Comments: profound misunderstandability in your employee's psyche

@ Iang,

Was her real name "Rosa Kleb Jnr."

It makes you think why on earth do the APT people worry about shutting the stable door when the "IT stallions" are not only out of the paddock but compleatly off the farm...

However the flip side is are geeks so lonely they will have anybody as a friend...

The thing is the same IT stallions also post meatspace contact details in amongst their online activities and have been for ages.

As an old example,

More than a few years ago I was having a few problems with a bit of network kit not doing things they way it was supposed to. So after looking through the manuals etc I did a google on the kit name and a keyword or two. The result was pulling up comments from people on mail lists where a search on their name usually also pulled up their "holiday message" with not only all their contact details but those of their colleagues. This information could then be googled in turn to get a lot of meatspace info. I did this to find someone who appeared to be very knowledgable on the problem and gave them a phone call. They where very surprised but very obligingly helped me out (as their postal address was not to far I later bought them a beer to say thanks).

For those that doubt about just how easy this is...

Google the following phone number 905-940-1814

You will see part way down the resulting page a holiday message automatialy sent by Paul Oh's email server to a mail list (unix.derkeiler.com/Mailing-List...). This gives the phone number and a colleauges name but no company or address info.

However you don't need to pick up the phone to get that info,

If you look at other entries on the google page you will find that he work(s/ed) for a Canadian company (Find Mid-Range Computer Brokers Inc) the address (34 Riviera Dr, Markham, ON) freephone number (800 668-6470) Fax number (905 940 1809) as well as other relevant info.

All of which can be used for further google searches to elicit further information.

I deliberatly used this old (and now out of date) enumeration method to show how easy it is to do. Whilst holiday messages on maillists is now something that hardly happens the modern equivalent does (and I leave that as an exercise to the reader).

The simple fact is even after 15 odd years the IT staff who should know, have not wised up to this sort of simple enumeration, it still happens via the likes of social networking such as blogs, twitter, linkedin, Monster jobs etc. So what on earth do we expect from other staff where security knowledge is not part of the job spec...

So I'm not surprised at the findings just saddened by the lack of progress.

Posted by Clive Robinson at September 2, 2010 07:31 AM
Post a comment









Remember personal info?






Hit Preview to see your comment.
MT::App::Comments=HASH(0x5605bdd01350) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/Object.pm line 125.