[rescue] Do you remember when? Security software.....

[Charles Shannon Hendrix]

On Mon, Aug 11, 2003 at 12:20:41PM -0400, Michael A. Turner wrote:

> First a little back story. Our network is a wasteland. The network was never
> planned, it grew. Sometimes it grew against it's own volition. Cases where

I've found a lot of networks like that.  It's pretty scary how bad some
of them are, especially national networks and the like.

> the CEO came in and said that he had been at a meeting and that now we are
> going to host X or connect Y to the network cause it is good public
> relations.

Bad voodoo...

> 	So we have no firewall, no dmz, no bastions. All of our servers sit
> on the internet with routable IP addresses and no one bothers to patch them
> very often. Our administrator password has not changed in three years. When
> I at least tried to implement a patching scheme my boss actively stopped me.

I heard some things like that about your place some time back.

> He has gotten burned by patches in the past, his philosophy is if it ain't
> broke don't fix it. Our routers are all in the same state.

This is in Norfolk, right?  WHRO?  How long have you been there, and how
long has your boss been there?

> in a meeting. I am not even reading between the lines here. He stated " I
> want them around to take the fall if anything happens."

I've been in that situation too.  It's really amazing how little some
people care about things.

> remember the login he was given. All he did was walk around to every PC and
> stick a disk into it. The disk ran and did all the checking for him. He then
> complied a report from this info and cashed his check. The amazing part if
> it took several months for him to do all this. total and complete rip-off.

I used to work not far from WHRO, at InfiNet, and we had the same issue
during Y2K.  Most of our software was immune, and we knew which parts
needed fixing.  

I wrote a report on our software, what needed fixing, etc.

Not good enough for management.  They wanted to see software and
"experts" working on it.  The software I had to evaluate was almost all
Windows only, and the UNIX stuff usually started out at $10K and went up
from there.

They hired an ex-military paper-pusher to do the evaluation. 

I left InfiNet and a year later a friend of mine gave me the final Y2K
report.  It was 50% or more my original "not good enough" paper, with
small additions by the "expert".  My name was not on it anywhere.

During the whole Y2K scare, my immediate boss made a coworker start
virus checking all of the software we sent to customers.  All our
software was for UNIX, much of it written in Perl.

He made him load the UNIX software on a Windows box to be checked with
Norton Antivirus, before it got shipped out.  That this software wasn't
capable of finding a problem was lost on him.

The whole Y2K thing caused all kinds of stupid panicking like that.

This disease was widespread.

-- 
UNIX/Perl/C/Pizza____________________s h a n n o n at wido !SPAM maker.com