Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Businesses Security

Telling Your Superiors Their Financial Data Is At Risk? 100

Posted by Cliff from the just-because-they-aren't-paranoid-enough... dept.
alterimage asks: "I'm a Computer Science major at night, working by day in Accounting for a major telecom provider, with clients consisting of most the entities on Fortune's Top 20 Most Admired Companies of 2006 list. Daily, I see customer payments in excess of $50,000 come and go. Strangely enough, rather than have these payments conducted by an IVR system or over the Internet, the majority of these payments are conducted over the phone with individuals such as myself, who are instructed to write down, document all the specific banking information, and to keep them on hard-copy in an unlocked file cabinet that is accessible to anyone. Having experience with social engineering and fraud, I've already advised my boss that it's probably not a good idea for those bank routing and account numbers to be laying around unsecured, and was told that I'm over-reacting. So I ask Slashdot: At what point should the human aspect of security be considered in the business environment? Should I just smile, nod, and play along in this situation?"
This discussion has been archived. No new comments can be posted.

Telling Your Superiors Their Financial Data Is At Risk? More

Telling Your Superiors Their Financial Data Is At Risk?

Comments Filter:

  • the plan! (Score:5, Funny)

    by Tumbleweed ( 3706 ) * on Wednesday March 07, 2007 @03:54AM (#18259616)
    As a proof of concept, steal as much money as you possibly can. As payment for this security evaluation, keep the money and retire to a country with no extradition to the United States.

    One little implementation detail: don't get caught.

    Extra credit: put the blame onto your criminally-negligent boss.

  • That's normal for the telecommunications industry (Score:1, Funny)

    by Anonymous Coward on Wednesday March 07, 2007 @04:00AM (#18259634)
    Obvious incompetence is normal in the telecommunications industry. Once you are found out not to be incompetent, you will certainly be let go, possibly following a promotion to recognize your ability. If you do not believe this, I strongly suggest you purchase every Dilbert book you can find, and study them thoroughly. Scott Adams once worked in the telecommunications industry, so it's the best reference available for your line of work. If only I was kidding, unfortunately I am not.

    Good luck.

  • Trust is always a contentious point (Score:4, Funny)

    by Toreo asesino ( 951231 ) on Wednesday March 07, 2007 @07:06AM (#18260304) Journal
    I'm the sys-admin for my company I work for (when not coding). Only the boss and myself knew the password for the entire domain, and everyone was happy. One day, during a software demo I need to pull some files off my machine for the demo. Boss says "come back once the files are on the public share, and we'll re-test". I say "Not to worry; i'll go through the admin share" (\\machinename\c$ or such) - I'll just log you into my machine as network admin.
    This worried my boss - "What? You can access any machine's drives if you're the network administrator?".

    I try and explain that yes you could; it's by design; the admin being the super-power on the network - full access to everything, etc. This leads him to the next question of "What? Even you could access even my PC? I've got sensitive information on here?!". I reply "Yes, even yours if I really wanted to".

    Unimpressed, he changes the network admin password.

    Precisely 1 hour and 20 minutes later; I get an email saying "User xyz can't access a file YYY on the abc share - what's the problem?". I explain the permissions on the file probably got corrupted/lost and resetting the file-system permissions for the root directory structure should flush out the problem.

    He gives me the new network admin password. Problem was fixed in 2 mins.

    In conclusion, us geeks rule the world. On modern IT systems, someone, must have complete power over all. That is why we are geeks because we can do what others cannot.

    And it's true what they say; being a sys-admin is a power-trip.

    *evil laugh*
    The machines! They're all miiiine! Aaaalll mine!!!!

  • Tell him again.... (Score:4, Funny)

    by hairykrishna ( 740240 ) on Wednesday March 07, 2007 @08:17AM (#18260600)
    ....from your new beach house in the Caymen islands.

  • Re:let it go. your boss doesn't care, and they don (Score:2, Funny)

    by kennygraham ( 894697 ) on Wednesday March 07, 2007 @03:20PM (#18265874)

    1. Say NOTHING to the boss about this matter from here on out.
    2. Collect names and account numbers and contact information.
    3. When you leave this job one day, and you will, and when you need money, and you will, contact the account holders *directly* and offer to tell them where you got your information for a fee.

    You must be new here.

    1. Say NOTHING to the boss about this matter from here on out.
    2. Collect names and account numbers and contact information.
    3. ???
    4. Profit!

    There, fixed.

Slashdot Top Deals

Never call a man a fool. Borrow from him.

Close