two more articles that could be potentially very important to San Francisco in the future. In some of the comments, people are already asking this be sent to SF City officials and the Board of Supes
This case will set precedents, if it ever gets to trial. It would be a sad day indeed if network admins could be arrested for using ‘no service password-recovery’. Actually, it could get worse — if his security measures are the very petard that he’s hoisted upon, then the ramifications for security professionals everywhere may be severe. from The Deep End
and more important, how this case is starting to go horribly wrong note – this article is posted almost in it’s entirety, which is something I rarely do, but this is very important to understand, and almost no-one in the press has gotten this right yet
Since I continue to read, see, and hear news stories on the Childs case that depart from reality, I figured I’d put together this handy primer for anyone non-techical who wants to really understand the case. This may or may not apply to many mainstream journalists. I hope it does. Also, please forgive me for the car analogies I’m about to use.
• The “network” as used to describe this case is defined as the hardware used to connect computers to other computers. It is not, and never was, intended to be construed as any form of data, applications, resources, or anything other than the actual hardware.
• Essentially what Childs’ did was build a car, give the city the keys to start the engine and drive the car normally, but he locked the hood so nobody else could work on the car.
• At no time since Childs’ arrest has the network been unavailable, offline, down, or anything approaching unusable. The caveat to this is the fact that when the DA placed functional VPN usernames and passwords into the public record, all VPN access had to be shut down and reconfigured.
• The passwords that Childs gave to Newsom were to be used to access the hardware comprising the network. They were not his email passwords, passwords to unlock and city databases, or anything of the sort. They were passwords that could be used to log into routers and switches to make changes. Nothing more, nothing less.
• The passwords released by the DA’s office were not the passwords they were trying to get from Childs. The passwords they released to the public were for another part of the network entirely, one that provided external access to the network for city employees. In essence, by publishing this list, the city opened the deadbolt on the door to the network, but left the handle locked.
• Modems plugged into routers and switches in various places on a large network are not scandalous, they’re common. They’re also generally mandatory on large networks. These modems are used to provide instant emergency access to remote locations to reduce or eliminate network downtime.
• Do not confuse a modem with a router. Sadly, these terms are used interchangeably in consumer electronics, but not in this case. The term modem here means an analog phone modem, not a DSL or cable modem (unless specifically noted), and router means a device used to route packets through a network.
• “Sniffers” on a large network are basically mandatory. The fact that Childs’ had one is not a surprise, and is not immediate cause for concern. Cisco has manufactured and sold devices designed to be used in core network equipment for just this purpose for many years. Sniffers are put in place to detect intrusions or other problems on the network.
• The routers and switches that comprise a network are essentially fixed-purpose computers. They have a CPU, RAM, and storage (similar to a hard drive). Like a PC, they have an operating system and a configuration that instructs the device on how to function within the network. When changes are made to this configuration, they are made to the running config, not the stored config. The changes are applied instantly, but unless the running configuration is saved to disk, the changes will be lost if the device is powered off. For instance, if you open a saved Word document, and make changes to it, then shut down the computer without saving the document, the changes will be lost.
(NB: This always bothered me about Doogie Howser. He’d type all this stuff into his computer, then just shut it off. Same goes for the end of Stand By Me)
• Requiring specific points of access for administrative functions of a network is not a bad thing. It’s generally a security requirement. For instance, to make changes to a network, you must use a specific IP address, perhaps within a specific building.