** sigh **

What do you do when you detect hacker-ish activity on your system at work, the system you are unofficially responsible for maintaining, since you are the only person able to figure out how to log in to the server?

According to company protocol, you report such activity to the security people.

You must be sure to include the information that the unfamiliar user ID logged in for a minute, then three minutes, then one minute, then five minutes, then half an hour.

Remember to pass on the information that this is two days after a complete system crash.

The security people will assure you that everything is fine.

In fact, they will send you ten different e-mails assuring you that everything is fine, and they are on top of things.

Then you will receive a phone call revealing that the strange user ID behaving hacker-ey was some idiot doing system maintenence who forgot to notify anyone.

The security people will ask that you make sure that a strange user ID is a strange user ID in the future before you notify them.

How do you verify that?

By notifying the security people.

Whom you are not permitted to notify until you have verified, which you have to notify them to do.


Light & Dark said...

Do you sometimes wonder how some of these folks manage to keep their jobs?

Corvus said...

They manage to keep their jobs because the industry seems to foster and reward a work ethic that blames every situation on someone else.

I've heard stories from with the IT department of another major retail chain that shock me. Entire procedures for store support put into place that lead... nowhere and no one thinking its a problem.

There's something broken in corporate America.

bod said...

believe me its not limited to any one country!

snowballinhell said...

Holy cow. What fun!

Dana said...