|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: High ranking lusers
Rick Smith (rick_smith
securecomputing.com)
Thu, 16 Apr 1998 18:27:18 -0500
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: John McDermott: "Re: Intrusion Detection"
- Previous message: -= ArkanoiD =-: "ssh setup for scp?"
- Next in thread: carsontla.org: "Re: High ranking lusers"
Anonymous penned a Dilbertesque vignette:
>Little Boss: The Big Boss wants a shell script to be setuid root.
This one sentence says it all, the rest just fills in the other panels of
the comic strip.
We have here a failure to divide up responsibilities properly within the
company. It's bad business if a manager is responsible for system integrity
and also has business objectives that he can achieve by putting holes in
the system. This is like putting the same person in charge of both accounts
receivable and accounts payable, except the guy doesn't make money off of
it. Now, if Big Boss' fiefdom is the sole user of the computer in question,
then Big Boss is certainly within his rights to dig his own grave. On the
other hand, if this computer is shared by other departments (finance, HR,
operations, business development, etc) then he's indulging in truly bad
karma at a corporate level.
Ultimately, people are always allowed to do dumb things as long as the
company makes lots and lots of money off of it. Look at analog cell phone
security.
Rick.
smithsecurecomputing.com
- Next message: John McDermott: "Re: Intrusion Detection"
- Previous message: -= ArkanoiD =-: "ssh setup for scp?"
- Next in thread: carsontla.org: "Re: High ranking lusers"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:10:47 CDT