A good bottle of scotch

I'm honestly saddened by my state government's response to a recent spate of computer security problems. All over NHPR is a continuance of a discussion started in February over a supposed security breach of certain state-run servers. The real problem may not be the actual security issues, but the state's handling of the matter. It appears, several weeks later, that a state IT employee used some grey-hat tools to

I'm honestly saddened by my state government's response to a recent spate of computer security problems. All over NHPR is a continuance of a discussion started in February over a supposed security breach of certain state-run servers. The real problem may not be the actual security issues, but the state's handling of the matter.

It appears, several weeks later, that a state IT employee used some grey-hat tools to get an idea of the security of the network. He used Cain & Abel, which is a basically a network security Leatherman, ostensibly to test parts of the network. It all get fuzzy from there.

That employee, Doug Oliver, was subsequently suspended, and an investigation mounted. They determined that Oliver had installed the program to test network security, and ultimately Oliver was allowed to return to work. According to Oliver, what wasn't mentioned in the press conference discussing this matter was that the State Liquor Commission's payment processing system was hacked, or at least infected with SQL Slammer.

There are many lessons to be learned here. The most obvious is that suspending and investigating a member of your IT staff for security violations stemming from the use of tools like Cain & Abel is akin to condemning an automobile engineer for using a windtunnel to test a car design. Either you trust the person or you don't. And if you can't trust your IT staff, then there's little that can be done to prevent attacks on your own infrastructure.

The other is that the real threat was lost in the hue and cry over the actions of this employee. I don't know if the Slammer issue has been resolved, or what the ramifications of the infection might be, but I did note that I couldn't use my credit card to buy a bottle of Glenfiddich 18 at the state liquor store last week due to "system problems". I think I'm rather happy about that.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Join the discussion
Be the first to comment on this article. Our Commenting Policies