Re: OT - Terry Childs, CCIE#14018 from Rohit Ghodke on 2010-08-10 (Ccielab archives 08/2010)

From: Rohit Ghodke <rohit.nw_at_gmail.com>
Date: Tue, 10 Aug 2010 15:15:18 -0400

http://www.infoworld.com/print/37286
http://www.infoworld.com/d/adventures-in-it/why-san-franciscos-network-admin-went-rogue-286?page=0,0

On Sun, Aug 8, 2010 at 12:07 PM, Paul Cosgrove <
paul.cosgrove.groupstudy_at_gmail.com> wrote:

> Hi Carlos,
>
> You may have been a little quick to assume my opinion there, despite my not
> expressing any. Like yourself I have read about the case, and also
> discussed technical aspects of it with a person who knew the details (their
> company was called in to help). My post was mainly about a general
> approach
> to security incidents, and the aspects related to this specific case are
> consistent with what I was told.
>
> I've never met Terry Childs and keep an open mind about his personality and
> motivation since, like yourself, I only have second hand information about
> him.
>
> Paul
>
>
> On Sun, Aug 8, 2010 at 2:30 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar>
> wrote:
>
> > Just courious, have you read about this before this post ?
> > I read an article a long time ago about him (IEEE spectrum, if
> > I remember it correctly), where he was characterized as an over jealous
> > engineer that would not let non qualified people
> > access the net to keep it working.
> > There are always many sides to the stories, and I'm amazed at how fast
> > people take positions (polarize ?) w/o much info...
> >
> > -Carlos
> >
> > Paul Cosgrove @ 8/08/2010 9:27 -0300 dixit:
> > > If you are maliciously locked out of devices, your response is likely
> to
> > be
> > > proportional to your level of paranoia about what else the perpetrator
> > may
> > > have done to complicate your life. My understanding is that the saved
> > state
> > > of the devices was unclear, and there were unusual changes made beside
> > > modifying passwords which, whether it was intended or not, hampered the
> > > initial evaluation and added to concerns that there might be other
> > > surprises.
> > >
> > > If you believe there is a risk someone has turned your production
> network
> > > into a troubleshooting lab, but the system is operational and does not
> > > appear to be deteriorating, then you will probably start by assessing
> the
> > > state using safe techniques. You will also have to formulate a recovery
> > > plan, including plenty of 'what if's?' to cater for unknowns.
> Reloading
> > > devices could result in the config being cleared, so you would need to
> > > determine what the impact to the network will be if that occurs and
> > prepare
> > > for that. Planning for the worst, you might include provisions incase
> > > malicious changes have been made on the alternative paths, and they
> only
> > > become visible when traffic shifts (etc.). Was a high profile event, so
> > any
> > > mistakes may also have been high profile.
> > >
> > > They were treading very carefully, which took time and money.
> > >
> > > Paul.
> > >
> > > On Sun, Aug 8, 2010 at 4:49 AM, Lloyd J. Rochon III
> > > <lrochon_at_sbcglobal.net>wrote:
> > >
> > >> Agreed but I was just going off their urgency and lack of apparent
> > >> technical knowledge. I think they were in panic mode and spare no
> > expense
> > >> mode.
> > >>
> > >> Regards,
> > >>
> > >> Lloyd Rochon
> > >> Lloyd J. Rochon III
> > >>
> > >> -----Original Message-----
> > >> From: Garth Bryden <hacked.the.planet.on.28.8k.dialup_at_gmail.com>
> > >> Date: Sun, 8 Aug 2010 11:29:46
> > >> To: <lrochon_at_sbcglobal.net>
> > >> Cc: Jack Router<pan.router_at_gmail.com>; Adrian Brayton<
> > abrayton_at_gmail.com>;
> > >> Cisco certification<ccielab_at_groupstudy.com>
> > >> Subject: Re: OT - Terry Childs, CCIE#14018
> > >>
> > >> Well I've read (but not had the courage to test) that if you press
> > control
> > >> break when you are booting with password recovery disabled you can get
> > into
> > >> the device, just with factory defaults.... I guess if there were no
> > >> passwords there woulda been no backup configurations which meant long
> > >> nights
> > >> and lots of coffee restoring network services; whoopie
> > >>
> > >> On Sun, Aug 8, 2010 at 11:26 AM, Lloyd J. Rochon III
> > >> <lrochon_at_sbcglobal.net>wrote:
> > >>
> > >>> It also could have been the "no service password-recovery" command on
> > key
> > >>> devices which caused costly replacements.
> > >>>
> > >>> Regards,
> > >>>
> > >>> Lloyd Rochon - CCIE
> > >>> Lloyd J. Rochon III
> > >>>
> > >>> -----Original Message-----
> > >>> From: Garth Bryden <hacked.the.planet.on.28.8k.dialup_at_gmail.com>
> > >>> Sender: nobody_at_groupstudy.com
> > >>> Date: Sun, 8 Aug 2010 11:09:18
> > >>> To: Jack Router<pan.router_at_gmail.com>
> > >>> Reply-To: Garth Bryden <hacked.the.planet.on.28.8k.dialup_at_gmail.com>
> > >>> Cc: Adrian Brayton<abrayton_at_gmail.com>; Cisco certification<
> > >>> ccielab_at_groupstudy.com>
> > >>> Subject: Re: OT - Terry Childs, CCIE#14018
> > >>>
> > >>> The $900,000 would be over the top but the costs they are calculating
> I
> > >>> assume won't be just for the password recovery process. Remember
> there
> > is
> > >>> downtime involved to do this, they are most likely claiming
> > compensation
> > >>> for
> > >>> lost revenue etc.
> > >>>
> > >>> On Sun, Aug 8, 2010 at 11:03 AM, Jack Router <pan.router_at_gmail.com>
> > >> wrote:
> > >>>> How can you spend $900000 in 12 days ? Its 75K a day !!!! Did they
> > hire
> > >>> 31
> > >>>> CCIEs full time for 12 days, assuming 300$/hour wage ? Obviously
> Terry
> > >>> was
> > >>>> right saying his boss was not qualified to have a password.
> > >>>> BTW, how do you get a job like Terry's boss ? What qualifications
> are
> > >>>> required ?
> > >>>>
> > >>>> -----Original Message-----
> > >>>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On
> Behalf
> > >> Of
> > >>>> Adrian Brayton
> > >>>> Sent: 7-Aug-10 13:59
> > >>>> To: Cisco certification
> > >>>> Subject: OT - Terry Childs, CCIE#14018
> > >>>>
> > >>>>
> > >>>>
> > >>
> >
> http://www.businessweek.com/idg/2010-08-07/network-admin-terry-childs-gets-4
> > >>>> -year-sentence.html
> > >>>>
> > >>>>
> > >>>> Blogs and organic groups at http://www.ccie.net
> > >>>>
> > >>>>
> > _______________________________________________________________________
> > >>>> Subscription information may be found at:
> > >>>> http://www.groupstudy.com/list/CCIELab.html
> > >>>>
> > >>>>
> > >>>> Blogs and organic groups at http://www.ccie.net
> > >>>>
> > >>>>
> > _______________________________________________________________________
> > >>>> Subscription information may be found at:
> > >>>> http://www.groupstudy.com/list/CCIELab.html
> > >>>
> > >>> Blogs and organic groups at http://www.ccie.net
> > >>>
> > >>>
> _______________________________________________________________________
> > >>> Subscription information may be found at:
> > >>> http://www.groupstudy.com/list/CCIELab.html
> > >>
> > >> Blogs and organic groups at http://www.ccie.net
> > >>
> > >>
> _______________________________________________________________________
> > >> Subscription information may be found at:
> > >> http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > > Blogs and organic groups at http://www.ccie.net
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> >
> > --
> > Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue Aug 10 2010 - 15:15:18 ART

This archive was generated by hypermail 2.2.0 : Wed Sep 01 2010 - 11:20:52 ART