High Street at Cruelery.com - The Web's Bitter Afterbirth / Unemployment Bennies

choad · 2008-08-29 22:18:20

88 percent of IT adminis admit they will take corporate secrets - CEO passwords, customer database, research and development plans, financial reports, M&A plans and the company's list of privileged passwords - when they're laid off.

Taint · 2008-08-30 23:54:57

Eighty-eight percent? Is that all?

tojo2000 · 2008-08-31 00:20:24

I hate it when they post articles like this and don't post the questions. I haven't checked, but I'm pretty sure I still have at least one privileged password for each of my last two jobs, not because I deliberately stole them, but just because there were so many, and they probably haven't changed them all. Two jobs ago I left a list of passwords that needed to be changed when I left that was 20-30 long, and a few of those had administrator access to basically every computer on the network. I don't know if I count by their standards.

I'll admit that I've stolen software license keys before, but I don't know if that counts, either.

One lesson companies never seem to learn, though, is that your security should rely on trusting people to just do the right thing as little as possible. Especially where I work now and a huge amount of the company's worth is stored digitally, I can't figure out why people continually resist even the most basic security measures (I don't mean the company as a whole, I'm talking about individual employees).

That being said, I've known an awful lot of IT people who were crooks in one way or another.

orangeplus · 2008-08-31 00:48:26

I've known a lot of people, both in IT and out who were crooks. The people that I have seen who did the most damage when they left where salesdrones™ who stole leads lists or current clients. It's the same no matter what the profession, trust is trust. As for me, as an IT guy, I always make certain that access logging is enabled for sensitive information and my users maintain password procedures. They can trust me, in fact they have to, but if there's a problem someone else can audit the logs and see what I have done, and if I have to access sesnitive data, there is a record. I can falsify the records, but that's difficult to do in the breach, if I don't know an audit is coming by shear fact of time. IT guys have lots of power, but so do janitors.

The whole issue is BS caused because San Francisco city government didn't properly manage their IT. People in MUNI, Golden Gate Transit. or Sewer and Water could have done more damage just as transparently.

tojo2000 · 2008-08-31 01:35:11

What I hate is when you try to implement procedures that restrict access to what is needed and you get pushback from other IT people, like you're accusing them of being untrustworthy. How the hell should I know which people can handle the responsibility? Good processes mean you never have to. Besides, smart people know that having access to things you don't need is just putting yourself in the suspect list for no reason when something goes wrong.

I bet the results of their survey change a lot depending on the economy, too. I've seen people do some crazy shit when they think the company's going to screw them over by laying them off. I worked at a company in one of my first IT jobs that laid off almost half of its 150,000 employees in the 8 months I was there. People would come in to work and call me because their computer wasn't working, and it was because someone stole the RAM. People would call because their phone didn't work, and it was because they stole the digital phone from across the hall. It was a frigging free-for-all.

GooberMcNutly · 2008-08-31 09:21:39

Even worse is when the security pushback is coming from the very executives whose jobs you are trying to save. "Make the password 'jack'" I hear. Or "Why can't I just send this file to my gmail account so I can look at it from the cruise ship?" or "We just need one password to the accounting software, we will all just share that account."

But when it goes tits up, they are the first people to scream about not implementing enough security or are asking "How did this happen?"

Sheesh.

Emmeran · 2008-08-31 12:09:34

I just played the password game in prep for an audit - changed every fucking password in the house. Naturally this week was pure hell - fucking Microsoft and their embedded passwords.

I have a nifty script that enumerates the services and assigns random passwords to service accounts, but those neat little "Enterprise" apps from MS fuck up the works. Basically end up rebooting every server in the house just to get shit to work again. Of course this must be done every 90 days.

I don't know about out-right theft, but I do know that most IT guys in small shops end up with really nice home computing systems; like my Dell 2010 for example =)

choad · 2008-08-31 22:17:00

Emmeran wrote:
I don't know about out-right theft, but I do know that most IT guys in small shops end up with really nice home computing systems; like my Dell 2010 for example =)

You're taking lessons from Simon again, is that it?

Waste disposal fees mean even the strictly honest techs make out like bandits stripping down and redeploying 'obsolete' kit. I no longer repair or consult but when I did was able to persuade most of my male clients to keep anything embarrassing or illegal off their networked machines, irrespective of passwording or encryption. With women, I didn't even try.