• You may notice some wonkiness - i'm just integrating the wordpress install and the xenforo install. Things may go funny for a little while or you may get some odd emails here and there as it syncs the accounts.

Is This a Really Stupid Idea or What?

gavpowell

Suits you
Sep 3, 2011
2,469
573
113
37
I've been doing some work for a local company who have a couple of networked PCs sharing Sage Accounts across their office. One of the PCs has a standard account on near-total lockdown, and requests permission from an admin account setup and essentially controlled by another IT company who set the whole office up, but the company is dispensing with their services in favour of me.

Upon requesting the admin password today, the company owner said "Ah. We have a couple of passwords written down from when they set it up - they said it was either int3rn3t or Int3rn3t and we should try both." It was neither, so nobody knows what they're passwords for, but they phoned the IT company bod:

"Ring the office and submit a request - someone will login and change the password when they get to your ticket, then give you the changed password."

"Can't you just give us the password?"

"No, we have dozens of customers and we use the same password for all machines, so we can't give you the password"

I am no security expert, but my instinct says that's a really stupid fucking idea, isn't it?
 
Last edited by a moderator:
  • Like
Reactions: grrrpoop

ThorZ

Monsters dont sleep under your bed, they sleep ins
Oct 10, 2011
1,302
201
0
London
That is usually the way hackers or potential ones start, get the 3rd party company breached then access to all their clients passwords. Its how most companies get done tbh. If you had the skills and no morals Gav you could do just that and royally fuck things up. 

You are sitting on a gold mine of information there. 
 

gavpowell

Suits you
Sep 3, 2011
2,469
573
113
37
That is usually the way hackers or potential ones start, get the 3rd party company breached then access to all their clients passwords. Its how most companies get done tbh. If you had the skills and no morals Gav you could do just that and royally fuck things up. 

You are sitting on a gold mine of information there. 
This is exactly what I thought, but this is seemingly a decent-sized professional IT company, so I thought perhaps they know something I don't. Ironically, the first thing he said when they asked for the password was "Anyone with any claim to even semi-literate IT skills can bypass the password easily, so you don't need it"

I'd already told the customer I could bypass it if need be, but it was a bit of a faff and if I'm dealing with pre-existing setups I prefer to go in without disturbing anything until I've seen the way it's all configured.
 

Nige

It is, is it?
Aug 27, 2011
2,632
479
83
Worcester
It's a really stupid idea. I believe that potentially any loss of data by clients that led back to the foofs using the same password could lead to a criminal charge against them.

Personally, I'd rather not go to prison for the sake of easier adminstration.

And, to compound the stupidity, they told an IT expert (Gav) that they use the same password for all clients.

Double fuckwittage witha cherry of fuckwittage on top.
 

Driver

New Member
Staff member
Aug 20, 2011
1,414
205
0
38
I'd classify myself as barely competent when it comes to computers, it worries me that a lot of the people who actually work with them for a living seem little better than me.

It also terrifies me that most people are worse with them than I am.
 

gavpowell

Suits you
Sep 3, 2011
2,469
573
113
37
I'd classify myself as barely competent when it comes to computers, it worries me that a lot of the people who actually work with them for a living seem little better than me.

It also terrifies me that most people are worse with them than I am.
I spent the first 18 months or so I started advertising my services waiting to be found  out - I assumed that someone would ask me about something, I wouldn't know and would be exposed as a fraud. Then when I started dealing with people, I realised that when they say "I just about know how to turn it on" they're not being self-deprecating, they really do struggle to get past there.

I've lost count of the number of people who, when asked for their email password, said "I've never had a password", or confuse Windows with Office. It's only when you start meeting people outside your peer group that you realise what you thought was basic knowledge is actually way above the level of the average user.
 

Halrick

The Law
Aug 16, 2011
1,874
266
83
South Wales
+1 for that. I'm seen as some sort of tech god in work just for setting up the odd printer and knowing that task manager is a thing.

It's not a generational thing, either. You'd think people in their teens and 20s would know how to do most things having grown up with PCs being everywhere but in my experience they're the worst offenders. I knew a guy in uni who did most of his work on his phone and emailed it to himself for editing in Word because he couldn't use a keyboard.
 

Driver

New Member
Staff member
Aug 20, 2011
1,414
205
0
38
I was once asked by a friend to fix her mouse as she couldn't get it to work. It didn't respond to any movement or clicking, so I looked behind the tower to check that it was plugged in. It was, in a way. She'd somehow decided the best place for the USB mouse to connect to the computer was via the printer port. I sat there in silence for a few moments while my brain tried to comprehend what I was seeing, let out a sigh, then proceeded to gently extract the plug from between the pins in order not to bend them any further, plugged it into the correct socket, before going home to spend some quiet time contemplating my life.