6 Comments

I bet the security officer of a large brewing company (I was the IT director there) that I could get the president's salary within 24 hours. he said "impossible without physical access, all that stuff is on a spreadsheet on a pc disconnected from the network, etc" I assured him there would be no physical access and gave him the president's salary the next morning. I phoned his administrative assistant to check on the pc because I needed the exact number for a presentation I was working on.

Expand full comment

I love it. People really are the weak point in any security system, aren't they?

Expand full comment

here is another. I was designing the data centre of a large stock broker. I insisted to have trays in the ceiling, to avoid water damage. not long after they were installed, the president's private bathroom, just above the data centre (I knew nothing about that), had a big leak during the long weekend of Canada day.

Expand full comment

Reminds me of a design center where I did some work a number of years ago. They had offices on the 1st floor of a business park building. One night a pipe burst in some other company's office on the floor above, and of course the water ended up coming through the floor... Sadly they did NOT have water trays like you describe, and unfortunately, most of the leak came through right above their main server, and right into it... Luckily their admin was very good at doing nightly automated backups of all their data and files, so they didn't lose anything critical. It was annoying walking around the offices where they rugs squished and squelched with water for a few days til they got it all cleaned up and dry. ;-)

Expand full comment

Potential question for your upcoming writing:

Are there any bad (defined as "worse than having no 2FA") options for two-factor authentication (2FA)? (SMS text, email, dedicated app, dongle, built-in to password manager)?

Expand full comment

I don’t understand password managers so I’m looking forward to anything you can teach me

Expand full comment