On 1/14/2012 10:30 AM, David Kaye wrote:
> "Thad Floryan" <
th...@thadlabs.com> wrote
>
>> I was surprised to learn that PORN is a valid class and research subject
>> at CCSF -- sign me up now because CCSF sounds like a real party school!
>
> I was also surprised. What's more I was surprised that they seem to think
> porn sites are much of a malware problem. That hasn't been my experience.
> [...]
> I'm amazed that bots could operate for so long at CCSF without anyone
> knowing. Don't they randomly test machines with cports or anything?
> Sheesh!
Absolute incompetence at CCSF. Even the new IT director, though he
"found" the nightly 10pm virus trawls across all his networks and also
found the recipients to be in China, Russia, Iran, etc. hasn't done anything
about it (per the SFGate article) and is letting the data still be gathered
and sent outside the USA. He should be thrown in jail ASAP and the entirety
of CCSF's computer infrastructure disconnected. You know what's gonna hit
the fan now that this 12+ year security lapse has been revealed by the Chronicle
and people start thinking about suing CCSF out of existence.
I have helped so many companies with their security issues over the decades
I've actually lost count.
One of the most humorous events at a client site was, unbeknown to be, their
Board of Directors contracted with Ernst & Young to perform a security audit
of what I designed and implemented for them.
One evening around 10pm Bay Area time, my alarm setup texted my cell phone
with intrusion attempt warnings and I was able to quickly VPN in (to San Mateo
from my home) and discover all sorts of network probes and other suspicious
activity (none of which got past the firewall). I quickly traced the point of
origin, called the ISP, and had the network connection for Ernst & Young
disconnected from the Internet within just minutes, and the hacker activity
immediately ceased.
The next morning I learned that Ernst & Young were stunned, my network setup
got an A+++ rating, and I received a substantial bonus from the client. This
was in 2000 and I had NO idea who/what Ernst & Young was at the time.
Most of my client setups are/were similar and just as effective.
If you're curious who Ernst & Young are: <
http://www.ey.com/>. Search using
"computer security audit" on their website.