I might suggest that you reread the article from SecurityFocus, you might notice the paragraph :
"The hacker gained initial access through a Linux system in the hospital's pathology department. That
system was running the client side of a remote administration tool called VNC, which allowed him
access to a Windows NT box. From there he exploited file shares and remote administration
relationships, and used trojan horses, to expand his access throughout the network. "
Gee, that sounds like improperly installed and run user software in combination with NT security flaws. But I am not blaming NT here... security is a process and goal, not a piece of hardware.
To sort of quote Dave Dittrich (Terry Gray actually I think)... "the percieved value of a firewall is greater but the real value of a firewall actually varies inversely (goes down) with an increasing number of machines protected by the firewall."
A firewall at the UW would be an administrative nightmare and so full of holes, swiss cheese would be envious. Meanwhile people would say "oh we are protected by the firewall so we don't have to worry." And a firewall does NOT protect against anybody on the inside.
Security needs to be implemented lower in the foodchain... at the lab and device level... encrypt all network streams... have firewalling software installed on any device not behind a lab firewall... and encrypt sensitive data!
ejm
The story of the "barrel roll" is pretty famous here in Seattle, but it was (?late fifties?) with the 707 prototype, & NOT late sixties with the 747. I believe it was Tex Johnston (or some other famous test pilot working for Boeing). The plane was making a fly-by appearance at the annual Sea-Fair hydroplane races, and this was "The BIG" coming out appearance for the new jet. A lot of VIPs were in the audience just to see the jet. In his memoirs, Tex wrote about how he wanted to do something that would really show off his wonderful new toy (in other words sell the jet and save the company), so he picked a very flashy but relatively safe maneuver... a barrel roll... it is possible to do it so that it is a constant 1G stress force thru-out the whole maneuver... the same force on the jet as if it were flying level.
So without warning any of the company bigwigs, Tex did exactly that. And on the 2nd pass of the flyby, he did it AGAIN! Story goes that the Boeing president wanted to kill Tex from the reviewing stands, then he was shut-up by an impressed Airline President that said Tex was only doin' his job... selling airplanes.
Slashdot Mirror
I might suggest that you reread the article from SecurityFocus, you might notice the paragraph : "The hacker gained initial access through a Linux system in the hospital's pathology department. That system was running the client side of a remote administration tool called VNC, which allowed him access to a Windows NT box. From there he exploited file shares and remote administration relationships, and used trojan horses, to expand his access throughout the network. " Gee, that sounds like improperly installed and run user software in combination with NT security flaws. But I am not blaming NT here ... security is a process and goal, not a piece of hardware.
To sort of quote Dave Dittrich (Terry Gray actually I think) ... "the percieved value of a firewall is greater but the real value of a firewall actually varies inversely (goes down) with an increasing number of machines protected by the firewall."
A firewall at the UW would be an administrative nightmare and so full of holes, swiss cheese would be envious. Meanwhile people would say "oh we are protected by the firewall so we don't have to worry." And a firewall does NOT protect against anybody on the inside.
Security needs to be implemented lower in the foodchain ... at the lab and device level ... encrypt all network streams ... have firewalling software installed on any device not behind a lab firewall ... and encrypt sensitive data!
ejm
The story of the "barrel roll" is pretty famous here in Seattle, but it was (?late fifties?) with the 707 prototype, & NOT late sixties with the 747. I believe it was Tex Johnston (or some other famous test pilot working for Boeing). The plane was making a fly-by appearance at the annual Sea-Fair hydroplane races, and this was "The BIG" coming out appearance for the new jet. A lot of VIPs were in the audience just to see the jet. In his memoirs, Tex wrote about how he wanted to do something that would really show off his wonderful new toy (in other words sell the jet and save the company), so he picked a very flashy but relatively safe maneuver ... a barrel roll ... it is possible to do it so that it is a constant 1G stress force thru-out the whole maneuver ... the same force on the jet as if it were flying level.
So without warning any of the company bigwigs, Tex did exactly that. And on the 2nd pass of the flyby, he did it AGAIN! Story goes that the Boeing president wanted to kill Tex from the reviewing stands, then he was shut-up by an impressed Airline President that said Tex was only doin' his job ... selling airplanes.