Re: OT - Terry Childs, CCIE#14018

Hi Carlos,

You may have been a little quick to assume my opinion there, despite my not
expressing any. Like yourself I have read about the case, and also
discussed technical aspects of it with a person who knew the details (their
company was called in to help). My post was mainly about a general approach
to security incidents, and the aspects related to this specific case are
consistent with what I was told.

I've never met Terry Childs and keep an open mind about his personality and
motivation since, like yourself, I only have second hand information about
him.

Paul

On Sun, Aug 8, 2010 at 2:30 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar> wrote:

> Just courious, have you read about this before this post ?
> I read an article a long time ago about him (IEEE spectrum, if
> I remember it correctly), where he was characterized as an over jealous
> engineer that would not let non qualified people
> access the net to keep it working.
> There are always many sides to the stories, and I'm amazed at how fast
> people take positions (polarize ?) w/o much info...
>
> -Carlos
>
> Paul Cosgrove @ 8/08/2010 9:27 -0300 dixit:
> > If you are maliciously locked out of devices, your response is likely to
> be
> > proportional to your level of paranoia about what else the perpetrator
> may
> > have done to complicate your life. My understanding is that the saved
> state
> > of the devices was unclear, and there were unusual changes made beside
> > modifying passwords which, whether it was intended or not, hampered the
> > initial evaluation and added to concerns that there might be other
> > surprises.
> >
> > If you believe there is a risk someone has turned your production network
> > into a troubleshooting lab, but the system is operational and does not
> > appear to be deteriorating, then you will probably start by assessing the
> > state using safe techniques. You will also have to formulate a recovery
> > plan, including plenty of 'what if's?' to cater for unknowns. Reloading
> > devices could result in the config being cleared, so you would need to
> > determine what the impact to the network will be if that occurs and
> prepare
> > for that. Planning for the worst, you might include provisions incase
> > malicious changes have been made on the alternative paths, and they only
> > become visible when traffic shifts (etc.). Was a high profile event, so
> any
> > mistakes may also have been high profile.
> >
> > They were treading very carefully, which took time and money.
> >
> > Paul.
> >
> > On Sun, Aug 8, 2010 at 4:49 AM, Lloyd J. Rochon III
> > <lrochon_at_sbcglobal.net>wrote:
> >
> >> Agreed but I was just going off their urgency and lack of apparent
> >> technical knowledge. I think they were in panic mode and spare no
> expense
> >> mode.
> >>
> >> Regards,
> >>
> >> Lloyd Rochon
> >> Lloyd J. Rochon III
> >>
> >> -----Original Message-----
> >> From: Garth Bryden <hacked.the.planet.on.28.8k.dialup_at_gmail.com>
> >> Date: Sun, 8 Aug 2010 11:29:46
> >> To: <lrochon_at_sbcglobal.net>
> >> Cc: Jack Router<pan.router_at_gmail.com>; Adrian Brayton<
> abrayton_at_gmail.com>;
> >> Cisco certification<ccielab_at_groupstudy.com>
> >> Subject: Re: OT - Terry Childs, CCIE#14018
> >>
> >> Well I've read (but not had the courage to test) that if you press
> control
> >> break when you are booting with password recovery disabled you can get
> into
> >> the device, just with factory defaults.... I guess if there were no
> >> passwords there woulda been no backup configurations which meant long
> >> nights
> >> and lots of coffee restoring network services; whoopie
> >>
> >> On Sun, Aug 8, 2010 at 11:26 AM, Lloyd J. Rochon III
> >> <lrochon_at_sbcglobal.net>wrote:
> >>
> >>> It also could have been the "no service password-recovery" command on
> key
> >>> devices which caused costly replacements.
> >>>
> >>> Regards,
> >>>
> >>> Lloyd Rochon - CCIE
> >>> Lloyd J. Rochon III
> >>>
> >>> -----Original Message-----
> >>> From: Garth Bryden <hacked.the.planet.on.28.8k.dialup_at_gmail.com>
> >>> Sender: nobody_at_groupstudy.com
> >>> Date: Sun, 8 Aug 2010 11:09:18
> >>> To: Jack Router<pan.router_at_gmail.com>
> >>> Reply-To: Garth Bryden <hacked.the.planet.on.28.8k.dialup_at_gmail.com>
> >>> Cc: Adrian Brayton<abrayton_at_gmail.com>; Cisco certification<
> >>> ccielab_at_groupstudy.com>
> >>> Subject: Re: OT - Terry Childs, CCIE#14018
> >>>
> >>> The $900,000 would be over the top but the costs they are calculating I
> >>> assume won't be just for the password recovery process. Remember there
> is
> >>> downtime involved to do this, they are most likely claiming
> compensation
> >>> for
> >>> lost revenue etc.
> >>>
> >>> On Sun, Aug 8, 2010 at 11:03 AM, Jack Router <pan.router_at_gmail.com>
> >> wrote:
> >>>> How can you spend $900000 in 12 days ? Its 75K a day !!!! Did they
> hire
> >>> 31
> >>>> CCIEs full time for 12 days, assuming 300$/hour wage ? Obviously Terry
> >>> was
> >>>> right saying his boss was not qualified to have a password.
> >>>> BTW, how do you get a job like Terry's boss ? What qualifications are
> >>>> required ?
> >>>>
> >>>> -----Original Message-----
> >>>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
> >> Of
> >>>> Adrian Brayton
> >>>> Sent: 7-Aug-10 13:59
> >>>> To: Cisco certification
> >>>> Subject: OT - Terry Childs, CCIE#14018
> >>>>
> >>>>
> >>>>
> >>
> http://www.businessweek.com/idg/2010-08-07/network-admin-terry-childs-gets-4
> >>>> -year-sentence.html
> >>>>
> >>>>
> >>>> Blogs and organic groups at http://www.ccie.net
> >>>>
> >>>>
> _______________________________________________________________________
> >>>> Subscription information may be found at:
> >>>> http://www.groupstudy.com/list/CCIELab.html
> >>>>
> >>>>
> >>>> Blogs and organic groups at http://www.ccie.net
> >>>>
> >>>>
> _______________________________________________________________________
> >>>> Subscription information may be found at:
> >>>> http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina

Blogs and organic groups at http://www.ccie.net
Received on Sun Aug 08 2010 - 17:07:55 ART