PDA

View Full Version : San Francisco Network HIJACKED!



lazertek
July 15th, 2008, 04:42 PM
http://news.slashdot.org/article.pl?sid=08/07/15/120220&from=rss

Read the link above... This guy somehow got the super-user access and took over san francisco's fiber network!!! Sounds a lot like what happens in movies but its reality now!

Wonder why don't they customized the super-user function as the following

atleast 5 admins must put there password when anything is being done using the super user as changing an admin's password...

Dr Small
July 15th, 2008, 04:56 PM
Cool.

fatality_uk
July 15th, 2008, 05:10 PM
Agreed, cool ;)

Foster Grant
July 15th, 2008, 05:39 PM
Not cool. There's some more background info in the replies. He sounds like a pathetic, paranoid little man.

lazertek
July 15th, 2008, 05:56 PM
I don't know the person and I don't work in that company so I'm not going to comment about him or what the problem was in there but wasn't as cool as it could be... Apparently he was spying and I think that's he came about getting an admin password and making giving himself control of the network... It would have been "cooler" if he actually hacked into the system or did this sitting on a computer but what he did was pretty lame... C'mon if you have an admin password anyone of us could do anything around...What's so cool about that!

fatality_uk
July 15th, 2008, 06:02 PM
The fact is, the network admins were NOT doing their job if a single guy can by-pass whatever security features, or lack of it seems in this case, to take control of a network.

Nano Geek
July 15th, 2008, 06:14 PM
Not cool. There's some more background info in the replies. He sounds like a pathetic, paranoid little man.Sigh...it's the same with every other evil genius.
Can't they show a little originality?

shadylookin
July 15th, 2008, 08:48 PM
The fact is, the network admins were NOT doing their job if a single guy can by-pass whatever security features, or lack of it seems in this case, to take control of a network.

he was the administrator. In the future they should probably set it up so that any task that requires root access requires authorization of at least 2 admins.

lazertek
July 15th, 2008, 08:56 PM
he was the administrator. In the future they should probably set it up so that any task that requires root access requires authorization of at least 2 admins.
just like I said earlier that is the only way to saftey... On a personal computer or something that's controlled merely by you the super-user feature is great but for a goverment level org you defenetly need more than 1 super user... I thought they already had this setup!

koenn
July 15th, 2008, 09:23 PM
he was the administrator. In the future they should probably set it up so that any task that requires root access requires authorization of at least 2 admins.

Simply having his account disabled before / while he was told he's fired, and have him escorted out of the building, would have been sufficient. That's the normal procedure for firing sysadmins.

Dr Small
July 15th, 2008, 10:09 PM
Simply having his account disabled before / while he was told he's fired, and have him escorted out of the building, would have been sufficient. That's the normal procedure for firing sysadmins.
That still would have not stopped me, as I would have had backup plan B already implemented :D

koenn
July 15th, 2008, 10:47 PM
That still would have not stopped me, as I would have had backup plan B already implemented :D

yep, that's the obvious flaw.

The assumption is that the 'fire a sysadmin" procedure is complemented by routine checks for peculiarities such as daemons with no obvious purpose that would allow remote login, sleeping user accounts or service accounts with admin privs, and the likes, and that these routine checks are performed with more than cursory attention when a sysadmin is about to be told he's fired.
That, and the 'escort them out of the building" to limit direct access to any system on the premises (and of course have your ID revoked so you can't sneak in again, etc etc etc)

As always, security is multi-layered and consists of a correctly implemented policy.

You could still have booby traps and time bombs lying around but at least you'd have to put in some effort, rather than walk up to any terminal, log in, and screw the system.