Slashdot Mirror
Honeytokens: The Other Honeypot
martyros writes "I just read a fascinating article
by Lance Spitzner securityfocus.com about a concept he calls
honeytokens. The idea is similar to that of a
honeypot, which he defines as "an information system resource whose value lies in unauthorized or illicit use of that resource". Rather than having a computer that's designed to be broken into, however, you have say, a record in a database or a file has no legitimate use; ergo, if anyone uses it, it must be illegitimate. An example he gives: adding a record to the hospital database for a guy named "John F. Kennedy". It doesn't correspond to a real person, so no one has any business looking at the file. If someone does access it, you know that they're abusing their privileges somehow.
The article has several other clever examples, which I found very thought-provoking."
So here is the google cache of the article.
Nothing better to do than harrass the employees with this kind of crap. Lets hope they actually have thousands or at least hundreds of employees that they have to "keep honest". Keeping them "honest" usually involves covering up the bosses theft of company inventory, etc. if "paying off" snitchs with extra perks isn't enough. When the Boss steals, it's big-time, way more than any of you make in a year at your salaried job. Lots of tools here to keep these pieces of crap going. Hats off to the whistle blowers among us. Placing baited things around has been bastard bosses main trick for past 100 years or more. I have a boss who "placed" a $10.00 bill in the trash to see who was honest. I pointed it out to a known petty-thief of an employee, and that bill was history. Bought a big can of coffee for all to enjoy, true "Robin Hood" style. Boss placed his very own checkbook in the restroom just today, and guess what, it was found by a visiting customer! You get the idea. Our rights as workers are being pi**ed on by these sorry excuses for management.
news at 5.
Yay me!