Penetration Testing mailing list archives
Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME]
From: Jon Kibler <Jon.Kibler () aset com>
Date: Tue, 16 Sep 2008 09:02:45 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Trygve Aasheim wrote:
Goes into my collection of terrible scenarios...a company that doesn't follow any guidelines on good security at all. Helpdesk employee with access to shadow files on servers? Wake up... Helpdesk employee that forwards sensitive information to @hotmail accounts on request from people that actually say they don't work there? Hard to belive. That company has bigger issues than OOO. Sorry, but it sounds like a fib.... If it is true, then holy... Cheers, T
In too many organizations, the help desk is run by junior sysadmins. As sysadmins, they have access to everything. That is what happened here. In the race to do I.T. at zero cost, I see more and more organizations adopting the attitude of 'Why do we need help desk people that just answer the phone and then have to call sysadmins to get the problem fixed? Why not just have the sysadmins answer the calls and cut out the middle wo/man?' Help desk work is increasingly becoming a sysadmin task. That makes it even more critical that the help desk get a clue when it comes to security. Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjPrnQACgkQUVxQRc85QlNBrQCfe83UNNjsu+q0nNcAJKQ1eMGO ySsAoIaNPkC0WdCcJdONyRHEgiGEfTOH =02GK -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- RE: OOO FLAME, (continued)
- RE: OOO FLAME Erin Carroll (Sep 13)
- Re: OOO FLAME Martin Zember (Sep 14)
- Re: OOO FLAME Tim (Sep 14)
- WRAP-UP - RE: OOO FLAME Erin Carroll (Sep 14)
- Re: OOO FLAME Razi Shaban (Sep 13)
- Re: OOO FLAME ray . hawkins (Sep 14)
- RE: OOO FLAME Erin Carroll (Sep 14)
- EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Jon Kibler (Sep 14)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Michael Boman (Sep 14)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Trygve Aasheim (Sep 15)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Jon Kibler (Sep 16)
- RE: OOO FLAME Erin Carroll (Sep 14)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Tim March (Sep 14)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] R. DuFresne (Sep 15)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] David Howe (Sep 16)
- RE: OOO FLAME Erin Carroll (Sep 13)
- Message not available
- EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Pablo Cardoso (Sep 15)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Tim March (Sep 15)
- RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Ashvin Oogorah (Sep 16)
- Questionable Security Policy [WAS: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME]] Veal, Richard (Sep 16)
- RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Hill, Pete (Sep 16)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Tim March (Sep 16)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Pablo Cardoso (Sep 16)