[Techtalk] hacked on solaris

Sun Aug 25 14:30:45 EST 2002

At 8/25/02 12:53 PM , caitlynmaire at earthlink.net wrote:
>Be glad it's only one system.  I had 17 SGI and Sun
>boxes to worry about after a hack year before last because the previous
>admin hadn't been allowed to do his job.

I've heard lines like that before. They generally mean that the company 
explicitly told the admin *not* to take the time to properly secure the 
network, because "it would cost too much".

The thing that really burns me up is that, when the system gets cracked and 
the company's Web page reads "j00 hAv3 b33n 0wnZ0r3d by mY sKriPt kiDDi3Z 
klUb!!!", at least one or two managers in the company will try to blame the 
admin for not taking enough precautions. The admin pointing out (generally 
somewhat forcefully) that s/he was explicitly told not to do that is 
usually enough to save his/her job.

But what about the person who stopped the admin from securing the system? 
How come *that* person never winds up under the gun? I'd really love to see 
the people who clamor for the admin's head on a platter turn some of that 
politicking ire against the one who was *really* responsible for the 
system's vulnerability. But somehow, it never seems to happen.

(Pleae let me know if you have experiences to the contrary; I'd love to 
hear 'em!)

                                                 --Kai MacTane
----------------------------------------------------------------------
"And when I squinted/The world seemed rose-tinted;
  Angels appeared to descend..."
                                                 --Depeche Mode,
                                                  "Waiting for the Night"