Author Topic: Moron where I used to work  (Read 3656 times)

Offline peewee_RotA

  • Brobdingnagian Member
  • ***
  • Posts: 4152
  • Hi, I'm from the gov'ment and I'm here to help you
    • View Profile
  • Rated:
Moron where I used to work
« on: March 03, 2010, 05:40:34 AM »
At one of my previous jobs I used to do tech support. At one point the entire IT department was led into a meeting in small groups with a newly appointed VP of security. The purpose of the little meetings was to discuss password strength and how to best enforce it. This is all well and good, but the way that this stunning genius went about it is awe inspiring.

His idea was to take a copy of the central windows password file and brute force it to test the password strength of everyone in the company. He let this run for 2 days and then he created an excel spreadsheet containing all of those passwords once they were determined and saved a time for how long it took. He then sent copies of any password containing offensive language to VP's and presidents of each department who sent out disciplinary letters to every employee that used offensive passwords. The windows password file, the brute force application (most likely riddled with viruses), and the spreadsheet all existed on his own work laptop that he transported between home and work often. This laptop was secured behind a single windows password which would have been contained on that spreadsheet.

...Then this information security savant had the nerve to argue with me when I corrected his action of limiting people to no longer using offensive terminology and for sending that information to people's bosses. He especially got snippy when I quoted some IS books from college that disagreed with him.

That one action was SOOOO bad that it was the sole reason I left that company for my next job. The kicker to all of this. That company was a fortune 100 financial institution. We're talking about risking untold numbers of other people's money by doing something like that.

 :ubershock:


And they reprimanded people for having offensive passwords.  :lolsign:



*EDIT* I may have posted this before but It's one of those things that bothers me enough to risk a duplicate post.
« Last Edit: March 03, 2010, 05:45:22 AM by peewee_RotA »
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus
GOTO ROTAMODS (rocketgib)
GOTO ROTAMAPS (fireworks)
HappyFriar- q2server.fuzzylogicinc.com
 Tune in to the Tastycast!!!!  http://dna.zeliepa.net

Offline [BTF]Sigma

  • Phenomenally Prodigious Member
  • **
  • Posts: 3059
    • View Profile
  • Rated:
Re: Moron where I used to work
« Reply #1 on: March 03, 2010, 07:10:32 AM »
Wow. Yup, passwords are passwords. Going ahead and sharing how long it took to crack it seems acceptable. Just means the individual needs to add some variety to characters. Sounds like a power tripper.
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus

Offline peewee_RotA

  • Brobdingnagian Member
  • ***
  • Posts: 4152
  • Hi, I'm from the gov'ment and I'm here to help you
    • View Profile
  • Rated:
Re: Moron where I used to work
« Reply #2 on: March 03, 2010, 08:11:28 AM »
Wow. Yup, passwords are passwords. Going ahead and sharing how long it took to crack it seems acceptable. Just means the individual needs to add some variety to characters. Sounds like a power tripper.

No he actually shared the real passwords with people.

And not just people's accounts but passwords to generic services that run processes and have insane admin rights on critical machines.
« Last Edit: March 03, 2010, 08:13:54 AM by peewee_RotA »
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus
GOTO ROTAMODS (rocketgib)
GOTO ROTAMAPS (fireworks)
HappyFriar- q2server.fuzzylogicinc.com
 Tune in to the Tastycast!!!!  http://dna.zeliepa.net

Offline QwazyWabbit

  • Carpal Tunnel Member
  • ******
  • Posts: 1373
    • View Profile
  • Rated:
Re: Moron where I used to work
« Reply #3 on: March 03, 2010, 09:25:44 AM »
This inDUHvidual has no clue. Disclosing those passwords and keeping them in a spreadsheet was simply beyond stupid. That his superiors allowed it to happen and took no action proves they are pointy-haired boss material. He clearly could have expired those passwords and forced a change without a meeting but the power-trip meeting was a hey look-at-me thing. Sounds like he discovered LC4 or L0pht toys and decided he was a security expert.

Our company has a 90 day expire and complexity requirement. I lost count of the times people have locked themselves out or forgotten their new password. The IT response is to reset the password to "password", leaving the account vulnerable until the user gets around to logging back in, forcing a reset to yet another forgettable password.
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus

Offline peewee_RotA

  • Brobdingnagian Member
  • ***
  • Posts: 4152
  • Hi, I'm from the gov'ment and I'm here to help you
    • View Profile
  • Rated:
Re: Moron where I used to work
« Reply #4 on: March 03, 2010, 10:10:02 AM »
Our company has a 90 day expire and complexity requirement. I lost count of the times people have locked themselves out or forgotten their new password. The IT response is to reset the password to "password", leaving the account vulnerable until the user gets around to logging back in, forcing a reset to yet another forgettable password.

A different place that I worked addressed this once. We blocked "password", "password1" "nameofthecompany1" and things like that so it forced all of us to come up with better methods.

I used a clever method based on date and name. It was something like day, excluding month, the current second on the clock, and the first three letters of the first name. The first two numbers were both arbatrary but being only 4 digits, it is easy to communicate over a phone.

I even once started deriving passwords based on lucky numbers listed on fortune cookies. As long as your formula never ties to the client then it's not guessable. You could use your own address or birthdate and it is not a security risk, just so long as the number doesn't tie back to the client who will use it.
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus
GOTO ROTAMODS (rocketgib)
GOTO ROTAMAPS (fireworks)
HappyFriar- q2server.fuzzylogicinc.com
 Tune in to the Tastycast!!!!  http://dna.zeliepa.net

Offline [BTF]Jehar

  • Swanky Member
  • *****
  • Posts: 777
  • Gee Gee or Whatnot.
    • View Profile
    • Tastyspleen.tv
  • Rated:
Re: Moron where I used to work
« Reply #5 on: March 03, 2010, 12:17:22 PM »
I'm starting to work at a local ISP, and this sometimes involves setting up wifi networks in client's houses. I'm wary of generating a new auth key for each home network, as this could easily become messy to keep track of and make sure the client knows about it. I'm considering having keys based in part by the router, and also by the manufacturer of their main box, and the first letter of the street they are on. This'll make something that's easy for me to derive if the key is ever lost, but wardrivers will have a hell of a time figuring it out.
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus
Tastyspleen ==Tastyspleen.tv==! All Quake, All the Time

Offline [BTF]Sigma

  • Phenomenally Prodigious Member
  • **
  • Posts: 3059
    • View Profile
  • Rated:
Re: Moron where I used to work
« Reply #6 on: March 03, 2010, 12:18:27 PM »
My fav was to take a verse in a song that you can remember and use the first letters of the words as your characters. Modify the characters by substituting a few symbols/numbers for the letterrs and you have yourself a relatively safe password.
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus

Offline Slayer :D

  • Sr. Member
  • ****
  • Posts: 426
    • View Profile
  • Rated:
Re: Moron where I used to work
« Reply #7 on: March 04, 2010, 06:30:12 AM »
My passwords are like this one (and this is NOT one I use!!!):

f^s7L2(fAAg_72

And no, it does not have any meaning to me. It is just random.
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus

Offline [BTF]Sigma

  • Phenomenally Prodigious Member
  • **
  • Posts: 3059
    • View Profile
  • Rated:
Re: Moron where I used to work
« Reply #8 on: March 04, 2010, 07:20:41 AM »
But I'm sure the choderider mentioned above would have reported it as vulgar language had it been.
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus

Offline Slayer :D

  • Sr. Member
  • ****
  • Posts: 426
    • View Profile
  • Rated:
Re: Moron where I used to work
« Reply #9 on: March 04, 2010, 07:54:59 AM »
OH NO IT HAS "faag" IN IT!!! :dohdohdoh: :uhoh:
  • Insightful
    Informative
    Funny
    Nice Job / Good Work
    Rock On
    Flawless Logic
    Well-Reasoned Argument and/or Conclusion
    Demonstrates Exceptional Knowlege of the Game
    Appears Not to Comprehend Game Fundamentals
    Frag of the Week
    Frag Hall of Fame
    Jump of the Week
    Jump Hall of Fame
    Best Solution
    Wins The Internet
    Whoosh! You done missed the joke thar Cletus!
    Obvious Troll Is Obvious
    DO YOU EVEN LIFT?
    DEMO OR STFU
    Offtopic
    Flamebait
    Redundant
    Factually Challenged
    Preposterously Irrational Arguments
    Blindingly Obvious Logical Fallacies
    Absurd Misconstrual of Scientific Principles or Evidence
    Amazing Conspiracy Theory Bro
    Racist Ignoramus

 

El Box de Shoutamente

Last 10 Shouts:

 

Costigan_Q2

November 11, 2024, 06:41:06 AM
"Stay cozy folks.

Everything is gonna be fine."

There'll be no excuses for having TDS after January 20th, there'll be no excuses AT ALL!!!
 

|iR|Focalor

November 06, 2024, 03:28:50 AM
 

RailWolf

November 05, 2024, 03:13:44 PM
Nice :)

Tom Servo

November 04, 2024, 05:05:24 PM
The Joe Rogan Experience episode 223 that dropped a couple hours ago with Musk, they're talking about Quake lol.
 

Costigan_Q2

November 04, 2024, 03:37:55 PM
Stay cozy folks.

Everything is gonna be fine.
 

|iR|Focalor

October 31, 2024, 08:56:37 PM
 

Costigan_Q2

October 17, 2024, 06:31:53 PM
Not activated your account yet?

Activate it now! join in the fun!

Tom Servo

October 11, 2024, 03:35:36 PM
HAHAHAHAHAHA
 

|iR|Focalor

October 10, 2024, 12:19:41 PM
I don't worship the devil. Jesus is Lord, friend. He died for your sins. He will forgive you if you just ask.
 

rikwad

October 09, 2024, 07:57:21 PM
Sorry, I couldn't resist my inner asshole.

Show 50 latest
Welcome, Guest. Please login or register.
November 26, 2024, 12:13:03 AM

Login with username, password and session length