Publicly available passwords
One of our departmental accounts was having trouble logging in. When I looked at their LDAP entry, I noticed that their home directory was wrong. In fact, it didn’t look like a home directory at all. It looked like a password—the kind of password that a system administrator might choose.
I went off to find someone who might know more, and ran into two of our system administrators, one of whom was the person who had earlier defended the universal back door.
“Do either of you recognize xxxxxx—”
“—bang?”
“Yes.”
“We use that password on a lot of our systems; why?”
“The student health center account has that as their home directory. It’s publicly available on our LDAP directory.”
“Crap.”
Now, mistakes happen. Something like this is bound to happen at least once in a system administrator’s life. That’s why it’s important to make sure that no one password can unlock everything. Fortunately this system password wasn’t the universal password. It’s been several months now, and the “weekend” backdoor is still there.
In response to I can’t think of any other way to do it: There is no system so insecure that a rushed migration can’t make things worse.
More job rants
- Save Me Time, Save Yourself Trouble: Buy Macintosh
- Why the Internet support specialist wants you to buy Macintosh. Hell hath no fury like a Windows user who discovers the Macintosh advantage.
- Anticipating failure
- Whenever a computer expert claims that you won’t have to open the window and that it is okay to seal it shut, require that somewhere on their upgrade they have to include Douglas Adams’s quote about air conditioning.
- IT’s rarefied view of obsolescence
- In IT, where everyone ends up trying to get the latest equipment, it is easy to forget that the rest of the world keeps using things until they are no longer useful.
- Losing and missing the point
- Two random and exceedingly boring observations about letting people play free, and the weight of unquestioned tradition.
- The Slashdot security test
- I’ve found the Slashdot Security Test invaluable: if we implement this process and we get hacked, how will Slashdot posters react?
- 13 more pages with the topic job rants, and other related pages