[Techtalk] Administration, was Re: Hacked on Solaris
BUNTER MATTHEW
Matthew.Bunter at renaultvi.com
Tue Aug 27 10:58:00 EST 2002
--- Reçu de VITEUR.BUNTERMA 04 72 96 57 77 27/08/02 10.58
One company I know of had the codes to the doors on Post-Its above the
keypad. This wasn't just for corridors but also for rooms with high
powered workstations and stuff used for geological work.
Another company was (probably still is) using rlogin for Unix sys admins
and each host.allow file had ++. Even after I created an account and
logged into the SAP servers management still didn't take any notice. Oh
yeah and now the security team has been laid off. (I left before being
pushed)
Same company as above got a well known consultancy (not Andersons) to both
impliment and then audit the security setup for a several million dollars
project - guess what : their setup was fine.
Now I hear that helpdesk are handing out passwords over the phone for all
business applications. The phones had no authentication mechanism when I
was there.
No wonder the shares are only worth a fifth of what they were.
Matt
--------------------------------------------------------------------------
Date: Tue, 27 Aug 2002 11:45:09 +0300
Subject: [Techtalk] Administration, was Re: Hacked on Solaris
Really, the other thing hampering admins besides lack of money is all too
often the attitude of the management: I had to fight tooth and nail to get
permission to make employees to change their passwords regularly! They
also liked to leave their workstations logged in 24h a day... Security?
What security? What do you mean I can't write my password on a post-it and
stick it on my monitor? I mean, what's the worry? What indeed...
One tip, though: ask the managers if they give away keys to the company
building, or leave the doors unlocked.
Eeva
(my nails are ok now...)
--
I am a woman giving birth to myself. (Adrienne Rich)
_______________________________________________
Techtalk mailing list
Techtalk at linuxchix.org
http://mailman.linuxchix.org/mailman/listinfo/techtalk
---- 27/08/02 10.58 ---- Envoyé à -----------------------------------
-> techtalk(a)linuxchix.org
More information about the Techtalk
mailing list