AuthorSharky

Yabba dabba doo!

Fish is being onboarded as a software engineer and has to download the code repository and start building it. But in checking the setup guide, he can’t find any instructions on what user credentials to use to log in. This seems like something he should be able to figure out, so he trolls through multiple document systems (internal websites, Google documents and wikis) until he finds an old document that says to use his username as both username and password for version control access. That’s easy enough — but it doesn’t work. Fish gets a message saying his account wasn’t found or the password didn’t match.

Time to submit a help desk ticket. And the explanation is simple. IT had neglected to run the script that created an account for fish in the version control system. Ten minutes after submitting the ticket, fish is in at last.

To read this article in full, please click here

Yabba dabba doo!

Fish is being onboarded as a software engineer and has to download the code repository and start building it. But in checking the setup guide, he can’t find any instructions on what user credentials to use to log in. This seems like something he should be able to figure out, so he trolls through multiple document systems (internal websites, Google documents and wikis) until he finds an old document that says to use his username as both username and password for version control access. That’s easy enough — but it doesn’t work. Fish gets a message saying his account wasn’t found or the password didn’t match.

Time to submit a help desk ticket. And the explanation is simple. IT had neglected to run the script that created an account for fish in the version control system. Ten minutes after submitting the ticket, fish is in at last.

To read this article in full, please click here

Throwback Thursday: Pick a card, any card …

This conglomerate is structured as several smaller companies, with a big central IT organization plus individual IT groups in some of the companies, reports an IT pilot fish there.

“An IT staffer from one of the companies loaded a password cracker and proceeded to crack the Windows NT servers,” fish says. “He sent out emails bragging about how insecure NT was and giving the NT team a hard time.”

Fish isn’t on the NT team, but he and his security co-workers decide to strike back on behalf of their colleagues — and they do it through the central IT audit group, to make sure it’s all above board.

First, they supply the audit people with a list of more than 100 Unix servers, and get them to pick a server at random. Amazingly, the audit group picks the only server on the list that belongs to the company where the NT attack originated.

To read this article in full, please click here

Throwback Thursday: Pick a card, any card …

This conglomerate is structured as several smaller companies, with a big central IT organization plus individual IT groups in some of the companies, reports an IT pilot fish there.

“An IT staffer from one of the companies loaded a password cracker and proceeded to crack the Windows NT servers,” fish says. “He sent out emails bragging about how insecure NT was and giving the NT team a hard time.”

Fish isn’t on the NT team, but he and his security co-workers decide to strike back on behalf of their colleagues — and they do it through the central IT audit group, to make sure it’s all above board.

First, they supply the audit people with a list of more than 100 Unix servers, and get them to pick a server at random. Amazingly, the audit group picks the only server on the list that belongs to the company where the NT attack originated.

To read this article in full, please click here

It’s a hack!

It's a few years after Y2K, and this pilot fish has overall responsibility for all things related to his company's website.

"Like most corporations, our company had a policy that computers and laptops were to be used only for company business, along with policies governing the appropriate use of the internet in the work environment," fish says.

"After arriving at work one morning, I opened my email to find a frantic message from our CEO to me and our internet security manager, stating that our website had been hacked."

The big boss knows this is the case because there are spammy images and text on the home page, among other issues. Not surprisingly, the CEO is adamant that this must be resolved ASAP.

To read this article in full, please click here

Details, details

It's a few years after Y2K when the IT security team at this university gets a rude awakening, reports a pilot fish in the know.

"They discovered that persons unknown had hacked into a university server," fish says. "It was being used to launch denial-of-service attacks against a victim somewhere outside the university."

The team's first job is finding the server -- which turns out to be in the alumni office -- and taking it offline.

Then they start digging into the security logs. That's when they find out that the attackers have been making use of the server for more than a year.

And once they start checking on the IP addresses of whoever it is that has accessed the server, they discover it's not just one or two hackers. It seems people from all over the world have been using this server to launch attacks.

To read this article in full, please click here

New year, same old users

IT support pilot fish takes a call to help a user change a password on a webpage form -- and it reminds fish of just how much help-desk techs love password resets.

"I spent 25 minutes talking to him," fish groans. "There were only two buttons to press, Submit and Reset.

"You’d think that after pressing Reset three times and having it erase the passwords he typed in, he would try Submit -- right?

"But no -- our customer tried a fourth and then a fifth time, until he got the idea to hit the other button.

"This person was by all accounts a functional, employed adult..."

Sharky needs a new year's worth of stories of users, management and IT gone off the rails. So send me your true tales of IT life at sharky@computerworld.com. You can also comment on today's tale at Sharky's Google+ community, and read thousands of great old tales in the Sharkives.

To read this article in full, please click here

If the CTO says it’s OK, what could go wrong?

Medical rehab facility is facing a compliance deadline for HIPAA privacy regulations, and that could be a problem, says a cybersecurity pilot fish working there.

"The HIPAA regulations are strewn with potential issues," fish says. "When some aspect isn't followed and a patient's data privacy is compromised, the fines can be substantial."

And that's the headache fish faces because of his facility's use of Gmail. As the site's cybersecurity engineer, fish knows that ordinary Gmail isn't HIPAA compliant.

Fortunately, there's a fix -- one that involves additional paperwork and agreements, along with some added security verification. But that's still easier and less complex than moving everyone off Gmail.

To read this article in full, please click here