Slashdot Mirror
Most IT Pros Have Seen Embarrassing Information About Their Colleagues
An anonymous reader writes: Often working in isolation, IT teams are still considered to be supporting players in many workplaces, yet the responsibility being placed on them is huge. In the event of a cyber attack, network outage or other major issue, they will typically drop everything to fix the problem at hand. Almost all the respondents (95%) to a new AlienVault survey said that they have fixed a user or executive's personal computer issue during their work hours. In addition, over three-quarters (77%) said that they had seen and kept secret potentially embarrassing information relating to their colleagues' or executives' use of company-owned IT resources.
News at 11?
(Most just got to management by being born with the right connections or playing sleezy, not by being smart. So it's always hilarious for me when I, the lowly tech guy, finds out my boss is having an affair or has a strange fetish, both true stories. Didn't tell them, of course, but I never looked at them the same way afterwards.)
I've seen it, even if it only flicked up on screen in a fleeting glimpse while I was typing another URL.
I'm not sure if this was before "Privacy Mode" became common or not.
I fix this problem by only using NNTP for my porn needs... support staff don't usually download tools using your newsreader....
Has seen them naked. How is this news for nerds or anyone else for that matter?
Or are you just trying to say 'you know, we could have let it slip that you're into...'
Everyone already knows cops have the best dope & it has the best porn.
"Reality is that which, when you stop believing in it, doesn't go away." - Philip K. Dick
A conversation that could have happened:
G: "So, what would my favourite grandson like for his birthday".
T: "Well I already got a bike. A tech website?".
G: "I don't know what that is, but OK."
T: "Mom, mom! Did you hear what Grandpa Whipslash is going to get me?"
M: "He spoils you, timothy. I hope you take better care of it than the puppy."
G: "Just one thing. Play nice and share with cousin Ethan".
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Who are these people who would keep something like that?
Because I sure as hell don't wanna work with 'em.
Seen it? Oh, gods yes. I'd need more hands to count how much, over 24 years, of my friends and coworkers' dirty laundry I've seen. Hell, at one point, I had to tell a NOC manager "there are naked pictures of my whole team somewhere on the Internet, so she's a cam girl, chill" (this was 1998).
The person that conversation was about ended up being probably the best hire the company ever had.
You're a goddamn sysadmin. Go in, fix, leave. You don't read their email. You don't copy off dick pics or whatever. You go to the bar and drink the memory out of your head, like a professional.
And yet they keep lowering our wages, treating us with increased paranoia, demand that we keep logs of everything forever (for law enforcement reasons) and nothing (privacy), support the latest iWidget on the corporate Lan...
As such, if I come across anything illegal, I report it. If it's unsuitable for a work environment or a risk, I have a quiet word, Anything else, I ignore it, none of my business.
I want a list of atrocities done in your name - Recoil
At an old job back in the 1990s when we had the first company-wide email system with Internet connectivity we used an old version of Groupwise. The SMTP gateway was a standalone DOS system and it used to choke from time to time, requiring extracting the queued message it couldn't process. I used to pull these out and if possible, decode the message and attachments for the intended user.
One of these messages was to a "rising star" in the company and featured some personal chatter between the employee and some outside personal contact, complete with pictures of both of them wearing fancy suits in staged poses, but with their genitals hanging out.
The "rising star" employee was well-liked for being humble, hard-working and smart. He was also socially conservative, with pictures of his young, stay-at-home wife and fairly open about his involvement at church.
I thought the whole situation was just kind of icky -- guy trading gay fetish sex photos, while positioning himself as a conservative, religious family man. It wasn't the photos, but just the hypocrisy. I had a hard time working with the guy (which I didn't very much anyway) after because it was all just kind of creepy.
It's become a harsh world for the thee monkeys. I'm referring to the monkeys Mizaru "see no evil", Kikazaru "speak no evil" and Iwazaru "speak no evil". In the days of written letters there were seldom times when one was professionally compelled to witness the private thoughts of others. Now we have mailboxes and photos and browsing histories scattered on disks. Every popular program that manages information wants to slap it all up in your face as soon as possible.
The 3monkeys problem doesn't relate to knowing or discovering passwords, unlocking access. You're perfectly free to flaunt your prowess as a fixer or safe-cracking locksmith. Good 3M compels you remain unaware of the contents of the safe after you have opened it.. After a successful IT job are you in a position to honestly say not a single photo (or thumbnail) was displayed, not a snippet of private text was displayed, even for a moment? If not,then (perhaps) there are ways to refine the technique.
As a PC tech I started to imagine it as sort of a game, where you lose points if you see anything private. When forced to run programs to see if they were functional, I'd de-focus my eyes and could see that something was there, good enough. When cleaning viruses or upgrading I preferred to invite the customer in to run all the necessary programs to ensure their data was there.
In the Internet age it went massive. Someone is always root on machines that store hundreds of thousands of mailboxes. I started a Freenet and have run two ISPs and I have never peeked into anyone else's email unless directed to with immediate consent. Even then rarely, and not without a bit of nausea. Why? Because It is just too damned easy... in the same sense that pulling a trigger is easy. So early on I have programmed myself that way. If you pick up a gun you won't hold it by the trigger. As an administrator, I won't pick up your account by its email.
In the early days of mailboxes, Sendmail and queues when solving problems meant shuffling mail around sometimes rewriting portions of headers, it was a simple as using grep and using well-tested scripts to avoid seeing content. Many things were block and line-oriented ASCII. Not so easy today, when everyone loves to embed their favorite database solution.
Imagine that you have been called in to de-virus and recover data on a PC. You have been offered handsome pay for your work, but as you work you realize there are two men standing behind you with telltale bulges in their suits. They are watching you and the screen in front of you very intently. You sense that there's something on that PC that could put you in a bad way, should they catch a glimpse of it. Could you complete the job without... incident?
Developers of software that manages people's secrets should always consider the plight of the 3monkeys IT worker. This could mean a command-line utility, as prevalent as a standard uninstall procedure (ahem!), that is guaranteed to sift through and verify all functional areas of the program and its data store, and in the end give only total statistics of content --- enough to see that you have not reverted to an empty database. It would be good to provide this utility.
Some day, someone's life may be at stake.
<blink>down the rabbit hole</blink>
... the priests of the computer age. "You wish for me to repair your life (computer), then you must confess your sins, so i may know how many nasty porn viruses you downloaded."
A truly professional "IT Pro" will learn to forget the things he has seen about his/her colleagues.
We've all had to do things like: check mail spools, check user directories, enable debug-level logging on various systems, etc. and seen embarrassing or personal things. The question is: are you a professional who learns to forget it and stick to the relevant data or are you a shithead who spreads rumours and makes us all look like privacy-invading assholes?
Trolling is a art,
While I agree that we should be Professional IT workers, but I believe there's even a more practical reason we say nothing about the 'interesting' things we see on Executives personal computers, or even the company owner's business computer: We've got more pressing matters. Or in layman terms: We ain't got time for that.
There's always something more core to the business that should be done to spin our wheels with whatever personal or private information someone has on their computer. The exceptions might center around the IT Security guy, safeguarding trade secrets.
Awk! Pieces of eight. Pieces of eight. Pieces of seven... ERROR: General Protection Fault. [Paroty Error.]
Is this supposed to be surprising? Hell, I don't even work IT and I've had to deal with this before at work. People who don't know computers do stupid things with them. Or they do things they don't realize will still be on the computer next week when they're back at the office on the corporate network. Shocking!
As for "potentially embarrassing" that means so little as to be useless. Nothing embarrasses me but I have coworkers that would be embarrassed if you heard them sneeze. There's such a spectrum to that it's completely irrelevant.
"Growing old is inevitable; growing up is optional."
The "I read your email" shirts aren't a joke
I had a co worker complain about that shirt. Apparently "I don't like your email" is not an acceptable reply.
1 person company. He owns the computer. Why do YOU not click on 'No' when it is asked to open all the tabs.
Or do I need to browse in private mode, even though I am single, own the computer. Just so you do not see my porn? Yep and sometimes I look at very strange porn. So?
Why would I do that? Is it something I must feel ashamed about that I need to hide it in case somebody sees it? I am not. I do it and every man does it unless they are liars or sick.
Don't fight for your country, if your country does not fight for you.
Dogbert's Tech Support.
"National Security is the chief cause of national insecurity." - Celine's First Law
I blew the whistle* on the utility I worked for after a couple of linemen got killed. I spent the remainder of my career working for Boeing. No problems.
*Actually, they gave me a pretty good severance package to 'not be around' when the state LNI investigators came around to interview us. They were stupid enough to assume that the state was too stupid to talk to previous employees as well as current.
Have gnu, will travel.
Are you claiming that Boeing isn't engaging in criminal activity?
In general, they are not. They are so big (and poorly managed) that individuals and groups inside the company can get away with practically anything.
Have gnu, will travel.
I've been a Unix or Linux system admin most of my career and I've found out several embarrassing things about co-workers.
1) The first was that two co-workers were using a system I managed with 50 or fewer users to send erotic email to each other. Both were married and not to each other. I'm not sure that there was any real activity going on. They may have simply used email to sort of flirt with each other. But if management had known what they were saying, both might have been fired.
2) The job after that involved my small system admin group (3 people) in the 1990s getting a bounced email message that our manager sent. Back in those days, home internet services were so crappy (AOL and the like) that many IT professionals deliberately used work email for personal things. Turns out that our manager, who was married at the time, was into BDSM and he was looking for partners while on company business in Europe. Our group kept his email to ourselves and we found a way to fix his email problem so that we didn't get any more bounced messages without ever telling him what we saw. He was a good manager, so we didn't want to embarrass him. He did end up getting divorced not very long after that. We weren't surprised.
3) Some years ago due to an email addressing mistake a confidential email between an HR person and someone else in the company ended up going to my group's email and we saw the exact salary of a developer in another department. This developer was, I think (not totally sure about it), in the US on an H1-B visa instead of a green card and was very badly underpaid compared to others doing the same job. This developer was a very well liked co-worker and I felt kind of bad to find out how little we actually paid them. I've believed for years that the worst thing you can ever find out is what kind of money your colleagues actually make. I've seen really gross discrepancies at every job I've ever had with idiots being paid too much and good workers being paid too little. Finding out exactly how bad this is in reality is just terrible.
At one of my former employers, I had access to some online financial accounts (paypal etc) with hundreds of thousands of dollars doing regular turnover. I really didn't have much need for the access except on a few isolated incidents of cross-referencing payments in logs with the provider.
When the password came up for expiry, I actually asked my boss if I could *not* have the new password. My main rationale was that
a) I didn't need it
and
b) If something ever went wrong (e.g. somebody hacked the account, or another person who had the password stole funds, etc) I didn't want to be one of the people under the spotlight due to having access
Beyond that, I've seen private emails of superiors, records of co-workers, clients, or friends etc. Generally my rule is
a) If accessing an active machine, ask that the user close anything sensitive beforehand
b) If accessing email, ensure the user realizes and ask if there's anything I should avoid seeing
c) Ditto for files. If I'm moving or copying stuff around, I generally ask if there's places I should stay out of
A lot of clients don't understand (c) until I explain that it's not uncommon for me to see some very *interesting* filenames fly by when coping browsing history or users documents on private PC's. As I tended to do a backup-wipe-reinstall-restore on client drives for badly hosed machines, I tried to ensure customers knew I was copying their data for later recovery.
The only time I had a major moral quandry was when I was backing up a client's PC and filenames for some URL's etc of various dubious material floated by. The files were in their younger son's profile, but were of a type that could land them in legal trouble. I passed that on the the parent (owner of the PC).
So she's now only able to be employed in a completely different field. Sounds to me like it did a lot of harm, then.
Benford's Corollary to Clarke's Law: "Any technology distinguishable from magic is insufficiently advanced."
Stating the obvious is news? Seriously, it's been the case from the very early days that sysadmins have access to confidential information. Used to be we had access to everything. Due to siloing, not so much anymore, but still way more than most people think. (a) People keep sensitive information of various levels of sensitivity on computers. (b) Other people are hired to manage, maintain and repair these computers (a) + (b) = ...you figure it out.
It has been long the case that sysadmins have had access to information that we needed to keep to ourselves. Perhaps three times in my career, I've had managers outside my department request that I break into user's accounts to retrieve information. How you handle such requests tells a lot about your personal integrity.
Of course there are valid reasons to dig into people's stuff -- properly vetted legal investigations, terminated employees and so forth. But when a manager asked me to dig into people's history to see if they were visiting job sites, I politely declined and referred him to my manager. And the guy who wanted to know if his girlfriend was dating someone else. C'mon, you knew what you were getting into when you started an office romance.
Practice erring on the side of privacy, and you build trust in the organization. How could an exec trust you to be in charge of his stuff if you have a history of digging into his employees' stuff?
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
There is a difference between:
* my coworker had sensitive personal info using its job laptop or pc,
and some coworker saw it, or read it.
versus
* I got some sensitive personal info from a coworker,
and Im telling everyone, he or she likes to go to those stupid childish anime cosplay,
and Im telling everyone in the office, becaue Im a j*erk
This is one of the cases where recruiters, wheter Human Resources or technical,
may be in the "gray area".
I have personal problems in jobs, because coworkers get personal info,
that I DID NOT provide, and does not interfere with my job,
(example: political views, religious or not religious point-of -view,
even my favorite sport team),
but, they not act "professionally".
I have seen many funny things, and that even without trying hard, most of the things accidentally:
- the manager that went all day long looking at tranny porn instead of working;
- the secretary that had viruses with horse bestiality all over her folders;
- the HR department that left a text file with ALL the salaries in a public folder;
- the department that used the bank transaction system as a games console;
- the consultant that used to spend the billable hours playing galaxians;
- the ISP were 90% of the users had the same password;
- people using sex meeting sites at work;
- people running file sharing servers at work *extensivelly*;
- users sending their VISA cards over the email system;
- workers running joke emailing lists enterprise wide and then complaining about "email not working";
and so much more. I actually preferred I had not stumbled over those things.
...I stumbled across some messages being exchanged between my manager and the president of the company. This was pre-email, some dumb Novell messaging tool from the late 80s.
He (the president) was swooning over her and telling her how he was a "one-woman kind of man" (which is funny given he was married) while she was reflecting on the wonderful night they had "walking hand in hand through the snow".
Eventually his wife found out, my manager was fired, he was divorced and had to sell the company to pay her off.
I never said anything. But my manager was so horrible I just smile thinking about karma...
Darryl L. Pierce "What do you care what people think, Mr. Feynman?"
Most companies are engaged in criminal behavior at some point in some form. Whether it be ducking the IRS on technicalities or shorting their HIPAA/PCI/... compliance, it is almost impossible to be engaged in business in the US and not run afoul of some sort of idiotic law or regularity and there are always the asshats that will point them out and hold their ground. Those asshats are unemployable once they get their 15 minutes of fame.
Custom electronics and digital signage for your business: www.evcircuits.com