Download SharePoint Data w/o Rights

At a company I worked at recently, I ran across a Sharepoint site and wondered whether I could download data that I wasn’t supposed to see.

Now I understand the purpose of SharePoint and company intranets is to share data, but even then, some data should be restricted to a limited number of people.

So I decided to check (before doing things like this, you better know How to Stay Out of Jail).

Continue reading →

Advertisement

Download Domino Database to Excel w/o Rights

I recently downloaded the contents of a Lotus Notes Domino database to Excel without any access to the database. If you’ll recall, I do audit consulting, and was performing an audit at a Fortune 100 company.

Continue reading →

Pathethic Password Help Pages

I found some really pathetic password help pages on a company’s intranet while I was there visiting.

This is a large company that most people would recognize, and it is subject to plenty of government regulations. Overall, I’ve heard the security is pretty tight, but since I’ve never worked there, I can’t speak from experience. Except, that is, the experience I mentioned in an earlier post, Randomly Generate Weak Passwords. Perhaps all their security is what Bruce Schneier likes to call “security theater.”

Continue reading →

Searching for Secrets

I was visiting a friend at large, public company doing some benchmarking when we had to schedule several meetings with IT to gather data. My friend “Meako” starting entering attendees into his online calendar to see whether we could get some important meetings scheduled during the next week.

Continue reading →

Security That Doesn’t Work

I despise security controls that don’t work or provide actual security, and especially despise those controls whose only function appears to be the irritation of the human condition. Here’s my short list:

Continue reading →

Security Awareness Perfect 7

Audry Agle, a former CISO, offers 7 practical ideas for increasing security awareness below. I’ve summarized some of the points and added comments of my own in italics:

1. Appeal to personal lives – Helping people deal with security issues at home tells them you care about THEM, not just company systems and data.

Continue reading →

System Down + Humor – Calls = :)

Having a system go down is no laughing matter. But if you’re going to notify your users, why not do it with a little humor? It will work as long as you don’t flash the message too often.

I received the following pop-up message below from Yahoo today.

Continue reading →