San Francisco prosecutors have put the city's network at further risk by placing access passwords and usernames on the public record as part of their case against Terry Childs, the sysadmin alleged to have hijacked the city's wide area network. A list of 150 usernames and passwords of city officials was submitted to court as an …
court files have been amended
a spokeswoman for the DA's office said that "the court files have been amended"
And, presumably, the passwords changed??
But wasn't that the point?
Wasn't Child's point that he didn't trust the city to be able to manage the network in a sensible and secure way. And didn't the city just go and prove him right?
@ Conrad Longmore
I thought that too, I read something somewhere about a co-worker saying he was very good at his job, but a little over-zealous about protecting his network.
If the passwords and usernames are now public so soon after he coughed them up it should prove that he was dead right in being so protective in the first place.
No matter where you are in the world....
.... local government is the same all over, you gotta laugh (ptherwise you need to cry constantly and curl up into a ball and ignore the world).
[quote]Childs could use the names and passwords to "impersonate any of the legitimate users in the City by using their password to gain access to the system,"[/quote]
Yes, but the questions is, "did he?"
Check the logs people... if you can figure out how.
Admins in poorly structured environments often find themselves in possession of privileged information they don't need to do their job. It is amazing how willingly and frequently some end-users will give up passwords without even being asked.
Email received: "I need help with my VPN. My user name is mdouglas and my password is salguodm. Please fix ASAP!"
Can he help it if some people are morons? Isn't that the point of his defense?
Yes, they are proving his point by doing what they did... I hope his lawyer seizes the opportunity.
Unfortunately, the jurors may be just as technically illiterate as the city managers...
Paris Hilton knows more about Information Security than these guys.
So they went from nobody being able to access the network to anyone who stumbled across the court records before they were amended being able to access the network? Mr Childs would be justified in saying "told ya so" right about now.
Mine's the one with "Free the San Francisco One" stenciled on the back.
So what kind of protection does the city have now ?? If hacker brings the city to its knees would child be blamed or vindicated . I could see the DA saying the passwords would of never been made public in court proceedings if childs had not of forced them to file charges
I wonder how much worse the charges against him would've been if he had been the one who released the passwords to the public.
What a bunch of dweebs!!
I don't really blame this guy - LOOK WHAT SF DID !!! put the user names and passwords on PUBLIC records?!!?!? What a bunch of dweebs!!!
I guess that this guys fear of the SF city not using the info correctly - was right!!!!
I mean come on - how many of those passwords where even changed after they where on public record? Not many of them, and if so - not changed very much!!
If the darn city can not keep themselves from publishing the info - how are they going to store them? Whom else now has access? - DUH people!
Remember that the "the four most-used passwords are: love, sex, secret, and..." - Hackers - the movie ( thanks IMDB)
that is all.
America is so great, powerful so IT literate that the grave mistake they make is in their network architecture design, then they let some guy have control over the *entire* network, then they prosecute him and release the passwords in public documentation.
How stupid can this country and its people be?
Bring back WOPA, it could do a better job.
You mean "Geez Louise?" (it rhymes)
So what were the passwords?
So now he "could have"
Looks like they're going to try to tack some pedophile charges on him next. And $5 million bail ? How many people did this guy kill already ?
I don't know the hows nor the whys, but SF sure is starting to walk on thin ice with this kind of stunt.
$5 Million Dollar Bail....
Think The Judge was locked out of his network for a few days? Maybe?
Being a former consultant for a municipality, You are the stool to the Cities noose when in that position. You have too much, WAY too much power over such a network. Part of the reason I stopped. Lacks of checks and balances, and if you try and give them checks and balalnces, they get scared.
So let me get this straight
Childs (who was responsible for the security of the network) is charged for refusing to provide admin credentials without a justified need, while city officials are not charged for providing the credentials to the world + dog!?!?!
Oh the irony
I hope Childs has a good lawyer who can capitalize on their stupidity as I hate to see someone penalized for following industry "best practice".