Re: Re: will you miss via the childhood, if Abdel hastily frees the pass

[snip]

********** end excerpt from 'Corruption at Salomon Brothers' **********


This transfer of proprietary source code that USED to be owned by AT&T
did not even qualify for action. Salomon legal stated Salomon has a lower
obligation for third-party copyrights than they did for software they
contracted for themselves, like Sybase. Salomon didn't have a UNIX source
license, so obviously the employee had gotten it elsewhere.

In the following statistic, it was the only non-Salomon source code.

We went from zero monitoring of Internet email traffic to...

On 3/21/96 we had our first security incident report.

By 3/26/96 we had an astonishing 38,000 lines of proprietary source code
outbound.

We were mentally unprepared. Figuratively we were pulling our hair out
wondering when the madness would stop.

It never did.


As I said, the results of keyword monitoring were stunning.


If you look up computer security literature and read up on security incidents,
you'll notice none are more articulate about inside-employee incidents other
than to describe the people as "disgruntled employees".

Wrong.

I'll go over some of the major categories of incidents I encountered.
Keyword monitoring is abstract to most people; these results show
how powerful the technique is.



Here are two from the category:

o People innocently trying to get work done.

This usually happens between the programmer and a third-party vendor.

SISS stands for 'Salomon Information Security Services'.

The configurations and passwords to Salomon's network control devices - the
heart of the network - flew out of our Internet connection to vendor Cisco
in a seemingly unstoppable whirlwind. This was the fourth report in a row.


********** begin excerpt from 'Corruption at Salomon Brothers' **********

************************************************


.

Relevant Pages
Quantcast