• Martijn (unregistered)

    How many computers does this company have anyway? Handling passwords this way is stupid no matter what, but manually installing systems (which, by the way, would be possible with just an administrator login) is probably cheaper when you're only managing a handfull of computers.

  • (cs) in reply to Reply To All
    Reply To All:
    I suppose if everyone is running as the Administrator user with password 12345, then reply-all doesn't really present a problem...

    Hey, it's possible!

    How did you find out my admin password ! From the photo on a wooden table attached in the email ? ^_^
  • Jim (unregistered) in reply to DM

    In the mid-90s I worked for a large database company (they are still around - they are not quite as large any more - that should give you some hints to ponder). At one point the HR sub-department in charge of keeping everyone's travel info on file sent out a company-wide email saying "If you have any changes to make in your travel profile, please send them to us." And you guessed it - lots of people (mostly sales, what can you say) sent out reply-alls to thousands of people giving out credit card numbers, frequent flyer numbers, address changes and so on. The traffic went on for almost two days, even with pleas to stop (including a classic where someone inadvertently replied-all to an email asking them to no longer reply-all).

  • (cs) in reply to Jim
    Jim:
    (including a classic where someone inadvertently replied-all to an email asking them to no longer reply-all).

    Why would that be inadvertent? It's worth it for someone to reply to everyone and just say SHUT UP AND QUIT REPLYING TO ALL! It notifies everyone on the list to stop replying to all from then on.

    Of course if they made that mistake in the first place, they probably wouldn't understand the explanation of what they are doing wrong.

  • Pitabred (unregistered)

    Reminds me of our old sysadmin. He had a list of almost everyone in the company's passwords, printed out, hanging on the wall of his cube. He had administrator access to every system in the building, why he wanted everyone's other passwords is beyond me. All I know is that he never knew mine, since they give us local system administration permissions so we can install software, etc. (we're solutions consultants who need that to work in other locations and install or use tools on the fly that we need)

    Captcha: craaazy

    Need I say more?

  • Boomer (unregistered) in reply to Butch
    Butch:
    If it is a terminal server environment just copy the damn shortcut to the all users\desktop folder.

    I don't think their computers are networked together at all; at least not permanently. That would make too much sense!

    I think they keep them separated to ensure that the "Skynet Scenario" never happens. Or maybe something like Battlestar G on SciFi. You know, networking the subsystems only for powerful, focused calculations but keeping them separated most of the time to block viruses from completely taking over of all systems and making us watch Three's Company reruns on all monitors, all day, every day!

    We are Sooooo in the dark ages, aren't we?

    Captha ith "slashbot" - Isn't that the lil yellow smiley that slashes, uhh rolls back, all of those prices at your local S-mart?

  • (cs)

    So I can only assume these horrible circumstances are all true at this company:

    1. The network admin(s), their boss, and everyone involved is a complete moron.

    2. The network has no central domain, thus no common domain admin. Workgroup?

    3. All users are admins on their own box. (ok, not uncommon for a development group, but everyone? Managers, secretaries, etc?)

    So how does this kind of thing happen? My guess:

    1. Guy starts company
    2. Guy hires his brother to be "tech guy" because he likes computer games is is out of work.
    3. Company grows, "Tech guy" becomes CIO, or Network Admin, some such.
    4. By the time this email goes out the IT resources of this little operation have to be pretty strained, but not completely collasping; say 50-75 employees?

    Shoot them, shoot them all now... -Me

  • OldPeter (unregistered)

    If this is real (and I still can't believe it) then we finally know the company where Dilbert works.

  • Chris (unregistered)

    This isn't as bad as a company I worked for. They had a publicly well-known username without a password (everybody used it to login to the fileserver in the morning!) that had full read and quite a bit of write access to the file server.

    According to the network admin it had to have a lot of privileges because the managers and upper management used the account for storing their data. I guess it didn't occur to him that lowly workers would also have the same amount of access. Keep in mind that this was a company of over 200 employees where most of the employees were $7/hr scum hired to do phone surveys.

    The worst part about it all is that I was in charge of fixing their security so they could comply with the Gramm-Leach-Bliley act (one of their new clients was a large bank). During the pre-audit the network administrator said they had an intrusion detection system. I don't think he knew what an IDS was because he said that their Novell server would send an alert when someone typed in a password wrong and detect an "intrusion". =/

    Those were the days...

  • (cs)

    Has anyone been kind enough to point out this site and this article to that company? Please do so!

  • AndyC (unregistered) in reply to DWalker59

    I had a response to this but I'm too busy laughing to share it. I'm met admins almost this incompetent, but not quite.

  • AdT (unregistered)

    That's the price for hiring Minesweeper Consultants and Solitaire Experts to administrate a company network.

  • Foobar (unregistered) in reply to Iago

    Come on, everybody knows that TS = Tethered Swimming!

  • just do it (unregistered) in reply to Rank Amateur

    this assumes you CAN change your own password - remember the previus post was to the company asking them to send their NEW password to this cown to sit there all day entering the new passwords ..... so he has lost the list of everyones passwords, or maybe the yellow note on the monitor is just too small for everyone passwords .... :-)

Leave a comment on “Twice Annual About Security”

Log In or post as a guest

Replying to comment #:

« Return to Article