Cryptosmith

The San Francisco story is sounding more like a techie’s personal tragedy and less like terrorism or hijacking or a ransom thing. Paul Venezia was contacted by someone in the IT department who knew Terry Childs, the “rogue admin.”

Apparently Childs is a highly talented admin who is obsessed with his network. If the anonymous source is painting an accurate picture, then it’s just an unfortunate combination of limited social skills on his part and hysterical overreaction on the part of his managers. Continue Reading »

Posted under Information Security | No Comments »

It’s not an easy fix because it requires planning ahead, discipline, and effort. But it’s essentially why banks can hire low-wage tellers and not worry about theft at the till (or at least not as much).

San Francisco has lost control of their FiberWAN. It’s not clear how much this affects day to day operations, since the city appears to still be working. And that in itself is a tribute to separation of duty.

Continue Reading »

Posted under Information Security | No Comments »

The City of San Francisco has just suffered what sounds like the nightmare scenario of an insider attack on their computing infrastructure.

The ‘disgruntled employee’ who reportedly was ‘disciplined for poor performance’ had enough access to critical system components to give himself exclusive control of the infrastructure and apparently lock out other administrators. The system is said to still be running, but administrators have little control over it.

So what’s the lesson here?

Continue Reading »

Posted under Information Security | No Comments »