| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 471.1 | Betcha it wasn't a VAX! | FROST::HARRIMAN | Talk that trash | Wed May 13 1987 09:50 | 1 |
|
|
| 471.2 | | VINO::RASPUZZI | Michael Raspuzzi | Wed May 13 1987 15:15 | 3 |
| Or a DECsystem-10/DECSYSTEM-20.
Mike
|
| 471.3 | | MKTUP1::EIBEN | | Thu May 14 1987 10:01 | 10 |
| [re .-1] I currently believe, it could have been either one of ours
.. just imagine having NO priviledged access to the thingy - NOT
being able to 're-boot' and missing 'debugging' software and not
having access to 'inhouse' info [i.e. being in the field with no
'direct' ties to DEC]
Rgds,
Bernie [who very well remembers chasing an intruder on a DEC-system
without privs but some knowledge...]
|
| 471.4 | Maybe,,,,but... | FROST::HARRIMAN | Expressions | Thu May 14 1987 17:30 | 9 |
|
re: .-1,.-2
It might have been a '10 or a '20 - I still don't think it's
possible on a VAX - we just had a +50 replies topic on this. Unless
the guy took the keys and changed the combination on the machine
room door, of course.
/pjh
|
| 471.5 | Back to the Article | TELCOM::MCVAY | Pete McVay, VRO Telecom | Fri May 15 1987 13:10 | 10 |
| However, the base note raises interesting questions...
On every system that I've been a manager on, I usually get management
to agree to inform users that they can develop [almost] anything
they want or use the computer for anything they want [except for
private gain]--but anything they develop belongs to DEC. Sounds
to me like the company in question (1) didn't give this guy a fair
shake and (2) didn't protect themselves adequately from hacking
and software sabotage. It sounds as though he was a one-man operation
(and was getting screwed at the same time).
|
| 471.6 | Employee loses | TLE::RMEYERS | Randy Meyers | Fri May 15 1987 16:54 | 26 |
| Re: .4
I think both .1's and .2's point was with physical access to the machine,
and a little knowledge, you can break in. Reply .3's point was that if
you lack the little knowledge, you can't break in. This point is as valid
for Vaxes, -10s/-20s, or even IBM pcs. (In the RT notesfile, was was a
similar discussion about locking a user out of RT.) Its sometimes easy
to frustrate the neophyte by methods that hardly slow down the wizard.
Re: .5
I predict that things will go hard for the employee who wrote the software
and then demanded that the company give him additional pay before the
company could use it.
In the absence of any agreement, common law holds. The common law position
is that when ever an employee uses his employer's resources (tools, office
space, computers) to invent something, the employee in effects gives the
employer a non-exclusive license to use or sell the invention. Thus, the
employee can use or sell the invention, but so can the employer. Also,
the employer owes the employee nothing for this right.
Of course, if the guy developed the programs on his home pc, the situation
changes...
Any other armchair lawyers care to comment?
|
| 471.7 | | VINO::RASPUZZI | Michael Raspuzzi | Fri May 15 1987 21:39 | 13 |
|
.0 states that the data file was still intact. I assume that the
perpetrator mucked with some .EXE file that was used to access the
data files. Someone with strong working knowledge of a DEC-20 (I'm
not a 10 type so I can't speak for them) would be able to poke around
even without privs. However, it would take a strong background to
figure out what the terrorist did.
Also, it is easy to get privs on *any* directory on a 20 if you
have access to the CTY and can reboot the system (this may not be
intuitively obvious to someone familiar with TOPS-20).
Mike
|
| 471.8 | There is a lesson here.... | FROST::HARRIMAN | Expressions | Wed May 20 1987 11:44 | 23 |
|
re: .5 - .-1
Sure, you can gain "priv" on a '20 just by getting the password
to the next higher directory structure - like if you have a password
in <ROOT-DIRECTORY> you can know everyone's password on the particular
structure - however, with physical access to the machine and some
help from field service (or a backup system disk) you can defeat
any of those.
Now if the terrorist had changed the combination on the machine
room door lock on the way out, now that's a different story.
It definitely sounds like there was much more that occurred than
the topic .0 indicated (maybe I'm reading between the lines too
much). However it would seem that if the person was that intimate
with the system and the rest of the staff wasn't then it was bound
to happen sooner or later.
That's a good lesson to learn: always have backups, whether it's
people, data, software or hardware.
/pjh
|
| 471.9 | There is more than one way to skin a cat. | UTRTSC::GUEDHA | Is infertility hereditary? | Thu Jun 11 1987 09:39 | 20 |
| Re.
> Now if the terrorist had changed the combination on the machine
> room door lock on the way out, now that's a different story.
On one (Unnamed) customer's site they had just installed a brand
new all singing, full colour and sterio security system on the doors
leading to the computer room. The equipment controlling this mess
was located inside the secure area.
Needless to say it screwed up, during the night when nobody was
on the inside. I arrived to do a PM about 08:30 and found everyone,
including the manager who had had the thing installed, standing
outside looking a bit miffed.
Taking the suction device I lifted a floor tile, dropped down the
hole and came up on the other side of the security door.
The manager didn't even say thank you.
Jamie Anderson.
|