Information Security News mailing list archives
Re: Security's Hard Knocks - easy open doors
From: InfoSec News <isn () C4I ORG>
Date: Mon, 8 Jan 2001 04:12:16 -0600
Forwarded by: Patrick Campbell <jp_campbell () yahoo com> Even employees with no criminal history can be a danger. I am a telephone/email support technician and often I have to return phone calls to clients. Many times i've initiated calls to customers, I end up talking to a secretary and when I need to get into their router to modify the config, he/she will give me all of their internet connection passwords, passwords to the router, and the IP address once I show them how to find it. They never question my identity. There are employees with criminal backgrounds, and there are uneducated employees who can compromise your security. Luckily for the people I call, I'm calling to help them and not hack their systems. Educate your employees to be very skeptical of people who call in claiming to be with tech support. You may make my job more difficult, i.e. I have to take time to let them verify who I am but your network will be more secure. At 04:37 AM 1/4/2001 Thursday, you wrote:
http://networkcomputing.com/1201/1201colfeldman.html January 8, 2001 By Jonathan Feldman My pop would sometimes despair at having to teach his seven scalawag children good work habits; he complained that we could learn only at the school of hard knocks. A few months ago, I learned a hard lesson about hiring practices. My colleagues and I found ourselves with a technician who just wasn't working out. The fellow was habitually late and didn't take responsibility seriously so we said goodbye. End of story. Or so we thought. Next thing we knew we got a call from a police officer who frequently works with us. "You know that guy who was working for you?" he asked. "Well, he's got a criminal record as long as my arm. Didn't you run a background check?" Whoops. Now that's a security problem, isn't it? Not quite as sexy as the latest IIS exploit, but bad enough. Turns out we only thought we had run a background check. More accurately, we got a verbal OK from someone in human resources who was either overworked or taking too much cold medicine that day. We accepted it instead of waiting for written authorization from our background-check source because we were understaffed and anxious to hire. After we hired the guy, following up on the written authorization was quickly forgotten and, in the end, the paperwork was never received. Memo to self: Be more careful with background checks. Make sure you get more than a verbal authorization. Go to the source -- don't rely on an intermediary. How can you go to the source, you ask? Inquire with local law enforcement. Frequently, background checks can be done for citizen businesses both inexpensively (where I live, it costs five bucks -- a pittance well spent) and authoritatively.
---------- Patrick Campbell HOME http://wwp.icq.com/217718 WORK http://wwp.icq.com/21604900 http://profiles.yahoo.com/jp_campbell http://photos.yahoo.com/jp_campbell +33 (0)612153264 Send a text message to my cellphone : http://195.115.48.10/flash/data/html/offre/services/texto/texto.html My number is 0612153264 http://rainforest.care2.com/front.html/player156759 http://www.processtree.com/?sponsor=79783 ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Re: Security's Hard Knocks - easy open doors InfoSec News (Jan 08)