Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Aristotle (5147)


Blah blah blah blah blah []

Journal of Aristotle (5147)

Tuesday August 22, 2006
12:29 PM

It’s memorable because it’s meta-system honesty

[ #30722 ]

Shark Tank :

Newly hired IT contractor will need remote network access, so this pilot fish uses the company’s intranet-based application to set it up for him. That includes coming up with a secret question and answer so the user can be authenticated when he calls the help desk. “But the system assumes the person filling out the request is also the one who’ll be using the access,” grumbles fish. “It asked me to come up with the question and answer, not the contractor. The result? His question is ‘Why is this an insecure process?’ and the answer is ‘Poor design.’”

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • Heh. That reminds me of a friend of mine. His company does a -- let's be kind here -- so-so job of consolidating passwords. So to be able to go through his day, he has to remember an intranet password, a shared calendar password, a windows network password, a unix network password, a cms password, a cvs repository password, an IT password and a few others.

    It goes without saying that some of those passwords must be changed every month or so (which shouldn't be so bad if the system wasn't beginning to nag

    • Goodness gracious. I’d just write all my passwords down and keep them in my wallet.

      • Only problem being: to keep both money and password, it's not a wallet that is needed, but a briefcase.

        But my friend found the solution: he keeps his passwords in his wallet, and stick his money bills to his monitor. He calls it security through surreality.