Journal peacefinder's Journal: Humor in IT security: "Kill Me Now" edition 9
We survived the move to our new office. No servers died, or at least not unrecoverably so. Critical systems downtime was seven and a half hours, which (amazingly) was bang-on my predicted downtime.
The building is designed from the ground up for our use. Among many other advantages, this let us design reasonably good physical security measures to protect our data. I can now (or can soon, anyway) confidently tell any HIPAA auditors that our servers' physical security is better than the vast majority of clinics our size. Like all medical clinics, we have a reasonably large store of data that's ideal for identity theft. Physical, electronic, or combined break-ins specifically aimed at our data are a significant threat that we need to counter. Our previous facility had irredeemably terrible physical security, so this is a really welcome change.
We're still working out some bugs with our alarm and access control company, though. They've really dropped the ball in a number of different areas, and if we weren't paying close attention we would never have known that they didn't meet our spec. I've got their feet held to the fire, and they're working to make it right.
They decided to be very diligent yesterday, to try to restore my shaken confidence in them. They wanted to make sure that my user list and alarm call list was correct. So they sent me a list that included our address, each person's name and PIN, and noted who was authorized to make changes to the security system. Everything someone needs to know to disarm the alarm while impersonating any user after entry.
By e-mail.
Not encrypted e-mail, either, even though they have my certificate in their inboxes from previous signed e-mails I've sent. (I'm not exaggerating when I say that they don't even know what S/MIME is
Now I get to change everyone's alarm PINs. I'm sure my staff will be thrilled.
Hahaha (Score:2)
I always tell people that when they send email, they are essentially posting their note on a bulletin board down at the supermarket that could potentially be seen by the entire planet. Most people still don't get the "don't send passwords in email" thing though.
Re: (Score:2)
Re: (Score:2)
I'm actually tempted to tell them rip out their panel and get the hell away from me, but that's about a $10,000 decision. They are, to quote Jayne Cobb, "Damaging my calm."
Re: (Score:2)
Re: (Score:2)
Oh, and I can't change the PINs because their secure website is down.
Re: (Score:1)
Re: (Score:2)
It's a widely-known franchise organization that, according to their website today, "serves more than 200 cities from more than 170 offices throughout North America." However, I do not have reason to believe that the problem does or does not extend beyond my local franchise.
If you still want t
Re: (Score:1)
No need. I found them.
It makes sense now. The company had their start in the 1950s, when the founder was planing microphones to detect (and locate) termites. That explains everything.
They even have three offices in my state.
Re: (Score:2)