Password, Password on the Wall

After a friend bought me lunch today, he showed me around his work place. During our walk, we stopped at the IT workbench area to see if the laptop he ordered for a new employee would be ready by Monday (I tagged along).

If you’ve worked in IT, you can picture the room…desktops and laptops stacked all over the place, some in various stages of reassembly, extra switches, cables galore, old bags of potato chips, and a corkboard pinned with an abundance of notices, notes, and pictures of hot rods and Star Trek crew members.

One neatly typed list on the board drew my attention. It was a list of accounts and passwords for several monitoring tools, 3rd-party websites, Sharepoint data repositories, and test servers and applications.

Not only was the list visible from inside the room (which was pRotEcteD by a card reader), it was also visible (and readable) through the window in the door.

I quickly memorized a few accounts and passwords, and when we left the area, ducked into the bathroom and wrote them down.

Before I said goodbye to my friend, I asked him if he noticed anything interesting in the room, and when he said no (he’s neither an infosec guy nor auditor), I showed him my list.

I had his passwords and ate his lunch too.

Leave a comment

Filed under Security Scout

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s