- 10 Microsoft research projects
- 10 kitchen gadgets for the geek gourmet
- Verizon trounces competition
- Smartphone smackdown: Storm vs. iPhone
- FBI warns of holiday cyber scams
The Federal government pulled the plug on the ca.gov Web domain used by the State of California on Tuesday, setting into motion a chain of events that threatened to grind government business to a standstill within the state.
Buzzblog: Federal "fix" knocks ca.gov for a loop
State IT staffers were able to fix the problem within a few hours, narrowly averting disaster, but the situation shed light on what observers are calling a shocking weakness in the state's IT infrastructure.
The story behind the shutdown, and how the U.S. General Services Administration (GSA) came within hours of shutting down the State of California's Internet presence, is a complex one, but as with so many stories on the Internet, it begins with pornography.
In early September the Transportation Authority of Marin, a ten-person agency charged with managing transportation funding in Marin County, California, discovered that the servers that handled the agency's Web and domain name service had been hacked and were being used to create links to pornographic Web sites.
Domain name servers are used to translate the www.website.com domain names we type into our browsers into numerical IP addresses, used by computers. Together these DNS servers form a Web-like database telling all of the computers on the Internet how to find each other. In the case of the Transportation Authority, there was one authoritative server responsible for telling all other DNS servers where to find computers operating within the tam.ca.gov domain.
The agency spent a frustrating two weeks trying to get its Internet service provider, StartLogic, to resolve the problem, said Dianne Steinhauser, executive director of the Transportation Authority of Marin. Then in mid-September it delegated domain name server authority for the Transportation Authority's domain to the ca.gov name server, run by the state's Department of Technology Services, she said. That meant that the state's servers and not StartLogic's were now responsible for keeping the authoritative domain record for tam.ca.gov.
Unfortunately, it also meant that if an outside observer believed that the DNS server responsible for tam.ca.gov had been hacked, he might have assumed that the ca.gov name server was compromised as well. And that, apparently, is where the trouble really began for the State of California.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (13)
Just remember you're wrong *if*...By Kerry Smith on November 4, 2007, 8:02 pmIf there's a disaster in a liberal state, and the Republican federal government either hesitates to take action (NOLA), or in the case of *.CA.GOV takes drastic,...
Reply | Read entire comment
Amazingly Uninformed Comments from the readers of Network WorldBy Anonymous on October 12, 2007, 3:55 am Considering that Network World would attract readers that atleast knew something of how servers and the Internet works, I'm suprised by the ignorance shown in...
Reply | Read entire comment
Bound to happenBy John Deltuvia on October 11, 2007, 4:20 pmThis was bound to happen once the federal government started allowing states to use the .gov domain, formerly reserved to the federal government. If California...
Reply | Read entire comment
Government I.T. Security Procedures?By Steven Ashley on October 5, 2007, 7:36 pmI really have to wonder what the Government I.T. Security procedures are, after this latest gaff. Isn't the first rule of administrating anything in I.T., before...
Reply | Read entire comment
congrats fedsBy Eliena Andres on October 5, 2007, 12:21 amFeds are doing really gr8 job shutting down websites and irritating ppl with their wise knowledge... I don't understand why Feds are so irresponsible this much... Eliena...
Reply | Read entire comment
View all comments