![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
crazdgamer.livejournal.com posting in ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
techrecoveryI get a call from a high-level exec's secretary. She says that someone from outside our office is visiting and would like to use a computer. She further states that the high-level exec (her boss) has given the ok on this. She specifies the computer that can be used, and requested that the password of the person who normally uses that computer (who is neither herself or her boss) be changed so the visitor may log in as that person.
I, being mindful of a thing called "information security", was not likely to do such a thing. I suggested to her that the person use an already established guest account on the domain. I provide the credentials to the guest account and wish them on my way.
Minutes later, I hear from my immediate boss that the high-level exec himself called my boss and made the exact same request (change the other user's password) just after I got off the phone with his secretary. End result: My advice was ignored, and the password was changed anyway.
I know I don't have to spell it out here since you guys can figure out why this was such a bad idea, but I'll list it out anyway: The other user's personal e-mail, and departmental files are accessible, password can't be changed back to what it was without one of us manually reseting it (I hate asking "what would you like your password to be?") because of group policy, and there's probably some other things I'm forgetting.
Annoying situation.
I, being mindful of a thing called "information security", was not likely to do such a thing. I suggested to her that the person use an already established guest account on the domain. I provide the credentials to the guest account and wish them on my way.
Minutes later, I hear from my immediate boss that the high-level exec himself called my boss and made the exact same request (change the other user's password) just after I got off the phone with his secretary. End result: My advice was ignored, and the password was changed anyway.
I know I don't have to spell it out here since you guys can figure out why this was such a bad idea, but I'll list it out anyway: The other user's personal e-mail, and departmental files are accessible, password can't be changed back to what it was without one of us manually reseting it (I hate asking "what would you like your password to be?") because of group policy, and there's probably some other things I'm forgetting.
Annoying situation.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2006-12-13 09:03 pm (UTC)Fortunately, around here, we don't have that sort of problem. In fact, the last time some nitwit called and tried something like that, my supervisor was standing right behind me as I took the call and patiently explained to the person several times that I was not about to break government IS policy for them.
When I humg up, my supervisor looked at me and said "This is all documented, right?" I replied that it was and gave him the ticket number.
Never did hear anything further from them...
no subject
Date: 2006-12-13 09:14 pm (UTC)It's always some stupid upper management prick who thinks the rules don't apply to them, who goes and pokes holes in security. And then IT gets blamed, like that stoopid VA laptop that went missing. Because of that one laptop, Homeland Security has mandated that all government and government related organizations encrypt all devices that leave the premises. Because some politician wants to be seen as 'pro-active' time and money is being spent on a 'social problem' and they're blaming the tech. Sigh.
no subject
Date: 2006-12-13 09:37 pm (UTC)It could be that the person, who's pc they wated to use, is under investigation for something by an outside entity (ie. Private investigator, Local Bureau of investigation, FBI, etc.) and they just needed to fish for information to see if that person was involved.
We've had that happen on several occasions at companies I worked for. Maybe that person's wife/husband thinks they are cheating, or they are going through a divorce. Maybe they comitted a crime or were fingered as involved in a crime...
no subject
Date: 2006-12-13 11:10 pm (UTC)no subject
Date: 2006-12-14 01:09 am (UTC)For example: (keep in mind that I am making this up as I go so all times and situations are variable)
Consider that Joe Bob robs Bank A with Sam from down the road. The cops know someone was with Sam but don't know who, so they start questioning Sams friends. One of Sams friends says that Joe Bob admitted to him in an e-mail long ago that he and Sam were going to do something like rob a bank. The cops could use that e-mail evidence...but, Joe Bobs company doesn't retain Tape backups for more then a week, so they no longer have those e-mails...but, Joe Bob might still have them in his deleted folder. So, the cops go to the Judge, the Judge gives them a specific Search warrant and Violat! Cops Computer forensics person is at Joe Bobs computer looking for those e-mails from a couple of weeks ago...
no subject
Date: 2006-12-14 04:46 am (UTC)Last time I looked into forensics, even if the third party is the forensic investigator, by logging on as the user they are ruining the chain of custody.
However, I agree that the scenario you posit is possible, just that they were doing it wrong. If your scenario were the case, they were probably logging in to look first, where (hopefully) if they were to find something they would re-investigate using proper forensic procedures. Not that that isn't still incorrect, but...
OTOH, many such investigations never make it to court, ruining the need for chain-of-custody. Informal.
---
IMO, though, that isn't the case here anyhow.
no subject
Date: 2006-12-14 04:48 am (UTC)Chain-of-custody in a computer forensic case requires that you can show the judge that the device in question has the incriminating data in question and has not been tampered in any way shape or form since the moment of investigation. In my opinion, the parent poster was correct.
no subject
Date: 2006-12-14 07:52 am (UTC)no subject
Date: 2006-12-14 12:45 am (UTC)no subject
Date: 2006-12-14 01:00 am (UTC)no subject
Date: 2006-12-14 12:55 am (UTC)I seriously think I need to write a precisely worded e-mail to the guy and CC some of my bosses. Yeah, the guy *could* fire me, but I would be remiss in my responsibilities if I didn't address the issue.
no subject
Date: 2006-12-14 08:26 pm (UTC)That's what you were "told". There are a lot of things that go on without your knowledge. Just because we are IT doesn't mean we are involved with all of IT...
is under investigation for something by an outside entity
Date: 2006-12-14 01:04 am (UTC)Investigation over - have a nice day.
Re: is under investigation for something by an outside entity
Date: 2006-12-14 01:37 am (UTC)"For example: (keep in mind that I am making this up as I go so all times and situations are variable)"
The above scenario is just an example, a for instance, not a technical description of how things work.
Also, since you are the expert, how is the evidence in the above example compromised? They got the court to give them a search warrant, they showed up at the company with their computer forensics person and they searched the computer with possibly a company Executive, The investigative cop and the Computer forensics person who is also a cop...how is that evidence going to be rebutted in a court of law?...
Re: is under investigation for something by an outside entity
Date: 2006-12-14 04:50 am (UTC)Because the device was manipulated before the device was brought into the court of law. Computer forensics requires that any manipulation be done on a reproducible copy of the device for this reason. Hence why forensics teams have raw drive cloning devices.
Re: is under investigation for something by an outside entity
Date: 2006-12-14 08:28 pm (UTC)I was giving an Example, a hypothetical situation. Why are you guys getting all bent out of shape on this? *Sheesh*...
Re: is under investigation for something by an outside entity
Date: 2006-12-15 03:34 am (UTC)Re: is under investigation for something by an outside entity
Date: 2006-12-15 03:41 am (UTC)I was happy and jolly when I replied to this thread...in fact, I am happy and Jolly now!
Ha Ha Ha!
Ho Ho Ho!...
Re: is under investigation for something by an outside entity
Date: 2006-12-15 04:44 am (UTC)Re: is under investigation for something by an outside entity
Date: 2006-12-15 05:04 am (UTC)Investigation over - have a nice day."?...
no subject
Date: 2006-12-14 02:41 pm (UTC)(I'm an Australian. I'm therefore not too far up on the US constitution).
Over here, you'd need a signed warrant for the police to be able to enter the premises in the first place. You'd then need another warrant (or a clause in the initial warrant) stating exactly what needed to be searched, and when. And oddly enough, if the police were investigating something like that, I have a strong suspicion that the IT department would already know about it.
Then again, we have some rather strong and nasty privacy laws, which mean that if anyone is handing over your information, you're entitled to know about it.
no subject
Date: 2006-12-14 08:22 pm (UTC)The IT department doesn't need to be notified of the purpose, especially if it comes down from the CEO or some other High Level Exec. They just need to know that person A needs access to computer A using person B's login...
no subject
Date: 2006-12-13 11:38 pm (UTC)Isn't there some higher authority you can go to to complain about this? It has to be a violation of some sort of policy.
I can't imagine what I would feel like if that happened to me--some boss changed *my* password and let some stranger log into my account, and probably didn't change the password back. If I were that person I'd even be looking at legal options on something like that.
no subject
Date: 2006-12-13 11:51 pm (UTC)no subject
Date: 2006-12-14 12:24 am (UTC)And here, people will try and give me their passwords, and I cut them off with "I don't need to know that." If they ask for an explanation, I explain to them that I don't *need* their password, as it's trivial for me to reset it...
no subject
Date: 2006-12-14 12:22 am (UTC)no subject
Date: 2006-12-14 02:33 am (UTC)no subject
Date: 2006-12-14 06:00 am (UTC)...I don't even give my best friend in the universe my password. I give him root-level access to my box, but not my password.
no subject
Date: 2006-12-14 10:22 am (UTC)no subject
Date: 2006-12-14 02:33 pm (UTC)I'm not sure where you are, but here in .au, what happened would be a breach not only of IT security, but also of the Australian privacy laws.
no subject
Date: 2007-01-05 04:13 am (UTC)We have one department that have changed all thier passwords to the SAME password so they can use each others logins.
Another Dept that writes all the users names & passwords on an A4 sheet of paper photocopies it and put a copy on eveyones desk.
Then there are the users with password of PASSWORD written on a post-it stuck on thier monitors.
no subject
Date: 2007-01-05 04:33 am (UTC)3 months later, laptop comes back for a software install, password written on the damn thing in permanent marker.
Facepalm, indeed.