Ethics and passwords
Steve Acheson
satch at cisco.com
Fri Aug 29 14:27:03 PDT 2008
Well, I can answer for myself, at least, but I'm probably biased since
I've been doing Infosec for the last 15 years and have always been a bit
paranoid about both mine and others access...
I also find that 88% number hard to swallow. Perhaps that's 88% of the
people that they offered $10 for their password to that were then
interviewed... It's gotta either be a typo or some bizarre demographic
that they interviewed.
I wouldn't bother with stealing corporate info just because I was laid
off... I won't say I never would, because if someone pointed a gun at
my girlfriend or had my thumbs in a screwvice I'd happily give them
whatever they wanted.
But, for my own ethics, I wouldn't. Whenever I leave a company, I make
sure all of my accounts are deactivated and locked or deleted. I want
no chance that someone could later say that I still had access and did
something. My paranoia speaking again, but I've seen it happen to
friends in the past, and I like to learn from other people's lessons not
just my own...
Plus, after spending years enabling SSH, moving to SSO, encrypting
databases, PKI+SMIME, etc, I guess it would just be wrong to subvert all
that work...
satch
Jennifer Davis wrote:
> I just saw this on Slashdot:
> "According to identity management firm Cyber-Ark's annual 'Trust,
> Security & Passwords' survey, a whopping 88% of IT administrators
> would steal CEO passwords, customer database, research and development
> plans, financial reports, M&A plans and the company's list of
> privileged passwords if they were suddenly laid off. The survey also
> found that one third of IT staff admitted to snooping around the
> network, looking at highly confidential information, such as salary
> details and people's personal emails."
>
> I can not believe the 88% number. Seriously, there are ethics about
> having access to information. The people I know in the field are
> pretty strongly willed ethically. What are people's personal ethics
> with regards to stealing passwords? If you have access to the
> information do you do this kind of thing? (maybe it's best to ask this
> anonymously).
>
>
More information about the Baylisa
mailing list