Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: Phishing

  1. #11
    Orca Whisperer W3WN's Avatar
    Join Date
    Dec 2007
    Location
    Castle Shannon, PA
    Posts
    19,317
    Quote Originally Posted by KG4CGC View Post
    Has HR started an investigation into her past action(s) regarding her disregard for the security and reputation of the company?
    I would not be privy to such action, at least not at this time, due to company policies regarding confidentiality. Nor would I need to be; Ben might be called in, since he actually talked with her.
    “Nobody is going to feel sorry for us. 90% of the people don’t care, the other 10% are glad it happened.” — Clint Hurdle, 2019

    BAN THE DH!

    Fudd's First Law of Opposition: If you push something hard enough, it WILL fall down.
    Teslacle's Deviant to Fudd's Law: It goes in, it must go out.

    Just remember: Abraham Lincoln didn't die in vain. He died in Washington, DC

    Cutch 2K!!

    “Nero fiddled while Rome burned. Trump golfed.” — Bernie Sanders

    Quando Omni Flunkus Moritati


  2. #12
    "Island Bartender" KG4CGC's Avatar
    Join Date
    Mar 2007
    Location
    EM84ru, Easley SC
    Posts
    51,263
    In the past, you may have heard me refer to a company VP (VP over manufacturing) at the last "big manufacturing facility" I worked at as a "professional finger pointer." When I was let go for gross insubordination (no details, just gross insubordination) I was told that I wasn't a good fit for a company that I was already with for 13 years before she and her cronies got there.
    A year after that incident the company was sold and the new company, part of a world wide collection of facilities, moved this vice president to customer service. I mean she was literally the customer service person answering the phone at a desk in the foyer. You could call it some kind of Karmic justice etc because for the last several years she believed that she was at the top of the heap.
    The new company looked at her past actions within the company and realized that she didn't even pass the minimum requirements to hold a VP position much less posses the decision making qualities they expected out of a person in her position. Can we say, pettiness?

    I don't know if this story really relates. Sometimes I just like to watch myself type.

  3. #13
    Administrator N8YX's Avatar
    Join Date
    Feb 2007
    Location
    Out in the sticks
    Posts
    26,070
    Quote Originally Posted by KG4CGC View Post
    ... realized that she didn't even pass the minimum requirements to hold a VP position much less posses the decision making qualities they expected out of a person in her position. Can we say, pettiness?
    The term you're looking for is "cronyism". That, and possibly what she had on a few people.
    "Everyone wants to be an AM Gangsta until it's time to start doing AM Gangsta shit."

  4. #14
    Orca Whisperer W3WN's Avatar
    Join Date
    Dec 2007
    Location
    Castle Shannon, PA
    Posts
    19,317
    Well, the paraphrased word from above is...

    The official decision is that despite the poor judgement shown, there was no "incident" since nothing actually happened. (I know, but that's the way Management is looking at it)

    Because of the poor judgement and the technical (personally, I think not so "technical") violation of security procedures, the user will be undergoing re-education, err, retraining. There will be a severe warning.

    Yes, she will be approached, and informed of her transgression in an even firmer tone of voice, adding "or else".

    ... do I think it's enough? Knowing the user? Nope. She's going to sit there, agree with everything, and forget every word the moment Ben is done. She is of the mindset that she does things her way and that's all there is to it.

    However, I'm not unaware that considering her age, management is concerned about unintended consequences. In other words, if they summarily fire her, or severely discipline her, she is the type to go crying "discrimination!", make a lot of noise, and create a lot of bad press. Never mind the bad press etc. we'd get if we actually did get hacked through her actions.

    Feh. Well, it's out of my hands at the moment anyway.
    “Nobody is going to feel sorry for us. 90% of the people don’t care, the other 10% are glad it happened.” — Clint Hurdle, 2019

    BAN THE DH!

    Fudd's First Law of Opposition: If you push something hard enough, it WILL fall down.
    Teslacle's Deviant to Fudd's Law: It goes in, it must go out.

    Just remember: Abraham Lincoln didn't die in vain. He died in Washington, DC

    Cutch 2K!!

    “Nero fiddled while Rome burned. Trump golfed.” — Bernie Sanders

    Quando Omni Flunkus Moritati


  5. #15
    Administrator N8YX's Avatar
    Join Date
    Feb 2007
    Location
    Out in the sticks
    Posts
    26,070
    The important thing here is to get a record of her actions on file with your HR department, complete with punitive measures and corrective plans.

    If it can be proven - that in spite of such direction and mandate - she continues to knowingly and willingly flaunt your company's Information Protection Policy (assuming you have one) it won't matter if her name is Methuslaeh when the issue of termination comes up.

    Here's where the detective and preventive technical controls I mentioned earlier can be of great benefit: All the proof you need regarding an evidentiary trail is in the logs.
    "Everyone wants to be an AM Gangsta until it's time to start doing AM Gangsta shit."

  6. #16
    Orca Whisperer W3WN's Avatar
    Join Date
    Dec 2007
    Location
    Castle Shannon, PA
    Posts
    19,317
    Without going into the gory and boring details, suffice to say that HR is aware, and the documentation is in order.
    “Nobody is going to feel sorry for us. 90% of the people don’t care, the other 10% are glad it happened.” — Clint Hurdle, 2019

    BAN THE DH!

    Fudd's First Law of Opposition: If you push something hard enough, it WILL fall down.
    Teslacle's Deviant to Fudd's Law: It goes in, it must go out.

    Just remember: Abraham Lincoln didn't die in vain. He died in Washington, DC

    Cutch 2K!!

    “Nero fiddled while Rome burned. Trump golfed.” — Bernie Sanders

    Quando Omni Flunkus Moritati


  7. #17
    "Island Bartender" KG4CGC's Avatar
    Join Date
    Mar 2007
    Location
    EM84ru, Easley SC
    Posts
    51,263
    Quote Originally Posted by N8YX View Post
    The term you're looking for is "cronyism". That, and possibly what she had on a few people.
    Well yes, there was cronyism. She was ex side piece of one of the other VPs and an ex sister in law of the CEO.
    Her decisions were oft based on us floor people being the scum of the Earth.

  8. #18
    Administrator N8YX's Avatar
    Join Date
    Feb 2007
    Location
    Out in the sticks
    Posts
    26,070
    Quote Originally Posted by KG4CGC View Post
    Well yes, there was cronyism. She was ex side piece of one of the other VPs and an ex sister in law of the CEO.
    Quoting Ron's post above yours as relates to a past situation:
    Without going into the gory and boring details, suffice to say that HR is aware...
    ...and in this case, their lead investigator was one of my teammates, who - along with me - watched said Side Piece derail more than a few promising careers due to personal bias.

    The thing about cronies, protectionism, affairs with the boss(es) and so forth is that these things too are subject to discovery, and once Counsel gets hold of such information it doesn't matter who you are...you're outta there.
    "Everyone wants to be an AM Gangsta until it's time to start doing AM Gangsta shit."

  9. #19
    The Fluid of Spock KD8TUT's Avatar
    Join Date
    May 2016
    Location
    Lake Michigan Beach MI
    Posts
    2,194
    Quote Originally Posted by W3WN View Post
    Ah, yup.

    Unfortunately, I don't believe (Middle) Management will take this type of thing seriously until someone gets hosed. And we've had some close scares before, but nothing... yet. They are not grasping that just because we keep dodging bullets doesn't mean we will always be able to do so.

    The owners do take it seriously, but when it comes to things like this person's actions, they may not hear about it from middle management until it is too late.

    IT takes it VERY seriously. And our boss is dealing with this. Suffice to say that the excuse of "oh, she's been here many years and is set in her ways" is NOT an acceptable answer -- to us.
    We've got a sys admin who is hanging some windows servers out on the net without being patched for wannacry. I noticed it and bounced it up the chain loudly.

    Monday when I come in and the sans are encrypted, I expect a promotion... right after he is exited from the building.
    --
    So there I was, totally naked. With only a rubber hose and a stuffed animal...

  10. #20
    Administrator N8YX's Avatar
    Join Date
    Feb 2007
    Location
    Out in the sticks
    Posts
    26,070
    Quote Originally Posted by KD8TUT View Post
    We've got a sys admin who is hanging some windows servers out on the net without being patched for wannacry. I noticed it and bounced it up the chain loudly.

    Monday when I come in and the sans are encrypted, I expect a promotion... right after he is exited from the building.
    Exposing SMB/CIFS through a firewall without benefit of a VPN and inline IDS/IPS ought to be grounds for termination itself.
    "Everyone wants to be an AM Gangsta until it's time to start doing AM Gangsta shit."

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •