Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Privacy

Journal peacefinder's Journal: Humor in IT security: "Kill Me Now" edition 9

Journal by peacefinder

We survived the move to our new office. No servers died, or at least not unrecoverably so. Critical systems downtime was seven and a half hours, which (amazingly) was bang-on my predicted downtime.

The building is designed from the ground up for our use. Among many other advantages, this let us design reasonably good physical security measures to protect our data. I can now (or can soon, anyway) confidently tell any HIPAA auditors that our servers' physical security is better than the vast majority of clinics our size. Like all medical clinics, we have a reasonably large store of data that's ideal for identity theft. Physical, electronic, or combined break-ins specifically aimed at our data are a significant threat that we need to counter. Our previous facility had irredeemably terrible physical security, so this is a really welcome change.

We're still working out some bugs with our alarm and access control company, though. They've really dropped the ball in a number of different areas, and if we weren't paying close attention we would never have known that they didn't meet our spec. I've got their feet held to the fire, and they're working to make it right.

They decided to be very diligent yesterday, to try to restore my shaken confidence in them. They wanted to make sure that my user list and alarm call list was correct. So they sent me a list that included our address, each person's name and PIN, and noted who was authorized to make changes to the security system. Everything someone needs to know to disarm the alarm while impersonating any user after entry.

By e-mail.

Not encrypted e-mail, either, even though they have my certificate in their inboxes from previous signed e-mails I've sent. (I'm not exaggerating when I say that they don't even know what S/MIME is .) No, they sent it plaintext.

Now I get to change everyone's alarm PINs. I'm sure my staff will be thrilled.

This discussion has been archived. No new comments can be posted.

Humor in IT security: "Kill Me Now" edition More

Humor in IT security: "Kill Me Now" edition

Comments Filter:

  • Hahaha (Score:2)

    by nizo ( 81281 ) *
    Next time ask them to just tape a note to your front door with all the information instead; it would probably be more secure than unencrypted email. At least then you would know there is only one copy of the list that exists anyway. Sheesh.

    I always tell people that when they send email, they are essentially posting their note on a bulletin board down at the supermarket that could potentially be seen by the entire planet. Most people still don't get the "don't send passwords in email" thing though.

  • Comment removed based on user account deletion
    • Since the ball had already been dropped an fumbled a number of times, I think it was closer to the punting sound of them firmly kicking the ball into their own net.

      I'm actually tempted to tell them rip out their panel and get the hell away from me, but that's about a $10,000 decision. They are, to quote Jayne Cobb, "Damaging my calm."
      • Comment removed based on user account deletion
        • Not only did I cluebat them, I solicited them to hire me as a consultant to give them the education they so clearly need. :-)

          Oh, and I can't change the PINs because their secure website is down.

          • Re: (Score:1)

            by Timex ( 11710 ) *
            You do realize the potential for lost business they would suffer if you posted the name of the business here? Personally, I'm curious to know, so that I don't make the mistake of trying to depend on them.
            • I don't think my readership is all that high, but one never knows where stuff might get reposted so I decided to be discreet. (Even though my story is 100% factual, I have no desire to be hauled into court to prove it.)

              It's a widely-known franchise organization that, according to their website today, "serves more than 200 cities from more than 170 offices throughout North America." However, I do not have reason to believe that the problem does or does not extend beyond my local franchise.

              If you still want t

              • Re: (Score:1)

                by Timex ( 11710 ) *
                If you still want their name, feel free to email me and I'll tell you privately.

                No need. I found them.

                It makes sense now. The company had their start in the 1950s, when the founder was planing microphones to detect (and locate) termites. That explains everything.

                They even have three offices in my state. :\
          • Comment removed based on user account deletion

Slashdot Top Deals

I program, therefore I am.

Close