update, Venezia has his field day and more news and links from IT bloggers
Very few people have been questioning the San Francisco city hall press releases since this story began over a year ago, but now even the Chronicle is sheepishly admitting they might have been wrong
complete links on Infoworld, nearly the only other source that wasn't parroting the press releases, but questioning them instead, from a professional network administration perspective, and also, Slashdot has their angle
This is a technical case involving San Francisco's fiber wan and computer network, and people that really know what they are doing in this field got suspicious of the city's claims back when it first started. This whole story reeked of incompetent management, rather than criminal mischief of Childs part. It was pretty obvious from the very beginning that Childs had enough control to bring down the entire network, but that never happened. The network performed flawlessly long after he was arrested. The San Francisco fiber-wan (wide area network) internal network continues to operate flawlessly to this day
Terry Childs nearly built the San Francisco computer network by himself, to the point of actually filing for copyright on his design of the network. Management in the San Francisco IT department apparently couldn't fathom half of what he was doing and Terry Childs himself called them incompetent on numerous occasions, which is pretty much what the sole standing charge is all about. Refusing to hand over the network to incompetent imbeciles
San Francisco is famous for corruption, incompetence, nepotism, you name it, so somebody who IS competent can't be blamed for doing his job while he's surrounded by dipshits. All of this while nearly in the middle of the most technologically advanced area in the world, and it just boggles the mind. One of the very few people who is very knowledgeable, experienced in computer network administration, and who was willing to speak out about the suspicions, is Paul Venezia, who is very shortly going to feel extremely vindicated about all those articles he wrote
Paul Venezia was right, many of San Francisco (city) claims, didn't add up. It didn't make any sense
InfoWorld Home / Data Management / The Deep End / Childs' attempt to protect the network password...
February 17, 2009
Childs' attempt to protect the network password gone awry?
Would you give root-level passwords to a room full of people you didn't know? That may have been San Francisco's untenable choice to its notorious network admin.
By Paul Venezia
I read the latest defense filing in the Terry Childs case over the weekend, and was struck by some new information presented there, specifically related to the circumstances under which Childs was asked for the FiberWAN passwords. It sheds light on why Childs may have withheld the password to the city's WAN.
An excerpt from the filing by Childs' defense attorney:
On July 9, 2008 and at all relevant times, Richard Robinson was the Chief Operations Officer of DTIS [the San Francisco Technology Information Services Department]. Defendant unwittingly found himself at a meeting with Robinson in a room at the police station at the Hall of Justice. Present at that meeting were Lt. Greg Yee and Vitus Leung from the City's Human Resources Dept. Waiting outside the room but joining the meeting midway was Inspector Ramsey. The meeting was unorthodox and short on civilities. Defendant was told that he was being reassigned and was asked to disclose the FiberWAN passwords in addition to other passwords. There was no advance notice to defendant of this request. The surrounding circumstances of this request were unnerving and troubling to defendant at best. He resisted this surprise request to disclose the passwords to the FiberWAN, telling Robinson that no one was qualified to have the passwords. Under the pressure of the situation, defendant gave password information that could not be validated. During this exchange wherein defendant was questioned regarding the passwords, a speakerphone was on the desk in meeting room and people were listening in on the other end of the phone connection in a different part of the City.
In this statement, the defense asserts that those present during the questioning were simply not qualified to hear the passwords. This impromptu meeting took place at the police station in the Hall of Justice, not in the DTIS offices, and Childs was brought there while in the building doing work on the FiberWAN. Those present included various members of the San Francisco Police Department, representatives from HR, and an unknown group of people on the other end of a speakerphone.
If this is true, then his refusal to divulge the passwords becomes a lot less problematic from an ethics and security standpoint. You don't give up the master keys to a seemingly random group of people, including those that don't work in the department and some unknown others on the phone.
I'll tell you something. If I was in charge of the San Francisco computer network and I was brought into a room under those circumstances, there is no way in hell I would have given up the passwords. For all he knew, it could have been an internal affairs investigation, trying to get him to give up the passwords.. I would have done the same damn thing. That is the first thing they teach you about network security. You better be damn sure about who you give the passwords to, and if Childs wasn't sure, then why did he spend a year in jail? Network security and this issue of the passwords is THE single most basic thing all network administrators have to deal with at some point or another. It's possible that Childs, in his refusal to hand them over, was trying to expose the incompetence at City Hall
San Francisco deserves better than this. If Terry Childs is found innocent, San Francisco needs to keep him, fire all the incompetent management, and rehire some REAL pros from the private sector (there's plenty of them from here down to San Jose, and, in this stage of the economy, many of them happen to be out of work right now)). The fiber wan network is too important, especially when mayor Newsom is just today advancing new data policies, along with the police chief
San Francisco official password policy ((burbed)
As such, all County employees (including contractors, vendors, and temporary staff with access to County systems) are responsible for taking the appropriate steps, as outlined below, to select and secure their passwords.
All system-level passwords (e.g., root, enable, NT admin, application administration accounts, etc.) must be changed on at least a monthly basis"
"Do not share County passwords with anyone, including administrative assistants or secretaries.
All passwords are to be treated as sensitive, confidential County information.
Here is a list of things to avoid
-Telling your boss your password.
-Talking about a password in front of others.
-Telling your co-workers your passwordwhile on vacation."