Security? No, please!

In the last couple of months I have been working in different scenariosI notice that people is not taking care of some basic security aspects. 

For example:

  • We were working in a network issue. An engineer was requested to check a server log. After a few seconds this person wrote in a multichat conversation: “C0n$0le7” :S . To hide this big mistake, he wrote down “fjkfslfadslfjsljf”. Because I¨m just curious,  I decided to check from my computer the access to this server. Was not so difficult to gain access. I did an appointment to try the day after and this guy did not change the password and 1 week later password is still the same!!!!!
  • Another example. 01:00 am, another network incident. I was on-call and this is the situation:

PersonA: “We have problem in this device, could you please help us?”.

Me: ” We are not supporting this device could you please call the people in charge?”

PersonA: “Could you please help us anyway….?”

Me: “I don´t have rights to access this device”

PersonA: ” I already sent to you an email with root account”

Me: :S

PersonA: Please.

Me: Let me try…. 


      After some checkings…. done!

PersonA: Thank you. 

Me: No problem

I did an appointment to check this password some weeks later and….. babum!! it works!!

  • Scenario 3. During another issue in which I was trying to explain to the ingeneer in charge of a server how to configure the server…. (yes it is true!!) I requested to him a user and password to do some test with a test user. This guy told me: ” Use mine, but please don´t share with anyone”. This was 6 months ago and still today I can access this server!!!!!