30 November 2017

22 Years later, Info Sec is still a problem

In about 1995, I remember an IT manager being dismissive of our internal audit recommendations to improve information security. No matter how we documented the issues, he either ignored then, argued with them, or promised to implement the sometime in the future, date unknown.

In my frustration I had one of our very smart people try something.

Two days later, I wandered into the IT managers office, politely knocking. Eye-roll, "Yes, what can I do to help you this time?" he asked. 

I silently handed his a plain white envelope. He looked at it, opened it, and pulled out the single sheet of paper, carefully folded in three. He opened the paper.

In the very middle of the page was one word: his password.

After a moment, his only comment was "Okay, I get it. Now bugger off."

Best "bugger off" I've heard in my life. Recommendations started to be implemented.

Sometimes it is fun to consider just how far we have come with computer security, and how how far we still have to go. Today I would have had that very smart person find a way to get a Trojan onto his laptop and would have stolen the saved passwords, or would have had someone sniff his packet traffic. Nothing new, but still wide open gaps in too many system.