Thanks. 100% true story + federal investigation. State lines were crossed, and millions of dollars were at stake.
-- Espi On Wed, Apr 27, 2016 at 2:39 PM, Dave Lum <l...@ochin.org> wrote: > That’s a perfect example Michael. > > > > Or, let’s say I am in IT at Target, maybe later I move into IT at an HVAC > company that has VPN access to Target (IT guys working at companies that do > business with their former employers? Never happens right?). Maybe my PC at > the HVAC place get compromised and since Target never disabled my account > and I use the same password at %newjob% as I did %oldjob%, a simple hop > over VPN now leverages the access I had at Target… > > > > Except what actually happened with Target was more **harder** than what I > described above. > > > > IMO any place that doesn’t require a password expiration of any kind is > likely (exceptions to this, sure) the same place that doesn’t have a > process for disabling all the access former employees have. > > > > Dave > > > > *From:* listsadmin@lists.myitforum.com [mailto: > listsadmin@lists.myitforum.com] *On Behalf Of *Micheal Espinola Jr > *Sent:* Tuesday, April 26, 2016 6:31 PM > *To:* ntsys...@lists.myitforum.com > *Subject:* Re: [NTSysADM] RE: Password expiring debate on patch management > > > > 1. Old admin knows many management passwords > 2. Old admin goes to work for competitor > 3. Company and competitor are up for same contracts > 4. Old admin remotes into company to look at emails and presentation > materials > 5. Competitor starts taking business from company by usurping sales > pitches in very specific ways > 6. I get hired 2+ years after old admin in question > 7. I review remote logs to establish behavioral patterns > 8. I see odd logon behavior and trace repetitive IPs > 9. I trace IPs to competitor as well as old admin specifically > > > > I am Jacks complete lack of surprise when management doesnt change their > password and uses the same passwords for many things. > > > > > > > -- > Espi > > > > > > On Mon, Apr 25, 2016 at 4:27 PM, Kennedy, Jim < > kennedy...@elyriaschools.org> wrote: > > > > "Even six months is far better than never" > > > > Why? > > > ------------------------------ > > *From:* listsadmin@lists.myitforum.com [listsadmin@lists.myitforum.com] > on behalf of Dave Lum [l...@ochin.org] > *Sent:* Monday, April 25, 2016 6:58 PM > *To:* ntsys...@lists.myitforum.com > *Subject:* [NTSysADM] Password expiring debate on patch management > > Anyone see the debate on the Patch management list, driven by this: > https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry > > > > I don’t even know how it’s a debate other than the desired frequency (no > one-size-fits-all on that IMO). Even six months is far better than never. > With expiring passwords you at bare minimum mitigate employee’s that leave. > > > > *David Lum* > > *Systems Administrator III* > *P:** 503.943.2500 <503.943.2500>* > *E:** l...@ochin.org <l...@ochin.org>* > *A:** 1881 SW Naito Parkway, Portland, OR 97201* > > > [image: Facebook Link] <https://www.facebook.com/OCHINinc>[image: Twitter > Link] <https://twitter.com/ochininc>[image: Linkedin Link] > <http://www.linkedin.com/company/ochin> www.ochin.org > [image: OCHIN email] > > > > > > > > > > > > Attention: Information contained in this message and or attachments is > intended only for the recipient(s) named above and may contain confidential > and or privileged material that is protected under State or Federal law. If > you are not the intended recipient, any disclosure, copying, distribution > or action taken on it is prohibited. If you believe you have received this > email in error, please contact the sender with a copy to > complia...@ochin.org, delete this email and destroy all copies. > > > Attention: Information contained in this message and or attachments is > intended only for the recipient(s) named above and may contain confidential > and or privileged material that is protected under State or Federal law. If > you are not the intended recipient, any disclosure, copying, distribution > or action taken on it is prohibited. If you believe you have received this > email in error, please contact the sender with a copy to > complia...@ochin.org, delete this email and destroy all copies. >
