Dear Users... (A thread for Sysadmin, Technical Support, and Help Desk people)
- Thread starter JoeMorgue
- Start date
- Status
catsmate
No longer the 1
- Joined
- Apr 9, 2007
- Messages
- 34,775
Like every password manager it has significant security flaws.
Hellbound
Merchant of Doom
I just got a good one.
We use the ServiceNow platform (a cloud-based integration platform for multiple service types, with automated workflows, ticketing, config management, etc). One of our Project Management users sent the following request:
Got a request from a user:
"Is it possible to get a dump of all tables that are being written to for SN."
There are over 5000 tables in each of our three instances. All are there for a reason and being written to. Some have over 350k records.
No, I can't get you a dump of all tables!
Scheduled a meeting to try and figure out what they actually want (because when I emailed for clarification they still said they wanted all the tables, so they could find data when writing reports).
We use the ServiceNow platform (a cloud-based integration platform for multiple service types, with automated workflows, ticketing, config management, etc). One of our Project Management users sent the following request:
Got a request from a user:
"Is it possible to get a dump of all tables that are being written to for SN."
There are over 5000 tables in each of our three instances. All are there for a reason and being written to. Some have over 350k records.
No, I can't get you a dump of all tables!
Scheduled a meeting to try and figure out what they actually want (because when I emailed for clarification they still said they wanted all the tables, so they could find data when writing reports).
Blue Mountain
Resident Skeptical Hobbit
Do they verify that it's actually your current password? Or is more like "we found a piece of paper on your desk with the phrase "G1ffl3sn3RT" and we're assuming it's your password because it looks like one"?
Hellbound
Merchant of Doom
Oh man, if it's the latter case I could certainly use that to get rid of a lot of dead weight in our department...
...and that sounds like a policy our security department would come up with.
catsmate
No longer the 1
- Joined
- Apr 9, 2007
- Messages
- 34,775
Yep, they run internal lookup table attacks on user passwords (app and AD) as well and add anything they find to the test lists.
If a user's password can be found they're locked out and notified to change it immediately.
12345
catsmate
No longer the 1
- Joined
- Apr 9, 2007
- Messages
- 34,775
Suggest it. Generally first time offenders are notified and warned, second time it's a lecture with their department head and HR present.
They test password dumps against lists of commonly used passwords and if a password can be cracked it's locked out.
People are warned about this at induction.
One of these clients has mostly migrated to two-factor with biometric and the others are heading that way.
Hellbound
Merchant of Doom
Yeah, we're on smart cards now for most logins, although it isn't universal (servers don't require multi-factor, but are only accessible from domain workstations that do require it, so it's sorta multi-factor)
Trebuchet
Penultimate Amazing
Where I worked, we could log in with our "smart" employee badges. And then had to enter a 12-digit number. I wonder why nobody used that?
JesseCuster
Master Poster
- Joined
- May 4, 2016
- Messages
- 2,159
I worked as a computer technician for a computer company whose IT manager implemented silly password rules. It drove the IT staff who had to deal with it insane.
Passwords had to be changed every 30 days. You can't reuse old passwords. Passwords must contain at least 1 of the following - upper case, lower case, numeric and non-alphanumeric characters. Passwords had to be at least 8 characters long. You couldn't use any dictionary words of more than 3 letters as part of the password. Etc. etc.
All it meant was that a significant chunk of employees just stuck post-it notes on their PCs with their passwords, or spent an inordinate amount of time annoying IT because the system refuse to accept anything they tried to use as a password because it broke one of the stupid rules. The system was buggy so sometimes it refused to accept passwords which were actually valid, so IT just bypassed it for that user, set the password to anything the user wanted, and turned off the 30-day rule.
No point in such insane rules if the rules are just going to be ignored. And strictly enforcing the rules would just make work for IT.
catsmate
No longer the 1
- Joined
- Apr 9, 2007
- Messages
- 34,775
Mostly the cost. Two factor authentication (something you have & something you know) are becoming more common. Card/fob/token, smartphone, password/PIN, fingerprint/retinaprint, there are many options and combinations...
arthwollipot
Limerick Purist Pronouns: He/Him
Back working on a public holiday again.
There are about three or four days in the year that are a public holiday in Canberra but not in other cities. On those days we keep a skeleton staff as the bulk of our callers are from Canberra. We get paid double time for working the public holiday. Four hours double is better than seven and a half hours single. I love working the public holidays.
There are about three or four days in the year that are a public holiday in Canberra but not in other cities. On those days we keep a skeleton staff as the bulk of our callers are from Canberra. We get paid double time for working the public holiday. Four hours double is better than seven and a half hours single. I love working the public holidays.
Faydra
sinning sybarite
- Joined
- Jan 12, 2007
- Messages
- 7,439
User: Job isn't working zomg! urgent!
Me: I see the problem, you didn't do X
User: I thought we didn't have to do X
Me: Oh yes, you definitely have to do X
User: But, what if they did Y and Z, do you still need X?
Me: Yes, you must do X
User: So, you are saying I have to do X?
Me: <bangs head on wall> Yes, X is required.
User: Still didn't work.
Me: <looks at job - they still have not done X> .
Sigh
Me: I see the problem, you didn't do X
User: I thought we didn't have to do X
Me: Oh yes, you definitely have to do X
User: But, what if they did Y and Z, do you still need X?
Me: Yes, you must do X
User: So, you are saying I have to do X?
Me: <bangs head on wall> Yes, X is required.
User: Still didn't work.
Me: <looks at job - they still have not done X> .
Sigh
arthwollipot
Limerick Purist Pronouns: He/Him
User: We've never had to do X before!
arthwollipot
Limerick Purist Pronouns: He/Him
I have never understood why people don't understand that when you're an asshole, you get poorer service.
Just got off the phone to a real curmudgeon, who was... let's say... very dissatisfied with the level of service he has received. Does he never wonder why people don't enjoy helping him? Why they want to get out of his presence as soon as they can? Maybe try being a little nicer to the people who are helping you, yeah?
Yes, we're supposed to give equal service to everyone. But it's a completely normal human reaction to not like people who are unpleasant to you.
I feel the same way about people who are rude to waiters in restaurants. Be nice, get better service. It's as simple as that.
By contrast, I spoke to another person earlier, whose account was being deactivated (in error) while they were trying to use it. I went the extra mile for that guy, because he was nice about it. He didn't try to blame me (or us) for the problem, even though it really was our fault. He was understanding and patient and polite and I felt good about getting the problem sorted out for him.
People. People are weird.
Just got off the phone to a real curmudgeon, who was... let's say... very dissatisfied with the level of service he has received. Does he never wonder why people don't enjoy helping him? Why they want to get out of his presence as soon as they can? Maybe try being a little nicer to the people who are helping you, yeah?
Yes, we're supposed to give equal service to everyone. But it's a completely normal human reaction to not like people who are unpleasant to you.
I feel the same way about people who are rude to waiters in restaurants. Be nice, get better service. It's as simple as that.
By contrast, I spoke to another person earlier, whose account was being deactivated (in error) while they were trying to use it. I went the extra mile for that guy, because he was nice about it. He didn't try to blame me (or us) for the problem, even though it really was our fault. He was understanding and patient and polite and I felt good about getting the problem sorted out for him.
People. People are weird.
catsmate
No longer the 1
- Joined
- Apr 9, 2007
- Messages
- 34,775
Now you do. Things change. Learn to adapt.
Faydra
sinning sybarite
- Joined
- Jan 12, 2007
- Messages
- 7,439
I don't understand how some people still have their jobs that are so awful to work with. We have a network guy that is the most unpleasant person I have ever dealt with. He's always angry and accuses everyone of incompetence. I had an upgrade where 7 out of 800 remote machines has issues, and he accused me of piss poor planning right to my face.
Had to deal with him again today and he was just as awful.
Norman Alexander
Penultimate Amazing
Is he good at his job? Adequate? So-so? Or is he compensating for being crap at it...
Faydra
sinning sybarite
- Joined
- Jan 12, 2007
- Messages
- 7,439
I don't know enough about networking to know. He didn't fix our problem today, but of course that was because it wasn't HIS firewall, it was the other incompetent guy in charge of the other firewall.
- Status