Slashdot Mirror
1 In 3 Sysadmins Snoop On Colleagues
klubar writes "According to a a recent survey, one in three IT staff snoops on colleagues. U.S. information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role. Makes you wonder about the other 2 out of 3. Did they lie on the survey or really don't snoop?"
It's a damned poor state of affairs that so many people put in that situation of trust betray it.
I've been a systems admin for the better part of a decade, and the only time I've ever accessed the company's assets are when it was warranted.
The same goes for user files. I'm not going to snoop through other people's files. Really, I don't care what boring files you keep, just that they don't fill up the partition they're sitting on.
Do that, and suffer my wrath.
Check out my sysadmin blog!
I know a place where they have'nt changed the root/admin passwords in years. They have so many servers that it would be "a huge pain" (their words exactly) to change all the passwords. I wonder how much of a pain it would be for a former DBA or sysadmin to snoop around and start publicly posted how much everybody makes?
I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
Maybe I'm missing the point but I don't see where there is an issue.
In nearly all IT environments, either you trust your IT staff, or you have some killer PKI. Reality suggests management in the typical company wouldn't pay for or be bothered to use, so we're back to IT having super-snooping powers.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Given the nature of a sysadmin's job, I think I'd be more worried about the other 2 out of 3 that don't snoop around. A curious sysadmin will find more problems and more possible solutions than one who doesn't care.
They probably have a life. It's pretty pathetic to have to get one's jollies snooping on others rather than actually doing something.
Great minds think alike; fools seldom differ.
So in other words, a significant majority of sysadmins are honest. Given that they have "the keys to the kingdom" in the words of the article, that's pretty impressive.
Loose lips lose spit.
According to that survey, 2 out of 3 sysadmins realize that spying in a CLI (career limiting move) if they get caught. That, and the whole ethics and honour thing, are why we are able to manage the confidential data without snooping.
Feed the need: Digitaladdiction.net
Come on people, for 'computer nerds' it's amazing how little logic you collectively display.
The company that sponsored the "poll" makes products for encrypting information and compliance with SOX..
Do you think they'd release a study that DIDN'T imply your information was in jeapordy?
This is simply marketing hype, don't fall for it -- it's positioned to get executives to suspect their IT staff (in my company's case, very respectable and honest IT staff) --
1 in 3 is a completely made up number for the benefit of the company trying to SELL PRODUCT
of those SysAdmins who feel it necessary to snoop on people? If you're bored, get out of Admin Pack and head over to /. or Technet (if you are of the MS persuasion) and learn something new. I don't care who you are or how good you are, you don't know EVERYTHING...
Maybe it's just me, but I just don't get it...
I probably have access to more account information and networked shared space than most people, but I have no urge, need, or desire to see what's in their accounts or shares. (Beyond making sure private data is secured and there isn't pornography or other bad files out there using up all our networked drives. That's one of my monthly chores)
Only reason I'm here right now posting is because I'm in the middle of a scan. Our scans take 6-7 hours to run (with the process set to realtime priority) so about the only thing my computer is able to do is browse the web (slowly, I might add)
"Could" I snoop? Sure. "Would" I? Never. That's one of the reasons why I have this job.
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
I don't snoop. Truth be told, I don't really care about anyone or what they're doing. Besides, most sysadmins are lazy. Good sysadmins do their best to automate as much as possible so they have to do as little as possible. Do you seriously think we want to create more work for ourselves?
I made the mistake of looking at a co workers pay who I thought was equal in status to me. BIG MISTAKE. After finding out he was paid several hundred dollars more than me a paycheque for doing basically the same job, I never looked at him or the company the same way again. I left that company not too long after, partly because I felt ripped off. Its very hard to unsee things sometimes.
As for internet history or watching peoples screens while their back is turned, I would never do that *TO A PEER*. Its just a respect thing. I have definitely been told to monitor subordinates internet accesses as well as various people throughout the companies I have worked for. Ive gotten people fired for looking at facebook on work hours, but thats part of the job in some corporations. I wonder if the article is talking about peers (in the IT department) or extra-departmental persons whom you could legitimately be instructed to snoop on.
As a potential lottery winner, I totally support tax cuts for the wealthy
Yeah, I definitely have done it. No matter how you define it.
/home
I CAN say that I have never logged into systems I wasn't allowed in, but I have
cd
and looked around.
However, I have never USED the information. I never really found anything incriminating, except TONS of porn. Hey, if you have a proxy server at work, all the porn you view is cached on the proxy. Our proxy used to show the file owner, ha ha, you are busted. I never busted anyone however, just backed up the porn to CDs and deleted it. Anyone want some old CDs?
Also, I used to work nights. If you just turned me down for a raise (poor-mouthing how bad the company is doing), do not leave your 6 month $14K bonus paperwork lying around on top of your desk. I was just delivering reports, but damn, I lost all respect for you. That is why I do not work for you anymore.
- I live the greatest adventure anyone could possibly desire. - Tosk the Hunted
As far as I know, sysadmins are bound by privacy laws.
And if those are the same laws that apply everywhere I've worked at, then it doesn't matter if they access my files or read my email.
As long as the info is not made public, used maliciously, discussed between colleges, then it doesn't matter.
It's not what you know, it's how you use it.
Of those 2 out of 3 left, 4 out of 5 were found to have lied on the survey. Of those that lied, it was found that 2 out of 3 only snoop on those they think they have a romantic connection with and considered it not snooping but pre-mutual love investigation. Of those that act and are rejected, 50% continue to snoop to plan murderous intentions that later end in the woman of said attraction kicking said admins ass. Makes you wonder where all these stats come from really though doesn't it..
Maybe they are unaware of Slashdot.
When our name is on the back of your car, we're behind you all the way!
To be exact, a sample of 300 should have a sampling error of around 5.8% -- a reasonable accuracy. A sample of 40 should have a sampling error of around 15.7% -- maybe suggestive of general tendencies, but if this were the sampling error in this survey we'd have a small but significant possibility that the actual ratio is close to 1:1. These numbers assume the sample is truly random.
when polling organizations like Gallup conduct a survey, their sample sizes are often right around 1,000, and they are modeling the entire population of the US
Size of the population being sampled isn't much of a factor, really, unless the sample size is approaching the population size. I think there are way more than 300 sys admins, so population size doesn't play a role here.
more heterogeneous than the population of admins
It seems to me that that carries a prior assumption about the thing you are trying to measure, i.e., that you believe this characteristic correlates with factors that are known to be fairly homogeneous in the population of sys admins. That may be the case, but it would require independent confirmation if you want to base an argument on that correlation.
I am Bennett Haselton! I am Bennett Haselton!
Ok, here's the thing...
After you've flipped through dozens of inboxes and home directories as part of your job, you know how pointless it is to do it for fun. People are boring. They have boring mail. They have boring files.
See that "Preview" button?
Members of professional organizations such as the IEEE Computer Society Have promised to follow a "code of ethics and professional conduct".
As a member, and having read the document, I understand that it is ethically wrong, a career limiting move, and not worth violating my promises just to satisfy my curiosity.
Strictly from the P-O-V of a UNIX admin.
/. -- shutup :P) ::eyeroll::
1. 300 is too small a sample. Far too small.
2. No breakdown on size of shop per admin. My SA/server ratio is 1:100, which means very little time. (I MAKE time for
3. No breakdown on 'admin' roles. If this is a mom-pop-shop admin survey, then I guess it makes sense. Cisco riders can't touch a server in my shop. Neither can the Domain/AD Admins.
4. MSNBC? Now -theres- credibility.
5. These shops obviously don't log admin activity. Someone needs to watch the watchers.
6. I am not a snitch. I don't get paid to snitch.
7. auto_home FTW, baby!
8. 1 out of 3 survey topics are meaningless.
I've been a system administrator for about 10 years now and I've never really found snooping to be interesting. I even tend to look away when people type their passwords, open files with their personal finances or other information. I show them how to use encrypted FUSE file systems. In general, I don't care about someones personal files unless they're taking up too much space.
However, I should say, from time to time you stumble across "information that (is) not relevant to (your) role," unintentionally. That can't be helped, but it is possible to not abuse the situation.
I've sys admin'd for over a decade and can say that I've never intentionally spied on a colleague. However! I have stumbled onto quite a lot of unusual and interesting things. Some of these things I chose to ignore, some I reported, and some I think might have even been planted for me to find.
Also, I was never asked to spy on a colleague by an employer. Basically the rule was, as long as you're getting your job done and you're not breaking any laws or offending any coworkers, why should we stop you from doing as you please?
No sig for you. YOU GET NO SIG!
It doesn't apply to private companies.
I finally updated my sig, but now it's lame.
Today a DBA came to me and asked why the partition filled up. I had to drill into oracle to find the answer (Oracle trace files. Let's just say I've worked with smarter DBA's). Was that snooping? Granted, that was in the realm of solving a problem.
As an email admin, I've routinely seen subject lines of emails that made me raise eyebrows. It was almost always in the context of looking for a missing email. Is that snooping?
Personally, I'd REALLY like to see the data. 1) What does '300 Senior IT Professionals' mean? 2) I'd REALLY like to see the survey questions asked.
I often tell people that, as a sysadmin, if you don't trust me, fire me now, and escort me out the building. I have more than enough power to do irrevocable damage to the company.
Zapman
Flamebait? Someone that apparently steals software has some mod points. I'll bet they read co-workers emails too.
Funny story that. I was hired because I am a sysadmin with the morals of a mercenary(I actually provide complete security protection for hardware, software and even physical security for wetware if needed) and the head of the company accidentally CC'ed someone in the company whom she had badmouthed in the email. The very next thing heard when she realized it was an announcement over our intercom system "All staff please step away from your computers, I think we have a virus; Eric, please report to my office". I got the detail of removing the email, while he was watching no less, and making sure he couldn't retrieve it. Funny thing is, this was on Mac OS 9 and there were almost zero viruses. Other times the owner would have me forward email from the sales staff to her. Now as for outright snooping, nope I never felt the need but I was more than willing to do it for pay.
0x09F911029D74E35BD84156C5635688C0
I've been a system administrator for years, have never snooped out anyone's stuff. I value my integrity far more than I value the contents of your files.
Warning: This signature may offend some viewers.
I don't think this constitutes "snooping". It's your job generally to ensure that company resources aren't being wasted by personal files such as music collections, videos, photos etc. Most of the time you are just looking for particular filetypes in excessively large profiles.
As far as software installs go, it isn't important from a licensing and security standpoint to identify illegal or insecure software that an employee has installed. Just as it is to identify rogue network hardware.
I don't think finding out that salesman Bob likes Britney Spears is in anyway a moral conflict. Reading through employee mail or accessing documents you have no right to (human resources for example) - now that is snooping.
Sometimes my arms bend back.
When I'm interviewing people for a sysadmin position one of my primary concerns is honesty and integrity. The problem is that everyone asked to their face will claim to have high integrity. I try to approach the issue indirectly with neutral questions as, "Where do you draw the line on observing user activity?" Several times I've had them answer very vaguely or ask me questions about the question - apparently in an attempt to ferret out what kind of answer I am looking for. This type of error-prone and subtle indication seems the only way to find out. ;)
The human API is very poorly documented. Is there a better way?