1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Inside "threat"

Discussion in 'Computer Security' started by tripwire45, Dec 5, 2003.

  1. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    Since our former boss left yesterday, as SOP, the administrator password was changed. Today, we've been repeatedly locked out of that account. Turns out the boss had given the password to some of his buddies and they've been trying to logon all day using the old password.

    I casually mentioned that the password had been changed to someone at another office when I was installing a new network printer and the guy had the b@11$ to ask me what it was! Another lesson in life, folks.
     
    Certifications: A+ and Network+
  2. Phil
    Honorary Member

    Phil Gigabyte Poster

    1,680
    7
    87
    :eek: It's hard to believe anybody could be so stupid.
     
    Certifications: MCSE:M & S MCSA:M CCNA CNA
    WIP: 2003 Upgrade, CCNA Upgrade
  3. SimonV

    SimonV Petabyte Poster Administrator

    6,616
    149
    228
    No it aint. When I first started my current job one of the IT teachers used the administrator account as thier daily account. :blink Not for long though :rambo

    5 minutes later "I cant login" cries came down the telephone from said teacher. :silly

    I've had to change it 3 more times since then as somehow (well the chocolate teapot) they keep finding it out. :roll: :snipersm:

    SimonV
     
    Last edited: Jan 2, 2015
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  4. Nelix
    Honorary Member

    Nelix Gigabyte Poster

    1,412
    3
    82
    ever thought that they could be using a keylogger!!!!!!!!!!!!
     
    Certifications: A+, 70-210, 70-290, 70-291
    WIP: 70-294
  5. AJ

    AJ Administrator Administrator

    6,771
    102
    221
    We had a similar thing happen here. All the teachers and the IT Tech's used the Administrator account as it was quick :eek: . As a matter of course I "suggested" to the network manager that we change the name of the Administrator account and the password, which we did. To help the tech's I setup another account with no applications, no home folder, a very limited profile and full administrative rights. Now no-one uses the actual administrator account except when using Ghost (that seems to need the domain administrator's account). Now we never use the word Administrator on the network and if anyone is using a network scanning device looking for a administrator password, it makes it that little bit harder. :D
     
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  6. SimonV

    SimonV Petabyte Poster Administrator

    6,616
    149
    228
    Thats is a BIG FAT NO. We have what is called a chocolate teapot that works here. They seem to think that its OK to give out the admin password to anyone that asks. :eek: :evil:
     
    Certifications: MOS Master 2003, CompTIA A+, MCSA:M, MCSE
    WIP: Keeping CF Alive...
  7. Sandy

    Sandy Ex-Member

    1,091
    2
    65
    Trip
    I have a number of stock passwords

    p1ss0ff
    b0g0ff
    etc etc

    that you may find useful ...

    when you give them out spell them using the phonetic alphabet :lol:
     
  8. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    lol@sandy :lol: Good one. Thanks.
     
    Certifications: A+ and Network+
  9. AndyL

    AndyL Nibble Poster

    92
    0
    21
    Our Marketing department used to have a white-board with all their passwords written on it. When one of them changed their password they wiped off the old one and wrote on the new one. They said it was so they could check each other's Email!

    They don't do it now (I threatened them with their terms of employment) and I've taught them how to use delegates in Outlook!
     
    Certifications: MCSE 2000,2K3,MCSA:M 2000, MCSA 2K3
    WIP: Painting the doorframes.
  10. Phil
    Honorary Member

    Phil Gigabyte Poster

    1,680
    7
    87
    :lol: Much tidier than all those postit notes everywhere.

    One of our guys left his PC logged in when he wandered off, the boss saw this and emailed a resignation letter to himself from that PC and CC'd the rest of us in. Proved his point :)
     
    Certifications: MCSE:M & S MCSA:M CCNA CNA
    WIP: 2003 Upgrade, CCNA Upgrade
  11. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    We figured that somewhere over 10 people had the admin's old password and they were continually locking us out of the account. Yesterday, we finally changed the name of the admin account and cured the problem. Now we can get back into servers and do our jobs.

    The other mind boggling side of all this is that we have a record of almost everyone's password in the city. It's kept in an excel file. It is password protected but I can find out anyone's password when I need to work on their computer. It's easier to load a piece of software under the admin acct then logon as them to make sure they can access it. Totally against the "rules", though.

    We've been told to change nothing until the new (temp) honcho comes on board next tuesday but after that, we're hoping to manage passwords like most places to...just set up new accts with temp passwords with the stipulation that the user has to change it the first time they logon. We'll see how they handle it.
     
    Certifications: A+ and Network+

Share This Page

Loading...