Rough Justice For Terry Childs 418
snydeq writes "Deep End's Paul Venezia sees significant negative ramifications for IT admins in the wake of yesterday's guilty verdict for Terry Childs on a count of 'denial of service.' Assuming the verdict is correct, Venezia writes, 'shouldn't the letter of the law be applied to other "denial of service" problems caused by the city while they pursued this case? In particular, to the person or persons who released hundreds of passwords in public court filings in 2008 for causing a denial of service for the city's widespread VPN services? After all, once the story broke that a large list of usernames and passwords had been released to the public, the city had to take down its VPN services for days while they reset every password and communicated those changes to the users.' Worse, if upheld on appeal, the verdict puts a vast number of IT admins at risk. 'There are suddenly thousands of IT workers all over the country that are now guilty of this crime in a vast number of ways. If the letter of the law is what convicted Terry Childs, then the law is simply wrong.'"
Sorry, but this dude had it coming. (Score:2, Interesting)
Justice system did exactly what it was designed to do, rehabilitate criminals and deter others from doing crimes.
Next time, is he going to deny people access who deserve that access because of some ideological nonsense? Doubt it.
Though he probably will never get hired in IT again, not just because he is a felon, but because you google his name and there it is, him keeping passwords away from his ex-employer.
Heading this off--see link to juror (Score:5, Interesting)
The juror has been interviewed some already, and is even on /.
I had many bad assumptions myself. But if the juror is being at all truthful...this guy did some bad things.
@see http://yro.slashdot.org/comments.pl?sid=1633482&cid=32010078
California law (Score:1, Interesting)
thousands of IT workers all over the country that are now guilty
of violating a California law? I'll be worried once there's a California state court in New York City.
Re: Initiative (Score:3, Interesting)
I think they took away the "initiative to find a way to get the password to the right person in a secure manner" when they locked him up in jail and left him there. He evidently requested to see the mayor, and when the mayor arrived, gave him the password. Unless that isn't the way it went, I don't really see what else he could have done.
Again though, I haven't read a good article that had significant details in it, just crappy links from /. and short articles that had few details. I want a time line, a copy of the relevant rules, links to a transcript of the court sessions etc :P
He did 2 just waiting for court let him out now an (Score:3, Interesting)
He did 2 just waiting for court let him out now and give him the time that he did.
Re:If I were taking an IT Admin position... (Score:2, Interesting)
Re:Not trying to be a troll here, but... (Score:2, Interesting)
"I'm sorry John, you know I can't give that out without confirmation. Did Bob (Joe Schmoe's boss)authorize this? By the way, Why am I being fired, and who are these people?"
Doesn't that work?
Re:Not trying to be a troll here, but... (Score:3, Interesting)
I'm perplexed why some people on Slashdot who are so willing to trash the performance of their fellow geeks, rally around one who is charged with a crime.
If we assume this guy is innocent of a crime without knowing the facts, why can't we assume everybody else is competent until it is proven otherwise?
Re:Before everybody gets their shorts all twisted (Score:3, Interesting)
Wasn't the mayor his boss? I seem to recall that it has been stated many times that Childs would have given the passwords to the mayor and the mayor only just as he has been told to do. Unless new facts in regards to this have come to light then it is my opinion that he was doing his job.
Re:Turn in your keys (Score:3, Interesting)
Building keys != sys admin passwords.
Back when I left Boeing, I gave my replacement the passwords (root and others) for all the systems I was responsible for. Plus instructions on changing them as well as revising some configuration settings that directed system maintenance messages to my personal pager. For four years thereafter, I'd continue to get messages for various system events. Inspection of the message headers indicated that they had never disabled my various system accounts from which these messages originated. I never tried to log on, but I'm willing to bet that my passwords were never changed.
My problem? I doubt it.
Re:If I were taking an IT Admin position... (Score:3, Interesting)
I think the overall issue is that you can't take an IT Admin position working for the a Local, State or Federal public entity in the US since you're damned if you do (give the passwords) because of laws and regulations and damned if you don't since they'll take you to court and have you convicted anyway.
Either stay away from those positions or ask for a significant premium on your salary/rate to cover the legal risk.
Re:If I were taking an IT Admin position... (Score:4, Interesting)
If you've never built a large network, it's easy to underestimate what I'm saying. It's not just the passwords, but also how to use them. This isn't like sitting down in front of a Linux box and logging in. It probably includes needing to know the topology of the network, such as "if jonesville router 1a is down, its console is connected to the aux port on jonesville router 1b, but to get to that when the routing protocol has imploded, you might need to first dial in to the out-of-band modem on barton router 2a, ssh over to barton router 1b, then use the link address of jonesville router 1b to ssh to, then connect up to the console port."
As for harm, what actual harm did he actually do? Did he down the entire network? Did he allow criminals access to their network? Take a look at the "harm" claimed and see what portions of it you can actually attribute to him INSTEAD of the city.
His boss can head to jail for the very same reason he is; his boss caused denial of service by failing to guarantee that the city had unimpeded access to the network. What's good for the goose is good for the gander and all that.
Re:If I were taking an IT Admin position... (Score:3, Interesting)
The boss can change the rules the boss makes, within limits imposed by law and corporate policy. There may be rules from higher up that your boss must obey. For example, if corporate policy is that nobody tells anybody else their password, the boss has no right to demand your password.
Now, if you're in a position where your boss demands something that's either illegal or against corporate policy, after you've explained it, you've got a problem. I'd probably ask for the request in writing. That may not be the correct thing to do politically, but I'm not all that good at office politics. Other people may have better ideas.