Flakey responds to my questions with 2 orders by email:
- "there's a machine running SQL that has a weak password - fix it - love the security audit man"
- "do this pointless ITIL course or else"
a brief enquiry reveals that a machine one of my staff is using (oooh I sound important now) is using SQL and it has no password set. So that's fixed in a trice.
The other task reveals rather a lot about my boss Flakey. He sends me a mail telling me and 2 others to do a certain ITIL course. The mail contains the course names and an attachment from from the person telling him to tell us that has the following:
employee name, userid, country, manager, email and region.
Yes, that's pretty much everything someone needs to steal 2500 people's identity - including the women if you can speak in a high-pitched voice like I can. Worse, given the Toxic forces people to use a maximum of 8 characters in their passwords, it's childs-play to crack their account. I do not condone such actions at all. I merely pointing out the possibility, given such a gift.
No comments:
Post a Comment