North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Cutting to the chase (was RE: ABOVE.NET SECURITY TRUTHS?)
- From: Sean Donelan
- Date: Mon May 01 16:38:46 2000
On Mon, 01 May 2000, Jeff Haas wrote:
> Even when one exposes the issues in one's network/equipment/etc. one
> still airs dirty laundry. The trick is to make sure it stinks as
> little as possible. Unfortunately, the longer the dirty laundry sits
> at the bottom of the pile, the worse it will stink when it ends up on
> the top.
Has anyone yet gotten a formal explaination from MCI/Worldcom about
their frame-relay outage last summer. Last word I heard was their
lawyers were reviewing a statement, but I never heard anything more.
While its true corporations and people are more likely to publicize their
successes rather than their failures, its also important to remember most
of the early comments are just speculation. Is that good or bad? Its good
to brainstorm all possibilities. Its bad because sometimes someone may take
the early speculation as confirmation of fact.
For example, shortly after the Abovenet incident, Computerworld wrote
this characterization of a conversation with one of the executives
"Vixie says the company has speculated widely as to the motive for the
attack and concluded that it could have emerged from one of two "completely
useless categories." One category includes competitors that the company took
a customer away from, disgruntled former employees or customers who had been
disconnected because they were spamming. The other category, said Vixie,
includes "someone who has something to prove and wants to bring our network
down and wants to brag about it."
Looking at the historical record, Paul's categorization is probable. But it
is also possible Paul was completely wrong, and the cause or motivation was
something other than the possibilities listed. Should we gag executives to
prevent them from speculating because some of their speculation will be wrong?
No. Its important we get as many possibilities on the table. But we need
to remember, some of it will be incomplete or just wrong. We shouldn't
crucify them for being wrong. Knowingly giving out misleading or false
information is a different matter.
I still think this industry will eventually need some method to obtain
independent review of incidents.