TalkBMC

Sections

You are here: Home » Blogs » Seshadri Veeraraghavan » The Fulcrum » An Idea that Bombed

An Idea that Bombed

Document Actions

Continuing in the grand tradition of using bad puns as titles, we look at the weird case of Lin Yung-Hsun, a Sys Admin, who in his great wisdom thought it fit to plant a logic bomb (http://en.wikipedia.org/wiki/Logic_bomb) because he was nervous about an upcoming corporate restructuring (that could result in his getting laid-off).

You can read more about this sadly misguided person's story here:

http://www.informationweek.com/news/showArticle.jhtml?articleID=205601393

The ultimate irony is that he was kept while other SAs were shown the door.

In previous postings I've mentioned that the biggest threats often come from insiders - disgruntled employees, saboteurs that get employment in the target company so they can perform destructive actions, corrupt workers and so on.

Obviously the idea is not that one should distrust their workers - on the contrary one should trust them completely, but while still taking protective actions, such as routine scans of all admin commands/actions; sweeping the disks of critical servers to check for any obvious problems and so on, and maybe even having a trusted party check important systems for signs of unauthorized or unacceptable activities.

While there are pretty good tools to prevent virus/DoS/hacking attacks, none that I know of protect against such deviously simple yet hard to find attacks. Unless AV software can start incorporating intelligence (singatures) of destructive behavior it won't be simple/possible/easy to stop such people.

digg it

Wednesday, January 09, 2008 | Permalink | Comments (1)

The beauty of a simple checklist

Posted by Ronald X at 2008-01-10 00:10

A good counter-measure can be implemented with no fancy software or hardware using a clipboard, pencil and paper. It is the simple checklist!
Read http://www.newyorker.com/reporting/2007/12/10/071210fa_fact_gawande
Humans have bad memory. We cannot execute a list of a large number of items on a regular basis, even if we do it repetitively. Computers do a great job at this but computers are stupid. They have no intuiation.
The security problem that a checklist can circumvent is what I'll call "flying under the radar." It has often happened to me that I would arrive at the office, and discover that something dramatic had happened at I didn't have a clue that it was going down. This is the natural human tendency to wait in blissful ignoance for information to be pushed to you. A checklist assists in this by pulling information.
I thus have the opinion that 80% of security issues, like the logic bomb, can be resolved using a push/pull process.