Comments on: S.F. Claims IT Worker Hijacked Passwords

City Employee Accused Of Holding Computer Network Hostage; Faces Seven Years In Prison

[credibility2]

The attorney for Childs is a goof. Childs may not have killed anybody in what he did, but for him to have made it so that he is the only one to have a password, given his instability, he could easily shutdown the system, including all medical and law enforcement response systems, like 911. The bail was appropriate given the circumstances and the fact that he refuses to give up the password. As sophisticated as some might think major networks are, all one has to do is recall how easily it''s been for hackers to get into systems and obtain highly classified information and personal data. The network geeks have too much ultimate control over these systems. I guess SF didn''t do a background check and submit Childs to a psychological screening. I wonder why at his arraignment the judge wouldn''t allow the camera to show his face. If this is resolved, prospective employers need to know what Child looks like to avoid hiring him.

[dan400man]

What the story also doesn''t say is that, though this guy got caught (doing something), there are many networks out there that are wholly unsecured, or so inadequately secured that a high school hacker would have no problem getting in. As I sit here looking at our live customer data, I am somewhat surprised to see that I (an application developer) can see real customers'' social security numbers, as well as names, addresses, birth dates, and drivers'' license information. Many thousands of them. In my 20+ years in my career as a consultant and as an employee, I can''t recall ever being "locked out" from being able to view this type of information. But I am surprised that, in this day and age of known issues with personal information, these lapses still exist. The data I''m looking at is from a custom legacy application, which is at least 15 years old; however, securing specific data like SSNs and driver''s license info with encryption is not that difficult.

As a consumer, I don''t rely on any company''s promises that my personal information is secure, so I remain as vigilant as I know how, including checking my credit reports periodically, shredding mail, etc.

[dan400man]

Not surprisingly, this story does a poor job of describing the crime allegedly committed. What is "tampering"? Especially one that supposedly merits $5 million bail? He''s accused of creating a secret password for his own use. Um, yeah, passwords usually are secret. Did they mean to say that he created a secret "superuser" account? He''s accused of "taking over the new FiberWAN". Usually, these things are done in stealth, trying to avoid any detection, so "taking over" a network seems counter productive, unless his motive was to bring down the entire network. Story doesn''t say.

[dan400man]

In this day and age, this defies belief. This would require the reader to assume that SF does not know about offsite data storage. This is a low cost service offered by many firms in CA to periodically save applications and data. I use it in my business and it has saved my skin quite a few times when my computer has crashed.

If SF does have offline data storage, then wipe out Drive C and download the stored applications and data. It would take a while but would solve the problem very easily. If SF does not have this service, more than this young man should be prosecuted.
---------------------------
Posted by ramos937 at 10:19 AM : Jul 17, 2008

Not sure why you think restoring a backup will solve all the problems.

First, how far back of a backup do you go to? Last week? Last month? How long ago did the "perp" set up his superuser account?

Second, this isn''t a "C:" drive backup we''re talking about here. No data corruption issues have been identified. They seem to be focusing more on what confidential stuff was accessed and who accessed it. I''m in IT, but not in networking specifically; I''d be surprised if routers were "backed up".

[jpdworkin]

Nice lie GOP_forever - I''ve seen your nonsense here before. Post an innuendo that the rankest amateur comedian would recognize about San Francisco and prison life, then hide behind weasel words. So typical and hateful.

[fiberglass3]

City officials accused Department of Technology employee Terry Childs of taking over the new FiberWAN (Wide Area Network) by creating a secret password for his own use.


He works in the Department of Technology. He should have a back door into the system. He''s a city employed computer engineer not a hacker on the outside.

[ramos937]

In this day and age, this defies belief. This would require the reader to assume that SF does not know about offsite data storage. This is a low cost service offered by many firms in CA to periodically save applications and data. I use it in my business and it has saved my skin quite a few times when my computer has crashed.

If SF does have offline data storage, then wipe out Drive C and download the stored applications and data. It would take a while but would solve the problem very easily. If SF does not have this service, more than this young man should be prosecuted.

[wogerwabbit]

It sounds to me like the guy had the super administrators password. Somebody''s got to have it. Did the guy make threats? Was he browsing data he shouldn''t have been? If not, the story here is that the guy is getting screwed.

[irliberal]

Wow... it only took two posts for a gop thug to post a hate message about gay people. They''re getting quicker. But certainly not any less predictable.

[pollroller1]

I certainly am no expert, but I don''t think there is such thing as a secure computer system.