Firewall Wizards mailing list archives

Kinko's Waning Security

From: Chuck Vose <vosechu () roman-fleuve com>
Date: Wed, 21 Apr 2004 09:52:25 -0700

I work for Kinko's and I'm beginning to worry about the security from
above. I would like to hear advice on how to request greater security
when you have no buying power or authority at all (the copy guy
downstairs doesn't get a whole lot of say over the network decisions). 

For instance, passwords are getting weaker and weaker. It used to be
mandatory to have a 4 digit password to access the register, however
it's been lowered to 1 digit. This seems like an incredibly bad idea. 

Passwords on the email system and the internal core downloads have never
changed. In fact, we wrote the password on a keyboard long, long ago and
it's beginning to wear off just from people typing on it. I can't rub
sharpie ink off with all the grit I can muster, yet it's wearing off
through I can only assume erosion. 

Finally, our brand spanking new business card approval system has the
same username and password for every branch in the world. I can access
my neighboring branch's system and authorize or delete all the orders I
like. Were I inclines I would make a fake order for 8 million business
cards at another store, access the auth page, and let the store buy the
cards. Once we release the store has to buy the cards even if they
aren't sold, but the authorization process isn't limited at all. Hell
customers will probably start doing their own cards once they figure out
the system (which knowing the internet, won't be long). 

What do you do when your employer is getting more and more stupid about
security? I could go on about the problems, they touch into physical
security, VLANs being the main security, poor password systems (in more
than the items mentioned). In fact, Kinko's would probably make a fine
"How not to secure your company" subject. 

Compounded, I'm not sure that the manager will know or care. And I'm
certain that our IT girl knows far less about it than he does. She
doesn't know what spyware is nor why it's a problem for it to be on the
ghost images that she uses once a month (there's viruses too). 

Help! Please!!
-Chuck

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Kinko's Waning Security Chuck Vose (Apr 22)
- Re: Kinko's Waning Security Paul D. Robertson (Apr 22)
  - Re: Kinko's Waning Security Ryan M. Ferris (Apr 22)
    - Re: Kinko's Waning Security Paul D. Robertson (Apr 22)
  - Re: Kinko's Waning Security S. Jonah Pressman (Apr 22)
    - Re: Kinko's Waning Security Chuck Vose (Apr 22)
    - Re: Waning Security Paul D. Robertson (Apr 22)
    - Re: Waning Security Frederick M Avolio (Apr 23)
    - Re: Waning Security Paul D. Robertson (Apr 23)
    - Re: Waning Security Chuck Vose (Apr 23)
    - Re: Waning Security Crispin Cowan (Apr 23)

(Thread continues...)