Free Republic
Browse · Search		 General/Chat
Topics · Post Article

Skip to comments.

IT guy whose job was to stop ex-staff running amok on the network is jailed for running amok on the network
The Register ^ | Fri 25 Sep 2020 | Shaun Nichols

Posted on 09/27/2020 12:23:02 AM PDT by nickcarraway

click here to read article

Navigation: use the links below to view more comments.
first previous 1-2021-24 last
To: wally_bert

I have never found anything serious enough to rat anyone out, that is for sure.

I did once have to call someone and warn them that their unauthorized activities on work equipment were being monitored, and for their own good, they should stop.

The person somehow thought that logging onto another PC with their own credentials would in some way, anonymize them.


21 posted on 09/27/2020 7:16:15 AM PDT by rlmorel ("Truth is Treason in the Empire of Lies"- George Orwell)
[ Post Reply | Private Reply | To 19 | View Replies]
To: fluorescence
This seems like a job that could be automated away by a script that disables a user's account when their HR record is changed to “terminated”. And the computer doing that won't have a fit and delete everything on its way out.

How could this possibly go wrong, heheh. Let me count the ways...oh wait, the experience was too painful. I have written automatic end-of-hire workflow management, and every single system managed to demonstrate some inadequacy of the automated approach eventually. Typically because of the difficulty in unwinding things we would carefully audit the request and ensure controls and then annoyed HR minions would push back unmercifully for sole discretion. In one hilarious case an HR minion accidentally ran EOH on herself and her boss after her boss successfully lobbied for minimized controls...it was as if they became non-persons! One of the controls bypassed prevented a scenario where the system was locked when critical authorizers were disabled, and of course those two had made themselves the critical authorizers and deleted everyone else, heheh. I had already left the company but they called me up for help fixing it...

In another case senior management hired an outside contractor to install a separate system ensuring certain access for board members but didn't consider what would happen if a board member was an employee who left the company after being added to the board. Actually the contractor used an unapproved shortcut (undocumented Active Directory enumeration) and automated cleanup found all of the board members and locked them and the outside auditors out in a way that ensured we would have to recreate all the access from scratch to fix it).

22 posted on 09/27/2020 1:44:03 PM PDT by no-s
[ Post Reply | Private Reply | To 5 | View Replies]
To: nickcarraway
" As part of his duties, Stafford had access to the system login credentials of other employees and was authorized to use them in the course of performing his technical support duties,"

This makes no sense at all from a technical sense! Is someone has another's credentials, this is a HUGE security violation!

Mark

23 posted on 09/27/2020 1:51:03 PM PDT by MarkL (Do I really look like a guy with a plan?)
[ Post Reply | Private Reply | To 1 | View Replies]
To: nickcarraway

Is Shannon Stafford a guy or a women or something in between?


24 posted on 09/27/2020 3:28:15 PM PDT by minnesota_bound (homeless guy. He just has more money....He the master will plant more cotton for the democrat party)
[ Post Reply | Private Reply | To 1 | View Replies]

Navigation: use the links below to view more comments.
first previous 1-2021-24 last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search		 General/Chat
Topics · Post Article
FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson