Estimated read time: 2-3 minutes
This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.
SALT LAKE CITY (AP) -- Phil Windley, former state chief information officer, has issued a public apology for attempting a security probe of the state Web site last week.
State Web managers blocked him and shut down his Internet service.
"OK, I'm an idiot," he said in the apology Wednesday on his Web site, http://www.windley.com.
Windley resigned his state job Dec. 31 after legislative auditors said state hiring practices had been bypassed or manipulated to give jobs to nine of Windley's former co-workers at now-defunct ExciteHome.
Now, he works as a technology consultant.
In his apology, Windley said he had been trying WebInspect, a program used to find vulnerabilities in web sites and applications.
"I played around with WebInspect on my own machines for a bit and got to understand a little (read: not enough) about how it worked," he said. "Here's where the stupid part comes in. Wanting something bigger to test and having always had some curiosity about the security of utah.gov while I was CIO, I pointed the tool at utah.gov."
He said he figured it would run for an hour or so "and give me a nice report that I could share with the state and we'd all get something out of it."
He said he forgot about it until the next day, when he found that it still was trying to run, but had been blocked.
"I guess I'm pretty dense because even at that point, I failed to see the seriousness the situation," he said.
When his Internet service stopped working, "I ... realized that someone was taking this much more seriously than I was."
He said he called Amy Sawyer at Utah Interactive, which manages the state's Web site.
"From talking to her, I think some people thought it was a denial of service attack, but that's not what the tool does. After my conversation with Amy, I decided that a public apology was in order," he said.
Sawyer said Utah Interactive had detected the probe almost immediately.
"All of our security protocols worked," she said. "We detected some unusual activity. We did take steps to shut it down and trace it to the source."
State Public Safety spokesman Chris Kramer says the State Bureau of Investigation will be reviewing the incident.
"We're investigating it to see if there are any implications for state policy," Kramer said.
(Copyright 2003 by The Associated Press. All Rights Reserved.)