AuthorSharky

Well, DID she ever change her password?

Flashback to the days when this pilot fish is managing an email system for several corporate clients, and he needs to pick good passwords from the get-go -- because these users will never bother changing them.

"I wrote a program to generate accounts and to create a password," says fish. "The system consisted of a dictionary of about 100 three-letter words, and a separate dictionary of four-letter words where I had tried to remove the bad words. Then there was a list of special symbols, and then the digits 0 through 9.

"The system chose one element from each list, and put them in a random order. It then printed the information out. I folded the piece of paper and placed it in an envelope and mailed it -- never actually looking at it.

To read this article in full, please click here

Root Cause Analysis

The company this pilot fish works for is acquired by a larger outfit, and everyone gets a new login based on just the employee's family name -- which in fish's case is Root.

"That should have been a non-issue with any other name," says fish. "But when the administrators created my account, they apparently didn't think about the fact that root is the superuser account in our Unix systems.

"Following the instructions provided in an email, I logged in and changed the password on my 'root' account. The next time I logged in, the password didn't work. I called the help desk for the new company and they reset my password -- and it worked until I logged off and tried to log back in.

To read this article in full, please click here

Throwback Thursday: What could be simpler?

IT department sends an email blast to the users: From now on, everyone will use a single login credential for all areas of the network, according to a pilot fish on the receiving end.

Fish's reaction to single sign-on? "Yahoo! No more numerous account credentials to keep track of for various subsystems within the domain!"

In short order, all users are issued their single login credentials. And someone in IT has thought this through: The new user name and password are the same as for the user's existing email account. That should make them easier for users to remember.

There's just one catch.

It turns out that before a user can get to the single-login screen to use his single-login credentials, he first has to go to the subsystem he's planning to use.

To read this article in full, please click here

Throwback Thursday: What could be simpler?

IT department sends an email blast to the users: From now on, everyone will use a single login credential for all areas of the network, according to a pilot fish on the receiving end.

Fish's reaction to single sign-on? "Yahoo! No more numerous account credentials to keep track of for various subsystems within the domain!"

In short order, all users are issued their single login credentials. And someone in IT has thought this through: The new user name and password are the same as for the user's existing email account. That should make them easier for users to remember.

There's just one catch.

It turns out that before a user can get to the single-login screen to use his single-login credentials, he first has to go to the subsystem he's planning to use.

To read this article in full, please click here

Because what’s more important than being on-brand?

Manager at this software vendor insists on having admin rights to every system, and she likes to set passwords that consist of the name of the company's flagship product, reports a pilot fish working there.

"She would use ourproductname1 -- or ourproductname1! if that didn't satisfy complexity requirements -- for production systems," fish says. "Sending her a copy of our organization's security requirements didn't seem to help.

"Thankfully, as our product matured, more and more of the older systems came offline and were replaced by me with newer systems and secure passwords.

"One fine morning I received a barrage of alerts that our SaaS product was down. Looking through the logs, I saw a multitude of authentication errors from attempted database connections.

To read this article in full, please click here

Just one, um, great idea after another

Sysadmin pilot fish is approached by the IT director, who tells fish to create an account for the director that has the same capabilities as the lead programmer's account.

"Seems he had some kind of beef with the lead programmer," sighs fish. "But I created the account, set the privileges and gave him the user name and password.

"Three months later, he came into my office accusing me of not complying with his directive.

"I told him that I had indeed complied with his instructions, including showing him that the login capability worked as advertised.

"He told me he couldn't perform a certain operation when he logged in. I explained that neither could the lead programmer. Only system administrators could.

To read this article in full, please click here

Just one, um, great idea after another

Sysadmin pilot fish is approached by the IT director, who tells fish to create an account for the director that has the same capabilities as the lead programmer's account.

"Seems he had some kind of beef with the lead programmer," sighs fish. "But I created the account, set the privileges and gave him the user name and password.

"Three months later, he came into my office accusing me of not complying with his directive.

"I told him that I had indeed complied with his instructions, including showing him that the login capability worked as advertised.

"He told me he couldn't perform a certain operation when he logged in. I explained that neither could the lead programmer. Only system administrators could.

To read this article in full, please click here

Clever, redefined

It's the 1990s, and this pilot fish is hired at a big international company to maintain a group of Linux servers -- and they definitely need help.

"My initial survey of the systems uncovered some serious security problems," says fish. "Everything had been set up and users added with no regard to security.

"As a temporary holding action, I set all the users' login shells to a custom restricted shell that allowed each user access to only the directories and commands necessary for their work while I analyzed all the systems, planned a decent security configuration for each, got approvals, did testing and, finally, implemented the new security."

To read this article in full, please click here

Throwback Thursday: Now he’s feeling even LESS secure

This organization's IT security officer leaves and isn't replaced. "A year and a half goes by and the organization suffers a web page defacement," says a pilot fish on the scene. "During the course of the remediation, another server that has a couple of Trojans on it is found."

That's not really a big surprise. Since the infosec guy's departure, the CIO has repeatedly demanded that ports be opened in the firewall, external connections be made to servers bypassing the firewall and servers in the DMZ be connected to internal servers.

The support manager objects every time -- and is always overruled.

"Worse, support isn't part of the process of selection or meetings with potential vendors for the new web services," fish says. "Support only finds out about the requirements when they are directed to create the holes."

To read this article in full, please click here

Time for a wake-up call…

This pilot fish supervises the IT help desk, so he's on the scene when one of his support techs takes a call that's very ordinary -- mostly.

"It was some normal problem like 'install this printer' or 'the computer forgot my password, please reset it,'" says fish.

"But at the end of the call, when they were discussing various things, the user happened to mention, very proudly, that she always turns off her computer at the end of the day every Friday, so it can get its updates over the weekend.

"The tech didn't have the heart to break the bad news to her. He just told her that was a good idea and to have a nice day."

Sharky has a better idea: Send me your true tale of IT life at sharky@computerworld.com. You'll score a sharp Shark shirt if I use it. Comment on today's tale at Sharky's Google+ community, and read thousands of great old tales in the Sharkives.

To read this article in full, please click here