Re: Peeling off desktop Administrator Rights

[Valdis Kletnieks <Valdis.Kletnieks () VT EDU>]

On Mon, 07 Dec 2009 15:08:59 EST, randy marchany said:

> Easy for us to enforce. I think you mean "would we be WILLING to
> enforce this?".  If the action causes disruption of service, data
> access, etc., it seems everyone would be willing to enforce it.
>
> That's a mgt issue not a security issue.

So a few years ago, Randy was driving to work and heard about a high-profile
computer hack on the NPR news, and thought to himself "Man, somebody is about
to have a really bad day..".  Little did he know that he was the somebody :)

Basic summary - a DNS server elsewhere got whacked and the A record for a
highly visible website got pointed at a pwned Linux box on our campus.  The
FBI shows up, and the disk drive left in an evidence bag.  The professor
goes to his department chair and asks for department money for a new drive,
and the chair says "Nope - your screw-up it got pwned because it wasn't
patched, it's coming out of *your* pocket, not mine".

News of this confrontation leaks around the campus, and for the next month,
Randy was beseiged by departments wanting to raise their security clue...

When the costs are pushed onto somebody else (like the professor was trying
to do), economists call it an 'externality'. Since it's somebody else's cost,
we usually don't work hard to minimize it, unless we're feeling more altruistic
than usual.  When the cost is born by the people who's behavior is causing
the cost, the behavior usually changes rather rapidly...

Attachment: _bin
Description: