[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Attack on CORE SRS

Date: Wed, 18 Feb 1998 11:46:11 +0000
From: Jeff Williams <jwkckid1@ix.netcom.com>
Subject: Re: Attack on CORE SRS

Jeff and all,

Jeff Deitz wrote:

> In reply to
> >Kent Crispin, PAB Chair                 "No reason to get excited",
> >kent@songbird.com                       the thief he kindly spoke...
>
> Normally I just listen to these discussions but I can not believe the
> attitude here. First, if the article is correct (
> http://www.news.com/News/Item/0,4,19220,00.html?latest ) why did customers
> have to call you about the servers not responding. If a server of mine goes
> down I am paged immediately and will be the one to notify the customers, not
> the other way around.

  I completely agree.  I commented on this thread already.  It seems
that Kent, one of the LEADERS of PAB, seems to think that this is a
minor occurrence.  Yet several months ago, Kent and Dave Crocker were
very adamant about the security issues of running a Registry under the
MoU plan.  Now of course, after the horse is out of the barn they are
going to shut the preverbal barn door.  An in addition with this
TERRIBLY FLAWED LOGIC they( MOUvment folks) want the stake holders to
trust their ability to manage any registry.  PLEASE DELIVER ME!

>
>
> >> They certainly didn't cope well with the SECURITY requirements.
> >They coped pretty damn well, under the circumstances-total downtime
> >was under 30 hours.  With the final production configuration,
> >safeguards, and backup systems in place that would be much less.
>
> Excuse me, but security is meant to PREVENT this from happening. What you
> are referring to here is damage control that was implemented after showing a
> complete lack of security. Just from what I can tell the security in place
> was a joke and if I was a customer with a server onsite it would be moved
> before the end of the day.

  No you can easily understand why they have only minimal stake holder
support.
The leadership of the MoU is now in stark evidence for it's
incompetence.

>
>
> >The circumstances of this attack were rather unusual, to say the least.
> Unusual in that someone was able to just walk in with a pair of bolt cutters
> and made off with over $140,000 worth of equipment with no one noticing? You
> are right because this does not happen in a normal business.
>
> >That fact will be carefully considered in the final security configuration.
>
> You mean you had a security configuration????  To address this after the
> fact is like saying, oops the robbers stole all the money from the bank so
> maybe next time we should get a safe.

  You got it!

>
>
> >In this sense the attackers have done us a favor.
> By allowing you to consider a different line of work.
>
> Jeff Deitz
> Internet Systems Engineer
>
>                      Name: winmail.dat
>    winmail.dat       Type: unspecified type (application/octet-stream)
>                  Encoding: x-uuencode
>
> --
> DOMAIN-POLICY administrivia should be sent to <listserv@lists.internic.net>
> To unsubscribe send a message with only one line "SIGNOFF DOMAIN-POLICY"
> For more help regarding Listserv commands send the one line "HELP"

 Regards,

--
Jeffrey A. Williams
DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com

Prev by Date: Re: Attack on CORE SRS
Next by Date: Re: Attack on CORE SRS
Prev by thread: At the drop of a hat (The definition of INTERNET)
Next by thread: Re: Attack on CORE SRS
Index(es):
- Date
- Thread