Security? No, please!
In the last couple of months I have been working in different scenariosI notice that people is not taking care of some basic security aspects.
- We were working in a network issue. An engineer was requested to check a server log. After a few seconds this person wrote in a multichat conversation: “C0n$0le7” :S . To hide this big mistake, he wrote down “fjkfslfadslfjsljf”. Because I¨m just curious, I decided to check from my computer the access to this server. Was not so difficult to gain access. I did an appointment to try the day after and this guy did not change the password and 1 week later password is still the same!!!!!
- Another example. 01:00 am, another network incident. I was on-call and this is the situation:
PersonA: “We have problem in this device, could you please help us?”.
Me: ” We are not supporting this device could you please call the people in charge?”
PersonA: “Could you please help us anyway….?”
Me: “I don´t have rights to access this device”
PersonA: ” I already sent to you an email with root account”
Me: Let me try….
After some checkings…. done!
PersonA: Thank you.
Me: No problem
I did an appointment to check this password some weeks later and….. babum!! it works!!
- Scenario 3. During another issue in which I was trying to explain to the ingeneer in charge of a server how to configure the server…. (yes it is true!!) I requested to him a user and password to do some test with a test user. This guy told me: ” Use mine, but please don´t share with anyone”. This was 6 months ago and still today I can access this server!!!!!