Announcement

Collapse
No announcement yet.

We REALLY care about network security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dreamstalker
    replied
    I was given a couple store passwords that I will never use, but if I did would cause some damage. I also figured out the 'algorithm" for the critical passwords so if one gets changed it would be less than trivial to suss the new one.

    For some reason, us peons are held to a stricter password policy than managers; employee intranet passwords have requirements that the manager passwords are able to ignore with impunity.
    Last edited by Dreamstalker; 01-15-2023, 08:35 PM.

    Leave a comment:


  • Ghel
    replied
    I don't know if the password he gave me would let me access everything, and I'm not going to try it (obviously). But he just handed me the "[bank initials]admin" password over the phone.

    If our IT guy (the part-timer) has different roles and access levels set up... well, it's never been relayed to me.

    Leave a comment:


  • Buzzard
    replied
    ...the IT department doesn't understand how to make different levels of 'admin' access? Everything-or-nothing access?

    May I just say 'Holy [CENSORED] [CENSORED] [CENSORED]'?

    The part-timer... yeah, I can understand that one not being up to handle everything. The IT head not having roles and access levels set up... :facepalm:
    The bookkeeping head just handing out the keys to the kingdom :doublefacepalm:

    Leave a comment:


  • Ghel
    started a topic We REALLY care about network security

    We REALLY care about network security

    Every so often, we get emails at work for a new piece of training we have to complete. It's pretty amusing. The latest one was how to avoid phishing and so on. It was set up as if a hacker was doing a livestream with viewers asking questions and so forth. He even had a "free Kevin" bumper sticker in the background. (The company that does the training is owned by Kevin Mitnick, so.) One of the things he talked about was stealing passwords from a former employer and using them to steal tens of thousands of dollars from the company.

    Today, I was helping a coworker get Adobe Reader set up on her pc so she could more easily print pdfs. It's a core function of her job. I don't know why it isn't one of the standard pieces of software that's installed when IT sets up a new PC, but whatever. I called up the head of our bookkeeping department. Without hesitation, he gave me the administrator password. To the entire network. And he trusts me with it because I'm the only tech savvy employee at our branch. It's more convenient to have me install software than to have the part-time IT guy remote in to install it.

    The irony is not lost on me.
Working...
X