Update 7/22/2008: The issue may be more complex than it first looks (of course, the media always over-simplifies things). Click HERE to read an insider’s account of the situation.
—
Okay, THIS is funny because of the glaring security mistakes made by San Francisco’s Department of Technology (or Department of Ignorance, after this one). From the New York Times:
A disgruntled city computer engineer has virtually commandeered San Francisco’s new multimillion-dollar computer network, altering it to deny access to top administrators even as he sits in jail…
Prosecutors say Childs, who works in the Department of Technology… tampered with the city’s new FiberWAN (Wide Area Network), where records such as officials’ e-mails, city payroll files, confidential law enforcement documents and jail inmates’ bookings are stored.
Officials also said they feared that although Childs is in jail, he may have enabled a third party to access the system by telephone or other electronic device and order the destruction of hundreds of thousands of sensitive documents.
This is like security 101… you never give this much power to any single person. On critical systems like this, you always have check-and-balances, outside security code reviews, and strict audits. The S.F. DoT was basically driving around without insurance and got in an accident… I don’t feel sorry for them. It’s really sad how ignorant the world is about security (sigh).
