|
midrange.com
I advised my manager at the time about this problem. Because we did not
have a definitive security plan in place no action was taken by the
administration. I left the company shortly after this for other reasons.
What I would have done was have everyone on the list change their
password, advise the users that they are not to give their password to
ANYONE and advise the supervisor to please notify the network help desk
if she needed to gain access to an absent employees' mailbox.
Eric Kempter
Sr. Programmer/Analyst
E-Mail: EKempter@smsocs.com
-----Original Message-----
From: midrange-l-owner [SMTP:midrange.com!midrange-l-owner@mcs.com]
Sent: Thursday, November 20, 1997 7:36 AM
To: 'MIDRANGE-L@midrange.com'
Subject: RE: How to preserve password change date
Eric,
Yes indeed; the weakest link in the chain. I know what I would have done
in this situation, but what did you do?
Dave Kahn, TCO, Kazakstan
=========
kahn@tengizchevroil.com (to November 25)
dkahn@cix.compulink.co.uk (from November 26)
>-----Original Message-----
>From: Kempter, Eric [SMTP:EKempter@smsocs.com]
>Sent: Wednesday, 19 November, 1997 22:36
>To: 'midrange-l@midrange.com'
>Subject: RE: How to preserve password change date
>
>
>At a former position, we had a security procedure very similar to the
one
>that Dave describes. When a new user profile is set up, the profile is
>set up as expired so that the user must change their password when they
>initially sign on. This way the user should be the only one that knows
>their password. I was relatively certain that our security integrity
was
>intact until one day.
>I was showing a new employee and their supervisor how to change their
>password on a new profile. Everything went smoothly, the supervisor and
>I both looked away as the user entered and confirmed their new password.
> As I was walking away, I heard the supervisor ask the new employee what
>their password was. I returned and asked the supervisor why she wanted
>to know. It turned out that the supervisor required all of her
employees
>to give her their password so that she could access their e-mail if they
>called in sick. She then proceeded to show me her list of names and
>passwords for every person in customer service (25 people at the time).
> She was also telling her employees where this list was kept in case
they
>forgot their password and needed to look it up. Talk about your
security
>holes!
>
>
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
| To unsubscribe from this list send email to
MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator:
david@midrange.com
+---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
