[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Attack on CORE SRS

Date: Wed, 18 Feb 1998 19:34:53 +0000
From: Jeff Williams <jwkckid1@ix.netcom.com>
Subject: Re: Attack on CORE SRS

Kent and all,

Kent Crispin wrote:

> On Wed, Feb 18, 1998 at 01:23:11PM -0500, Jay Fenello wrote:
> [...]
> >
> > Kent, although I am no fan of the MoU, I would have to
> > agree with you here.  Security at Best was above average,
> > and the buglary is very suspicious.
> >
> > Would you care to comment on some rumors:
>
> No.  As far as the "incident" is concerned, I really know nothing more
> than what has been made available to the public.  Of course, I am
> familiar with much of the history of the security concerns and
> decisions in the SRS, and I have some knowledge of the development and
> testing that has been going on.
>
> Best Internet hosts a major colocation site in Mountain View with
> *lots* of valuable equipment for lots of customers -- it is a
> completely reasonable place for a facility like the CORE SRS.
> (Actually, my understanding is that Best has three colocation sites --
> the one in Mountain View is generally regarded as the one with the
> "best" internet connectivity, I believe.)

  Your belief is mistaken.

>
>
> As you know, the CORE SRS has been developed under a *very* tight
> schedule.  The Emergent team has done an incredible job pulling it
> all together, and it is probably true that a larger group simply
> would not have been able to get it done.  The system that was stolen
> was being readied for production use, but it wasn't quite there yet
> -- active testing of the client/server interface is still underway.

  Very good. So tell me what this has to do with the security breach?

>
>
> The security that was in place was completely appropriate for a
> development phase; and, as has been repeated several times now, a
> final security review had been commissioned before the system went
> into production -- other things, like a help phone line, 24-hour
> monitoring, and so on are also being brought on line for full
> production.

  First of all your security review should have been done long befor
any development effort was underway.  This is common industry standard,
and practice.

>
>
> The net overall effect of this incident will probably be (IMO) a 2 to
> 3 day delay in the schedule, which, no question about it, is a drag,
> and a frustrating pain in the butt for the people at Emergent, who
> have been working long hard hours the past couple of months.

  And a delay and gross neglagance that should have never taken place.

>
>
> --
> Kent Crispin, PAB Chair                 "No reason to get excited",
> kent@songbird.com                       the thief he kindly spoke...
> PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55
> http://songbird.com/kent/pgp_key.html
>
> --
> DOMAIN-POLICY administrivia should be sent to <listserv@lists.internic.net>
> To unsubscribe send a message with only one line "SIGNOFF DOMAIN-POLICY"
> For more help regarding Listserv commands send the one line "HELP"


Regards,
--
Jeffrey A. Williams
DIR. Internet Network Eng/SR. Java/CORBA Development Eng.
Information Network Eng. Group. INEG. INC.
E-Mail jwkckid1@ix.netcom.com

Prev by Date: Re: "Internet Names *and* Addresses"
Next by Date: Re: "Internet Names *and* Addresses"
Prev by thread: Re: Attack on CORE SRS
Next by thread: Re: Attempts to democratize the MoU
Index(es):
- Date
- Thread