Terry Childs Case Puts All Admins In Danger

snydeq writes "Paul Venezia analyzes the four counts San Francisco has levied against Terry Childs, a case that curiously omits the charge of computer tampering, the very allegation that has kept Childs in jail for seven months and now appears too weak to present in court. Count 1 — 'disrupting or denying computer services' — is moot, according to Venezia, as the city's FiberWAN did not go down due to Childs' actions. Venezia writes, 'Childs' refusal to give up the passwords for several days in no way caused a disruption of the normal operation of the FiberWAN. In fact, it could be argued that his refusal actually prevented the disruption of normal network operation.' Counts 2 through 4 pertain to modems Childs had under his control, 'providing a means of accessing a computer, computer system, or computer network in violation of section 502,' according to case documents. As Venezia sees it, these counts too are spurious, as such devices are essential to the fulfillment of admin job requirements. 'If Childs is convicted on the modem charges, then just about every network administrator in the world could be charged with the same "crime,"' Venezia writes. All the authorities would have to do is 'point out that you have a modem or two, and suddenly you're wearing pinstripes of the jailhouse variety.'"

hoist by your own security petard

[bzipitidoo]

The city has physical access, and the information is not encrypted. They don't need passwords. That they've somehow got themselves stuck needing passwords means they or Cisco messed up. They shouldn't blame former admins for that.

I really wonder about these devices that have "security" features that will in essence enable them to brick themselves. Hard enough keeping equipment running smoothly without having to deal with a self destruct feature in the finest traditions of Star Trek drama. I'm sure the things have a button to reset everything to factory defaults, but I suppose using that would wipe the configuration. Can't the configuration be read off the devices? Shouldn't it already be saved elsewhere? If it isn't possible to work with these devices when given physical access, then that's a problem. The devices shouldn't have such features, or if they are supposed to, then the city should have bought other devices.

So the system is set up with a huge, fixable flaw. So, fix it. But no, they'd rather lynch someone. Why aren't they also suing Cisco for having put such a nasty flawed feature in their products?