Posts from — July 2008

Infoworld continues to have the best information on the Terry Childs case (new article)

(page 3) entering the VPN information into the court records made them public — the San Francisco district attorney’s office committed a significant security breach, opening up VPN access to anyone who cared to look at the document. Although the passwords alone were not enough to provide complete access to the city networks, they did constitute one part of the VPN’s two-phase authentication configuration.



Nearly two days after the DA’s office divulged these passwords to the public, DTIS changed all the passwords, locking everyone out of the city VPN services until they had reconfigured their client to the new passwords. Ironically, this was the first time the city network failed since Childs’ arrest.

And then later on the same page:

See more …

I know some of you have been missing my online musings as of late. I’ve been in San Jose at a Cisco phone training course. And fortunately, I’ve been able to stay at Cory’s pad in MV to make it a 5 min commute to the training center. Plus staying in MV lets me live “the South Bay lifestyle”– ie shorts and flip-flops (as opposed to the jackets needed in the SF “summer”).

Anyway, I thought you’d like to see what I was learning in the course. This video will explain it:

Yes, basically I’m learning to fight dinosaurs.

B&U has a good post up today abut MTV

In our lifetimes, MTV has popped up out of nothing, cut its own place in the world and sat in that place until they completely ditched the M and stuck mostly with the TV.



Viacom’s teenaged cash-baby has grown stale to those of us that have been through one too many reinventions. We keep crying out: “Show more videos, you’re MTV!.” and they keep responding with the very rational argument that they have study after study proving that no one watches videos on MTV no matter what time they air them, and MTV needs to make money as a brand. Videos are no longer financially viablefor Viacom’s flagship property.

The post is here and it’s more a rant about movies and Viacom and biz. But it’s a good read.

Someone asked me recently why I haven’t posted a DVD Roundup in a while. Well, the answer is that I haven’t really seen anything worth writing about.

I’m not sure if it’s because I’ve been caught up in other things (Euro2008 in June?, work?, tech crap?) or if I was just watching more TV from the DVR. Or maybe I’ve just been negative about everything. . .

I have a theory about the movie-watching-slowdown, but I’ll save that for a future blog post.

But I tell you what, I’ve gone through my Netflix rental history and my stack of borrowed items. Here’s what I’ve seen recently:

I Am Legend – CRAP movie. Okay, so the antagonist is smart enough to figure out how to rig up a trap just like the one Will Smith rigged up, but he’s not smart enough to open up the lab door at the end? Btw- that door operated from the outside in the earlier parts of the movie, so shhh you.

There Will Be Blood – I really really really wanted to like this movie. I thought everyone in it was great, but in the end I just couldn’t give a crap about the story. And I’m usually pretty forgiving about that. Well, I did give a crap actually now that I think about it- I just thought it kept taking weird turns . . .

The other thing about this movie is that when Daniel Day Lewis was on screen, I kept thinking he sounded like John Huston. Don’t believe me? Check out this clip, then watch this great old interview (skip to 9:20 if you’re impatient).

(Jet Li’s) Fearless – Meh

Live Free or Die Hard – Compared to I Am Legend this was high-art.

Lucky Number Slevin – This one was okay. A bit too self-aware if you know what I mean, but I thought it was interesting and clever.

Shooter – Escapist fare . . . but I bet it came from a much better series of books that I should look for to add to my commute reading stack. The movie was a bit(!) predictable.

Miami Vice – holy crap this sucked . . . so many plotholes. . . Oh, btw, on the DVD extras, they talk about how into “the art” and “the look” Michael Mann is and the lengths he goes to to get things a certain way in the movie. He should’ve paid more attention to the storytelling.

Mi3 – Was much better than Mi2. But what does that tell you?

Grind House – Wow, the first Tarantino movie I didn’t really get into . . . and I’m a fanboy!

WAIT WAIT- there was one movie that I thought was clever–

Shoot ‘Em Up – It was like a live-action cartoon with Clive Owen and Monica Bellucci. It was even strangely political. But I really was able to get back into escapist movie watching mode and enjoy this.

Other than that, you know what I’ve (still) been watching? The Shield. Season 5 wassodamngood zomgwtfbbq. And I’m getting ready to start watching The Wire. I hear The Wire is a great time suck and is very entertaining.

Inforworld has great column up with more details about teh Sf h4×0r if you’re interested.

Some key points/quotes:

.As for the impact of [Childs'] actions to the rest of the City, the mayor’s statement basically has it right. The network is completely up and running. No servers that I’m aware of are affected. No one has had any downtime (yet). But until they get back into those routers, they can’t make any changes. I don’t know yet if Terry’s lockout applies only to the FiberWAN or also to the other routers, firewalls, switches, etc. in the City network..


.Terry’s area of responsibility was purely network. As far as I know (which admittedly is not very far), he did not work on servers, except maybe VoIP servers, AAA servers, and similar things directly related to the administration of the network. My suspicion is that you are right about how he was ‘monitoring e-mail’; it was probably via a sniffer, IPS, or possibly a spam-filtering/antivirus appliance. But that’s just conjecture on my part..


A key point made in the e-mail is that Childs’ managers and coworkers all knew that he was the only person with administrative access to the network. In fact, it was apparently known and accepted in many levels of the San Francisco IT department. Again, quoting from the e-mail:



“This is where it gets tricky for the prosecution, IMO, because the localized authentication, with Terry as sole administrator, has been in place for months, if not years. His coworkers knew it (my coworkers and I were told many times by Terry’s coworkers, ‘If your request has anything to do with the FiberWAN, it’ll have to wait for Terry. He’s the only one with access to those routers’). His managers knew it.



“Other network engineers for the other departments of the City knew it. And everyone more or less accepted it.”

Wheeee

So . . . Batman wannabe Newsom just goes down to the jail, talks to “teh h4×0r” and gets the passwords, no problem. Wow. sfgate story here.

No press conference needed, no talking to the DA first . . .he must’ve wooed him w/ his Bruce Wayne looks and a pack of cigs . . .

I like this part:

“He gave the mayor the codes, and then we went over to (the Technology Department)” and gave the codes to computer engineers, Ballard said. “And when we got back to City Hall, we were each separately questioned by the (police) inspector, because we are now witnesses in the case.”

But there was a snag, Ballard said – the code that Childs supplied to Newsom didn’t function immediately. Newsom had to call back the attorney, who provided more information, and the system started working, officials say.

I can see them calling back– “uh, can we talk to the prisoner again? yeah, hey, that pw didn’t work . . .what? no, I put gnewsom@sf.gov, what? take out the @sf.gov part? Hey, that worked! Thanks! Kbye!”

And the last paragraph of the story let the defense attorney get in a dig:

Referring to the felony computer-tampering counts, Crane said, “Mr. Childs intends to not only disprove those charges, but also expose the utter mismanagement, negligence and corruption at (the Technology Department) which, if left unchecked, will in fact place the city of San Francisco in danger.”

I gotta get a job with the city . . man, 6 figures!? Wooo . . .

I saw this on a Cinematical.com rss feed, but it’s from CNN originally:

Ebert and Roeper leaving ‘Ebert & Roeper’


CHICAGO, Illinois (AP) — Chicago Sun-Times film critic Roger Ebert says he’s cutting ties with the television show that he and the late Gene Siskel made famous.

This news came after Roeper announced that he wasn’t renewing his contract.

:(

I (still) wish theaters and movie production companies would report the number of tickets sold over a given weekend, not the amount of sales of tickets. It annoyes the crap out of me. Well, not too much really . . .

I’m babysitting this weekend. You can see the kid in the pic to the left.

I also plan on being selfish too and using Dustin as a chick-magnet in the park.

Hey, he needs a place for the weekend, and I need his magnet-services. It’s all fair, right?

So far, he’s yet to barf, pee or poop on any of my stuff. So, so far, he’s doing better than I am.

As an aside, he’s a living alarm clock– I forgot about that.

That SF-city worker network guy story seems to be getting weirder, to me at least. There’s another story up today.

Two things stick out-

-$5MM bail? Isn’t that like 5 times higher than what an average murder suspect has their bail set at in SF?

-The original insubordination suspension from work was probably mentioned at the end of the article:

On June 20, authorities said, Childs started taking photographs of the Technology Department’s new head of security after she began an audit of who had password access to the system. The woman became frightened by Childs’ behavior and locked herself in an office, authorities said.



His supervisors’ concern grew when it became clear that Childs had not only given himself exclusive access to the system, but had created a way to spy on his bosses’ e-mails related to his conduct, authorities said.

I can’t imagine any IT Security staff that I’ve worked with locking themselves in their office when staff took their pic w/ a cellphone. That part just seems weird.

And the bit about creating a way to spy on his bosses’ emails? Shoot, every Exchange admin I know does that on occasion. I’m not trying to justify it, it’s just that it’s not very creative or new. And you don’t need anything special to do it. In fact, if your boss leaves his/her computer unlocked you could just set up a new filter in their email client to bcc you on their emails. And if you had server access, you could do the same. . .