Enterprise Software

Sysadmin hijacks San Francisco while Torvalds attacks security circus

This edition of the Weekly Roundup looks at how one man has taken over the network of the city of San Francisco, take a glance at a local news start-up and Linus Torvalds calls out the IT security sector.

You know the sort of sysadmin that I'm about to talk about. The one who gets so drunk on the power of controlling a network that he/she offers to replace you with a shell script or will decide to read other people's email, just because they can.

If ever proof was needed of the ability for power to corrupt, look to San Francisco. This week Terry Childs, a network administrator for the city of San Francisco, was arrested on charges of taking control of city's computer network and locking other administrators out.

After being disciplined for poor performance, Childs took to spying on his supervisors and later stepped it up to take network control. At this time, the network is still up and running despite administrators having little or no access.

This is one of the problems with handing over the keys to your network, how do you fight the administrator that turns bad? I wish there was an easy answer.

We launched a new blog this week entitled bootstrappr, in which Renai LeMay will take a look at Australia's startup community. This week's start up was Streem, an online news site that pays for contributions.

Interesting news occurred in the Linux world this week. A study of ten package managers (APT, APT-RPM, Pacman, Portage, Ports, Slaktool, Stork, Urpmi, Yast and YUM) found all were exploitable to attackers wanting to install unsafe software; not malicious programs directly, but by fooling the package managers into installing an older piece of legitimate software with known bugs. The technique exploits lack of expiration of signatures and metadata of packages.

Meanwhile, Linus Torvalds was out criticising the self-centred behaviour in the IT security industry. He said that disclosing a security bug was enough, without the pursuant circus that followed when a major problem has been discovered.

"I don't think some spectacular security hole should be glorified or cared about as being any more 'special' than a random spectacular crash due to bad locking," he said.

Torvalds then went on: "I think the OpenBSD crowd is a bunch of masturbating monkeys, in that they make such a big deal about concentrating on security to the point where they pretty much admit that nothing else matters to them."

Naturally this attracted a response from the OpenBSD crowd, and after some email discussions, Torvalds apologised and smoked the peace pipe with OpenBSD.

He wasn't done though, after a seemingly usual post of the Linux kernel mailing list, Torvalds signed off with: "PS. And to get wider distribution for this message: Digg users - you're all a bunch of Wanking Walruses. And you can quote me on that."

Perhaps Ubuntu has found two codenames to run with once they get to M and W.

Today is the last day to save $155 off entry to Web Directions South, best get in while one can.

Editor's Picks

Free Newsletters, In your Inbox