Wednesday, March 10, 2010

True story: After being away 2 years I wish I was de-provisioned!

This is a true story. Names have been changed to protect the innocent.

I had lunch with my friend “Jason” from Universal Widgets last week. We hadn’t talked for more than two years and Jason’s first comment was “Did you know I left Universal to go work for Galactic Widgets but I’ve gone back to Universal Widgets?” I was surprised because I had missed out on what my friend was up to for more than two years. But, here we were back at the beginning again. Anyway, we had a good discussion about what each of us were up to but the most interesting part of Jason’s story was his answer to this question: “How was your return to Universal?”

Jason answered that they hadn’t allocated his desk to anyone else so it looked as if a “Jason shrine” had developed while he was gone. “But the worse part of my return was that I was able to logon with my old userid and password!” Where had I heard this before? However, rather than agreeing with me Jason’s comment was: “The worse part was when I started Outlook and I had 25,000 unread messages!”

I guess there can be some things even worse than a security compromise with not being de-provisioned and that’s coming back to two years worth of unread e-mails! I think Jason is still too busy deleting messages to answer his phone…

1 comment:

Esesve said...

I wonder what kind of policies that the organization had that it even did not ask for a password reset. A password staying unexpired for more than two years and it not being audited in the last two years talks about the organizations security policy.