Comments on: Why no one person should control it all

By: Rob Lewis

Rob Lewis — Mon, 28 Jul 2008 14:32:12 +0000

As Andrew Jacquith says in his book, Security Metrics: “Trust is good. Control is better”.

Dual key controls go along way to preventing this kind of thing. So does tamper-proof audit trails based on user roles. This is not the first time an individual has held an enterpise hostage. Is it really a safe option not to assume the possibility of evil administratrors?

By: Don Clifton

Don Clifton — Thu, 17 Jul 2008 21:46:40 +0000

Scott:

I would say more to a point of taking drive images and having a forensics expert looking into it and hopefully mapping his actions to when these issues started. Very strange story though.

By: Scott Morrison

Scott Morrison — Thu, 17 Jul 2008 18:04:39 +0000

While I wouldn’t want to speculate on whether or not Childs has implemented a data bomb, I question the utility of a physical remote control device, not to mention any sort of remote control that would be obvious to police or security teams searching his apartment.

A databomb is more likely to be on a watchdog timer, a logical deadman’s switch, or triggered via network access or other predetermined network conditions. If they don’t have access to the involved systems, they’re not likely to find such a bomb, or determine the triggering method.

There’s an issue with the “let ‘em nuke it and restore from backup” option, too. If there is a databomb, how long ago did our dear antagonist place it? How long ago was the latest clean backup? Restoring from a backup set that’s recent enough to have useful data might simply be restoring the logic bomb, too.

The whole thing has been compromised, and needs a top down review by security professionals, along with clean rebuilds and data-only restores.