[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PGP in the workplace

Here's one I figure you all would just love:

Yesterday afternoon, I was told by some higher-level associates of mine
(not Management level, mind you, just people higher on the food chain) that
my use of PGP in the coporate environment was not appreciated and could
result in my being looked upon *very* unfavorably by the managerial crowd.
Without even delving into security reasons, I politely explained to them
that due to my job (which has several crypto-related applications) I needed
PGP to communicate with people and list-bots in the outside world (or they
could gladly pay for my formal training).  The just shook their heads and
said "be careful, you've been noticed".  I was then told to stop 'messing
around' in my shell account.  I asked what was meant by this, and
apparently it had been noticed that I had done a few things, which I had
done to simply check the security of my account, which could be viewed as
'inappropriate'.  You know what they were?

1. I checked to see if the passwd file was available to anyone (was it
shadowed, etc.).  This was seen as an attempt to GET the passwd file, and
thereby have access to sensitive data.

2. I change my password regularly (once a week).  Now this may seem
excessive (it apparently did to them), but you must understand that the
entire IS department is extremely buddy-buddy here.  Over half of the users
have root passwords on any given system.  I don't feel like sharing,
horrible me.  I guess my regular chaning of passwords was seen as a strain
on the system (ha!), as they didn't elaborate *why* I had been flagged for

Upon explaining to them that I was simply trying to make sure of my own
security, I was told that I was to just assume that I was secure, and that
*any* 'poking around' was found to be "highly aggravating" and could only
only "exascerbate the situation further."

Luckily, I had to get to class, so I cut the conversation before it could
get any more out of control.

Now, seeing as I'm fairly new to the Corporate world, but is this something
common?  I know when I was at college, poking around was expected and
encouraged, as it helped find and plug holes in the system.  But this is
almost like some kind of protection racket here!

Rick Osborne                     [email protected]
"Yes, evil comes in many forms, whether it be a man-eating
 cow or Joseph Stalin, but you can't let the package hide
 the pudding!  Evil is just plain bad!  You don't cotton to
 it.  You gotta smack it in the nose with the rolled-up
 newspaper of goodness!  Bad dog!  Bad dog!" - The Tick