Forgot your password?
typodupeerror

88% of IT Admins Would Steal Passwords If Laid Off 448

Posted by ScuttleMonkey
from the you-know-they-have-conjugal-visits-there dept.
narramissic writes "According to identity management firm Cyber-Ark's annual 'Trust, Security & Passwords' survey, a whopping 88% of IT administrators would steal CEO passwords, customer database, research and development plans, financial reports, M&A plans and the company's list of privileged passwords if they were suddenly laid off. The survey also found that one third of IT staff admitted to snooping around the network, looking at highly confidential information, such as salary details and people's personal emails."
This discussion has been archived. No new comments can be posted.

88% of IT Admins Would Steal Passwords If Laid Off

Comments Filter:
  • by Anonymous Coward on Friday August 29, 2008 @03:42PM (#24799455)

    99% of men masturbate. The other 1% are lying.

    • Re: (Score:3, Funny)

      by couchslug (175151)

      "99% of men masturbate. The other 1% are lying."

      I never masturbate, but I don't advise licking the stalactites in my cubicle.

  • Not reasonable (Score:5, Interesting)

    by linear a (584575) on Friday August 29, 2008 @03:42PM (#24799459)
    Sounds like an unreasonable estimate to me. If people were that vindicative and dishonest then IT (and similar) systems wouldn't ever keep working.
    • Re: (Score:2, Funny)

      by Anonymous Coward

      we store all our important details in a seperate UNIX user account, whose password we don't divulge to sys-admins, so good luck stealing our documents...

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        in most cases IT has root- and/or physical access to the servers which means your password is merely gonna hold any determined sysadmin back for a few minutes.

        Unless you're using additional measures (certain methods of encryption for example) the "security measures" you desribe arent worth a thing

      • by diskis (221264) on Friday August 29, 2008 @04:06PM (#24799959)
        I store my passwords on yellow post-it notes next to the computer. Never seen a sysadmin getting out of the basement, so I assume my passwords are safe.
    • Re:Not reasonable (Score:5, Insightful)

      by MagusSlurpy (592575) on Friday August 29, 2008 @03:48PM (#24799569) Homepage

      Sounds like an unreasonable estimate to me.

      I would be much more interested in the percentage that has already stored such information just in case such an eventuality occurred.

    • Re: (Score:3, Insightful)

      by lena_10326 (1100441)
      I think the reasons systems continue to work after a lay off (or firing) is that the last person laid off (or fired) would be the first suspect for criminal sabotage. IT people are usually of higher than average IQ... and it doesn't take a trained monkey to figure out you'd be the first to receive a knock at the door by a detective should entire databases or source code trees mysteriously disappear.
    • Re:Not reasonable (Score:5, Insightful)

      by MightyMartian (840721) on Friday August 29, 2008 @04:04PM (#24799911) Journal

      A company hawking privacy management claims your IT department is filled with thieves and extortionists. Shocking, I tell you, shocking!!!!

    • Re: (Score:3, Insightful)

      by D'Sphitz (699604)
      I agree, this doesn't seem right. Regardless of any moral or legal implications, I would just simply have no desire to steal business data or passwords or open backdoors for myself. I can't imagine that i'm in the minority, what use would it be?

      I can't believe 88% of those surveys would steal data simply because they were layed off, presumably to turn to a life of crime that would likely pay less than just getting another IT job. We're not talking about janitors stealing trash liners here, IT Admins mak
    • BOFH (Score:5, Funny)

      by Archangel Michael (180766) on Friday August 29, 2008 @04:14PM (#24800133) Journal

      You've never seen my personal IT Bible, the Archives of the BOFH.

      He exemplifies keeping a system running smooth THROUGH vindictive and dishonest means.

      He's my Hero.

    • Re:Not reasonable (Score:5, Interesting)

      by mccabem (44513) on Friday August 29, 2008 @05:01PM (#24801185)

      Sounds like an unreasonable estimate to me. If people were that vindicative and dishonest then IT (and similar) systems wouldn't ever keep working.

      Why is Parent comment not modded "Funny"?

      A) I don't know if I would have guessed these numbers exactly, but it certainly shouldn't be a totaly surprise to anyone who's worked in IT for any length of time. B) 300 is not even close to a statistically relevant sample size.

      That said, the part that I think is interesting is that this corruption is more intense the higher you go in the corporate ladder. What makes that funny upon interesting is that I think the C-level folks may think they're the only ones who do this - this article might actually be news to them. Now that is funny!

      Layoffs, by the same token, in practice are generally every bit as corrupt, vindictive (in who gets selected to go) and dishonest (they're usually to boost quarterly profits). Businesses still work (relatively speaking anyway) in spite of that as well.

      I'd say this article and the study itself are slanted against workers.

      -Matt

      P.S. This is another POS Computerworld article - Computerworld UK this time. IMHO, anyway.

  • a survey (Score:5, Insightful)

    by Joe the Lesser (533425) on Friday August 29, 2008 @03:42PM (#24799461) Homepage Journal

    Yea, and I'm training to be a cage fighter.

    More like 88% of IT Admins like to say they would steal CEO passwords if laid off, but something tells me when the time came to break the law they would let the opportunity slide.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      I could program a virus that would rip that place off bigtime......bigtime

      • Re: (Score:2, Funny)

        by Anonymous Coward

        I could program a virus that would rip that place off bigtime......bigtime

        I believe you have my stapler.

    • Re:a survey (Score:5, Insightful)

      by BobMcD (601576) on Friday August 29, 2008 @03:49PM (#24799583)

      ...but something tells me when the time came to break the law they would let the opportunity slide.

      And they'd be wise to do so. Anyone who thinks that stealing such things once laid off is a bright idea just does not have a criminal mind.

      Think it through, fellas - what, exactly, do you plan to DO with this data?

      Do you intend on working in your field, ever again?

      How do you feel about seeing the inside of a federal prison??

      Seriously, lay off the power trip. It's just a fucking job. Don't screw up your ENTIRE life just because you have the password...

      • Re:a survey (Score:4, Informative)

        by jav1231 (539129) on Friday August 29, 2008 @04:16PM (#24800165)
        I dunno. I know a co-worker who was offered some good money for a customer database. He didn't sell it but could have and likely could have gotten away with it.
        • This is a press release after all. A sales tool which provides none of the security questions, nothing about the sample group or methodology and none of the responses for you the reader to review.

          I'd guess that they probably used a lot of leading or misleading questions in a poorly defined sample group simply to release some press kit.

          Which makes them sales people and that's a much lower rung in the IT world.
      • Re: (Score:3, Funny)

        by Ancil (622971)

        How do you feel about seeing the inside of a federal prison??

        Depends.. Would that be "Conjugal Visit Prison", or "Pound Me In The Ass Prison"?

      • Re:a survey (Score:5, Interesting)

        by mikael (484) on Friday August 29, 2008 @04:33PM (#24800529)

        If you are that good as a IT admin (or any other position, for that matter), if you are that good, they will have already done more damage to the company by firing you, that you could do deliberately back to them.

        Recruiters estimate that simply by firing one person and hiring another, a company will lose around $120,000 in productivity alone; HR and accounting paperwork to fire that person, redundancy payments for several months in advance, along with recruiters fees to find someone new, time taken by existing employees to interview possible candidates, more HR and accounting paperwork to hire the person if there is a match, and time taken by the new employee to get up to speed. Not even considering that other people may be waiting for various tasks to be completed by the person in that position.

        • by IBitOBear (410965) on Friday August 29, 2008 @08:42PM (#24804567) Homepage Journal

          ... Is being missed.

          I was vindictively fired by a total idiot. I made sure that everyone I knew at the company knew the hows and whys of my dispute (including where I _was_ at fault). I also always start grooming my replacement the first day I take a job or can identify the best guy to replace me, because who wants to be stuck in the same job forever.

          In the days following my firing I took several opportunities to talk the guy who replaced me (my friend Dan) how to lock me out of various machines and such.

          For almost eighteen months people at that job were forced to say "is a good thing (my name) made sure we had extra capacity laid in while the trench down the block was opened", or thing-x was purchased, or policy-y was in place.

          By the end of that eighteen months, the guy who had fired me had been shown to be the kind of person who he was, and he was invited to leave the company. (I was long gone and made no attempt to return.)

          If you have to "do something" to your company to make them feel the pain of your absence when you are gone, you weren't previously doing your job.

          Competence, and never looking back except to laugh, is the best revenge ever.

      • Re:a survey (Score:5, Interesting)

        by Lumpy (12016) on Friday August 29, 2008 @04:42PM (#24800787) Homepage

        I agree, accidently deleting a huge database is better. go in, yank 1 cable from the back of the server and plug it back in from one of the power vaults to the Raid 50 and the raid will eat it's self over the course of 2-3 days. Without any admins familiar with it, they will not get the pile of raid failure warnings until most of the DV and files are corrupt. Bonus points if it takes 2-3 weeks and all the backups are corrupted as well.

        Impossible to trace or prove anything was intentional, and it screws them good.

        There are at least 80 other ways to cause gradual data corruption that without familiar IT staff on hand will grow out of control by the time someone finds it.

        Screw stealing passwords or data, just start a chain of unfortunate events.

        MY favorite is to make some very restrictive rules in the company firewall and then save it, revert to the old rules right before you're laid off. the date stamp will be from months previous and confuse anyone tromping around in it.

    • Re:a survey (Score:5, Insightful)

      by ivanmarsh (634711) on Friday August 29, 2008 @04:06PM (#24799953)

      Uh... as the admin what need do I have for the CEO's password? I have more access to the network than he does.

      I'd have to agree this whole article sounds like BS to me.

      • Re: (Score:3, Interesting)

        Good for you that you don't have a criminal mind.

        Snagging the CEO's password isn't about access to the network.
        It's about impersonating the CEO.

        E.g. Go to some underfunded public library far from your home, install the VPN client from the disk you have laying about at home... whoala... You can send,receive,reply to,and delete email as the CEO. Imagine the damage you could do. Likely the best tactic would be to not "invent" anything, but just forwarded well chosen items from his Sent Items folder to t
    • Re: (Score:3, Interesting)

      by digitalhermit (113459)

      I dunno..

      I've worked at some companies that were really strange. In one particular place the CTO had some interesting files in his share. Now I'm a not a prude by any means, but this guys share had some weird sh*t. At least my p0rn is wholesome (yeah yeah, one man's wholesome is another man's bestiality... baaaah and moo to you). It's tough not to notice when the guys fileshare took up close to 80G out of the 100G allocated to the entire company (this was the days before 1TB drives were common).

      They guy was

  • by steveo777 (183629) on Friday August 29, 2008 @03:42PM (#24799467) Homepage Journal

    12% of all admins were laid off today in order to clear up resources for paying ransom on old passwords...

  • New Poll (Score:5, Funny)

    by Mishra100 (841814) on Friday August 29, 2008 @03:42PM (#24799469)

    88% of IT Admins Would Steal Anything to get Laid

  • Don't lay off the IT guys.
  • by Colin Smith (2679) on Friday August 29, 2008 @03:43PM (#24799475)

    Let me guess...

     

  • Better go the pre-emptive way: make offside backups before the shit hits the fan.

  • by dthrall (894750) on Friday August 29, 2008 @03:45PM (#24799497)
    I'm actually surprised at this claim. It would be nice if they posted some additional info, like their sample size, etc. Sorry, I just seriously can't believe that 9 out of 10 people would maliciously act in this manner. Snooping over the network out of curiosity, I'll buy that one.
    • by Colin Smith (2679)

      Snooping over the network out of curiosity, I'll buy that one.

      Snooping over the network is part of an admin's job.

       

  • But... (Score:5, Insightful)

    by lucky130 (267588) on Friday August 29, 2008 @03:45PM (#24799499)

    How many of them are just saying that to sound cool?

  • I hate these sensationalist statistics. How many people did they ask? What's the report's definition of 'admin'? etc etc

    95% of statistics are made up on the spot.
  • by FliesLikeABrick (943848) <ryan@u13.net> on Friday August 29, 2008 @03:45PM (#24799517)
    What ever happened to sysadmins being known for having strong/good morals and ethics?
    • The PHB has beaten it out of them.

    • by knarfling (735361) on Friday August 29, 2008 @04:07PM (#24799963) Journal

      When someone is laid of for no apparent reason, they often feel hurt and betrayed. A natural reaction is that the trust between them has already been destroyed.

      At one company I was with, a sysadmin was on a conference call, and had his hands full when the call ended. The CEO never hung up the phone, and started talking to his assistant about people loosing their jobs and how much severance would be paid. The sysadmin, who probably should have hung up when he was first able to, couldn't resist listening for a short time. After a couple of minutes, the CEO finally realized that his phone was still on, and hung up the line. By that time, the sysadmin knew that several people would be laid off soon, but not how soon, or which people.

      He informed a couple of his friends that the company was in worse shape than he had realized, and discretely began updating his resume. Within a month, the company was bought out and closed down by another company and everyone lost their jobs. He was asked to stay on as part of the transition team and that the new company would pay him, but after a couple of days, it was clear that he had been working for free and the new company was not going to honor the agreement.

      At that time, he still had sysadmin access, and began to look through emails of the former employees. Some, including the CEO, were still getting and sending emails through web access through the old company server. He learned that although the board of directors did not want to spend the money to make sure that the fired employees could still have health insurance for a couple of months, they were willing to give the former CEO $25,000 for his efforts.

      I have always said that a good sysadmin knows all the secrets of a company, but a great sysadmin knows when not to look. In this case, was the sysadmin justified in looking after he had been promised to be paid and then told he was not being paid? (Yes, his access should have been cut off, but he was the one who would have had to cut himself off and he was never told to do so.)

      Although this situation may be unique, I think that many sysadmins may feel the same way. Once they are betrayed, they no longer feel the need to stay loyal to those that betray them.

    • Re:Strong morals? (Score:4, Insightful)

      by pla (258480) on Friday August 29, 2008 @04:28PM (#24800429) Journal
      What ever happened to sysadmins being known for having strong/good morals and ethics?

      And they do - Those morals and ethics just don't overlap 100% with "corporate policy" (or for that matter, "the law").

      And I don't mean that as a joke... IT pros have a rather unusual role in the history of humanity, in that without trying, we become aware of far more details of peoples lives than they realize. Even priests in the confessional don't have the insight we do - People can lie to their priest. They can't lie about logfiles.

      People, as a whole, count as (by their own standards) hypocritical perverted criminals. They all (and I mean that deliberately as an unqualified universal quantifier) do things they would themselves describe as disgusting and/or reprehensible if asked in a neutral context. They all steal, they all lie, they all cheat, they all put #1 ahead of everything else unless pretending to do otherwise will result in a self-preferable outcome.. And you expect those of us who know (rather than merely suspect) this to have a traditional world-view when it comes to right and wrong?

      I think the survey should have asked a slightly different question, to make it more meaningful... "Do you already have memorized enough info about the company to bring it to its knees if you decide they've really screwed you over"? And I'll bet you'd get a similarly high percentage answering "yes".
  • Survey is Pants (Score:5, Insightful)

    by Fox_1 (128616) on Friday August 29, 2008 @03:46PM (#24799523)
    nothing to see here:

    "According to identity management firm Cyber-Ark's annual 'Trust, Security & Passwords'"

    Making the IT folk out to be bogeymen is great business for security pros. I'm sure there are some idiots out there, but most IT people are normal honest people like anybody in any other profession. I don't buy that we are so far off the curve, 81% is bullcrap and makes me question everything about that company and it's motivations and methods for the survey.

  • by Arc the Daft (1340487) on Friday August 29, 2008 @03:47PM (#24799551)
    A firm selling data security products claims that people with access to sensitive information can't be trusted. News at 10.
  • by Rob Kaper (5960) on Friday August 29, 2008 @03:48PM (#24799563) Homepage

    I haven't, I wouldn't. At best you encounter some of those things during ordinary work or even unproductive boredom.. but I totally see no value in having such details of a place you no longer work.

    (Of course here in Europe there's a due notice so you have plenty of paid time to find a new job, but still..)

    Maybe I'm just daft or weak?

    • by sam_paris (919837)
      Same here, this study is clearly bullshit. I do quite a bit of DBA'ing for my company and have access to all the various DB's including customers and staff, blackberry etc and to be honest, i've never snooped or been inclined too, I find it all very boring. In addition, it's never smart to burn bridges, if I did leave the company why risk a good reference or criminal charges?

      If i'm using the DBs i'm either making some necessary modifications or doing some sort of profiling/tracing. If i'm not using the D
  • .. I have a 120dpi scanned transparent GIF of the CEO's signature.

  • Just because we are talking about technology workers does not imply that they are a more virtuous bunch. Unethical behavior has existed as long as man, and if anything a scumbag is helped immensely by the power of technology to do immense damage.

  • Let me guess (Score:5, Insightful)

    by Kjella (173770) on Friday August 29, 2008 @03:49PM (#24799581) Homepage

    ....you take a survey saying something like "Have you in your work had access to..." or "Have you known company information after leaving..." which you often have then tweak it into "IT admins spy on you and will steal your IP" in order to make FUD and sell your product? I think I know enough people in the IT business to tell that these numbers are horribly off.

  • The other 22%... (Score:5, Insightful)

    by AioKits (1235070) on Friday August 29, 2008 @03:49PM (#24799591)
    It could be just me, but I honestly don't care enough about what other employees or coworkers are doing to bother sneaking about their crap. If it's anything like their desktops, I'm probably going to see hundreds of cute kitten photos, pictures of family and a bunch of music hidden under folders named things like, "NotMP3s".

    When I was an admin (short stint so I could pay bills, 3 years) I usually didn't give a rat's ass about what the users stored on their system unless it showed up in my virus scan reports or I was told to investigate someone due to "suspicious behavior". (BTW folks, before you get off on the 'evil spying on users' tangent for me, it was only twice and it was two girls working in tandem selling info to another company on how much certain people were paid.) I never could understand the whole "I have the power!" attitude some people showed when it came to passwords or how they'd screw the company if they were laid off. If I felt I was unfairly fired or downsize or funsized, whatever, that's what my lawyer is for (he works for cheap cause I fix his laptop, heh). Why complicate issues by fudging with the network access?

    Maybe I'm just too young to understand yet. Now if you'll excuse me, I have to play with my army men, we're planning an attack on the tan army on the coffee table and I gotta move equipment for em.
    • by AioKits (1235070)
      The other 12%, damned carpal tunnel... Must proofread more often. *sighs and puts on giant bullseye* Hit me where it counts boys, in the math skills.
    • by CFTM (513264) on Friday August 29, 2008 @04:11PM (#24800067)

      As a system admin who has access to ten years of email at an institutional finance firm, I can tell you that I have absolutely no desire to go through these records; sure there would be juicy tidbits about office relationships, hot stocks, whose getting what promotion etc but your integrity is way too valuable for any such tomfoolery. Moreover, my experience is that my coworkers have pretty much all been of like-mind. There's just no upside to doing any of the things listed in this article; it most certainly will not get your job back nor will it help you get another job and as has been said before it will get you put in jail.

      And, as was said earlier, it's so shocking to find a company that does security consulting say that the weakest link in your security chain is your people, I mean who would of thunk it? Oh wait, Michael Milken did way back in the 80's and I'm sure someone else did it before him...

  • by LibertineR (591918) on Friday August 29, 2008 @03:51PM (#24799613)
    ...which almost never happens.

    Typically, (at least in companies with some sense) the decision to remove an IT worker is made in advance, with steps taken to drastically reduce that individual's ability to do damage.

    Rarely, is an IT worker told about their demise until steps are in place to have someone watch that person pack their belongings, upon which they are escorted to the door. They would be lucky to steal their favorite coffee mug is such cases.

    Stupid is the company that gives notice to someone with keys to the kingdom, except in cases where the person is needed to stick around to train their own replacement.

    But then, anyone who would agree to do that without MASSIVE compensation, is a pussy.

    That said, I do know a guy who kept a series of special GPOs at the ready when he figured he was on his way out of HP back in the day...

  • 80% of people talk big about all kinds of hypothetical situations and then turn tail when push comes to shove.

  • Seriously? You'd steal passwords just because you were laid off?

    Remember that layoffs aren't the same as being fired. If you're laid off, you're likely to get a good recommendation from your boss for new jobs you apply for. Why would you want to burn that bridge?

    Now, if you were fired because your boss was incompetent and used you as a scapegoat I could sympathize, not condone, but sympathize.

    • Re: (Score:3, Informative)

      by MattBurke (58682)

      What if a company decides to make you "redundant" with zero warning (illegal in the uk) and zero severance package (also illegal in the uk)

      You're being fired on the spot without being paid for the last few weeks work, but they call it a layoff, so you're fine, right? You'll get your severance in 6-12 months through a tribunal. Well, half of it after the no-win-no-fee solicitor's had his share...

      Your potential employer wants a reference. Do they get it? Do they hell. Legal recourse? None. You want to pay you

  • by Just Some Guy (3352) <kirk+slashdot@strauser.com> on Friday August 29, 2008 @04:01PM (#24799827) Homepage Journal

    If I'm ever show to the door, I would insist on my ability to operate on the system being terminated at that moment. I don't want VPN access. I don't want an email account. I don't want SSH keys. I sure don't want the boss's password. Why? Because I don't want to be accountable for anything that goes wrong afterward.

    Think about it, people. If the IDS catches you SSHing in a couple of weeks after you've left, then they have carte blanche to hold you responsible for whatever breaks, even if it's totally unrelated. Good luck convincing a jury that Oracle coincidentally just happened to explode an hour after you logged into your old workstation. Seriously, what good can possibly come from putting yourself in that situation?

  • by the fact that Cyber Ark's business is privledged account management, would it?

  • It was also discovered that 12% of IT Admins lie on surveys.
  • by Ohio Calvinist (895750) on Friday August 29, 2008 @04:05PM (#24799915)
    TFA was very vauge in how they frame "stealing." When I have left (of my own accord) a job, there is invariably a certain amount of information written in my notebooks when I pakc up my cube that probably contain some user/password items, hostnames, door codes, etc. If you call that "stealing" i'd say the statistic is right.

    When I am leaving a job, I'm not actively concerned in making sure every piece of knowledge about my tenure is forgotten and every napkin I may have scribbled something on is returned or destroyed, and every backup I've made is destroyed because I use a lot of the scripts/docs/etc... as part of my new job hiring interview. Conversely, most firms I've worked at haven't changed their admin passwords or door codes when I left, so they don't seem particularly concerned either. (Which may or may not be normative.)

    I would say that the time when most IT folks are going out of their way to collect information is if they feel like they're being setup for the fall guy. At my last gig my project lead liked to broadcast the whole group when a server went down (blaming me) so I was maticulous to keep a copy of every log, logon time, email from her, so when I was accused, I could defend myself to our supervisor. If you're being laid off for some straight-up BS; and you're acute enough to see it coming, you better bet I'm going to collect as much as I can to clear my name. Beit to that firm or my new employer should I get a bad reference.
  • What? (Score:3, Funny)

    by rickb928 (945187) on Friday August 29, 2008 @04:27PM (#24800415) Homepage Journal

    I probably already had them, no need to steal them on the way out the door.

    Seriously, I'm kinda glad to not be doing sysadmin stuff any more, except for my own systems. I was called in pretty regular in the old days to 'secure' the system just in advance of the incumbent being dismissed. Always a nasty business, both because the incumbent was usually capable of great harm, and because their boss was invariably 'difficult', and often wanted guarantees that the fired employee would never get back into their systems. I told one CFO that you could only be sure if you cut off both hands, put out both eyes, and seal him in a grave. Funny, the CFO took more than a moment to tell me that wasn't an option. I know he was wondering if the lawyers could be more effective.

  • by grikdog (697841) on Friday August 29, 2008 @04:29PM (#24800449) Homepage
    I routinely gave my superviser written memoranda with my passwords written on it, the last time I worked in the shrinkwrap software industry. When the inevitable (and somewhat volatile) parting of the ways finally came, I got even by doing absolutely nothing. Information entropy had miraculously lost, hidden or evaporated every memo of mine, along with every trace of me in my spotlessly clean cubicle, so when my work (plastered with non-disclosure agreements in effect for two more years) suddenly became unavailable in plain sight -- Microsoft Windows 2000 was one thing they did VERY well -- I'll be doggoned if I could recall my password! Struth, too. I always picked 32 character secure passwords, just like Best Practice, and those things are darned hard to reconstruct after a week or so of cooling off. They didn't offer hypnotherapy. They fired my super, too. Moral: Never, ever call a damn fine programmer analyst a "coder."
  • by Sparr0 (451780) <sparr0@gmail.com> on Friday August 29, 2008 @05:20PM (#24801563) Homepage Journal

    If the company considers salary information "highly confidential", they have bigger problems than their IT staff.

  • by MerlynDavis (637066) on Friday August 29, 2008 @06:22PM (#24802817)
    I not only insisted that they change all the passwords I knew by heart, but I asked them to go through the entire list of passwords I might have access to and change them. I worked with my replacement to make sure that every password was changed properly, and that any access I might have had was closed off.

    The last thing I wanted was to be in a position where someone hacked the systems and I got blamed because I "knew the passwords"....

    I even handed over my personal notes on the network and had my boss shred the ones he didn't need before I left.

    I can't believe there are that many admins who have that little respect for themselves that they'd be willing to steal passwords.

    • by masdog (794316) <masdogNO@SPAMgmail.com> on Friday August 29, 2008 @10:01PM (#24805233)

      That's what I did when I was walked out two weeks into my three week notice. I walked down to the office of the guy that was going to be handling my work until a replacement was found, disabled my VPN access and account in front of him and the Security manager, and then left the room as the administrator password was changed.

      Even with those measures, I was still the first person blamed when one of the plant networks went down two weeks after I left (and on the first day of my new job of all times) due to a hardware failure (fiber-to-ethernet converter...and had I been allowed to have that last week, I would have been able to a few peopel to fill in for me...turning a two day outage into a five to ten minute outage).

  • by Abattoir (16282) on Friday August 29, 2008 @08:10PM (#24804171) Homepage
    League of Professional System Administrators Code of Ethics [lopsa.org]. I have a copy hanging on the wall by my desk and I refer to it regularly to keep me honest. Integrity is the biggest asset for any system administrator.
    • Re: (Score:3, Interesting)

      by DragonTHC (208439)

      I agree with you on all points. I too have integrity and work by the lopsa code of ethics

      Unfortunately, my unwillingness to violate that has kept me from advancing in my career. Someone else is always willing to forego ethics for the almighty dollar.

      I am not.

  • by rs232 (849320) on Saturday August 30, 2008 @05:52AM (#24808427)
    Why would they need to steal the CEO's password, when there is any number of ways to get access. Especially as letting the CEO have admin access is highly dangerous as he keeps his excel documents in the C:\Recycler folder to save space .:)

Murphy's Law, that brash proletarian restatement of Godel's Theorem. -- Thomas Pynchon, "Gravity's Rainbow"

Working...