Slashdot Mirror
Bone-Headed IT Mistakes
snydeq writes "PCs preconfigured with stone-age malware, backups without recovery, Social Security numbers stored in plain view of high school students — Andy Brandt gives InfoWorld's Stupid Users series a new IT admin twist. Call it fratricide if you will, but getting paid to know better is no guarantee against IT idiocy, as these stories attest."
I wouldn't call that boneheaded. That probably kept a bunch of folks in their jobs.
STFU & GBTW
And already 3 people took your bait without getting the joke.
Talk about a collective whoosh...
Information Security isn't going to get better without a major shift in how people work. As a society, we need to examine who really needs what data and then truly limit everyone to what they need. Until we can define these roles/access levels in black and white terms and permanently adhere to the controls put in place, there will always be IT blunders.
The problem is that these changes are rarely permanent, but more of a pendulum that swings back and forth as events like this occur. If Bob is taking home Social Security numbers on his laptop and someone steals it, controls may be put in place to prevent people from saving files to their laptops (and Bob is let go). Six months later, Suzie complains that she needs to be able to copy a proposal she's working on so that she can work on her flight to Japan. An exception is made. This typically snowballs until we're back to where Joe can copy the accounting records with SSNs.
Ease of access and efficiency nearly always trump security when these breaches aren't fresh in everyone's minds.
When a company simply accepts what the sales drone says about a given product as a fact.
(/local/home/curiosity)-#who -u|grep thecat|cut -c 44-49|xargs kill -9
Hold on a minute here.
The IT guy blames his boss for installing the Alexa toolbar, which lead to the deletion of all dynamic content on the company's web site.
No it didn't.
Yes, the Alexa toolbar isn't something anybody needs to run, and yes, Alexa should respect robots.txt, but whoever set up their web site is clearly incompetent:
1) Never rely on robots.txt for security.
2) The article says the Alexa spider captured usernames and passwords? What the hell were usernames and passwords doing unprotected on the web site?
3) The Alexa spider clicked all the Delete links. Never ever use links to delete things! Always use a submit button with POST, not GET. Generally, most spiders won't submit POST forms.
Security through obscurity is even less effective when the obscurity is poor.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
He stepped over the line the moment he gave the information to another classmate. He HAD to know there was something wrong with that. I can understand perhaps not telling the school staff about it, due to the "shoot the messenger" phenomenon, but anybody with a shred of morality would have destroyed the information, not given it to another KID.
I agree that jail time would have been a pretty harsh penalty, considering the real parties at fault were not facing anything even close to that.
So if you're so clever, how come you didn't warn the guy that might happen at the time?
Maybe because wandering around the office continually reminding professionals how to do their own jobs (assuming they are competent), makes you an arrogant asshole?
"Hey Ted, I know we hired you because you're all pro and stuff, but don't forget [some mind-numbingly obvious thing]. Seriously, I'm just trying to help, not implying that you're dumb as a rock."
I [Do you like things that start with "I"? Take our IT IQ test!] don't know [For more stories about people not knowing things, check out "Stupid user tricks" and "More stupider user tricks"] what you're talking about [Are people talking about you behind your back? Read our "Top 10 reasons to be paranoid" and find out]. Those text [If you enjoy reading text, you might enjoy "Stupid hacker tricks" and "Stupid hacker tricks 2: The folly of youth"] ads [Is malware putting your system at risk? Take our Network Security IQ Test] weren't irritating [Is your job getting on your nerves? Check out "The 7 dirtiest jobs in IT" to see how much worse it could be] at all!
I'm so excited I just made water in my pantaloons!
I thought that was a way over the top joke until I looked at TFA.. wow. Just wow.
which is totally what she said
Yeah, I have something called an "employment contract".
I didn't agree to view any ads. It's not my fault if their business model sucks (to quote a random slashdot sig I saw).
I work for a Very Large Power Company, mostly hydro-based generation. We've been running our Generation Control System on *nix for about as long as anybody can remember. It's robust, secure and dependable.
However, we're beginning to see issues, especially with subsystems on old(er) proprietary hardware (cough*Alphas*cough) and replacement components are either scarce and expensive, or just plain unobtainable.
So we've recently completed the first phase(s) of a major GCS-upgrade project and the decisions have been rubber-stamped by the Government. (We are what's known as a "State-Owned Enterprise.) The new GCS system will be running on a Microsoft Windows Server platform.
Why?
Because the two contractor chicks who presented the choices to a Government-run committee, whose members have no desire to be held responsible or accountable in any way, shape or form, heavily promoted Microsoft Windows Server, via a bunch of garish PowerPoint presentations and Word documents.
Why?
Because, as one of the contractor chicks candidly admitted not long after, "[I] only know Windows."
So, a national infrastructure control system, one which epitomises the very notion of "Mission Critical", is to be based upon what is quite probably the absolute worst choice of NOS imaginable.
The (unaffiliated) national power distribution company migrated from *nix to MWS a few years ago, for what were essentially the same reasons. Their admins are not envied. Much of their time is spent coaxing the backup-backup-backup-backup servers back up.
One immediate result of the recent decision is that three of this company's best-and-brightest IT people resigned and "moved on". The departure of several more is imminent. I can't call them rats, but they are certainly escaping a ship that's heading straight for the iceberg, full steam ahead.
It's highly likely that this country's governing party will change at the forthcoming national election, although it will change nothing else. If anything, the soon-to-be-incoming party is likely to be even more MS-friendly than the current one, so I don't foresee any likelihood of sanity prevailing anywhere near the top in the near future.
Instead, what's likely to happen is that once the system begins falling apart - as it surely will - MWS will be quietly shelved by lower echelon IT management (avoiding any embarrassment to anybody in an expensive suit) and a *nix-based one will be restored. Estimates of when that will occur range from "Within a year" to "It has to happen eventually."
I use Win XP Pro at home. It's fine for general purpose family use. But MS Windows does not belong on a server: Or, at least, not on any which are expected to remain functional most of the time.
True story and, yes MS fanboys, I know you'll be modding this down to "-1: Troll" and "Flamebait". I can cope with it, thanks. I have bigger worries right now.