Most IT Pros Have Seen Embarrassing Information About Their Colleagues

An anonymous reader writes: Often working in isolation, IT teams are still considered to be supporting players in many workplaces, yet the responsibility being placed on them is huge. In the event of a cyber attack, network outage or other major issue, they will typically drop everything to fix the problem at hand. Almost all the respondents (95%) to a new AlienVault survey said that they have fixed a user or executive's personal computer issue during their work hours. In addition, over three-quarters (77%) said that they had seen and kept secret potentially embarrassing information relating to their colleagues' or executives' use of company-owned IT resources.

Managers are dumbasses

News at 11?

(Most just got to management by being born with the right connections or playing sleezy, not by being smart. So it's always hilarious for me when I, the lowly tech guy, finds out my boss is having an affair or has a strange fetish, both true stories. Didn't tell them, of course, but I never looked at them the same way afterwards.)

Re:Managers are dumbasses

[Daemonik]

That's a pretty stupid comment. Their customer saw the flash drive full of porn, there's no going back from that and saying "Oh, this is just Bill's personal thumb drive, we the company don't support this". Why did Bill have his wank drive at work in the first place? Is he in the server room marking the servers as his like some animal?

Don't bring porn to work. Don't share it at work. It's not that difficult a task.

Re:Managers are dumbasses

[Dins]

Yeah, I've never grasped the stupidity of some people. There's no excuse for this, especially in IT. I mean, do you NOT have an internet connected PC or other device at home? Maybe back in the 90s some didn't, but for the past 15 years there's absolutely no excuse. And if you really feel the need to surreptitiously rub one out at work, there's always your personal phone.

Sure, I occasionally use my corporate laptop to send the odd personal e-mail but that's allowed in our IT policy, and every time I do it I quietly ask myself would it be devastating to my career or personal life if the contents of that e-mail were made public. If the answer is yes, I don't send it. This isn't rocket surgery.

Re:Managers are dumbasses

[houghi]

Do you think management are the only ones who are dumbasses? People are dumbasses. All of them, including me.

I have known of company secrets because the IT people where dumbasses. If I type a command I should NOT get a list of all the passwords the people use. In plain text. When I do not work in IT.
I have seen extreme high level secrets due to failing IT people. At one time I had access to ALL areas including those that I should not have had access to. Reaction from IT when I told them? "If you have access, somebody thinks you must have it, so you got it." How is that for being a dumbass.

So please get of your high horse, you are nothing special. I have had stupid managers who were capable of nothing and responding to EVERY question with "Please ask houghi" and protected by N+2. ObviouslyN+1 was fired when N+2 had to leave.
I have had managers who were great at what they were doing, yet did not had my knowledge, because that is why they had me. I have had people working for me. Some smart, some stupid. As a whole, some people are smart and some people are stupid.

I have know about afairs on several levels and all I was interested in was if it would affect the job. If not, I had as much interest in it as in whomever is on the frontpage of the tabloid. Unless they were friends, I would treat them as proffesional as always and who they have sex with is none of my business, regardless of their function.

I even had one manager who felt he needed to explain that the rumours of his afair with another manager were not true. I told him I do not care if it true or not. And to this day I do not know if there was some truth in it or not and I do not care.

I often am the person people feek the need to tell secrets to. They think it is because I can keep a secret. The real reason is that I do not care. I do not even exclude myself of being stupid and a dumbass. I have done some stupid things. Some where I was lucky not to get fired for.

So please when you say managers are dumb, please do not exlude the rest of the people.

Re:Managers are dumbasses

[houghi]

I am still all for whitelisting. together with PCs that have complete Internet access on a separate network. That way enforcing strict rules is easy as people have access to their personal mailbox if they need it.

At one company we had 100% unfiltered access and a very liberal management team who did not care, as long as you did your job. Looking at porn was no different than reading a paper newspaper. Do whatever you want as long as work is not impacted.

One persons history of sites went a bit viral as it was ONLY porn during his personal time. No, not fired, because he was allowed to do so, but still funny. Best comments was from the girls (who were the ones sending the most rauchy jokes and images)

Fun times.

Re:Managers are dumbasses

[Penguinisto]

Looking at porn was no different than reading a paper newspaper. Do whatever you want as long as work is not impacted.

Pretty sure the HR department was either clueless or were really out to destroy the company. Now if it were a company that made/sold porn, no problem... but any other company on Earth has an HR (and/or legal) department that lives in absolute fear of shit like this.

Seriously - the first female employee to stumble across it would make enough off the lawsuit to retire, so long as she was never seen to participate.

Re:Managers are dumbasses

I used to get confused with this behavior. Seen it plenty myself. Why risk your career just to rub one off at work?

I've realized though that these guys are not stupid. They're just frustrated.

They have zero privacy at home between kids and a wife that won't leave them alone but won't have sex with them more than once every few months. They also tend to have social standards (conservative, religious) that looks down on masturbation and healthy recreational sex.

I also used to wonder why every successful long marriage I've seen has both partners spending significant times apart.

Browser history

[Dr_Barnowl]

I've seen it, even if it only flicked up on screen in a fleeting glimpse while I was typing another URL.

I'm not sure if this was before "Privacy Mode" became common or not.

I fix this problem by only using NNTP for my porn needs... support staff don't usually download tools using your newsreader....

Amateurs

[dagard]

Who are these people who would keep something like that?

Because I sure as hell don't wanna work with 'em.

Seen it? Oh, gods yes. I'd need more hands to count how much, over 24 years, of my friends and coworkers' dirty laundry I've seen. Hell, at one point, I had to tell a NOC manager "there are naked pictures of my whole team somewhere on the Internet, so she's a cam girl, chill" (this was 1998).

The person that conversation was about ended up being probably the best hire the company ever had.

You're a goddamn sysadmin. Go in, fix, leave. You don't read their email. You don't copy off dick pics or whatever. You go to the bar and drink the memory out of your head, like a professional.

I work in IT. I am a professional

[clickclickdrone]

As such, if I come across anything illegal, I report it. If it's unsuitable for a work environment or a risk, I have a quiet word, Anything else, I ignore it, none of my business.

Re:and most people's doctor

[Daemonik]

You're ridiculous. A doctor may or may not see you naked (If your dentist wants to see you naked, be suspicious) because that is part of their job. Unless you work at Kink.com, a hard drive full of porn has nothing to do with your companies business and company property shouldn't be used to store your wank material. In some countries you are opening the company up to lawsuits or even criminal complaints.

Good IT would at minimum delete the material and warn the person against using their work PC for storing their porn.

Preserve the 3monkeys ethic

[TheRealHocusLocus]

It's become a harsh world for the thee monkeys. I'm referring to the monkeys Mizaru "see no evil", Kikazaru "speak no evil" and Iwazaru "speak no evil". In the days of written letters there were seldom times when one was professionally compelled to witness the private thoughts of others. Now we have mailboxes and photos and browsing histories scattered on disks. Every popular program that manages information wants to slap it all up in your face as soon as possible.

The 3monkeys problem doesn't relate to knowing or discovering passwords, unlocking access. You're perfectly free to flaunt your prowess as a fixer or safe-cracking locksmith. Good 3M compels you remain unaware of the contents of the safe after you have opened it.. After a successful IT job are you in a position to honestly say not a single photo (or thumbnail) was displayed, not a snippet of private text was displayed, even for a moment? If not,then (perhaps) there are ways to refine the technique.

As a PC tech I started to imagine it as sort of a game, where you lose points if you see anything private. When forced to run programs to see if they were functional, I'd de-focus my eyes and could see that something was there, good enough. When cleaning viruses or upgrading I preferred to invite the customer in to run all the necessary programs to ensure their data was there.

In the Internet age it went massive. Someone is always root on machines that store hundreds of thousands of mailboxes. I started a Freenet and have run two ISPs and I have never peeked into anyone else's email unless directed to with immediate consent. Even then rarely, and not without a bit of nausea. Why? Because It is just too damned easy... in the same sense that pulling a trigger is easy. So early on I have programmed myself that way. If you pick up a gun you won't hold it by the trigger. As an administrator, I won't pick up your account by its email.

In the early days of mailboxes, Sendmail and queues when solving problems meant shuffling mail around sometimes rewriting portions of headers, it was a simple as using grep and using well-tested scripts to avoid seeing content. Many things were block and line-oriented ASCII. Not so easy today, when everyone loves to embed their favorite database solution.

Imagine that you have been called in to de-virus and recover data on a PC. You have been offered handsome pay for your work, but as you work you realize there are two men standing behind you with telltale bulges in their suits. They are watching you and the screen in front of you very intently. You sense that there's something on that PC that could put you in a bad way, should they catch a glimpse of it. Could you complete the job without... incident?

Developers of software that manages people's secrets should always consider the plight of the 3monkeys IT worker. This could mean a command-line utility, as prevalent as a standard uninstall procedure (ahem!), that is guaranteed to sift through and verify all functional areas of the program and its data store, and in the end give only total statistics of content --- enough to see that you have not reverted to an empty database. It would be good to provide this utility.

Some day, someone's life may be at stake.

Professional or not?

[grub]

A truly professional "IT Pro" will learn to forget the things he has seen about his/her colleagues.
We've all had to do things like: check mail spools, check user directories, enable debug-level logging on various systems, etc. and seen embarrassing or personal things. The question is: are you a professional who learns to forget it and stick to the relevant data or are you a shithead who spreads rumours and makes us all look like privacy-invading assholes?

Re:Keep mouth shut. Get another job.

[PPH]

I blew the whistle* on the utility I worked for after a couple of linemen got killed. I spent the remainder of my career working for Boeing. No problems.

*Actually, they gave me a pretty good severance package to 'not be around' when the state LNI investigators came around to interview us. They were stupid enough to assume that the state was too stupid to talk to previous employees as well as current.

Found out lots of things as a sys admin

[Zontar_Thing_From_Ve]

I've been a Unix or Linux system admin most of my career and I've found out several embarrassing things about co-workers.
1) The first was that two co-workers were using a system I managed with 50 or fewer users to send erotic email to each other. Both were married and not to each other. I'm not sure that there was any real activity going on. They may have simply used email to sort of flirt with each other. But if management had known what they were saying, both might have been fired.
2) The job after that involved my small system admin group (3 people) in the 1990s getting a bounced email message that our manager sent. Back in those days, home internet services were so crappy (AOL and the like) that many IT professionals deliberately used work email for personal things. Turns out that our manager, who was married at the time, was into BDSM and he was looking for partners while on company business in Europe. Our group kept his email to ourselves and we found a way to fix his email problem so that we didn't get any more bounced messages without ever telling him what we saw. He was a good manager, so we didn't want to embarrass him. He did end up getting divorced not very long after that. We weren't surprised.
3) Some years ago due to an email addressing mistake a confidential email between an HR person and someone else in the company ended up going to my group's email and we saw the exact salary of a developer in another department. This developer was, I think (not totally sure about it), in the US on an H1-B visa instead of a green card and was very badly underpaid compared to others doing the same job. This developer was a very well liked co-worker and I felt kind of bad to find out how little we actually paid them. I've believed for years that the worst thing you can ever find out is what kind of money your colleagues actually make. I've seen really gross discrepancies at every job I've ever had with idiots being paid too much and good workers being paid too little. Finding out exactly how bad this is in reality is just terrible.

Re:Found out lots of things as a sys admin

[tlhIngan]

I've believed for years that the worst thing you can ever find out is what kind of money your colleagues actually make. I've seen really gross discrepancies at every job I've ever had with idiots being paid too much and good workers being paid too little. Finding out exactly how bad this is in reality is just terrible.

Actually, the reality is the complete opposite - the worst thing to do is keep everyone's salary a secret. By making it open, you actually allow for honest discussions to take place.

Employers love keeping salaries secret because it allows for all sorts of differential salaries - keeping a good person underpaid is easy. And employees often fear revealing their salary because others may think they're overpaid, so everyone is compliant and the company saves money.

The reality is actually much different - employees who share their salaries don't think someone is overpaid, but see who is actually underpaid.

More information: https://www.youtube.com/watch?...

With great access comes great responsibility

[phorm]

At one of my former employers, I had access to some online financial accounts (paypal etc) with hundreds of thousands of dollars doing regular turnover. I really didn't have much need for the access except on a few isolated incidents of cross-referencing payments in logs with the provider.

When the password came up for expiry, I actually asked my boss if I could *not* have the new password. My main rationale was that
a) I didn't need it
and
b) If something ever went wrong (e.g. somebody hacked the account, or another person who had the password stole funds, etc) I didn't want to be one of the people under the spotlight due to having access

Beyond that, I've seen private emails of superiors, records of co-workers, clients, or friends etc. Generally my rule is
a) If accessing an active machine, ask that the user close anything sensitive beforehand
b) If accessing email, ensure the user realizes and ask if there's anything I should avoid seeing
c) Ditto for files. If I'm moving or copying stuff around, I generally ask if there's places I should stay out of

A lot of clients don't understand (c) until I explain that it's not uncommon for me to see some very *interesting* filenames fly by when coping browsing history or users documents on private PC's. As I tended to do a backup-wipe-reinstall-restore on client drives for badly hosed machines, I tried to ensure customers knew I was copying their data for later recovery.

The only time I had a major moral quandry was when I was backing up a client's PC and filenames for some URL's etc of various dubious material floated by. The files were in their younger son's profile, but were of a type that could land them in legal trouble. I passed that on the the parent (owner of the PC).