been my experience. In my experience, I try to tip flight attendants when I order drinks on the plane, and they have always said "thank you" and accepted the tip. Sometimes they show up, drop off the drink and split before I can give them the tip, but I assume that's because they don't expect the tip, not because they don't want it.
Let's here it for government security!
Reminds me of Rutger Hauer in the Stallone movie, "Nighthawks" - "Remember, there is no security!"
BWAHAHAHAHAHAHAHAHA!!!
Now can someone in the US wheel Bush out of the White House?
BWAHAHAHAHAHA!!!
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
Ahhh... you've stumbled on the mystery of "Go you big red fire engine!!"
Go forth and multiply!!
Pinky: "What are we going to do tomorrow night Brain?"
Brain: "I would tell you Pinky but this 120 char limi
A few months ago local newspapers were reporting that an ATM had been physically stolen from C.R. Swart building. Now theft of an ATM, as odd as it sounds, is one thing, but what makes this story particularly bizarre is the fact that C.R. Swart building happens to be the central headquarters of the South African Police Service in Durban, South Africa. The cash machine in question was installed inside the building, not even on the ground floor if I remember correctly, for the benefit of the local police men and women.
Now I'm curious to know who they called when they discovered the theft.
Another thing to look out for is to make sure that hardware marked Out-of-Order has been reported to the help-desk as such. My sophemore year of college, there was an incident in which a few students hid in a lab until security came an locked the door. They then went around and took all of the hardware out of three or four computer cases, leaving the case itself externally intact. Once they were finished, they printed official-looking out-of-order signs and placed them on the computers they had just stripped. The theft wasn't noticed until the faculty repsonsible for the lab called the help desk several days later to ask when the computers would be fixed.
Come test your mettle in the world of Alter Aeon!
...The thieves have a lot of balls, and security has no teeth.
Sounds a lot like 9/11.
-=- Many seek good nights and lose good days.
Look at all the stuff that Tony Pino stole before he got greedy and did the Brinks job. According to his standards, it's no big deal unless you can get at least one unknowing employee to help you carry the stuff out. He often did that. His wife wouldn't let him bring home a piano or a refrigerator without a receipt, so he'd steal those, too, or talk an employee into writing him one.
...they just didnt get the memo.
Speaking at Defcon 12 - Credit Card Networks Revisted: Pen
After taking the mandatory electrical safety course for IBM field technicians I can tell you that IBM's tech writers already make it sound like that is a standard feature. The amount of time devoted in that course to electrical safety and lockout procedures is around 40 pages. Since the number of PC tech's outnumber techs who work on hardwired mainframes is probably 1,000:1 this fact amused me. And then I realized that I had just lost 2 hours of my life that I would never get back.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
"Well Damn! You can't hack them, Joe, you loser! Hey, why don we just swipe th' fucken boxes instead? Shit this hightech dance."
Table-ized A.I.
I'm proud to be an australian!
Life is like a box of chocolates, you never know when your gonna get food poisoning.
Usually an $85 meal includes more food and/or more people, or we lingered at the table longer and they had to bring us more drinks, or whatever. At least that's the way it works with us. I'm definately not much of one to go for $100/plate dinners.. :)
Serious? Seriousness is well above my pay grade.
It was replaced with just one server. ;-)
/* oops I accidentally made a comment, sorry */
Even better, how about you become the "close friend" of the bank robber and stick to him like glue until he gets nervous and disarms the bomb. What's he going to do, blow you up?
Well, he could always shoot you in the head, or otherwise kill you; then he could call and complain that his pizza has not shown up yet and can they please send another driver... ;)